Merge pull request #9608 from gilles-peskine-arm/outcome-check-repeated-configurations-all.sh-preliminaries-3.6
Backport 3.6: Fix some all.sh components with sub-components
diff --git a/.mypy.ini b/.mypy.ini
index 6b831dd..f727cc2 100644
--- a/.mypy.ini
+++ b/.mypy.ini
@@ -1,4 +1,4 @@
[mypy]
-mypy_path = scripts
+mypy_path = framework/scripts:scripts
namespace_packages = True
warn_unused_configs = True
diff --git a/.pylintrc b/.pylintrc
index f395fb9..f9c97d5 100644
--- a/.pylintrc
+++ b/.pylintrc
@@ -1,5 +1,5 @@
[MASTER]
-init-hook='import sys; sys.path.append("scripts")'
+init-hook='import sys; sys.path.append("scripts"); sys.path.append("framework/scripts")'
min-similarity-lines=10
[BASIC]
diff --git a/BRANCHES.md b/BRANCHES.md
index 9d5d779..cf86a9d 100644
--- a/BRANCHES.md
+++ b/BRANCHES.md
@@ -107,7 +107,7 @@
- [`development`](https://github.com/Mbed-TLS/mbedtls/)
- [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6)
maintained until March 2027, see
- <https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.1>.
+ <https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.2>.
- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28)
maintained until the end of 2024, see
<https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.9>.
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 51944fa..fc85ae7 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -40,12 +40,12 @@
if(TEST_CPP)
project("Mbed TLS"
LANGUAGES C CXX
- VERSION 3.6.1
+ VERSION 3.6.2
)
else()
project("Mbed TLS"
LANGUAGES C
- VERSION 3.6.1
+ VERSION 3.6.2
)
endif()
@@ -229,7 +229,15 @@
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
- set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
+ # Old GCC versions hit a performance problem with test_suite_pkwrite
+ # "Private keey write check EC" tests when building with Asan+UBSan
+ # and -O3: those tests take more than 100x time than normal, with
+ # test_suite_pkwrite taking >3h on the CI. Observed with GCC 5.4 on
+ # Ubuntu 16.04 x86_64 and GCC 6.5 on Ubuntu 18.04 x86_64.
+ # GCC 7.5 and above on Ubuntu 18.04 appear fine.
+ # To avoid the performance problem, we use -O2 here. It doesn't slow
+ # down much even with modern compiler versions.
+ set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O2")
set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3")
set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
@@ -395,6 +403,9 @@
endif()
if(ENABLE_PROGRAMS)
+ set(ssl_opt_target "${MBEDTLS_TARGET_PREFIX}ssl-opt")
+ add_custom_target(${ssl_opt_target})
+
add_subdirectory(programs)
endif()
@@ -449,7 +460,7 @@
write_basic_package_version_file(
"cmake/MbedTLSConfigVersion.cmake"
COMPATIBILITY SameMajorVersion
- VERSION 3.6.1)
+ VERSION 3.6.2)
install(
FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake"
diff --git a/ChangeLog b/ChangeLog
index 8eb43fe..a88c9c5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
Mbed TLS ChangeLog (Sorted per branch, date)
+= Mbed TLS 3.6.2 branch released 2024-10-14
+
+Security
+ * Fix a buffer underrun in mbedtls_pk_write_key_der() when
+ called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled,
+ and the output buffer is smaller than the actual output.
+ Fix a related buffer underrun in mbedtls_pk_write_key_pem()
+ when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled
+ and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key.
+ CVE-2024-49195
+
= Mbed TLS 3.6.1 branch released 2024-08-30
API changes
diff --git a/ChangeLog.d/9302.txt b/ChangeLog.d/9302.txt
new file mode 100644
index 0000000..d61ba19
--- /dev/null
+++ b/ChangeLog.d/9302.txt
@@ -0,0 +1,6 @@
+Features
+ * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which
+ uses static storage for keys, enabling malloc-less use of key slots.
+ The size of each buffer is given by the option
+ MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accommodates the
+ largest PSA key enabled in the build.
diff --git a/ChangeLog.d/fix-driver-schema-check.txt b/ChangeLog.d/fix-driver-schema-check.txt
new file mode 100644
index 0000000..9b6d8ac
--- /dev/null
+++ b/ChangeLog.d/fix-driver-schema-check.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix invalid JSON schemas for driver descriptions used by
+ generate_driver_wrappers.py.
diff --git a/ChangeLog.d/replace-close-with-mbedtls_net_close.txt b/ChangeLog.d/replace-close-with-mbedtls_net_close.txt
new file mode 100644
index 0000000..213cf55
--- /dev/null
+++ b/ChangeLog.d/replace-close-with-mbedtls_net_close.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind'
+ and 'mbedtls_net_connect' to prevent possible double close fd
+ problems. Fixes #9711.
diff --git a/ChangeLog.d/tls13-middlebox-compat-disabled.txt b/ChangeLog.d/tls13-middlebox-compat-disabled.txt
new file mode 100644
index 0000000..f5331bc
--- /dev/null
+++ b/ChangeLog.d/tls13-middlebox-compat-disabled.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * When MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled, work with
+ peers that have middlebox compatibility enabled, as long as no
+ problematic middlebox is in the way. Fixes #9551.
diff --git a/Makefile b/Makefile
index fb80529..e4d98c9 100644
--- a/Makefile
+++ b/Makefile
@@ -28,6 +28,10 @@
programs: lib mbedtls_test
$(MAKE) -C programs
+ssl-opt: lib mbedtls_test
+ $(MAKE) -C programs ssl-opt
+ $(MAKE) -C tests ssl-opt
+
lib:
$(MAKE) -C library
diff --git a/docs/architecture/psa-keystore-design.md b/docs/architecture/psa-keystore-design.md
index cdd2cac..be082a8 100644
--- a/docs/architecture/psa-keystore-design.md
+++ b/docs/architecture/psa-keystore-design.md
@@ -67,7 +67,7 @@
There are three variants of the key store implementation, responding to different needs.
* Hybrid key store ([static key slots](#static-key-store) with dynamic key data): the key store is a statically allocated array of slots, of size `MBEDTLS_PSA_KEY_SLOT_COUNT`. Key material is allocated on the heap. This is the historical implementation. It remains the default in the Mbed TLS 3.6 long-time support (LTS) branch when using a handwritten `mbedtls_config.h`, as is common on resource-constrained platforms, because the alternatives have tradeoffs (key size limit and larger RAM usage at rest for the static key store, larger code size and more risk due to code complexity for the dynamic key store).
-* Fully [static key store](#static-key-store) (since Mbed TLS 3.6.2): the key store is a statically allocated array of slots, of size `MBEDTLS_PSA_KEY_SLOT_COUNT`. Each key slot contains the key representation directly, and the key representation must be no more than `MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE` bytes. This is intended for very constrained devices that do not have a heap.
+* Fully [static key store](#static-key-store) (since Mbed TLS 3.6.3): the key store is a statically allocated array of slots, of size `MBEDTLS_PSA_KEY_SLOT_COUNT`. Each key slot contains the key representation directly, and the key representation must be no more than `MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE` bytes. This is intended for very constrained devices that do not have a heap.
* [Dynamic key store](#dynamic-key-store) (since Mbed TLS 3.6.1): the key store is dynamically allocated as multiple slices on the heap, with a size that adjusts to the application's usage. Key material is allocated on the heap. Compared to the hybrid key store, the code size and RAM consumption are larger. This is intended for higher-end devices where applications are not expected to have a highly predicatable resource usage. This is the default implementation when using the default `mbedtls_config.h` file, as is common on platforms such as Linux, starting with Mbed TLS 3.6.1.
#### Future improvement: merging the key store variants
@@ -95,7 +95,7 @@
The static key store is the historical implementation. The key store is a statically allocated array of slots, of size `MBEDTLS_PSA_KEY_SLOT_COUNT`. This value is an upper bound for the total number of volatile keys plus loaded keys.
-Since Mbed TLS 3.6.2, there are two variants for the static key store: a hybrid variant (default), and a fully-static variant enabled by the configuration option `MBEDTLS_PSA_STATIC_KEY_SLOTS`. The two variants have the same key store management: the only difference is in how the memory for key data is managed. With fully static key slots, the key data is directly inside the slot, and limited to `MBEDTLS_PSA_KEY_SLOT_BUFFER_SIZE` bytes. With the hybrid key store, the slot contains a pointer to the key data, which is allocated on the heap.
+Since Mbed TLS 3.6.3, there are two variants for the static key store: a hybrid variant (default), and a fully-static variant enabled by the configuration option `MBEDTLS_PSA_STATIC_KEY_SLOTS`. The two variants have the same key store management: the only difference is in how the memory for key data is managed. With fully static key slots, the key data is directly inside the slot, and limited to `MBEDTLS_PSA_KEY_SLOT_BUFFER_SIZE` bytes. With the hybrid key store, the slot contains a pointer to the key data, which is allocated on the heap.
#### Volatile key identifiers in the static key store
diff --git a/docs/architecture/psa-migration/psa-limitations.md b/docs/architecture/psa-migration/psa-limitations.md
index 29d7c53..235f331 100644
--- a/docs/architecture/psa-migration/psa-limitations.md
+++ b/docs/architecture/psa-migration/psa-limitations.md
@@ -11,6 +11,17 @@
Limitations relevant for G1 (performing crypto operations)
==========================================================
+Executive summary
+-----------------
+
+- Restartable/interruptible ECC operations: some operations (`sign_hash`) are
+ already supported in PSA, but not used by TLS. The remaining operations
+(ECDH `key_agreement` and `export_public`) will be implemented in 4.0 or 4.x,
+and used by TLS in 4.x.
+- Arbitrary parameters for FFDH: use in TLS will be dropped in 4.0.
+- RSA-PSS parameters: already implemented safe though arguably non-compliant
+ solution in Mbed TLS 3.4, no complaints so far.
+
Restartable (aka interruptible) ECC operations
----------------------------------------------
@@ -27,20 +38,9 @@
operations that should use PSA do not (signature generation & verification) as
they use the legacy API instead, in order to get restartable behaviour.
-Things that are in the API but not implemented yet
---------------------------------------------------
-
-PSA Crypto has an API for FFDH, but it's not implemented in Mbed TLS yet.
-(Regarding FFDH, see the next section as well.) See issue [3261][ffdh] on
-github.
-
-[ffdh]: https://github.com/Mbed-TLS/mbedtls/issues/3261
-
Arbitrary parameters for FFDH
-----------------------------
-(See also the first paragraph in the previous section.)
-
Currently, the PSA Crypto API can only perform FFDH with a limited set of
well-known parameters (some of them defined in the spec, but implementations
are free to extend that set).
diff --git a/docs/architecture/psa-migration/strategy.md b/docs/architecture/psa-migration/strategy.md
index b985a77..a89fe67 100644
--- a/docs/architecture/psa-migration/strategy.md
+++ b/docs/architecture/psa-migration/strategy.md
@@ -18,11 +18,16 @@
implemented, see `docs/use-psa-crypto.md`, where new APIs are about (G2), and
internal changes implement (G1).
-As of early 2023, work towards G5 is in progress: Mbed TLS 3.3 and 3.4 saw
-some improvements in this area, and more will be coming in future releases.
+As of Mbed TLS 3.6 (early 2024), work towards G5 is well advanced: it is now
+possible to have hashes/HMAC, ciphers/AEAD, and ECC provided only by drivers,
+with some limitations. See
+[`docs/driver-only-builds.md`](../../driver-only-builds.html) for details.
+The main gap is RSA in PK, X.509 and TLS; it should be resolved by 4.0 work.
Generally speaking, the numbering above doesn't mean that each goal requires
-the preceding ones to be completed.
+the preceding ones to be completed. (As an example, much progress towards G5
+was made in 3.x, while G4 will be mostly 4.0 and probably not fully complete
+until 5.0.)
Compile-time options
@@ -146,7 +151,7 @@
This strategy is currently (early 2023) used for all operations in the PK
layer; the MD layer uses a variant where it dispatches to PSA if a driver is
available and the driver subsystem has been initialized, regardless of whether
-`USE_PSA_CRYPTO` is enabled; see `md-cipher-dispatch.md` in the same directory
+`USE_PSA_CRYPTO` is enabled; see [`md-cipher-dispatch.md`](md-cipher-dispatch.html)
for details.
This strategy is not very well suited to the Cipher layer, as the PSA
@@ -172,7 +177,7 @@
This strategy is currently (early 2023) used for the MD layer and the Cipher
layer in X.509 and TLS. Crypto modules however always call to MD which may
-then dispatch to PSA, see `md-cipher-dispatch.md`.
+then dispatch to PSA, see [`md-cipher-dispatch.md`](md-cipher-dispatch.html).
Opt-in use of PSA from the abstraction layer
--------------------------------------------
@@ -219,11 +224,16 @@
- PK (for G1): silently call PSA
- PK (for G2): opt-in use of PSA (new key type)
-- Cipher (G1): replace calls at each call site
+- PK (for G5): store keys in PSA-friendly format when `ECP_C` is disabled and
+ `USE_PSA` is enabled
+- Cipher (G1, TLS): replace calls at each call site
+- Cipher (G5): create a new internal abstraction layer for (non-DES) block
+ ciphers that silently calls PSA when a driver is available, see
+ [`md-cipher-dispatch.md`](md-cipher-dispatch.html).
- MD (G1, X.509 and TLS): replace calls at each call site (depending on
`USE_PSA_CRYPTO`)
- MD (G5): silently call PSA when a driver is available, see
- `md-cipher-dispatch.md`.
+ [`md-cipher-dispatch.md`](md-cipher-dispatch.html).
Supporting builds with drivers without the software implementation
@@ -292,7 +302,7 @@
(The strategy was outlined in the previous section.)
Regarding libmbedcrypto:
-- for hashes and ciphers, see `md-cipher-dispatch.md` in the same directory;
+- for hashes and ciphers, see [`md-cipher-dispatch.md`](md-cipher-dispatch.html);
- for ECC, we have no internal uses of the top-level algorithms (ECDSA, ECDH,
ECJPAKE), however they all depend on `ECP_C` which in turn depends on
`BIGNUM_C`. So, direct calls from TLS, X.509 and PK to ECP and Bignum will
diff --git a/docs/architecture/psa-migration/transition-guards.md b/docs/architecture/psa-migration/transition-guards.md
new file mode 100644
index 0000000..dda65f1
--- /dev/null
+++ b/docs/architecture/psa-migration/transition-guards.md
@@ -0,0 +1,320 @@
+This document explains feature guards macros to be used during the transition
+from legacy to PSA in order to determine whether a given cryptographic
+mechanism is available in the current build.
+
+We currently (as of Mbed TLS 3.6) have three sets of feature macros:
+- `PSA_WANT` macros;
+- legacy `MBEDTLS_xxx` macros;
+- transitional `MBEDTLS_xxx` macros that stem from the desire to be able to
+ use crypto mechanisms that are only provided by a driver (G5 in
+`strategy.md`).
+
+This document's goal is to shed some light on when to use which. It is mostly
+intended for maintainers.
+
+Since most transition macros come from driver-only work, it can be useful to
+check `docs/driver-only-builds.md` as well for background. (Note: as
+maintainers, for the best precision about what's supported of not with
+drivers, check the relevant `component_test_psa_crypto_config_accel_xxx`'s
+configuration, as well as the corresponding exclude list in
+`analyze_outcomes.py`.)
+
+General considerations
+======================
+
+This document only applies to Mbed TLS 3.6 TLS. By contrast:
+- in 2.28 we have no driver-only support, so the legacy guards `MBEDTLS_XXX`
+ should be used everywhere;
+- in 4.0 configuration will be purely based on PSA, so `PSA_WANT` macros
+ should be used everywhere.
+
+It is useful to consider the following domains:
+- The PSA domain: things declared in `include/psa/*.h`, implemented in
+ `library/psa_*.c` and tested in `tests/suites/test_suite_psa*`.
+- The pure TLS 1.3 domain: the parts of TLS 1.3 that are not in the `USE_PSA`
+ domain (see below). Those use PSA APIs unconditionally.
+- The `USE_PSA` domain (that is, code that calls PSA crypto APIs when
+ `USE_PSA` is enabled, and legacy crypto APIs otherwise): that's PK, X.509,
+most of TLS 1.2 and the parts of TLS 1.3 that are common with TLS 1.2 or are
+about public/private keys (see `docs/use-psa-crypto.md` for details).
+- The legacy crypto domain: a number of modules there will use crypto from
+ other modules, for example RSA and entropy will use hashes, PEM will use
+hashes and ciphers (from encrypted PEM), etc.
+
+The first two categories (PSA domain, pure TLS 1.3 domain) are simple: as a
+general rule, use `PSA_WANT` macros. (With very few exceptions, see
+`component_check_test_dependencies` in `all.sh`.) In the rare instances where it is necessary to
+check whether a mechanism is built-in or provided by a driver,
+`MBEDTLS_PSA_BUILTIN_xxx` and `MBEDTLS_PSA_ACCEL_xxx` macros should be used
+(but not legacy `MBEDTLS_xxx` macros).
+
+For the `USE_PSA` domain, it should always be correct to use expressions like
+`(!USE_PSA && MBEDTLS_xxx) || (USE_PSA && PSA_WANT_xxx)`. Sometimes, macros
+are defined in order to avoid using long expressions everywhere; they will be
+mentioned in the following sections.
+
+The remaining category, the legacy domain, tends to be more complex. There are
+different rules for different families of mechanisms, as detailed in the
+following sections.
+
+Symmetric crypto
+================
+
+Hashes
+------
+
+**Hash vs HMAC:** Historically (since 2.0) we've had the generic hash
+interface, and the implementation of HMAC, in the same file controlled by a
+single feature macro: `MBEDTLS_MD_C`. This has now been split in two:
+- `MBEDTLS_MD_LIGHT` is about the generic hash interface; we could think of it
+ as `MBEDTLS_HASH_C`.
+- `MBEDTLS_MD_C` is about the HMAC implementation; we could think of it as
+ `MBEDTLS_HMAC_C` (auto-enabling `MBEDTLS_HASH_C`).
+
+(In fact, this is not the whole story: `MD_LIGHT` is the _core_ of the generic
+hash interface, excluding functions such as `mbedtls_md_list()` and
+`mbedtls_md_info_from_string()`, `mbedtls_md_file()`, etc. But I think the
+above should still provide a good intuition as first approximation.)
+
+Note that all users of hashes in the library use either the PSA Crypto API or the `md.h` API.
+That is, no user in the library, even in the legacy domain, uses the low-level hash APIs
+(`mbedtls_sha256` etc). (That's not true of all example programs, though.)
+
+**Helper macros:** in `config_adjust_legacy_crypto.h` we define a family of
+macro `MBEDTLS_MD_CAN_xxx`. These macros are defined (for available hashes) as
+soon as `MBEDTLS_MD_LIGHT` is enabled. This subset of `MD` is automatically
+enabled as soon as something from the legacy domain, or from the `USE_PSA`
+domain, needs a hash. (Note that this includes `ENTROPY_C`, so in practice
+`MD_LIGHT` is enabled in most builds.)
+
+Note that there is a rule, enforced by `config_adjust_psa_superset_legacy.h`,
+that as soon as `PSA_CRYPTO_C` is enabled, all hashes that are enabled on the
+legacy side are also enabled on the PSA side (the converse is not true: a hash
+that's provided by a driver will typically be available only on the PSA side). So, in
+practice, when `PSA_CRYPTO_C` and `MD_LIGHT` are both enabled,
+`PSA_WANT_ALG_xxx` and `MBEDTLS_MD_CAN_xxx` are equivalent.
+
+**Legacy and `USE_PSA` domains:** for hashes, `MBEDTLS_MD_CAN_xxx` (where
+`xxx` is the legacy name of the hash) can be used everywhere (except in the
+PSA domain which should use `PSA_WANT` as usual). No special include is
+required, `build_info.h` or `common.h` is enough.
+
+**Pure TLS 1.3 domain:** it is not easy to know which uses of hashes fall in
+this domain as opposed to the `USE_PSA` domain whithout looking at the code.
+Fortunately, `MD_CAN` and `PSA_WANT` macros can be used interchangeably, as
+per the note above.
+
+HMAC
+----
+
+**Legacy domain:** the code is using the `md.h` API. For this domain,
+availability of HMAC-xxx is determined by `MBEDTLS_MD_C && MBEDTLS_MD_CAN_xxx`
+(see previous subsection about `MD_CAN`). Modules in this domain that may use
+HMAC are PKCS5, PKCS7, HKDF, HMAC-DRBG and ECDSA deterministic.
+
+**`USE_PSA` domain:** code will use the `md.h` API when `USE_PSA` is disabled,
+and the `psa_mac` API when `USE_PSA` is enabled. It should check for the
+availability of HMAC-xxx with either:
+```
+((!MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_MD_C) ||
+ (MBEDTLS_USE_PSA_CRYPTO && PSA_WANT_ALG_HMAC)) &&
+MBEDTLS_MD_CAN_xxx
+```
+or
+```
+(!MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_MD_C && MBEDTLS_xxx_C) ||
+(MBEDTLS_USE_PSA_CRYPTO && PSA_WANT_ALG_HMAC && PSA_WANT_ALG_xxx)
+```
+or any equivalent condition (see note at the end of the previous section).
+The only module in this case is TLS, which currently depends on
+`USE_PSA_CRYPTO || MD_C`.
+
+Note: while writing this, it occurs to me that TLS 1.2 does not seem to be
+checking for `PSA_WANT_ALG_HMAC` before enabling CBC ciphersuites when
+`USE_PSA` is enabled, which I think it should. Builds with `USE_PSA` enabled,
+`PSA_WANT_ALG_HMAC` disabled and other requirements for CBC ciphersuites
+enabled, are probably broken (perhaps only at runtime when a CBC ciphersuite
+is negotiated).
+
+**Pure TLS 1.3 domain:** HMAC is used for the Finished message via PSA Crypto
+APIs. So, TLS 1.3 should depend on `PSA_WANT_ALG_HMAC` - doesn't seem to be
+enforced by `check_config.h`, or documented in `mbedtls_config.h`, at the
+moment.
+
+Ciphers (AEAD and unauthenticated)
+----------------------------------
+
+**Overview of existing (internal) APIs:** we currently have 5 (families of)
+APIs for ciphers (and associated constructs) in the library:
+- Low-level API for primitives: `mbedtls_aes_xxx` etc. - used by `cipher.c`
+ and some other modules in the legacy domain.
+- Internal abstraction layer `block_cipher` for AES, ARIA and Camellia
+ primitives - used only by `gcm.c` and `ccm.c`, only when `CIPHER_C` is not
+enabled (for compatibility reasons).
+- Block cipher modes / derivatives:
+ - `mbedtls_gcm_xxx` and `mbedtls_ccm_xxx`, used by `cipher.c` and
+ the built-in PSA implementation;
+ - `mbedtls_nist_kw_xxx`, used by `cipher.c`;
+ - `mbedtls_cipher_cmac_xxx`, used by the built-in PSA implementation;
+ - `mbedtls_ctr_drbg_xxx`, used by PSA crypto's RNG subsystem.
+- Cipher: used by some modules in the legacy domain, and by the built-in PSA
+ implementation.
+- PSA: used by the `USE_PSA` domain when `MBEDTLS_USE_PSA_CRYPTO` is enabled.
+
+**Legacy domain:** most code here is using either `cipher.h` or low-level APIs
+like `aes.h`, and should use legacy macros like `MBEDTLS_AES_C` and
+`MBEDTLS_CIPHER_MODE_CBC`. This includes NIST-KW, CMAC, PKCS5/PKCS12 en/decryption
+functions, PEM decryption, PK parsing of encrypted keys. The only exceptions
+are:
+1. `GCM` and `CCM` use the internal abstraction layer `block_cipher` and check
+ for availability of block ciphers using `MBEDTLS_CCM_GCM_CAN_xxx` macros
+defined in `config_adjut_legacy_crypto.h`. As a user, to check if AES-GCM is
+available through the `mbedtls_gcm` API, you want to check for `MBEDTLS_GCM_C`
+and `MBDTLS_CCM_GCM_CAN_AES`.
+2. `CTR_DRBG` uses the low-level `mbedtls_aes_` API if it's available,
+ otherwise it uses the PSA API. There is no need for users of `CTR_DRBG` to
+check if AES is available: `check_config.h` is already taking care of that, so
+from a user's perspective as soon as `MBEDTLS_CTR_DRBG_C` is enabled, you can
+use it without worrying about AES.
+
+**`USE_PSA` domain:** here we should use conditions like the following in
+order to test for availability of ciphers and associated modes.
+```
+// is AES available?
+(!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \
+(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES))
+// is CBC available?
+(!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \
+(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING))
+// is GCM available?
+(!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_GCM_C)) || \
+(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM))
+```
+Note: TLS is the only user of ciphers in the `USE_PSA` domain, and it defines
+`MBEDTLS_SSL_HAVE_xxx` macros in `config_adjust_legacy_crypto.h` for the
+ciphers and modes it needs to know about.
+
+**Pure TLS 1.3 domain:** none. All from TLS 1.3 are in the `USE_PSA` domain
+(common to TLS 1.2).
+
+Key derivation
+--------------
+
+**Legacy domain:** the modules PKCS5 and PKCS12 both provide
+key derivation (respectively PBKDF2-HMAC and PKCS12 derivation), and use it
+for password-based encryption. (Note: PEM has an implementation of PBKDF1 but
+it's internal.)
+
+**`USE_PSA` domain:** PK (parse) will use PKCS5 and PKCS12 encryption (hence
+indirectly key derivation) if present in the build. The macros are
+`MBEDTLS_PKCS5_C` and `MBEDTLS_PKCS12_C`. Note that even when `USE_PSA` is
+enabled, PK parse will _not_ use PSA for the PBKDF2 part of PKCS5 decryption.
+
+**Pure TLS 1.3 domain:** TLS 1.3 is using HKDF via PSA Crypto APIs. We already
+enforce in `check_config.h` that TLS 1.3 depends on the appropriate `PSA_WANT`
+macros.
+
+Asymmetric crypto
+=================
+
+RSA
+---
+
+**Legacy domain and `USE_PSA` domain:** use `RSA_C` everywhere. (Note: there's
+no user of RSA in the legacy domain, and the only direct user in the `USE_PSA`
+domain is PK - both X.509 and TLS will only RSA via PK.)
+
+**Pure TLS 1.3 domain:** no use of RSA in this domain. All TLS 1.3 uses of RSA
+go through PK, hence are in the `USE_PSA` domain.
+
+FFDH
+----
+
+**Legacy domain and `USE_PSA` domain:** use `DHM_C`. The only user is TLS 1.2
+which is actually in the legacy domain - this is an exception where `USE_PSA`
+has no effect, because PSA doesn't cover the needs of TLS 1.2 here.
+
+**Pure TLS 1.3 domain:** use `PSA_WANT`. The TLS 1.3 code for Diffie-Hellman
+is common to ECDH and FFDH thanks to PSA Crypto APIs being generic enough. The
+parts about FFDH are guarded with `PSA_WANT_ALG_FFDH` (with the reasoning that
+this implies support for the corresponding key type).
+
+ECC
+---
+
+**Curves:** in `config_adjut_psa_superset_legacy.h` we ensure that, as soon as
+`PSA_CRYPTO_C` is enabled, all
+curves that are supported on the legacy side (`MBEDTLS_ECP_DP_xxx_ENABLED`)
+are also supported on the PSA side (`PSA_WANT_ECC_xxx`). (The converse is not
+true as a curve provided by a driver will typically only be available on the
+PSA side).
+
+In `config_adjust_legacy_crypto.h` we define macros `MBEDTLS_ECP_HAVE_xxx`.
+These macros are useful for data and functions that have users in several
+domains, such as `mbedtls_ecc_group_to_psa()`, or that have users only in the
+`USE_PSA` domain but want a simpler (if sub-optimal) condition, such as
+`mbedtls_oid_get_ec_grp()`.
+
+Strictly speaking, code in the `USE_PSA` domain should not use the above
+`MBEDTLS_ECP_HAVE_xxx` macros but conditions like
+```
+(!MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_ECP_DP_xxx_ENABLED) ||
+(MBEDTLS_USE_PSA_CRYPTO && PSA_WANT_ECC_xxx)
+```
+Note while writing: a lot of tests for things in the `USE_PSA` domain appear
+to be using `MBEDTLS_ECP_HAVE_xxx`. IMO this is incorrect, but not caught by
+the CI because I guess we don't run tests in configurations that have both
+`USE_PSA_CRYPTO` disabled, and some curves enabled only on the PSA side. My
+initial feeling is we don't care about such configurations as this point, and
+can leave the dependencies as they are until they're replaced with `PSA_WANT`
+macros in 4.0 anyway.
+
+**Legacy domain:** use the legacy macros `ECP_C`, `ECDH_C`, `ECDSA_C`,
+`ECJPAKE_C`, `MBEDTLS_ECP_DP_xxx_ENABLED`. (This is mostly just ECDH, ECDSA
+and EC J-PAKE using ECP.)
+
+**Key management, `USE_PSA` domain:** `MBEDTLS_PK_HAVE_ECC_KEYS` means that PK
+supports ECC key parsing and writing (and storage). It does not imply support
+for doing crypto operation with such keys - see `MBEDTLS_PK_CAN_ECDSA_xxx`
+above for that.
+
+**ECDH, `USE_PSA` domain:** this is just TLS 1.2. It's using the helper macro
+`MBEDTLS_CAN_ECDH` defined in `config_adjust_legacy_crypto.h` (which should
+probably be called `MBEDTLS_SSL_TLS1_2_CAN_ECDH` as it's only for TLS 1.2).
+(Note: the macro is not used directly in the code, it's only used as a
+dependency for relevant TLS 1.2 key exchanges. Then the code uses the guards
+for the key exchanges.)
+
+**ECDH, pure TLS 1.3 domain:** using `PSA_WANT_ALG_ECDH`.
+
+**ECDSA, `USE_PSA` domain:** should use the macros
+`MBEDTLS_PK_CAN_ECDSA_{SIGN,VERIFY,SOME}` that indicate support for signature
+generation, verification, or at least one of those, respectively. To check for
+support for signatures with a specific hash, combine
+`MBEDTLS_PK_CAN_ECDSA_xxx` with `MBEDTLS_MD_CAN_xxx`.
+
+**ECDSA, pure TLS 1.3 domain:** none - everything goes through PK.
+
+**EC J-PAKE, `USE_PSA` domain:** only used by TLS 1.2. The code is guarded by
+the corresponding `KEY_EXCHANGE` macro, which in `check_config.h` depends on
+the appropriate macros depending on whether `USE_PSA` is on or off.
+
+**EC J-PAKE, pure TLS 1.3 domain:** none - EC J-PAKE is TLS 1.2 (so far).
+
+**Related internal macros:**
+- `MBEDTLS_PK_USE_PSA_EC_DATA` is an internal switch of the PK module. When
+ it's not defined, PK stores ECC keys as a `struct mbedtls_ecxxx_keypair`;
+when it's defined, PK stores in a PSA -friendly format instead (PSA key slot
+for private keys, metadata + array of bytes with the PSA import/export format
+for the public part). This macro is only defined when `ECP_C` is not and
+`USE_PSA` is, see comments above its definition in `pk.h` for details.
+- `MBEDTLS_ECP_LIGHT` enables only a subset of `ecp.c`. This subset is pretty
+ much ad hoc: it's basically everything that doesn't depend on scalar
+multiplication (_the_ complex expensive operation in ECC arithmetic).
+Basically, this subset gives access to curve data (constants), key storage,
+basic parsing and writing. It is auto-enabled in some driver-only
+configurations where the user has disabled `ECP_C` because they have drivers
+for the crypto operations they use, but they've also asked for some things
+that are not supported by drivers yet, such as deterministic key derivation,
+or parsing of compressed keys - on those cases, `ECP_LIGHT` will support this
+needs without bringing back the full `ECP_C`.
diff --git a/docs/architecture/testing/test-framework.md b/docs/architecture/testing/test-framework.md
index 80667df..a9e3dac 100644
--- a/docs/architecture/testing/test-framework.md
+++ b/docs/architecture/testing/test-framework.md
@@ -22,7 +22,7 @@
* Make the description descriptive. “foo: x=2, y=4” is more descriptive than “foo #2”. “foo: 0<x<y, both even” is even better if these inequalities and parities are why this particular test data was chosen.
* Avoid changing the description of an existing test case without a good reason. This breaks the tracking of failures across CI runs, since this tracking is based on the descriptions.
-`tests/scripts/check_test_cases.py` enforces some rules and warns if some guidelines are violated.
+`framework/scripts/check_test_cases.py` enforces some rules and warns if some guidelines are violated.
## TLS tests
diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md
index 5d950b0..6bd9262 100644
--- a/docs/driver-only-builds.md
+++ b/docs/driver-only-builds.md
@@ -408,8 +408,6 @@
### Partial acceleration for CCM/GCM
-[This section depends on #8598 so it might be updated while that PR progresses.]
-
In case legacy CCM/GCM algorithms are enabled, it is still possible to benefit
from PSA acceleration of the underlying block cipher by enabling support for
ECB mode (`PSA_WANT_ALG_ECB_NO_PADDING` + `MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING`)
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index 740bb19..d872818 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -10,7 +10,7 @@
*/
/**
- * @mainpage Mbed TLS v3.6.1 API Documentation
+ * @mainpage Mbed TLS v3.6.2 API Documentation
*
* This documentation describes the internal structure of Mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 2a82820..281f062 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -1,4 +1,4 @@
-PROJECT_NAME = "Mbed TLS v3.6.1"
+PROJECT_NAME = "Mbed TLS v3.6.2"
OUTPUT_DIRECTORY = ../apidoc/
FULL_PATH_NAMES = NO
OPTIMIZE_OUTPUT_FOR_C = YES
diff --git a/framework b/framework
index 071831e..d68446c 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 071831e25bd336baa58bbdf65e985283f56e1b86
+Subproject commit d68446c9da02e536279a7aaa5a3c9850742ba30c
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 8242ec6..d91d296 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -26,16 +26,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 3
#define MBEDTLS_VERSION_MINOR 6
-#define MBEDTLS_VERSION_PATCH 1
+#define MBEDTLS_VERSION_PATCH 2
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x03060100
-#define MBEDTLS_VERSION_STRING "3.6.1"
-#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.6.1"
+#define MBEDTLS_VERSION_NUMBER 0x03060200
+#define MBEDTLS_VERSION_STRING "3.6.2"
+#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.6.2"
/* Macros for build-time platform detection */
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index c80e286..aec5050 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -741,6 +741,11 @@
#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG"
#endif
+#if defined(MBEDTLS_PSA_KEY_STORE_DYNAMIC) && \
+ defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+#error "MBEDTLS_PSA_KEY_STORE_DYNAMIC and MBEDTLS_PSA_STATIC_KEY_SLOTS cannot be defined simultaneously"
+#endif
+
#if defined(MBEDTLS_PSA_ITS_FILE_C) && \
!defined(MBEDTLS_FS_IO)
#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index 20fd687..6c64e3e 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -17,12 +17,13 @@
#include "md.h"
-#if defined(MBEDTLS_MD_CAN_SHA512) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
+#if (defined(MBEDTLS_MD_CAN_SHA512) || defined(PSA_WANT_ALG_SHA_512)) && \
+ !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
#define MBEDTLS_ENTROPY_MD MBEDTLS_MD_SHA512
#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */
#else
-#if defined(MBEDTLS_MD_CAN_SHA256)
+#if (defined(MBEDTLS_MD_CAN_SHA256) || defined(PSA_WANT_ALG_SHA_256))
#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
#define MBEDTLS_ENTROPY_MD MBEDTLS_MD_SHA256
#define MBEDTLS_ENTROPY_BLOCK_SIZE 32 /**< Block size of entropy accumulator (SHA-256) */
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index bd3f71d..ebc9276 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -3269,6 +3269,26 @@
#define MBEDTLS_PSA_ITS_FILE_C
/**
+ * \def MBEDTLS_PSA_STATIC_KEY_SLOTS
+ *
+ * Statically preallocate memory to store keys' material in PSA instead
+ * of allocating it dynamically when required. This allows builds without a
+ * heap, if none of the enabled cryptographic implementations or other features
+ * require it.
+ * This feature affects both volatile and persistent keys which means that
+ * it's not possible to persistently store a key which is larger than
+ * #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE.
+ *
+ * \note This feature comes with a (potentially) higher RAM usage since:
+ * - All the key slots are allocated no matter if they are used or not.
+ * - Each key buffer's length is #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE bytes.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ */
+//#define MBEDTLS_PSA_STATIC_KEY_SLOTS
+
+/**
* \def MBEDTLS_RIPEMD160_C
*
* Enable the RIPEMD-160 hash algorithm.
@@ -4069,6 +4089,19 @@
*/
//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
+/**
+ * \def MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
+ *
+ * Define the size (in bytes) of each static key buffer when
+ * #MBEDTLS_PSA_STATIC_KEY_SLOTS is set. If not
+ * explicitly defined then it's automatically guessed from available PSA keys
+ * enabled in the build through PSA_WANT_xxx symbols.
+ * If required by the application this parameter can be set to higher values
+ * in order to store larger objects (ex: raw keys), but please note that this
+ * will increase RAM usage.
+ */
+//#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 256
+
/* RSA OPTIONS */
//#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index 0cf42c6..f48c087 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -32,6 +32,16 @@
#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
#endif
+/* If the size of static key slots is not explicitly defined by the user, then
+ * set it to the maximum between PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE and
+ * PSA_CIPHER_MAX_KEY_LENGTH.
+ * See mbedtls_config.h for the definition. */
+#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE)
+#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE \
+ ((PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > PSA_CIPHER_MAX_KEY_LENGTH) ? \
+ PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH)
+#endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/
+
/** \addtogroup attributes
* @{
*/
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 635ee98..87b8c39 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -1038,6 +1038,10 @@
PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
#endif
+#define PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE \
+ ((PSA_EXPORT_KEY_PAIR_MAX_SIZE > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) ? \
+ PSA_EXPORT_KEY_PAIR_MAX_SIZE : PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
+
/** Sufficient output buffer size for psa_raw_key_agreement().
*
* This macro returns a compile-time constant if its arguments are
@@ -1085,6 +1089,27 @@
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS)
#endif
+/** Maximum key length for ciphers.
+ *
+ * Since there is no additional PSA_WANT_xxx symbol to specifiy the size of
+ * the key once a cipher is enabled (as it happens for asymmetric keys for
+ * example), the maximum key length is taken into account for each cipher.
+ * The resulting value will be the maximum cipher's key length given depending
+ * on which ciphers are enabled.
+ *
+ * Note: max value for AES used below would be doubled if XTS were enabled, but
+ * this mode is currently not supported in Mbed TLS implementation of PSA
+ * APIs.
+ */
+#if (defined(PSA_WANT_KEY_TYPE_AES) || defined(PSA_WANT_KEY_TYPE_ARIA) || \
+ defined(PSA_WANT_KEY_TYPE_CAMELLIA) || defined(PSA_WANT_KEY_TYPE_CHACHA20))
+#define PSA_CIPHER_MAX_KEY_LENGTH 32u
+#elif defined(PSA_WANT_KEY_TYPE_DES)
+#define PSA_CIPHER_MAX_KEY_LENGTH 24u
+#else
+#define PSA_CIPHER_MAX_KEY_LENGTH 0u
+#endif
+
/** The default IV size for a cipher algorithm, in bytes.
*
* The IV that is generated as part of a call to #psa_cipher_encrypt() is always
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index e4d8f0d..4be9a54 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -166,11 +166,11 @@
${CMAKE_CURRENT_BINARY_DIR}/ssl_debug_helpers_generated.c
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_ssl_debug_helpers.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ssl_debug_helpers.py
--mbedtls-root ${CMAKE_CURRENT_SOURCE_DIR}/..
${CMAKE_CURRENT_BINARY_DIR}
DEPENDS
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_ssl_debug_helpers.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ssl_debug_helpers.py
${error_headers}
)
@@ -300,7 +300,7 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
add_library(${mbedcrypto_target} SHARED ${src_crypto})
- set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.6.1 SOVERSION 16)
+ set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.6.2 SOVERSION 16)
target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
if(TARGET ${everest_target})
@@ -312,11 +312,11 @@
endif()
add_library(${mbedx509_target} SHARED ${src_x509})
- set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.6.1 SOVERSION 7)
+ set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.6.2 SOVERSION 7)
target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
add_library(${mbedtls_target} SHARED ${src_tls})
- set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.6.1 SOVERSION 21)
+ set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.6.2 SOVERSION 21)
target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
endif(USE_SHARED_MBEDTLS_LIBRARY)
diff --git a/library/Makefile b/library/Makefile
index dae4e19..eb3b901 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -359,11 +359,11 @@
echo " Gen $@"
$(PERL) ../scripts/generate_errors.pl
-ssl_debug_helpers_generated.c: $(gen_file_dep) ../scripts/generate_ssl_debug_helpers.py
+ssl_debug_helpers_generated.c: $(gen_file_dep) ../framework/scripts/generate_ssl_debug_helpers.py
ssl_debug_helpers_generated.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h))
ssl_debug_helpers_generated.c:
echo " Gen $@"
- $(PYTHON) ../scripts/generate_ssl_debug_helpers.py --mbedtls-root .. .
+ $(PYTHON) ../framework/scripts/generate_ssl_debug_helpers.py --mbedtls-root .. .
version_features.c: $(gen_file_dep) ../scripts/generate_features.pl
version_features.c: $(gen_file_dep) ../scripts/data_files/version_features.fmt
diff --git a/library/net_sockets.c b/library/net_sockets.c
index ef89a88..bd5c47b 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -190,7 +190,7 @@
break;
}
- close(ctx->fd);
+ mbedtls_net_close(ctx);
ret = MBEDTLS_ERR_NET_CONNECT_FAILED;
}
@@ -237,13 +237,13 @@
n = 1;
if (setsockopt(ctx->fd, SOL_SOCKET, SO_REUSEADDR,
(const char *) &n, sizeof(n)) != 0) {
- close(ctx->fd);
+ mbedtls_net_close(ctx);
ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
continue;
}
if (bind(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) != 0) {
- close(ctx->fd);
+ mbedtls_net_close(ctx);
ret = MBEDTLS_ERR_NET_BIND_FAILED;
continue;
}
@@ -251,7 +251,7 @@
/* Listen only makes sense for TCP */
if (proto == MBEDTLS_NET_PROTO_TCP) {
if (listen(ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG) != 0) {
- close(ctx->fd);
+ mbedtls_net_close(ctx);
ret = MBEDTLS_ERR_NET_LISTEN_FAILED;
continue;
}
diff --git a/library/pk.c b/library/pk.c
index 3fe51ea..51f0c24 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -35,10 +35,6 @@
#include <limits.h>
#include <stdint.h>
-#define PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE \
- (PSA_EXPORT_KEY_PAIR_MAX_SIZE > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) ? \
- PSA_EXPORT_KEY_PAIR_MAX_SIZE : PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
-
/*
* Initialise a mbedtls_pk_context
*/
diff --git a/library/pkwrite.c b/library/pkwrite.c
index 5e009c5..2a69844 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -65,17 +65,21 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
uint8_t tmp[PSA_EXPORT_KEY_PAIR_MAX_SIZE];
- size_t len = 0, tmp_len = 0;
+ size_t tmp_len = 0;
if (psa_export_key(pk->priv_id, tmp, sizeof(tmp), &tmp_len) != PSA_SUCCESS) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
+ /* Ensure there's enough space in the provided buffer before copying data into it. */
+ if (tmp_len > (size_t) (*p - buf)) {
+ mbedtls_platform_zeroize(tmp, sizeof(tmp));
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
*p -= tmp_len;
memcpy(*p, tmp, tmp_len);
- len += tmp_len;
mbedtls_platform_zeroize(tmp, sizeof(tmp));
- return (int) len;
+ return (int) tmp_len;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
return mbedtls_rsa_write_key(mbedtls_pk_rsa(*pk), buf, p);
@@ -125,6 +129,10 @@
if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
+ /* Ensure there's enough space in the provided buffer before copying data into it. */
+ if (len > (size_t) (*p - start)) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
*p -= len;
memcpy(*p, buf, len);
return (int) len;
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index c4f41db..f0ccf3d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -705,6 +705,11 @@
psa_status_t psa_allocate_buffer_to_slot(psa_key_slot_t *slot,
size_t buffer_length)
{
+#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+ if (buffer_length > ((size_t) MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE)) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+#else
if (slot->key.data != NULL) {
return PSA_ERROR_ALREADY_EXISTS;
}
@@ -713,6 +718,7 @@
if (slot->key.data == NULL) {
return PSA_ERROR_INSUFFICIENT_MEMORY;
}
+#endif
slot->key.bytes = buffer_length;
return PSA_SUCCESS;
@@ -1177,11 +1183,18 @@
psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot)
{
+#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+ if (slot->key.bytes > 0) {
+ mbedtls_platform_zeroize(slot->key.data, MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE);
+ }
+#else
if (slot->key.data != NULL) {
mbedtls_zeroize_and_free(slot->key.data, slot->key.bytes);
}
slot->key.data = NULL;
+#endif /* MBEDTLS_PSA_STATIC_KEY_SLOTS */
+
slot->key.bytes = 0;
return PSA_SUCCESS;
@@ -2096,7 +2109,7 @@
* storage ( thus not in the case of importing a key in a secure element
* with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a
* buffer to hold the imported key material. */
- if (slot->key.data == NULL) {
+ if (slot->key.bytes == 0) {
if (psa_key_lifetime_is_external(attributes->lifetime)) {
status = psa_driver_wrapper_get_key_buffer_size_from_key_data(
attributes, data, data_length, &storage_size);
@@ -8013,7 +8026,7 @@
* storage ( thus not in the case of generating a key in a secure element
* with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a
* buffer to hold the generated key material. */
- if (slot->key.data == NULL) {
+ if (slot->key.bytes == 0) {
if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->lifetime) ==
PSA_KEY_LOCATION_LOCAL_STORAGE) {
status = psa_validate_key_type_and_size_for_key_generation(
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 21e7559..df0ee50 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -155,7 +155,11 @@
/* Dynamically allocated key data buffer.
* Format as specified in psa_export_key(). */
struct key_data {
+#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+ uint8_t data[MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE];
+#else
uint8_t *data;
+#endif
size_t bytes;
} key;
} psa_key_slot_t;
diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h
index d7f5b18..433ecdc 100644
--- a/library/psa_crypto_storage.h
+++ b/library/psa_crypto_storage.h
@@ -21,9 +21,16 @@
#include <stdint.h>
#include <string.h>
-/* Limit the maximum key size in storage. This should have no effect
- * since the key size is limited in memory. */
+/* Limit the maximum key size in storage. */
+#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+/* Reflect the maximum size for the key buffer. */
+#define PSA_CRYPTO_MAX_STORAGE_SIZE (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE)
+#else
+/* Just set an upper boundary but it should have no effect since the key size
+ * is limited in memory. */
#define PSA_CRYPTO_MAX_STORAGE_SIZE (PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS))
+#endif
+
/* Sanity check: a file size must fit in 32 bits. Allow a generous
* 64kB of metadata. */
#if PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 78ec3bd..7495ae3 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -11,6 +11,7 @@
#define MBEDTLS_SSL_MISC_H
#include "mbedtls/build_info.h"
+#include "common.h"
#include "mbedtls/error.h"
@@ -47,7 +48,7 @@
#include "ssl_ciphersuites_internal.h"
#include "x509_internal.h"
#include "pk_internal.h"
-#include "common.h"
+
/* Shorthand for restartable ECC */
#if defined(MBEDTLS_ECP_RESTARTABLE) && \
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index ef722d7..dcda1d3 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5066,15 +5066,9 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
-#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
- MBEDTLS_SSL_DEBUG_MSG(1,
+ MBEDTLS_SSL_DEBUG_MSG(2,
("Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"));
return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
-#else
- MBEDTLS_SSL_DEBUG_MSG(1,
- ("ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"));
- return MBEDTLS_ERR_SSL_INVALID_RECORD;
-#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
}
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 9b2da5a..75783d0 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -1964,7 +1964,7 @@
ssl->out_msg + offset + len_bytes, olen,
MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes,
ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_rsa_pkcs1_encrypt", ret);
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_encrypt", ret);
return ret;
}
diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt
index 0633aa6..aaf93ba 100644
--- a/programs/CMakeLists.txt
+++ b/programs/CMakeLists.txt
@@ -1,3 +1,6 @@
+set(programs_target "${MBEDTLS_TARGET_PREFIX}programs")
+add_custom_target(${programs_target})
+
add_subdirectory(aes)
add_subdirectory(cipher)
if (NOT WIN32)
diff --git a/programs/Makefile b/programs/Makefile
index 8d1da6d..0604a68 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -116,6 +116,12 @@
all: fuzz
endif
+SSL_OPT_APPS = $(filter ssl/%,$(APPS))
+SSL_OPT_APPS += test/query_compile_time_config test/udp_proxy
+# Just the programs needed to run ssl-opt.sh (and compat.sh)
+ssl-opt: $(patsubst %,%$(EXEXT),$(SSL_OPT_APPS))
+.PHONY: ssl-opt
+
fuzz: ${MBEDTLS_TEST_OBJS}
$(MAKE) -C fuzz
diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt
index ccb8db5..4d4c890 100644
--- a/programs/aes/CMakeLists.txt
+++ b/programs/aes/CMakeLists.txt
@@ -1,6 +1,7 @@
set(executables
crypt_and_hash
)
+add_dependencies(${programs_target} ${executables})
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
diff --git a/programs/cipher/CMakeLists.txt b/programs/cipher/CMakeLists.txt
index e925524..effaf8a 100644
--- a/programs/cipher/CMakeLists.txt
+++ b/programs/cipher/CMakeLists.txt
@@ -1,6 +1,7 @@
set(executables
cipher_aead_demo
)
+add_dependencies(${programs_target} ${executables})
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt
index c389029..f5358ff 100644
--- a/programs/fuzz/CMakeLists.txt
+++ b/programs/fuzz/CMakeLists.txt
@@ -15,6 +15,7 @@
fuzz_x509csr
fuzz_pkcs7
)
+add_dependencies(${programs_target} ${executables_no_common_c})
set(executables_with_common_c
fuzz_privkey
@@ -23,6 +24,7 @@
fuzz_dtlsserver
fuzz_server
)
+add_dependencies(${programs_target} ${executables_with_common_c})
foreach(exe IN LISTS executables_no_common_c executables_with_common_c)
diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt
index fcacf3b..0ad974d 100644
--- a/programs/hash/CMakeLists.txt
+++ b/programs/hash/CMakeLists.txt
@@ -3,6 +3,7 @@
hello
md_hmac_demo
)
+add_dependencies(${programs_target} ${executables})
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt
index cd0387a..defbe28 100644
--- a/programs/pkey/CMakeLists.txt
+++ b/programs/pkey/CMakeLists.txt
@@ -2,6 +2,7 @@
dh_client
dh_server
)
+add_dependencies(${programs_target} ${executables_mbedtls})
foreach(exe IN LISTS executables_mbedtls)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
@@ -29,6 +30,7 @@
rsa_verify
rsa_verify_pss
)
+add_dependencies(${programs_target} ${executables_mbedcrypto})
foreach(exe IN LISTS executables_mbedcrypto)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt
index a8e4b0e..a6933a6 100644
--- a/programs/psa/CMakeLists.txt
+++ b/programs/psa/CMakeLists.txt
@@ -6,6 +6,7 @@
psa_constant_names
psa_hash
)
+add_dependencies(${programs_target} ${executables})
if(GEN_FILES)
add_custom_command(
diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt
index 5940395..f0c7825 100644
--- a/programs/random/CMakeLists.txt
+++ b/programs/random/CMakeLists.txt
@@ -2,6 +2,7 @@
gen_entropy
gen_random_ctr_drbg
)
+add_dependencies(${programs_target} ${executables})
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index ec2c86f..02010d8 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -16,6 +16,8 @@
ssl_server
ssl_server2
)
+add_dependencies(${programs_target} ${executables})
+add_dependencies(${ssl_opt_target} ${executables})
if(GEN_FILES)
# Inform CMake that the following file will be generated as part of the build
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index ddb3c34..8d7378a 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -9,18 +9,17 @@
#include "mbedtls/platform.h"
-#if !defined(MBEDTLS_SSL_CLI_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
- !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_TIMING_C) || \
- !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_PEM_PARSE_C)
+#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \
+ !defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
+ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
int main(void)
{
- mbedtls_printf("MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_TIMING_C and/or "
- "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
- "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_PEM_PARSE_C not defined.\n");
+ mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or "
+ "MBEDTLS_TIMING_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
+ "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ "not defined.\n");
mbedtls_exit(0);
}
#else
@@ -45,7 +44,7 @@
#ifdef FORCE_IPV4
#define SERVER_ADDR "127.0.0.1" /* Forces IPv4 */
#else
-#define SERVER_ADDR "::1"
+#define SERVER_ADDR SERVER_NAME
#endif
#define MESSAGE "Echo this"
@@ -337,6 +336,5 @@
mbedtls_exit(ret);
}
-#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C &&
- MBEDTLS_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
- MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C && MBEDTLS_PEM_PARSE_C */
+
+#endif /* configuration allows running this program */
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 732625e..d1063cb 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -18,19 +18,19 @@
#define BIND_IP "::"
#endif
-#if !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
- !defined(MBEDTLS_SSL_COOKIE_C) || !defined(MBEDTLS_NET_C) || \
- !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_TIMING_C)
-
+#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \
+ !defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
+ !defined(MBEDTLS_SSL_COOKIE_C) || \
+ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
int main(void)
{
- printf("MBEDTLS_SSL_SRV_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
- "MBEDTLS_SSL_COOKIE_C and/or MBEDTLS_NET_C and/or "
- "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
- "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_TIMING_C not defined.\n");
+ mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
+ "MBEDTLS_TIMING_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
+ "MBEDTLS_SSL_COOKIE_C and/or "
+ "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ "not defined.\n");
mbedtls_exit(0);
}
#else
@@ -291,7 +291,14 @@
ret = 0;
goto reset;
} else if (ret != 0) {
- printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret);
+ printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n", (unsigned int) -ret);
+ if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE) {
+ printf(" An unexpected message was received from our peer. If this happened at\n");
+ printf(" the beginning of the handshake, this is likely a duplicated packet or\n");
+ printf(" a close_notify alert from the previous connection, which is harmless.\n");
+ ret = 0;
+ }
+ printf("\n");
goto reset;
}
@@ -402,7 +409,5 @@
mbedtls_exit(ret);
}
-#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS &&
- MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C &&
- MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C
- && MBEDTLS_PEM_PARSE_C && MBEDTLS_TIMING_C */
+
+#endif /* configuration allows running this program */
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index ee734b1..3d6e67c 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -9,17 +9,14 @@
#include "mbedtls/platform.h"
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
- !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
- !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C)
+#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \
+ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
int main(void)
{
- mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
- "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or "
+ "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined.\n");
mbedtls_exit(0);
}
@@ -240,6 +237,9 @@
}
if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
+ mbedtls_printf("The return value %d from mbedtls_ssl_read() means that the server\n"
+ "closed the connection first. We're ok with that.\n",
+ MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY);
break;
}
@@ -259,7 +259,9 @@
mbedtls_ssl_close_notify(&ssl);
- exit_code = MBEDTLS_EXIT_SUCCESS;
+ if (ret == 0 || ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+ }
exit:
@@ -283,6 +285,5 @@
mbedtls_exit(exit_code);
}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
- MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
- MBEDTLS_PEM_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C */
+
+#endif /* configuration allows running this program */
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index f4822b7..0edadd4 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -9,22 +9,15 @@
#include "mbedtls/platform.h"
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
- !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
- !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
- !defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_FS_IO) || \
- !defined(MBEDTLS_PEM_PARSE_C)
-int main(int argc, char *argv[])
+#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \
+ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
+int main(void)
{
- ((void) argc);
- ((void) argv);
-
- mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C "
- "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
- "MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C not defined.\n");
+ mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
+ "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ "not defined.\n");
mbedtls_exit(0);
}
#elif defined(_WIN32)
@@ -225,6 +218,7 @@
if (pid != 0) {
mbedtls_printf(" ok\n");
mbedtls_net_close(&client_fd);
+ fflush(stdout);
if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg,
(const unsigned char *) "parent",
@@ -282,6 +276,7 @@
}
mbedtls_printf("pid %d: SSL handshake ok\n", pid);
+ fflush(stdout);
/*
* 6. Read the HTTP Request
@@ -312,12 +307,14 @@
mbedtls_printf("pid %d: mbedtls_ssl_read returned %d\n", pid, ret);
break;
}
+ fflush(stdout);
break;
}
len = ret;
mbedtls_printf("pid %d: %d bytes read\n\n%s", pid, len, (char *) buf);
+ fflush(stdout);
if (ret > 0) {
break;
@@ -333,7 +330,7 @@
len = sprintf((char *) buf, HTTP_RESPONSE,
mbedtls_ssl_get_ciphersuite(&ssl));
- while (cnt++ < 100) {
+ while (cnt++ < 10) {
while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
if (ret == MBEDTLS_ERR_NET_CONN_RESET) {
mbedtls_printf(
@@ -349,12 +346,16 @@
}
}
len = ret;
- mbedtls_printf("pid %d: %d bytes written\n\n%s\n", pid, len, (char *) buf);
+ mbedtls_printf("pid %d: %d bytes written (cnt=%d)\n\n%s\n",
+ pid, len, cnt, (char *) buf);
+ fflush(stdout);
mbedtls_net_usleep(1000000);
}
mbedtls_ssl_close_notify(&ssl);
+ mbedtls_printf("pid %d: shutting down\n", pid);
+ fflush(stdout);
goto exit;
}
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index fcb8f2f..7edf4a8 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -10,20 +10,21 @@
#include "mbedtls/platform.h"
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
- !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
- !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
- !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_THREADING_C) || \
- !defined(MBEDTLS_THREADING_PTHREAD) || !defined(MBEDTLS_PEM_PARSE_C)
+#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \
+ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
int main(void)
{
- mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C "
- "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
- "MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD "
- "and/or MBEDTLS_PEM_PARSE_C not defined.\n");
+ mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
+ "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ "not defined.\n");
+ mbedtls_exit(0);
+}
+#elif !defined(MBEDTLS_THREADING_C) || !defined(MBEDTLS_THREADING_PTHREAD)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_THREADING_PTHREAD not defined.\n");
mbedtls_exit(0);
}
#else
@@ -123,6 +124,7 @@
* 5. Handshake
*/
mbedtls_printf(" [ #%ld ] Performing the SSL/TLS handshake\n", thread_id);
+ fflush(stdout);
while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
@@ -138,6 +140,7 @@
* 6. Read the HTTP Request
*/
mbedtls_printf(" [ #%ld ] < Read from client\n", thread_id);
+ fflush(stdout);
do {
len = sizeof(buf) - 1;
@@ -170,6 +173,7 @@
len = ret;
mbedtls_printf(" [ #%ld ] %d bytes read\n=====\n%s\n=====\n",
thread_id, len, (char *) buf);
+ fflush(stdout);
if (ret > 0) {
break;
@@ -180,6 +184,7 @@
* 7. Write the 200 Response
*/
mbedtls_printf(" [ #%ld ] > Write to client:\n", thread_id);
+ fflush(stdout);
len = sprintf((char *) buf, HTTP_RESPONSE,
mbedtls_ssl_get_ciphersuite(&ssl));
@@ -201,6 +206,7 @@
len = ret;
mbedtls_printf(" [ #%ld ] %d bytes written\n=====\n%s\n=====\n",
thread_id, len, (char *) buf);
+ fflush(stdout);
mbedtls_printf(" [ #%ld ] . Closing the connection...", thread_id);
@@ -214,6 +220,7 @@
}
mbedtls_printf(" ok\n");
+ fflush(stdout);
ret = 0;
@@ -442,6 +449,7 @@
* 3. Wait until a client connects
*/
mbedtls_printf(" [ main ] Waiting for a remote connection\n");
+ fflush(stdout);
if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
NULL, 0, NULL)) != 0) {
@@ -483,7 +491,4 @@
mbedtls_exit(ret);
}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
- MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
- MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_THREADING_C &&
- MBEDTLS_THREADING_PTHREAD && MBEDTLS_PEM_PARSE_C */
+#endif /* configuration allows running this program */
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 6becf8d..aa06ad3 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -9,18 +9,15 @@
#include "mbedtls/platform.h"
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
- !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
- !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
- !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO)
+#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \
+ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
int main(void)
{
- mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C "
- "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
- "and/or MBEDTLS_PEM_PARSE_C not defined.\n");
+ mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
+ "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ "not defined.\n");
mbedtls_exit(0);
}
#else
@@ -315,16 +312,19 @@
mbedtls_printf(" %d bytes written\n\n%s\n", len, (char *) buf);
mbedtls_printf(" . Closing the connection...");
+ fflush(stdout);
while ((ret = mbedtls_ssl_close_notify(&ssl)) < 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
- ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
+ ret != MBEDTLS_ERR_NET_CONN_RESET) {
mbedtls_printf(" failed\n ! mbedtls_ssl_close_notify returned %d\n\n", ret);
goto reset;
}
}
mbedtls_printf(" ok\n");
+ fflush(stdout);
ret = 0;
goto reset;
@@ -356,7 +356,5 @@
mbedtls_exit(ret);
}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
- MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
- MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C
- && MBEDTLS_FS_IO && MBEDTLS_PEM_PARSE_C */
+
+#endif /* configuration allows running this program */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index ed69590..5de734f 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2695,7 +2695,7 @@
}
key_cert_init = 2;
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
if ((ret = mbedtls_x509_crt_parse(&srvcert2,
(const unsigned char *) mbedtls_test_srv_crt_ec,
mbedtls_test_srv_crt_ec_len)) != 0) {
@@ -2712,7 +2712,7 @@
goto exit;
}
key_cert_init2 = 2;
-#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */
+#endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 0d43ffd..1670b94 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -8,12 +8,16 @@
selftest
udp_proxy
)
+add_dependencies(${programs_target} ${executables_libs})
+add_dependencies(${ssl_opt_target} udp_proxy)
set(executables_mbedcrypto
benchmark
query_compile_time_config
zeroize
)
+add_dependencies(${programs_target} ${executables_mbedcrypto})
+add_dependencies(${ssl_opt_target} query_compile_time_config)
if(TEST_CPP)
set(cpp_dummy_build_cpp "${CMAKE_CURRENT_BINARY_DIR}/cpp_dummy_build.cpp")
diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt
index cb6bc3d..264d941 100644
--- a/programs/util/CMakeLists.txt
+++ b/programs/util/CMakeLists.txt
@@ -6,6 +6,7 @@
pem2der
strerror
)
+add_dependencies(${programs_target} ${executables})
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt
index 43437f0..a09813c 100644
--- a/programs/x509/CMakeLists.txt
+++ b/programs/x509/CMakeLists.txt
@@ -10,6 +10,7 @@
load_roots
req_app
)
+add_dependencies(${programs_target} ${executables})
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt
index d21aa27..fc10c63 100644
--- a/scripts/ci.requirements.txt
+++ b/scripts/ci.requirements.txt
@@ -7,9 +7,13 @@
# 2.4.4 is the version in Ubuntu 20.04. It supports Python >=3.5.
pylint == 2.4.4
-# Use the earliest version of mypy that works with our code base.
-# See https://github.com/Mbed-TLS/mbedtls/pull/3953 .
-mypy >= 0.780
+# Use a version of mypy that is compatible with our code base.
+# mypy <0.940 is known not to work: see commit
+# :/Upgrade mypy to the last version supporting Python 3.6
+# mypy >=0.960 is known not to work:
+# https://github.com/Mbed-TLS/mbedtls-framework/issues/50
+# mypy 0.942 is the version in Ubuntu 22.04.
+mypy == 0.942
# At the time of writing, only needed for tests/scripts/audit-validity-dates.py.
# It needs >=35.0.0 for correct operation, and that requires Python >=3.6,
diff --git a/scripts/code_style.py b/scripts/code_style.py
index d3f89d9..e98fb2b 100755
--- a/scripts/code_style.py
+++ b/scripts/code_style.py
@@ -102,8 +102,10 @@
"--name-only", "--pretty=", "--"] + src_files
output = subprocess.check_output(cmd, universal_newlines=True)
committed_changed_files = output.split()
+
# ... the framework submodule
- cmd = ["git", "-C", "framework", "log", since + "..HEAD",
+ framework_since = get_submodule_hash(since, "framework")
+ cmd = ["git", "-C", "framework", "log", framework_since + "..HEAD",
"--name-only", "--pretty=", "--"] + framework_src_files
output = subprocess.check_output(cmd, universal_newlines=True,
env=framework_env)
@@ -135,6 +137,12 @@
is_file_autogenerated(filename))]
return src_files
+def get_submodule_hash(commit: str, submodule: str) -> str:
+ """Get the commit hash of a submodule at a given commit in the Git repository."""
+ cmd = ["git", "ls-tree", commit, submodule]
+ output = subprocess.check_output(cmd, universal_newlines=True)
+ return output.split()[2]
+
def get_uncrustify_version() -> str:
"""
Get the version string from Uncrustify
diff --git a/scripts/config.py b/scripts/config.py
index 8704bdb..ef13062 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -1,173 +1,72 @@
#!/usr/bin/env python3
-"""Mbed TLS configuration file manipulation library and tool
+"""Mbed TLS and PSA configuration file manipulation library and tool
Basic usage, to read the Mbed TLS configuration:
- config = ConfigFile()
+ config = MbedTLSConfig()
if 'MBEDTLS_RSA_C' in config: print('RSA is enabled')
"""
-# Note that as long as Mbed TLS 2.28 LTS is maintained, the version of
-# this script in the mbedtls-2.28 branch must remain compatible with
-# Python 3.4. The version in development may only use more recent features
-# in parts that are not backported to 2.28.
-
## Copyright The Mbed TLS Contributors
## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
##
import os
-import re
+import sys
-class Setting:
- """Representation of one Mbed TLS mbedtls_config.h setting.
+import framework_scripts_path # pylint: disable=unused-import
+from mbedtls_framework import config_common
- Fields:
- * name: the symbol name ('MBEDTLS_xxx').
- * value: the value of the macro. The empty string for a plain #define
- with no value.
- * active: True if name is defined, False if a #define for name is
- present in mbedtls_config.h but commented out.
- * section: the name of the section that contains this symbol.
+
+def is_boolean_setting(name, value):
+ """Is this a boolean setting?
+
+ Mbed TLS boolean settings are enabled if the preprocessor macro is
+ defined, and disabled if the preprocessor macro is not defined. The
+ macro definition line in the configuration file has an empty expansion.
+
+ PSA_WANT_xxx settings are also boolean, but when they are enabled,
+ they expand to a nonzero value. We leave them undefined when they
+ are disabled. (Setting them to 0 currently means to enable them, but
+ this might change to mean disabling them. Currently we just never set
+ them to 0.)
"""
- # pylint: disable=too-few-public-methods
- def __init__(self, active, name, value='', section=None):
- self.active = active
- self.name = name
- self.value = value
- self.section = section
+ if name.startswith('PSA_WANT_'):
+ return True
+ if not value:
+ return True
+ return False
-class Config:
- """Representation of the Mbed TLS configuration.
-
- In the documentation of this class, a symbol is said to be *active*
- if there is a #define for it that is not commented out, and *known*
- if there is a #define for it whether commented out or not.
-
- This class supports the following protocols:
- * `name in config` is `True` if the symbol `name` is active, `False`
- otherwise (whether `name` is inactive or not known).
- * `config[name]` is the value of the macro `name`. If `name` is inactive,
- raise `KeyError` (even if `name` is known).
- * `config[name] = value` sets the value associated to `name`. `name`
- must be known, but does not need to be set. This does not cause
- name to become set.
- """
-
- def __init__(self):
- self.settings = {}
-
- def __contains__(self, name):
- """True if the given symbol is active (i.e. set).
-
- False if the given symbol is not set, even if a definition
- is present but commented out.
- """
- return name in self.settings and self.settings[name].active
-
- def all(self, *names):
- """True if all the elements of names are active (i.e. set)."""
- return all(self.__contains__(name) for name in names)
-
- def any(self, *names):
- """True if at least one symbol in names are active (i.e. set)."""
- return any(self.__contains__(name) for name in names)
-
- def known(self, name):
- """True if a #define for name is present, whether it's commented out or not."""
- return name in self.settings
-
- def __getitem__(self, name):
- """Get the value of name, i.e. what the preprocessor symbol expands to.
-
- If name is not known, raise KeyError. name does not need to be active.
- """
- return self.settings[name].value
-
- def get(self, name, default=None):
- """Get the value of name. If name is inactive (not set), return default.
-
- If a #define for name is present and not commented out, return
- its expansion, even if this is the empty string.
-
- If a #define for name is present but commented out, return default.
- """
- if name in self.settings:
- return self.settings[name].value
- else:
- return default
-
- def __setitem__(self, name, value):
- """If name is known, set its value.
-
- If name is not known, raise KeyError.
- """
- self.settings[name].value = value
-
- def set(self, name, value=None):
- """Set name to the given value and make it active.
-
- If value is None and name is already known, don't change its value.
- If value is None and name is not known, set its value to the empty
- string.
- """
- if name in self.settings:
- if value is not None:
- self.settings[name].value = value
- self.settings[name].active = True
- else:
- self.settings[name] = Setting(True, name, value=value)
-
- def unset(self, name):
- """Make name unset (inactive).
-
- name remains known if it was known before.
- """
- if name not in self.settings:
- return
- self.settings[name].active = False
-
- def adapt(self, adapter):
- """Run adapter on each known symbol and (de)activate it accordingly.
-
- `adapter` must be a function that returns a boolean. It is called as
- `adapter(name, active, section)` for each setting, where `active` is
- `True` if `name` is set and `False` if `name` is known but unset,
- and `section` is the name of the section containing `name`. If
- `adapter` returns `True`, then set `name` (i.e. make it active),
- otherwise unset `name` (i.e. make it known but inactive).
- """
- for setting in self.settings.values():
- setting.active = adapter(setting.name, setting.active,
- setting.section)
-
- def change_matching(self, regexs, enable):
- """Change all symbols matching one of the regexs to the desired state."""
- if not regexs:
- return
- regex = re.compile('|'.join(regexs))
- for setting in self.settings.values():
- if regex.search(setting.name):
- setting.active = enable
-
-def is_full_section(section):
- """Is this section affected by "config.py full" and friends?"""
- return section.endswith('support') or section.endswith('modules')
-
-def realfull_adapter(_name, active, section):
- """Activate all symbols found in the global and boolean feature sections.
+def realfull_adapter(_name, _value, _active):
+ """Activate all symbols.
This is intended for building the documentation, including the
documentation of settings that are activated by defining an optional
- preprocessor macro.
-
- Do not activate definitions in the section containing symbols that are
- supposed to be defined and documented in their own module.
+ preprocessor macro. There is no expectation that the resulting
+ configuration can be built.
"""
- if section == 'Module configuration options':
- return active
return True
+PSA_UNSUPPORTED_FEATURE = frozenset([
+ 'PSA_WANT_ALG_CBC_MAC',
+ 'PSA_WANT_ALG_XTS',
+ 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE',
+ 'PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE'
+])
+
+PSA_DEPRECATED_FEATURE = frozenset([
+ 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR',
+ 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR'
+])
+
+PSA_UNSTABLE_FEATURE = frozenset([
+ 'PSA_WANT_ECC_SECP_K1_224'
+])
+
+EXCLUDE_FROM_CRYPTO = PSA_UNSUPPORTED_FEATURE | \
+ PSA_DEPRECATED_FEATURE | \
+ PSA_UNSTABLE_FEATURE
+
# The goal of the full configuration is to have everything that can be tested
# together. This includes deprecated or insecure options. It excludes:
# * Options that require additional build dependencies or unusual hardware.
@@ -200,7 +99,7 @@
'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature
'MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS', # removes a feature
'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG', # behavior change + build dependency
- 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # incompatible with USE_PSA_CRYPTO
+ 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # interface and behavior change
'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
'MBEDTLS_PSA_INJECT_ENTROPY', # conflicts with platform entropy sources
'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS
@@ -211,6 +110,8 @@
'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan)
'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers)
'MBEDTLS_X509_REMOVE_INFO', # removes a feature
+ 'MBEDTLS_PSA_STATIC_KEY_SLOTS', # only relevant for embedded devices
+ 'MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE', # only relevant for embedded devices
])
def is_seamless_alt(name):
@@ -243,9 +144,9 @@
return is_seamless_alt(name)
return True
-def full_adapter(name, active, section):
+def full_adapter(name, value, active):
"""Config adapter for "full"."""
- if not is_full_section(section):
+ if not is_boolean_setting(name, value):
return active
return include_in_full(name)
@@ -281,9 +182,9 @@
return False
return True
-def baremetal_adapter(name, active, section):
+def baremetal_adapter(name, value, active):
"""Config adapter for "baremetal"."""
- if not is_full_section(section):
+ if not is_boolean_setting(name, value):
return active
if name == 'MBEDTLS_NO_PLATFORM_ENTROPY':
# No OS-provided entropy source
@@ -300,10 +201,10 @@
'MBEDTLS_TEST_HOOKS', # only useful with the hosted test framework, increases code size
])
-def baremetal_size_adapter(name, active, section):
+def baremetal_size_adapter(name, value, active):
if name in EXCLUDE_FOR_SIZE:
return False
- return baremetal_adapter(name, active, section)
+ return baremetal_adapter(name, value, active)
def include_in_crypto(name):
"""Rules for symbols in a crypto configuration."""
@@ -322,15 +223,15 @@
def crypto_adapter(adapter):
"""Modify an adapter to disable non-crypto symbols.
- ``crypto_adapter(adapter)(name, active, section)`` is like
- ``adapter(name, active, section)``, but unsets all X.509 and TLS symbols.
+ ``crypto_adapter(adapter)(name, value, active)`` is like
+ ``adapter(name, value, active)``, but unsets all X.509 and TLS symbols.
"""
- def continuation(name, active, section):
+ def continuation(name, value, active):
if not include_in_crypto(name):
return False
if adapter is None:
return active
- return adapter(name, active, section)
+ return adapter(name, value, active)
return continuation
DEPRECATED = frozenset([
@@ -339,42 +240,39 @@
def no_deprecated_adapter(adapter):
"""Modify an adapter to disable deprecated symbols.
- ``no_deprecated_adapter(adapter)(name, active, section)`` is like
- ``adapter(name, active, section)``, but unsets all deprecated symbols
+ ``no_deprecated_adapter(adapter)(name, value, active)`` is like
+ ``adapter(name, value, active)``, but unsets all deprecated symbols
and sets ``MBEDTLS_DEPRECATED_REMOVED``.
"""
- def continuation(name, active, section):
+ def continuation(name, value, active):
if name == 'MBEDTLS_DEPRECATED_REMOVED':
return True
if name in DEPRECATED:
return False
if adapter is None:
return active
- return adapter(name, active, section)
+ return adapter(name, value, active)
return continuation
def no_platform_adapter(adapter):
"""Modify an adapter to disable platform symbols.
- ``no_platform_adapter(adapter)(name, active, section)`` is like
- ``adapter(name, active, section)``, but unsets all platform symbols other
+ ``no_platform_adapter(adapter)(name, value, active)`` is like
+ ``adapter(name, value, active)``, but unsets all platform symbols other
``than MBEDTLS_PLATFORM_C.
"""
- def continuation(name, active, section):
+ def continuation(name, value, active):
# Allow MBEDTLS_PLATFORM_C but remove all other platform symbols.
if name.startswith('MBEDTLS_PLATFORM_') and name != 'MBEDTLS_PLATFORM_C':
return False
if adapter is None:
return active
- return adapter(name, active, section)
+ return adapter(name, value, active)
return continuation
-class ConfigFile(Config):
- """Representation of the Mbed TLS configuration read for a file.
- See the documentation of the `Config` class for methods to query
- and modify the configuration.
- """
+class MbedTLSConfigFile(config_common.ConfigFile):
+ """Representation of an MbedTLS configuration file."""
_path_in_tree = 'include/mbedtls/mbedtls_config.h'
default_path = [_path_in_tree,
@@ -385,228 +283,143 @@
_path_in_tree)]
def __init__(self, filename=None):
- """Read the Mbed TLS configuration file."""
- if filename is None:
- for candidate in self.default_path:
- if os.path.lexists(candidate):
- filename = candidate
- break
- else:
- raise Exception('Mbed TLS configuration file not found',
- self.default_path)
- super().__init__()
- self.filename = filename
- self.inclusion_guard = None
+ super().__init__(self.default_path, 'Mbed TLS', filename)
self.current_section = 'header'
- with open(filename, 'r', encoding='utf-8') as file:
- self.templates = [self._parse_line(line) for line in file]
- self.current_section = None
+
+
+class CryptoConfigFile(config_common.ConfigFile):
+ """Representation of a Crypto configuration file."""
+
+ # Temporary, while Mbed TLS does not just rely on the TF-PSA-Crypto
+ # build system to build its crypto library. When it does, the
+ # condition can just be removed.
+ _path_in_tree = ('include/psa/crypto_config.h'
+ if not os.path.isdir(os.path.join(os.path.dirname(__file__),
+ os.pardir,
+ 'tf-psa-crypto')) else
+ 'tf-psa-crypto/include/psa/crypto_config.h')
+ default_path = [_path_in_tree,
+ os.path.join(os.path.dirname(__file__),
+ os.pardir,
+ _path_in_tree),
+ os.path.join(os.path.dirname(os.path.abspath(os.path.dirname(__file__))),
+ _path_in_tree)]
+
+ def __init__(self, filename=None):
+ super().__init__(self.default_path, 'Crypto', filename)
+
+
+class MbedTLSConfig(config_common.Config):
+ """Representation of the Mbed TLS configuration.
+
+ See the documentation of the `Config` class for methods to query
+ and modify the configuration.
+ """
+
+ def __init__(self, filename=None):
+ """Read the Mbed TLS configuration file."""
+
+ super().__init__()
+ configfile = MbedTLSConfigFile(filename)
+ self.configfiles.append(configfile)
+ self.settings.update({name: config_common.Setting(configfile, active, name, value, section)
+ for (active, name, value, section)
+ in configfile.parse_file()})
def set(self, name, value=None):
+ """Set name to the given value and make it active."""
+
if name not in self.settings:
- self.templates.append((name, '', '#define ' + name + ' '))
+ self._get_configfile().templates.append((name, '', '#define ' + name + ' '))
+
super().set(name, value)
- _define_line_regexp = (r'(?P<indentation>\s*)' +
- r'(?P<commented_out>(//\s*)?)' +
- r'(?P<define>#\s*define\s+)' +
- r'(?P<name>\w+)' +
- r'(?P<arguments>(?:\((?:\w|\s|,)*\))?)' +
- r'(?P<separator>\s*)' +
- r'(?P<value>.*)')
- _ifndef_line_regexp = r'#ifndef (?P<inclusion_guard>\w+)'
- _section_line_regexp = (r'\s*/?\*+\s*[\\@]name\s+SECTION:\s*' +
- r'(?P<section>.*)[ */]*')
- _config_line_regexp = re.compile(r'|'.join([_define_line_regexp,
- _ifndef_line_regexp,
- _section_line_regexp]))
- def _parse_line(self, line):
- """Parse a line in mbedtls_config.h and return the corresponding template."""
- line = line.rstrip('\r\n')
- m = re.match(self._config_line_regexp, line)
- if m is None:
- return line
- elif m.group('section'):
- self.current_section = m.group('section')
- return line
- elif m.group('inclusion_guard') and self.inclusion_guard is None:
- self.inclusion_guard = m.group('inclusion_guard')
- return line
- else:
- active = not m.group('commented_out')
- name = m.group('name')
- value = m.group('value')
- if name == self.inclusion_guard and value == '':
- # The file double-inclusion guard is not an option.
- return line
- template = (name,
- m.group('indentation'),
- m.group('define') + name +
- m.group('arguments') + m.group('separator'))
- self.settings[name] = Setting(active, name, value,
- self.current_section)
- return template
- def _format_template(self, name, indent, middle):
- """Build a line for mbedtls_config.h for the given setting.
+class CryptoConfig(config_common.Config):
+ """Representation of the PSA crypto configuration.
- The line has the form "<indent>#define <name> <value>"
- where <middle> is "#define <name> ".
- """
- setting = self.settings[name]
- value = setting.value
- if value is None:
- value = ''
- # Normally the whitespace to separate the symbol name from the
- # value is part of middle, and there's no whitespace for a symbol
- # with no value. But if a symbol has been changed from having a
- # value to not having one, the whitespace is wrong, so fix it.
- if value:
- if middle[-1] not in '\t ':
- middle += ' '
- else:
- middle = middle.rstrip()
- return ''.join([indent,
- '' if setting.active else '//',
- middle,
- value]).rstrip()
+ See the documentation of the `Config` class for methods to query
+ and modify the configuration.
+ """
- def write_to_stream(self, output):
- """Write the whole configuration to output."""
- for template in self.templates:
- if isinstance(template, str):
- line = template
- else:
- line = self._format_template(*template)
- output.write(line + '\n')
+ def __init__(self, filename=None):
+ """Read the PSA crypto configuration file."""
- def write(self, filename=None):
- """Write the whole configuration to the file it was read from.
+ super().__init__()
+ configfile = CryptoConfigFile(filename)
+ self.configfiles.append(configfile)
+ self.settings.update({name: config_common.Setting(configfile, active, name, value, section)
+ for (active, name, value, section)
+ in configfile.parse_file()})
- If filename is specified, write to this file instead.
- """
- if filename is None:
- filename = self.filename
- with open(filename, 'w', encoding='utf-8') as output:
- self.write_to_stream(output)
+ def set(self, name, value='1'):
+ """Set name to the given value and make it active."""
+
+ if name in PSA_UNSUPPORTED_FEATURE:
+ raise ValueError(f'Feature is unsupported: \'{name}\'')
+ if name in PSA_UNSTABLE_FEATURE:
+ raise ValueError(f'Feature is unstable: \'{name}\'')
+
+ if name not in self.settings:
+ self._get_configfile().templates.append((name, '', '#define ' + name + ' '))
+
+ super().set(name, value)
+
+
+class MbedTLSConfigTool(config_common.ConfigTool):
+ """Command line mbedtls_config.h and crypto_config.h manipulation tool."""
+
+ def __init__(self):
+ super().__init__(MbedTLSConfigFile.default_path)
+ self.config = MbedTLSConfig(self.args.file)
+
+ def custom_parser_options(self):
+ """Adds MbedTLS specific options for the parser."""
+
+ self.parser.add_argument(
+ '--cryptofile', '-c',
+ help="""Crypto file to read (and modify if requested). Default: {}."""
+ .format(CryptoConfigFile.default_path))
+
+ self.add_adapter(
+ 'baremetal', baremetal_adapter,
+ """Like full, but exclude features that require platform features
+ such as file input-output.
+ """)
+ self.add_adapter(
+ 'baremetal_size', baremetal_size_adapter,
+ """Like baremetal, but exclude debugging features. Useful for code size measurements.
+ """)
+ self.add_adapter(
+ 'full', full_adapter,
+ """Uncomment most features.
+ Exclude alternative implementations and platform support options, as well as
+ some options that are awkward to test.
+ """)
+ self.add_adapter(
+ 'full_no_deprecated', no_deprecated_adapter(full_adapter),
+ """Uncomment most non-deprecated features.
+ Like "full", but without deprecated features.
+ """)
+ self.add_adapter(
+ 'full_no_platform', no_platform_adapter(full_adapter),
+ """Uncomment most non-platform features. Like "full", but without platform features.
+ """)
+ self.add_adapter(
+ 'realfull', realfull_adapter,
+ """Uncomment all boolean #defines.
+ Suitable for generating documentation, but not for building.
+ """)
+ self.add_adapter(
+ 'crypto', crypto_adapter(None),
+ """Only include crypto features. Exclude X.509 and TLS.""")
+ self.add_adapter(
+ 'crypto_baremetal', crypto_adapter(baremetal_adapter),
+ """Like baremetal, but with only crypto features, excluding X.509 and TLS.""")
+ self.add_adapter(
+ 'crypto_full', crypto_adapter(full_adapter),
+ """Like full, but with only crypto features, excluding X.509 and TLS.""")
+
if __name__ == '__main__':
- def main():
- """Command line mbedtls_config.h manipulation tool."""
- parser = argparse.ArgumentParser(description="""
- Mbed TLS configuration file manipulation tool.
- """)
- parser.add_argument('--file', '-f',
- help="""File to read (and modify if requested).
- Default: {}.
- """.format(ConfigFile.default_path))
- parser.add_argument('--force', '-o',
- action='store_true',
- help="""For the set command, if SYMBOL is not
- present, add a definition for it.""")
- parser.add_argument('--write', '-w', metavar='FILE',
- help="""File to write to instead of the input file.""")
- subparsers = parser.add_subparsers(dest='command',
- title='Commands')
- parser_get = subparsers.add_parser('get',
- help="""Find the value of SYMBOL
- and print it. Exit with
- status 0 if a #define for SYMBOL is
- found, 1 otherwise.
- """)
- parser_get.add_argument('symbol', metavar='SYMBOL')
- parser_set = subparsers.add_parser('set',
- help="""Set SYMBOL to VALUE.
- If VALUE is omitted, just uncomment
- the #define for SYMBOL.
- Error out of a line defining
- SYMBOL (commented or not) is not
- found, unless --force is passed.
- """)
- parser_set.add_argument('symbol', metavar='SYMBOL')
- parser_set.add_argument('value', metavar='VALUE', nargs='?',
- default='')
- parser_set_all = subparsers.add_parser('set-all',
- help="""Uncomment all #define
- whose name contains a match for
- REGEX.""")
- parser_set_all.add_argument('regexs', metavar='REGEX', nargs='*')
- parser_unset = subparsers.add_parser('unset',
- help="""Comment out the #define
- for SYMBOL. Do nothing if none
- is present.""")
- parser_unset.add_argument('symbol', metavar='SYMBOL')
- parser_unset_all = subparsers.add_parser('unset-all',
- help="""Comment out all #define
- whose name contains a match for
- REGEX.""")
- parser_unset_all.add_argument('regexs', metavar='REGEX', nargs='*')
-
- def add_adapter(name, function, description):
- subparser = subparsers.add_parser(name, help=description)
- subparser.set_defaults(adapter=function)
- add_adapter('baremetal', baremetal_adapter,
- """Like full, but exclude features that require platform
- features such as file input-output.""")
- add_adapter('baremetal_size', baremetal_size_adapter,
- """Like baremetal, but exclude debugging features.
- Useful for code size measurements.""")
- add_adapter('full', full_adapter,
- """Uncomment most features.
- Exclude alternative implementations and platform support
- options, as well as some options that are awkward to test.
- """)
- add_adapter('full_no_deprecated', no_deprecated_adapter(full_adapter),
- """Uncomment most non-deprecated features.
- Like "full", but without deprecated features.
- """)
- add_adapter('full_no_platform', no_platform_adapter(full_adapter),
- """Uncomment most non-platform features.
- Like "full", but without platform features.
- """)
- add_adapter('realfull', realfull_adapter,
- """Uncomment all boolean #defines.
- Suitable for generating documentation, but not for building.""")
- add_adapter('crypto', crypto_adapter(None),
- """Only include crypto features. Exclude X.509 and TLS.""")
- add_adapter('crypto_baremetal', crypto_adapter(baremetal_adapter),
- """Like baremetal, but with only crypto features,
- excluding X.509 and TLS.""")
- add_adapter('crypto_full', crypto_adapter(full_adapter),
- """Like full, but with only crypto features,
- excluding X.509 and TLS.""")
-
- args = parser.parse_args()
- config = ConfigFile(args.file)
- if args.command is None:
- parser.print_help()
- return 1
- elif args.command == 'get':
- if args.symbol in config:
- value = config[args.symbol]
- if value:
- sys.stdout.write(value + '\n')
- return 0 if args.symbol in config else 1
- elif args.command == 'set':
- if not args.force and args.symbol not in config.settings:
- sys.stderr.write("A #define for the symbol {} "
- "was not found in {}\n"
- .format(args.symbol, config.filename))
- return 1
- config.set(args.symbol, value=args.value)
- elif args.command == 'set-all':
- config.change_matching(args.regexs, True)
- elif args.command == 'unset':
- config.unset(args.symbol)
- elif args.command == 'unset-all':
- config.change_matching(args.regexs, False)
- else:
- config.adapt(args.adapter)
- config.write(args.write)
- return 0
-
- # Import modules only used by main only if main is defined and called.
- # pylint: disable=wrong-import-position
- import argparse
- import sys
- sys.exit(main())
+ sys.exit(MbedTLSConfigTool().main())
diff --git a/scripts/data_files/driver_jsons/driver_opaque_schema.json b/scripts/data_files/driver_jsons/driver_opaque_schema.json
index 933eb07..b05da00 100644
--- a/scripts/data_files/driver_jsons/driver_opaque_schema.json
+++ b/scripts/data_files/driver_jsons/driver_opaque_schema.json
@@ -11,7 +11,7 @@
},
"type": {
"type": "string",
- "const": ["opaque"]
+ "const": "opaque"
},
"location": {
"type": ["integer","string"],
diff --git a/scripts/data_files/driver_jsons/driver_transparent_schema.json b/scripts/data_files/driver_jsons/driver_transparent_schema.json
index f5d91eb..1791163 100644
--- a/scripts/data_files/driver_jsons/driver_transparent_schema.json
+++ b/scripts/data_files/driver_jsons/driver_transparent_schema.json
@@ -11,7 +11,7 @@
},
"type": {
"type": "string",
- "const": ["transparent"]
+ "const": "transparent"
},
"mbedtls/h_condition": {
"type": "string"
diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py
deleted file mode 100755
index 600d160..0000000
--- a/scripts/generate_ssl_debug_helpers.py
+++ /dev/null
@@ -1,416 +0,0 @@
-#!/usr/bin/env python3
-
-"""Generate library/ssl_debug_helpers_generated.c
-
-The code generated by this module includes debug helper functions that can not be
-implemented by fixed codes.
-
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-import sys
-import re
-import os
-import textwrap
-import argparse
-
-import framework_scripts_path # pylint: disable=unused-import
-from mbedtls_framework import build_tree
-
-
-def remove_c_comments(string):
- """
- Remove C style comments from input string
- """
- string_pattern = r"(?P<string>\".*?\"|\'.*?\')"
- comment_pattern = r"(?P<comment>/\*.*?\*/|//[^\r\n]*$)"
- pattern = re.compile(string_pattern + r'|' + comment_pattern,
- re.MULTILINE | re.DOTALL)
-
- def replacer(match):
- if match.lastgroup == 'comment':
- return ""
- return match.group()
- return pattern.sub(replacer, string)
-
-
-class CondDirectiveNotMatch(Exception):
- pass
-
-
-def preprocess_c_source_code(source, *classes):
- """
- Simple preprocessor for C source code.
-
- Only processes condition directives without expanding them.
- Yield object according to the classes input. Most match firstly
-
- If the directive pair does not match , raise CondDirectiveNotMatch.
-
- Assume source code does not include comments and compile pass.
-
- """
-
- pattern = re.compile(r"^[ \t]*#[ \t]*" +
- r"(?P<directive>(if[ \t]|ifndef[ \t]|ifdef[ \t]|else|endif))" +
- r"[ \t]*(?P<param>(.*\\\n)*.*$)",
- re.MULTILINE)
- stack = []
-
- def _yield_objects(s, d, p, st, end):
- """
- Output matched source piece
- """
- nonlocal stack
- start_line, end_line = '', ''
- if stack:
- start_line = '#{} {}'.format(d, p)
- if d == 'if':
- end_line = '#endif /* {} */'.format(p)
- elif d == 'ifdef':
- end_line = '#endif /* defined({}) */'.format(p)
- else:
- end_line = '#endif /* !defined({}) */'.format(p)
- has_instance = False
- for cls in classes:
- for instance in cls.extract(s, st, end):
- if has_instance is False:
- has_instance = True
- yield pair_start, start_line
- yield instance.span()[0], instance
- if has_instance:
- yield start, end_line
-
- for match in pattern.finditer(source):
-
- directive = match.groupdict()['directive'].strip()
- param = match.groupdict()['param']
- start, end = match.span()
-
- if directive in ('if', 'ifndef', 'ifdef'):
- stack.append((directive, param, start, end))
- continue
-
- if not stack:
- raise CondDirectiveNotMatch()
-
- pair_directive, pair_param, pair_start, pair_end = stack.pop()
- yield from _yield_objects(source,
- pair_directive,
- pair_param,
- pair_end,
- start)
-
- if directive == 'endif':
- continue
-
- if pair_directive == 'if':
- directive = 'if'
- param = "!( {} )".format(pair_param)
- elif pair_directive == 'ifdef':
- directive = 'ifndef'
- param = pair_param
- else:
- directive = 'ifdef'
- param = pair_param
-
- stack.append((directive, param, start, end))
- assert not stack, len(stack)
-
-
-class EnumDefinition:
- """
- Generate helper functions around enumeration.
-
- Currently, it generate translation function from enum value to string.
- Enum definition looks like:
- [typedef] enum [prefix name] { [body] } [suffix name];
-
- Known limitation:
- - the '}' and ';' SHOULD NOT exist in different macro blocks. Like
- ```
- enum test {
- ....
- #if defined(A)
- ....
- };
- #else
- ....
- };
- #endif
- ```
- """
-
- @classmethod
- def extract(cls, source_code, start=0, end=-1):
- enum_pattern = re.compile(r'enum\s*(?P<prefix_name>\w*)\s*' +
- r'{\s*(?P<body>[^}]*)}' +
- r'\s*(?P<suffix_name>\w*)\s*;',
- re.MULTILINE | re.DOTALL)
-
- for match in enum_pattern.finditer(source_code, start, end):
- yield EnumDefinition(source_code,
- span=match.span(),
- group=match.groupdict())
-
- def __init__(self, source_code, span=None, group=None):
- assert isinstance(group, dict)
- prefix_name = group.get('prefix_name', None)
- suffix_name = group.get('suffix_name', None)
- body = group.get('body', None)
- assert prefix_name or suffix_name
- assert body
- assert span
- # If suffix_name exists, it is a typedef
- self._prototype = suffix_name if suffix_name else 'enum ' + prefix_name
- self._name = suffix_name if suffix_name else prefix_name
- self._body = body
- self._source = source_code
- self._span = span
-
- def __repr__(self):
- return 'Enum({},{})'.format(self._name, self._span)
-
- def __str__(self):
- return repr(self)
-
- def span(self):
- return self._span
-
- def generate_translation_function(self):
- """
- Generate function for translating value to string
- """
- translation_table = []
-
- for line in self._body.splitlines():
-
- if line.strip().startswith('#'):
- # Preprocess directive, keep it in table
- translation_table.append(line.strip())
- continue
-
- if not line.strip():
- continue
-
- for field in line.strip().split(','):
- if not field.strip():
- continue
- member = field.strip().split()[0]
- translation_table.append(
- '{space}case {member}:\n{space} return "{member}";'
- .format(member=member, space=' '*8)
- )
-
- body = textwrap.dedent('''\
- const char *{name}_str( {prototype} in )
- {{
- switch (in) {{
- {translation_table}
- default:
- return "UNKNOWN_VALUE";
- }}
- }}
- ''')
- body = body.format(translation_table='\n'.join(translation_table),
- name=self._name,
- prototype=self._prototype)
- return body
-
-
-class SignatureAlgorithmDefinition:
- """
- Generate helper functions for signature algorithms.
-
- It generates translation function from signature algorithm define to string.
- Signature algorithm definition looks like:
- #define MBEDTLS_TLS1_3_SIG_[ upper case signature algorithm ] [ value(hex) ]
-
- Known limitation:
- - the definitions SHOULD exist in same macro blocks.
- """
-
- @classmethod
- def extract(cls, source_code, start=0, end=-1):
- sig_alg_pattern = re.compile(r'#define\s+(?P<name>MBEDTLS_TLS1_3_SIG_\w+)\s+' +
- r'(?P<value>0[xX][0-9a-fA-F]+)$',
- re.MULTILINE | re.DOTALL)
- matches = list(sig_alg_pattern.finditer(source_code, start, end))
- if matches:
- yield SignatureAlgorithmDefinition(source_code, definitions=matches)
-
- def __init__(self, source_code, definitions=None):
- if definitions is None:
- definitions = []
- assert isinstance(definitions, list) and definitions
- self._definitions = definitions
- self._source = source_code
-
- def __repr__(self):
- return 'SigAlgs({})'.format(self._definitions[0].span())
-
- def span(self):
- return self._definitions[0].span()
-
- def __str__(self):
- """
- Generate function for translating value to string
- """
- translation_table = []
- for m in self._definitions:
- name = m.groupdict()['name']
- return_val = name[len('MBEDTLS_TLS1_3_SIG_'):].lower()
- translation_table.append(
- ' case {}:\n return "{}";'.format(name, return_val))
-
- body = textwrap.dedent('''\
- const char *mbedtls_ssl_sig_alg_to_str( uint16_t in )
- {{
- switch( in )
- {{
- {translation_table}
- }};
-
- return "UNKNOWN";
- }}''')
- body = body.format(translation_table='\n'.join(translation_table))
- return body
-
-
-class NamedGroupDefinition:
- """
- Generate helper functions for named group
-
- It generates translation function from named group define to string.
- Named group definition looks like:
- #define MBEDTLS_SSL_IANA_TLS_GROUP_[ upper case named group ] [ value(hex) ]
-
- Known limitation:
- - the definitions SHOULD exist in same macro blocks.
- """
-
- @classmethod
- def extract(cls, source_code, start=0, end=-1):
- named_group_pattern = re.compile(r'#define\s+(?P<name>MBEDTLS_SSL_IANA_TLS_GROUP_\w+)\s+' +
- r'(?P<value>0[xX][0-9a-fA-F]+)$',
- re.MULTILINE | re.DOTALL)
- matches = list(named_group_pattern.finditer(source_code, start, end))
- if matches:
- yield NamedGroupDefinition(source_code, definitions=matches)
-
- def __init__(self, source_code, definitions=None):
- if definitions is None:
- definitions = []
- assert isinstance(definitions, list) and definitions
- self._definitions = definitions
- self._source = source_code
-
- def __repr__(self):
- return 'NamedGroup({})'.format(self._definitions[0].span())
-
- def span(self):
- return self._definitions[0].span()
-
- def __str__(self):
- """
- Generate function for translating value to string
- """
- translation_table = []
- for m in self._definitions:
- name = m.groupdict()['name']
- iana_name = name[len('MBEDTLS_SSL_IANA_TLS_GROUP_'):].lower()
- translation_table.append(' case {}:\n return "{}";'.format(name, iana_name))
-
- body = textwrap.dedent('''\
- const char *mbedtls_ssl_named_group_to_str( uint16_t in )
- {{
- switch( in )
- {{
- {translation_table}
- }};
-
- return "UNKNOWN";
- }}''')
- body = body.format(translation_table='\n'.join(translation_table))
- return body
-
-
-OUTPUT_C_TEMPLATE = '''\
-/* Automatically generated by generate_ssl_debug_helpers.py. DO NOT EDIT. */
-
-/**
- * \\file ssl_debug_helpers_generated.c
- *
- * \\brief Automatically generated helper functions for debugging
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- *
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_DEBUG_C)
-
-#include "ssl_debug_helpers.h"
-
-{functions}
-
-#endif /* MBEDTLS_DEBUG_C */
-/* End of automatically generated file. */
-
-'''
-
-
-def generate_ssl_debug_helpers(output_directory, mbedtls_root):
- """
- Generate functions of debug helps
- """
- mbedtls_root = os.path.abspath(
- mbedtls_root or build_tree.guess_mbedtls_root())
- with open(os.path.join(mbedtls_root, 'include/mbedtls/ssl.h')) as f:
- source_code = remove_c_comments(f.read())
-
- definitions = dict()
- for start, instance in preprocess_c_source_code(source_code,
- EnumDefinition,
- SignatureAlgorithmDefinition,
- NamedGroupDefinition):
- if start in definitions:
- continue
- if isinstance(instance, EnumDefinition):
- definition = instance.generate_translation_function()
- else:
- definition = instance
- definitions[start] = definition
-
- function_definitions = [str(v) for _, v in sorted(definitions.items())]
- if output_directory == sys.stdout:
- sys.stdout.write(OUTPUT_C_TEMPLATE.format(
- functions='\n'.join(function_definitions)))
- else:
- with open(os.path.join(output_directory, 'ssl_debug_helpers_generated.c'), 'w') as f:
- f.write(OUTPUT_C_TEMPLATE.format(
- functions='\n'.join(function_definitions)))
-
-
-def main():
- """
- Command line entry
- """
- parser = argparse.ArgumentParser()
- parser.add_argument('--mbedtls-root', nargs='?', default=None,
- help='root directory of mbedtls source code')
- parser.add_argument('output_directory', nargs='?',
- default='library', help='source/header files location')
-
- args = parser.parse_args()
-
- generate_ssl_debug_helpers(args.output_directory, args.mbedtls_root)
- return 0
-
-
-if __name__ == '__main__':
- sys.exit(main())
diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat
index b03bce2..cac84b5 100644
--- a/scripts/make_generated_files.bat
+++ b/scripts/make_generated_files.bat
@@ -1,18 +1,31 @@
@rem Generate automatically-generated configuration-independent source files
@rem and build scripts.
-@rem Perl and Python 3 must be on the PATH.
+@rem Requirements:
+@rem * Perl must be on the PATH ("perl" command).
+@rem * Python 3.8 or above must be on the PATH ("python" command).
+@rem * Either a C compiler called "cc" must be on the PATH, or
+@rem the "CC" environment variable must point to a C compiler.
+
+@rem @@@@ library\** @@@@
@rem psa_crypto_driver_wrappers.h needs to be generated prior to
@rem generate_visualc_files.pl being invoked.
python scripts\generate_driver_wrappers.py || exit /b 1
perl scripts\generate_errors.pl || exit /b 1
perl scripts\generate_query_config.pl || exit /b 1
perl scripts\generate_features.pl || exit /b 1
-python scripts\generate_ssl_debug_helpers.py || exit /b 1
+python framework\scripts\generate_ssl_debug_helpers.py || exit /b 1
+
+@rem @@@@ Build @@@@
perl scripts\generate_visualc_files.pl || exit /b 1
+
+@rem @@@@ programs\** @@@@
python scripts\generate_psa_constants.py || exit /b 1
+
+@rem @@@@ tests\** @@@@
python framework\scripts\generate_bignum_tests.py || exit /b 1
python framework\scripts\generate_config_tests.py || exit /b 1
python framework\scripts\generate_ecp_tests.py || exit /b 1
python framework\scripts\generate_psa_tests.py || exit /b 1
python framework\scripts\generate_test_keys.py --output tests\src\test_keys.h || exit /b 1
python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1
+python framework\scripts\generate_tls13_compat_tests.py || exit /b 1
diff --git a/tests/.gitignore b/tests/.gitignore
index 870fa79..0c58875 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -18,6 +18,7 @@
###START_GENERATED_FILES###
# Generated source files
+/opt-testcases/tls13-compat.sh
/suites/*.generated.data
/suites/test_suite_config.mbedtls_boolean.data
/suites/test_suite_config.psa_boolean.data
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index b909c4e..1eb5e3b 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -163,6 +163,22 @@
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_extra.h
)
+ add_custom_command(
+ OUTPUT
+ ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/tls13-compat.sh
+ WORKING_DIRECTORY
+ ${CMAKE_CURRENT_SOURCE_DIR}/..
+ COMMAND
+ "${MBEDTLS_PYTHON_EXECUTABLE}"
+ "${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls13_compat_tests.py"
+ DEPENDS
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls13_compat_tests.py
+ )
+ add_custom_target(tls13-compat.sh
+ DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/tls13-compat.sh)
+ set_target_properties(tls13-compat.sh PROPERTIES EXCLUDE_FROM_ALL NO)
+ add_dependencies(${ssl_opt_target} tls13-compat.sh)
+
else()
foreach(file ${all_generated_data_files})
link_to_source(${file})
diff --git a/tests/Makefile b/tests/Makefile
index 14c6995..a1f9b90 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -55,6 +55,15 @@
GENERATED_FILES = $(GENERATED_DATA_FILES)
GENERATED_FILES += src/test_keys.h src/test_certs.h
+# Generated files needed to (fully) run ssl-opt.sh
+.PHONY: ssl-opt
+
+opt-testcases/tls13-compat.sh: ../framework/scripts/generate_tls13_compat_tests.py
+ echo " Gen $@"
+ $(PYTHON) ../framework/scripts/generate_tls13_compat_tests.py -o $@
+GENERATED_FILES += opt-testcases/tls13-compat.sh
+ssl-opt: opt-testcases/tls13-compat.sh
+
.PHONY: generated_files
generated_files: $(GENERATED_FILES)
@@ -149,9 +158,11 @@
src/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \
$($(PYTHON) ../framework/scripts/generate_test_cert_macros.py --list-dependencies)
+ echo " Gen $@"
$(PYTHON) ../framework/scripts/generate_test_cert_macros.py --output $@
src/test_keys.h: ../framework/scripts/generate_test_keys.py
+ echo " Gen $@"
$(PYTHON) ../framework/scripts/generate_test_keys.py --output $@
TEST_OBJS_DEPS = $(wildcard include/test/*.h include/test/*/*.h)
diff --git a/tests/compat.sh b/tests/compat.sh
index 52f75e0..22da5ee 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -290,7 +290,7 @@
# list of entries of the form "STANDARD_NAME=PROGRAM_NAME".
translate_ciphers()
{
- ciphers=$(scripts/translate_ciphers.py "$@")
+ ciphers=$(../framework/scripts/translate_ciphers.py "$@")
if [ $? -ne 0 ]; then
echo "translate_ciphers.py failed with exit code $1" >&2
echo "$2" >&2
diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h
index 639496b..e187ae2 100644
--- a/tests/configs/user-config-for-test.h
+++ b/tests/configs/user-config-for-test.h
@@ -39,6 +39,7 @@
/* Use the accelerator driver for all cryptographic mechanisms for which
* the test driver implemented. */
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index 1039712..bf0707d 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -468,4 +468,43 @@
#define MBEDTLS_TEST_PSA_INTERNAL_KEYS \
MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG
+/* A couple of helper macros to verify if MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is
+ * large enough to contain an RSA key pair of the given size. This is meant to be
+ * used in test cases where MBEDTLS_PSA_STATIC_KEY_SLOTS is enabled. */
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+
+#if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(4096))
+#define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096
+#endif
+
+#if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(2048))
+#define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_2048
+#endif
+
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
+/* Helper macro to get the size of the each key slot buffer. */
+#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
+#else
+#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE SIZE_MAX
+#endif
+
+/* Helper macro for the PK module to check whether MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
+ * is large enough to contain 4096-bit RSA key pairs. Of course this check is only
+ * necessary if PK relies on PSA (i.e. MBEDTLS_USE_PSA_CRYPTO) to store and manage
+ * the key. */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+
+#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) || \
+ defined(MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096)
+#define MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
+#endif
+
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+
+#define MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
+
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#endif /* PSA_CRYPTO_HELPERS_H */
diff --git a/tests/opt-testcases/sample.sh b/tests/opt-testcases/sample.sh
new file mode 100644
index 0000000..ff847cc
--- /dev/null
+++ b/tests/opt-testcases/sample.sh
@@ -0,0 +1,374 @@
+# Test that SSL sample programs can interoperate with each other
+# and with OpenSSL and GnuTLS.
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+: ${PROGRAMS_DIR:=../programs/ssl}
+
+run_test "Sample: ssl_client1, ssl_server2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_server2" \
+ "$PROGRAMS_DIR/ssl_client1" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -c "[1-9][0-9]* bytes written" \
+ -S "error" \
+ -C "error"
+
+requires_protocol_version tls12
+run_test "Sample: ssl_client1, openssl server, TLS 1.2" \
+ -P 4433 \
+ "$O_SRV -tls1_2" \
+ "$PROGRAMS_DIR/ssl_client1" \
+ 0 \
+ -c "Protocol.*TLSv1.2" \
+ -S "ERROR" \
+ -C "error"
+
+requires_protocol_version tls12
+run_test "Sample: ssl_client1, gnutls server, TLS 1.2" \
+ -P 4433 \
+ "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" \
+ "$PROGRAMS_DIR/ssl_client1" \
+ 0 \
+ -s "Version: TLS1.2" \
+ -c "<TD>Protocol version:</TD><TD>TLS1.2</TD>" \
+ -S "Error" \
+ -C "error"
+
+requires_protocol_version tls13
+requires_openssl_tls1_3
+run_test "Sample: ssl_client1, openssl server, TLS 1.3" \
+ -P 4433 \
+ "$O_NEXT_SRV -tls1_3" \
+ "$PROGRAMS_DIR/ssl_client1" \
+ 0 \
+ -c "New, TLSv1.3, Cipher is" \
+ -S "ERROR" \
+ -C "error"
+
+requires_protocol_version tls13
+requires_gnutls_tls1_3
+run_test "Sample: ssl_client1, gnutls server, TLS 1.3" \
+ -P 4433 \
+ "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3" \
+ "$PROGRAMS_DIR/ssl_client1" \
+ 0 \
+ -s "Version: TLS1.3" \
+ -c "<TD>Protocol version:</TD><TD>TLS1.3</TD>" \
+ -S "Error" \
+ -C "error"
+
+# The server complains of extra data after it closes the connection
+# because the client keeps sending data, so the server receives
+# more application data when it expects a new handshake. We consider
+# the test a success if both sides have sent and received application
+# data, no matter what happens afterwards.
+run_test "Sample: dtls_client, ssl_server2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_server2 dtls=1 server_addr=localhost" \
+ "$PROGRAMS_DIR/dtls_client" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -c "[1-9][0-9]* bytes written" \
+ -C "error"
+
+# The dtls_client program connects to localhost. This test case fails on
+# systems where the name "localhost" resolves to an IPv6 address, but
+# the IPv6 connection is not possible. Possible reasons include:
+# * OpenSSL is too old (IPv6 support was added in 1.1.0).
+# * OpenSSL was built without IPv6 support.
+# * A firewall blocks IPv6.
+#
+# To facilitate working with this test case, have it run with $OPENSSL_NEXT
+# which is at least 1.1.1a. At the time it was introduced, this test case
+# passed with OpenSSL 1.0.2g on an environment where IPv6 is disabled.
+requires_protocol_version dtls12
+run_test "Sample: dtls_client, openssl server, DTLS 1.2" \
+ -P 4433 \
+ "$O_NEXT_SRV -dtls1_2" \
+ "$PROGRAMS_DIR/dtls_client" \
+ 0 \
+ -s "Echo this" \
+ -c "Echo this" \
+ -c "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -S "ERROR" \
+ -C "error"
+
+requires_protocol_version dtls12
+run_test "Sample: dtls_client, gnutls server, DTLS 1.2" \
+ -P 4433 \
+ "$G_SRV -u --echo --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" \
+ "$PROGRAMS_DIR/dtls_client" \
+ 0 \
+ -s "Server listening" \
+ -s "[1-9][0-9]* bytes command:" \
+ -c "Echo this" \
+ -c "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -S "Error" \
+ -C "error"
+
+run_test "Sample: ssl_server, ssl_client2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_server" \
+ "$PROGRAMS_DIR/ssl_client2" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -c "[1-9][0-9]* bytes written" \
+ -S "error" \
+ -C "error"
+
+run_test "Sample: ssl_client1 with ssl_server" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_server" \
+ "$PROGRAMS_DIR/ssl_client1" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -c "[1-9][0-9]* bytes written" \
+ -S "error" \
+ -C "error"
+
+requires_protocol_version tls12
+run_test "Sample: ssl_server, openssl client, TLS 1.2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_server" \
+ "$O_CLI -tls1_2" \
+ 0 \
+ -s "Successful connection using: TLS-" \
+ -c "Protocol.*TLSv1.2" \
+ -S "error" \
+ -C "ERROR"
+
+requires_protocol_version tls12
+run_test "Sample: ssl_server, gnutls client, TLS 1.2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_server" \
+ "$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
+ 0 \
+ -s "Successful connection using: TLS-" \
+ -c "Description:.*TLS1.2" \
+ -S "error" \
+ -C "ERROR"
+
+requires_protocol_version tls13
+requires_openssl_tls1_3
+run_test "Sample: ssl_server, openssl client, TLS 1.3" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_server" \
+ "$O_NEXT_CLI -tls1_3" \
+ 0 \
+ -s "Successful connection using: TLS1-3-" \
+ -c "New, TLSv1.3, Cipher is" \
+ -S "error" \
+ -C "ERROR"
+
+requires_protocol_version tls13
+requires_gnutls_tls1_3
+run_test "Sample: ssl_server, gnutls client, TLS 1.3" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_server" \
+ "$G_NEXT_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \
+ 0 \
+ -s "Successful connection using: TLS1-3-" \
+ -c "Description:.*TLS1.3" \
+ -S "error" \
+ -C "ERROR"
+
+run_test "Sample: ssl_fork_server, ssl_client2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_fork_server" \
+ "$PROGRAMS_DIR/ssl_client2" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -c "[1-9][0-9]* bytes written" \
+ -S "error" \
+ -C "error"
+
+run_test "Sample: ssl_client1 with ssl_fork_server" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_fork_server" \
+ "$PROGRAMS_DIR/ssl_client1" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -c "[1-9][0-9]* bytes written" \
+ -S "error" \
+ -C "error"
+
+requires_protocol_version tls12
+run_test "Sample: ssl_fork_server, openssl client, TLS 1.2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_fork_server" \
+ "$O_CLI -tls1_2" \
+ 0 \
+ -s "Successful connection using: TLS-" \
+ -c "Protocol.*TLSv1.2" \
+ -S "error" \
+ -C "ERROR"
+
+requires_protocol_version tls12
+run_test "Sample: ssl_fork_server, gnutls client, TLS 1.2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_fork_server" \
+ "$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
+ 0 \
+ -s "Successful connection using: TLS-" \
+ -c "Description:.*TLS1.2" \
+ -S "error" \
+ -C "ERROR"
+
+requires_protocol_version tls13
+requires_openssl_tls1_3
+run_test "Sample: ssl_fork_server, openssl client, TLS 1.3" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_fork_server" \
+ "$O_NEXT_CLI -tls1_3" \
+ 0 \
+ -s "Successful connection using: TLS1-3-" \
+ -c "New, TLSv1.3, Cipher is" \
+ -S "error" \
+ -C "ERROR"
+
+requires_protocol_version tls13
+requires_gnutls_tls1_3
+run_test "Sample: ssl_fork_server, gnutls client, TLS 1.3" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_fork_server" \
+ "$G_NEXT_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \
+ 0 \
+ -s "Successful connection using: TLS1-3-" \
+ -c "Description:.*TLS1.3" \
+ -S "error" \
+ -C "ERROR"
+
+run_test "Sample: ssl_pthread_server, ssl_client2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_pthread_server" \
+ "$PROGRAMS_DIR/ssl_client2" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -c "[1-9][0-9]* bytes written" \
+ -S "error" \
+ -C "error"
+
+run_test "Sample: ssl_client1 with ssl_pthread_server" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_pthread_server" \
+ "$PROGRAMS_DIR/ssl_client1" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -c "[1-9][0-9]* bytes written" \
+ -S "error" \
+ -C "error"
+
+requires_protocol_version tls12
+run_test "Sample: ssl_pthread_server, openssl client, TLS 1.2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_pthread_server" \
+ "$O_CLI -tls1_2" \
+ 0 \
+ -s "Successful connection using: TLS-" \
+ -c "Protocol.*TLSv1.2" \
+ -S "error" \
+ -C "ERROR"
+
+requires_protocol_version tls12
+run_test "Sample: ssl_pthread_server, gnutls client, TLS 1.2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_pthread_server" \
+ "$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
+ 0 \
+ -s "Successful connection using: TLS-" \
+ -c "Description:.*TLS1.2" \
+ -S "error" \
+ -C "ERROR"
+
+requires_protocol_version tls13
+requires_openssl_tls1_3
+run_test "Sample: ssl_pthread_server, openssl client, TLS 1.3" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_pthread_server" \
+ "$O_NEXT_CLI -tls1_3" \
+ 0 \
+ -s "Successful connection using: TLS1-3-" \
+ -c "New, TLSv1.3, Cipher is" \
+ -S "error" \
+ -C "ERROR"
+
+requires_protocol_version tls13
+requires_gnutls_tls1_3
+run_test "Sample: ssl_pthread_server, gnutls client, TLS 1.3" \
+ -P 4433 \
+ "$PROGRAMS_DIR/ssl_pthread_server" \
+ "$G_NEXT_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \
+ 0 \
+ -s "Successful connection using: TLS1-3-" \
+ -c "Description:.*TLS1.3" \
+ -S "error" \
+ -C "ERROR"
+
+run_test "Sample: dtls_client with dtls_server" \
+ -P 4433 \
+ "$PROGRAMS_DIR/dtls_server" \
+ "$PROGRAMS_DIR/dtls_client" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -c "[1-9][0-9]* bytes written" \
+ -S "error" \
+ -C "error"
+
+run_test "Sample: ssl_client2, dtls_server" \
+ -P 4433 \
+ "$PROGRAMS_DIR/dtls_server" \
+ "$PROGRAMS_DIR/ssl_client2 dtls=1" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "[1-9][0-9]* bytes read" \
+ -c "[1-9][0-9]* bytes written" \
+ -S "error" \
+ -C "error"
+
+requires_protocol_version dtls12
+run_test "Sample: dtls_server, openssl client, DTLS 1.2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/dtls_server" \
+ "$O_CLI -dtls1_2" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "Protocol.*TLSv1.2" \
+ -S "error" \
+ -C "ERROR"
+
+requires_protocol_version dtls12
+run_test "Sample: dtls_server, gnutls client, DTLS 1.2" \
+ -P 4433 \
+ "$PROGRAMS_DIR/dtls_server" \
+ "$G_CLI -u --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
+ 0 \
+ -s "[1-9][0-9]* bytes read" \
+ -s "[1-9][0-9]* bytes written" \
+ -c "Description:.*DTLS1.2" \
+ -S "error" \
+ -C "ERROR"
diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh
deleted file mode 100755
index b3a0295..0000000
--- a/tests/opt-testcases/tls13-compat.sh
+++ /dev/null
@@ -1,15241 +0,0 @@
-#!/bin/sh
-
-# tls13-compat.sh
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-# Purpose
-#
-# List TLS1.3 compat test cases. They are generated by
-# `./tests/scripts/generate_tls13_compat_tests.py -a -o ./tests/opt-testcases/tls13-compat.sh`.
-#
-# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
-# AND REGENERATE THIS FILE.
-#
-
-DATA_FILES_PATH=../framework/data_files
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x403" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x503" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x603" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
- -s "received signature algorithm: 0x804" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
- -c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -C "received HelloRetryRequest message"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp256r1 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp384r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp256r1 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp521r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp256r1 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x25519"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp256r1 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x448"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: ffdhe2048"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp384r1 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp256r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp384r1 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp521r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp384r1 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x25519"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp384r1 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x448"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: ffdhe2048"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp521r1 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp256r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp521r1 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp384r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp521r1 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x25519"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR secp521r1 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x448"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: ffdhe2048"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR x25519 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp256r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR x25519 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp384r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR x25519 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp521r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR x25519 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x448"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: ffdhe2048"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR x448 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp256r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR x448 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp384r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR x448 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp521r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3
-run_test "TLS 1.3 O->m: HRR x448 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x25519"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: HRR x448 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:ffdhe2048 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: ffdhe2048"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:P-256 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp256r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:P-384 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp384r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:P-521 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp521r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: HRR ffdhe2048 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:X25519 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x25519"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_openssl_tls1_3_with_ffdh
-run_test "TLS 1.3 O->m: HRR ffdhe2048 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:X448 -msg -tls1_3" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x448"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp256r1 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp384r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp256r1 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp521r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp256r1 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x25519"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp256r1 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x448"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp256r1 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: ffdhe2048"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp384r1 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp256r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp384r1 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp521r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp384r1 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x25519"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp384r1 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x448"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp384r1 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: ffdhe2048"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp521r1 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp256r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp521r1 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp384r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp521r1 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x25519"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp521r1 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x448"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR secp521r1 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: ffdhe2048"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR x25519 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp256r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR x25519 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp384r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR x25519 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp521r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR x25519 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x448"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR x25519 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: ffdhe2048"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR x448 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp256r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR x448 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp384r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR x448 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp521r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR x448 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x25519"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR x448 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: ffdhe2048"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp256r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp384r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: secp521r1"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR ffdhe2048 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x25519"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-run_test "TLS 1.3 G->m: HRR ffdhe2048 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -s "HRR selected_group: x448"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe2048" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe2048" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe2048" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR x25519 -> x448" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe2048" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->O: HRR x448 -> x25519" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_openssl_tls1_3_with_ffdh
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: HRR x448 -> ffdhe2048" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp256r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp384r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp521r1" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x25519" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x448" \
- "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \
- 0 \
- -c "HTTP/1.0 200 ok" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: HRR secp256r1 -> ffdhe2048" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: HRR secp384r1 -> ffdhe2048" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: HRR secp521r1 -> ffdhe2048" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR x25519 -> x448" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: HRR x25519 -> ffdhe2048" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->G: HRR x448 -> x25519" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: HRR x448 -> ffdhe2048" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp256r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp384r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp521r1" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x25519" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x448" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \
- 0 \
- -c "HTTP/1.0 200 OK" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp256r1 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp384r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp256r1 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp521r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp256r1 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: x25519" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp256r1 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: x448" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: HRR secp256r1 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: ffdhe2048" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp384r1 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp256r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp384r1 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp521r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp384r1 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: x25519" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp384r1 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: x448" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: HRR secp384r1 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: ffdhe2048" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp521r1 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp256r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp521r1 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp384r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp521r1 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: x25519" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR secp521r1 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: x448" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: HRR secp521r1 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: ffdhe2048" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR x25519 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp256r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR x25519 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp384r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR x25519 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp521r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR x25519 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: x448" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: HRR x25519 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: ffdhe2048" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR x448 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp256r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR x448 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp384r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR x448 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp521r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-run_test "TLS 1.3 m->m: HRR x448 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: x25519" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: HRR x448 -> ffdhe2048" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: ffdhe2048(0100)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: ffdhe2048" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 256 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp256r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp256r1(0017)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: secp256r1 ( 17 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp256r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 23 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp384r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp384r1(0018)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: secp384r1 ( 18 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp384r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 24 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp521r1" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: secp521r1(0019)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: secp521r1 ( 19 )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: secp521r1" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 25 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x25519" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x25519(001d)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: x25519 ( 1d )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: x25519" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 29 )"
-
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled PSA_WANT_ALG_ECDH
-requires_config_enabled PSA_WANT_ALG_FFDH
-requires_config_enabled PSA_WANT_DH_RFC7919_2048
-run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x448" \
- "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \
- 0 \
- -s "Protocol is TLSv1.3" \
- -s "got named group: x448(001e)" \
- -s "Certificate verification was skipped" \
- -c "Protocol is TLSv1.3" \
- -c "NamedGroup: ffdhe2048 ( 100 )" \
- -c "NamedGroup: x448 ( 1e )" \
- -c "Verifying peer X.509 certificate... ok" \
- -s "HRR selected_group: x448" \
- -c "received HelloRetryRequest message" \
- -c "selected_group ( 30 )"
diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh
old mode 100755
new mode 100644
index 782bda2..1bb251f
--- a/tests/opt-testcases/tls13-kex-modes.sh
+++ b/tests/opt-testcases/tls13-kex-modes.sh
@@ -1,16 +1,16 @@
-#!/bin/sh
-
-# tls13-kex-modes.sh
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
+# Systematic testing of TLS 1.3 key exchange modes.
# DO NOT ADD NEW TEST CASES INTO THIS FILE. The left cases will be generated by
# scripts in future(#6280)
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: all/psk, good" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -29,7 +29,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: all/psk, fail, key id mismatch" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -47,7 +49,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: all/psk, fail, key material mismatch" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -65,7 +69,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -84,7 +90,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key id mismatch" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -102,7 +110,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key material mismatch" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -120,7 +130,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -139,7 +151,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -157,7 +171,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -175,7 +191,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -194,7 +212,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key id mismatch" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -212,7 +232,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key material mismatch" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -230,7 +252,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_ephemeral, fail, no common kex mode" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -247,7 +271,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \
@@ -267,7 +293,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key id mismatch" \
@@ -286,7 +314,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key material mismatch" \
@@ -305,7 +335,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_all, good" \
@@ -325,7 +357,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_all, fail, key id mismatch" \
@@ -344,7 +378,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_all, fail, key material mismatch" \
@@ -363,7 +399,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \
@@ -383,7 +421,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key id mismatch" \
@@ -402,7 +442,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key material mismatch" \
@@ -421,7 +463,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \
@@ -441,7 +485,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \
@@ -460,7 +506,9 @@
-s "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \
@@ -479,7 +527,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/ephemeral_all, good" \
@@ -499,7 +549,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \
@@ -518,7 +570,9 @@
-s "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/ephemeral_all, fail, key material mismatch" \
@@ -537,7 +591,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \
@@ -558,7 +614,9 @@
-s "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -579,7 +637,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -599,7 +659,9 @@
-s "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -619,7 +681,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -640,7 +704,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -660,7 +726,9 @@
-s "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -680,7 +748,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -701,7 +771,9 @@
-s "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -721,7 +793,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \
@@ -742,7 +816,9 @@
-s "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \
@@ -762,7 +838,9 @@
-s "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_or_ephemeral, fail, key material mismatch" \
@@ -781,7 +859,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \
@@ -801,7 +881,9 @@
-s "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, fail, key material mismatch" \
@@ -820,7 +902,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_config_enabled PSA_WANT_ALG_ECDH
run_test "TLS 1.3: G->m: psk_ephemeral group(secp256r1) check, good" \
@@ -835,7 +919,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_config_enabled PSA_WANT_ALG_ECDH
run_test "TLS 1.3: G->m: psk_ephemeral group(secp384r1) check, good" \
@@ -850,7 +936,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_config_enabled PSA_WANT_ALG_ECDH
run_test "TLS 1.3: G->m: psk_ephemeral group(secp521r1) check, good" \
@@ -865,7 +953,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_config_enabled PSA_WANT_ALG_ECDH
run_test "TLS 1.3: G->m: psk_ephemeral group(x25519) check, good" \
@@ -880,7 +970,9 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_config_enabled PSA_WANT_ALG_ECDH
run_test "TLS 1.3: G->m: psk_ephemeral group(x448) check, good" \
@@ -895,7 +987,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk, fail, no common kex mode" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -911,7 +1005,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: O->m: all/psk, good" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -929,7 +1025,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: O->m: all/psk, fail, key id mismatch" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -946,7 +1044,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: O->m: all/psk, fail, key material mismatch" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -963,7 +1063,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -981,7 +1083,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -998,7 +1102,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -1015,7 +1121,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -1033,7 +1141,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -1050,7 +1160,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key material mismatch" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
@@ -1067,7 +1179,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \
@@ -1086,7 +1200,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key id mismatch" \
@@ -1104,7 +1220,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key material mismatch" \
@@ -1122,7 +1240,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_all, good" \
@@ -1141,7 +1261,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_all, fail, key id mismatch" \
@@ -1159,7 +1281,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_all, fail, key material mismatch" \
@@ -1177,7 +1301,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \
@@ -1196,7 +1322,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \
@@ -1214,7 +1342,9 @@
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \
@@ -1232,7 +1362,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/ephemeral_all, good" \
@@ -1251,7 +1383,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \
@@ -1269,7 +1403,9 @@
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/ephemeral_all, fail, key material mismatch" \
@@ -1287,7 +1423,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1307,7 +1445,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1326,7 +1466,9 @@
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1345,7 +1487,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1365,7 +1509,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1384,7 +1530,9 @@
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1403,7 +1551,9 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \
@@ -1423,7 +1573,9 @@
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \
@@ -1442,7 +1594,9 @@
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \
@@ -1460,10 +1614,12 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
- PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_256
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled PSA_WANT_ALG_ECDH
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups P-256 \
@@ -1475,10 +1631,12 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
- PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_384
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled PSA_WANT_ALG_ECDH
+requires_config_enabled PSA_WANT_ECC_SECP_R1_384
run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp384r1 \
@@ -1490,10 +1648,12 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
- PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_521
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled PSA_WANT_ALG_ECDH
+requires_config_enabled PSA_WANT_ECC_SECP_R1_521
run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp521r1 \
@@ -1505,10 +1665,12 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
- PSA_WANT_ALG_ECDH PSA_WANT_ECC_MONTGOMERY_255
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled PSA_WANT_ALG_ECDH
+requires_config_enabled PSA_WANT_ECC_MONTGOMERY_255
run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X25519 \
@@ -1520,10 +1682,12 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
- PSA_WANT_ALG_ECDH PSA_WANT_ECC_MONTGOMERY_448
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled PSA_WANT_ALG_ECDH
+requires_config_enabled PSA_WANT_ECC_MONTGOMERY_448
run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X448 \
@@ -1535,10 +1699,12 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
- PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_384
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled PSA_WANT_ALG_ECDH
+requires_config_enabled PSA_WANT_ECC_SECP_R1_384
run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \
"$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \
@@ -1552,10 +1718,12 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
- PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_384
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled PSA_WANT_ALG_ECDH
+requires_config_enabled PSA_WANT_ECC_SECP_R1_384
run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \
"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \
@@ -1804,7 +1972,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral, fail - no common kex mode" \
@@ -1831,7 +1998,6 @@
-c "HTTP/1.0 200 OK"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -2727,7 +2893,6 @@
#OPENSSL-SERVER psk mode
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -2745,7 +2910,6 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -2763,7 +2927,6 @@
#OPENSSL-SERVER psk_all mode
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -2782,7 +2945,6 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -2802,7 +2964,6 @@
#OPENSSL-SERVER psk_ephemeral mode
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -2820,7 +2981,6 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -2839,7 +2999,6 @@
#OPENSSL-SERVER ephemeral mode
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -2852,7 +3011,6 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -2866,7 +3024,6 @@
#OPENSSL-SERVER ephemeral_all mode
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -2885,7 +3042,6 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -2905,7 +3061,6 @@
#OPENSSL-SERVER all mode
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -2925,7 +3080,6 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -2946,7 +3100,6 @@
#GNUTLS-SERVER psk mode
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -2966,7 +3119,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -2986,7 +3138,6 @@
#GNUTLS-SERVER psk_all mode
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -3007,7 +3158,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -3029,7 +3179,6 @@
#GNUTLS-SERVER psk_ephemeral mode
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -3049,7 +3198,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -3070,7 +3218,6 @@
#GNUTLS-SERVER ephemeral mode
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -3083,7 +3230,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -3097,7 +3243,6 @@
#GNUTLS-SERVER ephemeral_all mode
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -3118,7 +3263,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -3140,7 +3284,6 @@
#GNUTLS-SERVER all mode
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -3162,7 +3305,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh
old mode 100755
new mode 100644
index f6520a1..76cbeec
--- a/tests/opt-testcases/tls13-misc.sh
+++ b/tests/opt-testcases/tls13-misc.sh
@@ -1,18 +1,14 @@
-#!/bin/sh
+# Miscellaneous tests of TLS 1.3 features.
-# tls13-misc.sh
-#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
-
run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -27,11 +23,9 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
-
run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\
@@ -43,9 +37,13 @@
-s "Found PSK KEX MODE" \
-s "No matched ciphersuite"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \
"$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 new_session_tickets=1 reco_mode=1 reconnect=1" \
@@ -57,9 +55,13 @@
-S "key exchange mode: ephemeral$" \
-S "ticket is not authentic"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \
"$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 new_session_tickets=1 reco_mode=1 reconnect=1" \
@@ -72,7 +74,9 @@
-s "ticket is not authentic"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \
"$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
@@ -89,11 +93,12 @@
-S "key exchange mode: ephemeral"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
-requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: PSK: configured psk only, good." \
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
@@ -107,11 +112,12 @@
-s "key exchange mode: psk$"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
@@ -125,11 +131,12 @@
-s "key exchange mode: psk_ephemeral$"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \
"$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
@@ -138,11 +145,13 @@
0 \
-s "key exchange mode: ephemeral$"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption" \
@@ -157,11 +166,13 @@
-s "key exchange mode: psk" \
-s "Select PSK ciphersuite"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption with servername" \
@@ -177,11 +188,13 @@
-s "key exchange mode: psk" \
-s "Select PSK ciphersuite"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption with ticket max lifetime (7d)" \
@@ -196,11 +209,13 @@
-s "key exchange mode: psk" \
-s "Select PSK ciphersuite"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
@@ -217,11 +232,14 @@
-s "key exchange mode: psk" \
-s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption with early data" \
@@ -247,11 +265,14 @@
-s "EncryptedExtensions: early_data(42) extension exists." \
-s "early data bytes read"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
@@ -279,11 +300,14 @@
-s "EncryptedExtensions: early_data(42) extension exists." \
-s "early data bytes read"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-default" \
@@ -308,11 +332,14 @@
-S "EncryptedExtensions: early_data(42) extension exists." \
-S "early data bytes read"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-disabled" \
@@ -337,11 +364,14 @@
-S "EncryptedExtensions: early_data(42) extension exists." \
-S "early data bytes read"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, early data cli-default/srv-enabled" \
@@ -366,11 +396,14 @@
-S "EncryptedExtensions: early_data(42) extension exists." \
-S "early data bytes read"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, early data cli-disabled/srv-enabled" \
@@ -395,11 +428,13 @@
-S "EncryptedExtensions: early_data(42) extension exists." \
-S "early data bytes read"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, ticket lifetime too long (7d + 1s)" \
@@ -414,11 +449,13 @@
-S "Select PSK ciphersuite" \
-s "Ticket lifetime (604801) is greater than 7 days."
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, ticket lifetime=0" \
@@ -433,11 +470,13 @@
-S "key exchange mode: psk" \
-S "Select PSK ciphersuite"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, servername check failed" \
@@ -453,11 +492,13 @@
-S "key exchange mode: psk" \
-S "Select PSK ciphersuite"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, ticket auth failed." \
@@ -476,11 +517,13 @@
-S "Ticket age exceeds limitation" \
-S "Ticket age outside tolerance window"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, ticket expired." \
@@ -499,11 +542,13 @@
-S "Ticket age exceeds limitation" \
-S "Ticket age outside tolerance window"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, invalid creation time." \
@@ -522,11 +567,13 @@
-S "Ticket age exceeds limitation" \
-S "Ticket age outside tolerance window"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, ticket expired, too old" \
@@ -545,11 +592,13 @@
-s "Ticket age exceeds limitation" \
-S "Ticket age outside tolerance window"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too young" \
@@ -568,11 +617,13 @@
-S "Ticket age exceeds limitation" \
-s "Ticket age outside tolerance window"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too old" \
@@ -591,12 +642,14 @@
-S "Ticket age exceeds limitation" \
-s "Ticket age outside tolerance window"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/none" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
"$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \
@@ -609,12 +662,14 @@
-s "No suitable PSK key exchange mode" \
-s "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
"$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \
@@ -627,12 +682,14 @@
-S "No suitable PSK key exchange mode" \
-S "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/psk_ephemeral" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
"$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \
@@ -645,12 +702,14 @@
-s "No suitable PSK key exchange mode" \
-s "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk_all" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
"$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \
@@ -663,12 +722,14 @@
-S "No suitable PSK key exchange mode" \
-S "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/none" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
"$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \
@@ -681,12 +742,14 @@
-s "No suitable PSK key exchange mode" \
-s "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/psk" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
"$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \
@@ -699,12 +762,14 @@
-s "No suitable PSK key exchange mode" \
-s "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_ephemeral" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
"$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \
@@ -717,12 +782,14 @@
-S "No suitable PSK key exchange mode" \
-S "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_all" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
"$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \
@@ -735,13 +802,15 @@
-S "No suitable PSK key exchange mode" \
-S "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_all/none" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
"$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \
@@ -754,13 +823,15 @@
-s "No suitable PSK key exchange mode" \
-s "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk_all/psk" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
"$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \
@@ -773,13 +844,15 @@
-S "No suitable PSK key exchange mode" \
-S "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_ephemeral" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
"$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \
@@ -792,13 +865,15 @@
-S "No suitable PSK key exchange mode" \
-S "No usable PSK or ticket"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_all" \
"$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
"$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \
@@ -812,10 +887,10 @@
-S "No usable PSK or ticket"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->O: resumption" \
@@ -828,9 +903,8 @@
-c "HTTP/1.0 200 ok"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS
run_test "TLS 1.3 m->O: resumption fails, no ticket support" \
"$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
@@ -842,10 +916,9 @@
-c "Ignoring NewSessionTicket, not supported."
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
- MBEDTLS_SSL_SESSION_TICKETS \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->O: resumption fails, ticket handling disabled (explicit)" \
"$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
"$P_CLI debug_level=3 new_session_tickets=0 reco_mode=1 reconnect=1" \
@@ -856,10 +929,9 @@
-c "Ignoring NewSessionTicket, handling disabled."
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
- MBEDTLS_SSL_SESSION_TICKETS \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->O: resumption fails, ticket handling disabled (default)" \
"$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
"$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
@@ -876,12 +948,13 @@
# ephemeral then ticket based scenario we use for early data testing the first
# handshake fails. The following skipped test is here to illustrate the kind
# of testing we would like to do.
+# https://github.com/Mbed-TLS/mbedtls/issues/9582
skip_next_test
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_EARLY_DATA \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->O: resumption with early data" \
@@ -900,10 +973,10 @@
-s "decrypted early data with length:"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: resumption" \
@@ -916,9 +989,8 @@
-c "HTTP/1.0 200 OK"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS
run_test "TLS 1.3 m->G: resumption fails, no ticket support" \
"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
@@ -930,10 +1002,9 @@
-c "Ignoring NewSessionTicket, not supported."
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
- MBEDTLS_SSL_SESSION_TICKETS \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->G: resumption fails, ticket handling disabled (explicit)" \
"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
"$P_CLI debug_level=3 new_session_tickets=0 reco_mode=1 reconnect=1" \
@@ -944,10 +1015,9 @@
-c "Ignoring NewSessionTicket, handling disabled."
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
- MBEDTLS_SSL_SESSION_TICKETS \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->G: resumption fails, ticket handling disabled (default)" \
"$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
"$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
@@ -958,10 +1028,10 @@
-c "Ignoring NewSessionTicket, handling disabled."
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
- MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
@@ -976,10 +1046,10 @@
-c "HTTP/1.0 200 OK"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_EARLY_DATA \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: resumption with early data" \
@@ -999,10 +1069,10 @@
-s "decrypted early data with length:"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_EARLY_DATA \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
@@ -1024,10 +1094,10 @@
-s "decrypted early data with length:"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_EARLY_DATA \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: resumption, early data cli-enabled/srv-disabled" \
@@ -1042,10 +1112,10 @@
-C "NewSessionTicket: early_data(42) extension received." \
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_EARLY_DATA \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: resumption, early data cli-default/srv-enabled" \
@@ -1062,10 +1132,10 @@
-C "ClientHello: early_data(42) extension exists." \
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_EARLY_DATA \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: resumption, early data cli-disabled/srv-enabled" \
@@ -1082,9 +1152,9 @@
-C "ClientHello: early_data(42) extension exists." \
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
# https://github.com/openssl/openssl/issues/10714
@@ -1099,10 +1169,11 @@
-s "Select PSK ciphersuite"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m: resumption" \
@@ -1114,10 +1185,11 @@
-s "Select PSK ciphersuite"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
@@ -1136,10 +1208,12 @@
EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 ))
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m: resumption with early data" \
@@ -1160,10 +1234,12 @@
-s "106 early data bytes read"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
@@ -1191,10 +1267,12 @@
# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3
# specification and thus its behavior may change in following versions.
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-default" \
@@ -1220,10 +1298,12 @@
# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3
# specification and thus its behavior may change in following versions.
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-disabled" \
@@ -1243,10 +1323,12 @@
-s "EarlyData: Too much early data received"
requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m: resumption, early data cli-disabled/srv-enabled" \
@@ -1261,11 +1343,14 @@
-S "ClientHello: early_data(42) extension exists." \
-S "EncryptedExtensions: early_data(42) extension exists."
-requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
- MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_EARLY_DATA
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_HAVE_TIME
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \
"$P_SRV force_version=tls13 debug_level=4 early_data=1 max_early_data_size=1024" \
"$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reco_mode=1 reconnect=1" \
diff --git a/tests/scripts/all-core.sh b/tests/scripts/all-core.sh
new file mode 100644
index 0000000..ccd7e59
--- /dev/null
+++ b/tests/scripts/all-core.sh
@@ -0,0 +1,1023 @@
+# all-core.sh
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+################################################################
+#### Documentation
+################################################################
+
+# Purpose
+# -------
+#
+# To run all tests possible or available on the platform.
+#
+# Files structure
+# ---------------
+#
+# The executable entry point for users and the CI is tests/scripts/all.sh.
+#
+# The actual content is in the following files:
+# - all-core.sh contains the core logic for running test components,
+# processing command line options, reporting results, etc.
+# - all-helpers.sh contains helper functions used by more than 1 component.
+# - components-*.sh contain the definitions of the various components.
+#
+# The first two parts are shared between repos and branches;
+# the component files are repo&branch-specific.
+#
+# The files all-*.sh and components-*.sh should only define functions and not
+# run code when sourced; the only exception being that all-core.sh runs
+# 'shopt' because that is necessary for the rest of the file to parse.
+#
+# Notes for users
+# ---------------
+#
+# Warning: the test is destructive. It includes various build modes and
+# configurations, and can and will arbitrarily change the current CMake
+# configuration. The following files must be committed into git:
+# * include/mbedtls/mbedtls_config.h
+# * Makefile, library/Makefile, programs/Makefile, tests/Makefile,
+# programs/fuzz/Makefile
+# After running this script, the CMake cache will be lost and CMake
+# will no longer be initialised.
+#
+# The script assumes the presence of a number of tools:
+# * Basic Unix tools (Windows users note: a Unix-style find must be before
+# the Windows find in the PATH)
+# * Perl
+# * GNU Make
+# * CMake
+# * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind)
+# * G++
+# * arm-gcc and mingw-gcc
+# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
+# * OpenSSL and GnuTLS command line tools, in suitable versions for the
+# interoperability tests. The following are the official versions at the
+# time of writing:
+# * GNUTLS_{CLI,SERV} = 3.4.10
+# * GNUTLS_NEXT_{CLI,SERV} = 3.7.2
+# * OPENSSL = 1.0.2g (without Debian/Ubuntu patches)
+# * OPENSSL_NEXT = 3.1.2
+# See the invocation of check_tools below for details.
+#
+# This script must be invoked from the toplevel directory of a git
+# working copy of Mbed TLS.
+#
+# The behavior on an error depends on whether --keep-going (alias -k)
+# is in effect.
+# * Without --keep-going: the script stops on the first error without
+# cleaning up. This lets you work in the configuration of the failing
+# component.
+# * With --keep-going: the script runs all requested components and
+# reports failures at the end. In particular the script always cleans
+# up on exit.
+#
+# Note that the output is not saved. You may want to run
+# script -c tests/scripts/all.sh
+# or
+# tests/scripts/all.sh >all.log 2>&1
+#
+# Notes for maintainers
+# ---------------------
+#
+# The bulk of the code is organized into functions that follow one of the
+# following naming conventions:
+# * in all-core.sh:
+# * pre_XXX: things to do before running the tests, in order.
+# * post_XXX: things to do after running the tests.
+# * in components-*.sh:
+# * component_XXX: independent components. They can be run in any order.
+# * component_check_XXX: quick tests that aren't worth parallelizing.
+# * component_build_XXX: build things but don't run them.
+# * component_test_XXX: build and test.
+# * component_release_XXX: tests that the CI should skip during PR testing.
+# * support_XXX: if support_XXX exists and returns false then
+# component_XXX is not run by default.
+# * in various files:
+# * other: miscellaneous support functions.
+#
+# Each component must start by invoking `msg` with a short informative message.
+#
+# Warning: due to the way bash detects errors, the failure of a command
+# inside 'if' or '!' is not detected. Use the 'not' function instead of '!'.
+#
+# Each component is executed in a separate shell process. The component
+# fails if any command in it returns a non-zero status.
+#
+# The framework performs some cleanup tasks after each component. This
+# means that components can assume that the working directory is in a
+# cleaned-up state, and don't need to perform the cleanup themselves.
+# * Run `make clean`.
+# * Restore `include/mbedtls/mbedtls_config.h` from a backup made before running
+# the component.
+# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`,
+# `tests/Makefile` and `programs/fuzz/Makefile` from git.
+# This cleans up after an in-tree use of CMake.
+
+
+################################################################
+#### Initialization and command line parsing
+################################################################
+
+# Enable ksh/bash extended file matching patterns.
+# Must come before function definitions or some of them wouldn't parse.
+shopt -s extglob
+
+pre_set_shell_options () {
+ # Abort on errors (even on the left-hand side of a pipe).
+ # Treat uninitialised variables as errors.
+ set -e -o pipefail -u
+}
+
+# For project detection
+in_mbedtls_repo () {
+ test "$PROJECT_NAME" = "Mbed TLS"
+}
+
+in_tf_psa_crypto_repo () {
+ test "$PROJECT_NAME" = "TF-PSA-Crypto"
+}
+
+pre_check_environment () {
+ # For project detection
+ PROJECT_NAME_FILE='./scripts/project_name.txt'
+ if read -r PROJECT_NAME < "$PROJECT_NAME_FILE"; then :; else
+ echo "$PROJECT_NAME_FILE does not exist... Exiting..." >&2
+ exit 1
+ fi
+
+ if in_mbedtls_repo || in_tf_psa_crypto_repo; then :; else
+ echo "Must be run from Mbed TLS / TF-PSA-Crypto root" >&2
+ exit 1
+ fi
+}
+
+# Must be called before pre_initialize_variables which sets ALL_COMPONENTS.
+pre_load_components () {
+ # Include the components from components.sh
+ test_script_dir="${0%/*}"
+ for file in "$test_script_dir"/components-*.sh; do
+ source $file
+ done
+}
+
+pre_initialize_variables () {
+ if in_mbedtls_repo; then
+ CONFIG_H='include/mbedtls/mbedtls_config.h'
+ if [ -d tf-psa-crypto ]; then
+ CRYPTO_CONFIG_H='tf-psa-crypto/include/psa/crypto_config.h'
+ PSA_CORE_PATH='tf-psa-crypto/core'
+ BUILTIN_SRC_PATH='tf-psa-crypto/drivers/builtin/src'
+ else
+ CRYPTO_CONFIG_H='include/psa/crypto_config.h'
+ # helper_armc6_build_test() relies on these being defined,
+ # but empty if the paths don't exist (as in 3.6).
+ PSA_CORE_PATH=''
+ BUILTIN_SRC_PATH=''
+ fi
+ else
+ CONFIG_H='drivers/builtin/include/mbedtls/mbedtls_config.h'
+ CRYPTO_CONFIG_H='include/psa/crypto_config.h'
+ PSA_CORE_PATH='core'
+ BUILTIN_SRC_PATH='drivers/builtin/src'
+ fi
+ CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h'
+
+ # Files that are clobbered by some jobs will be backed up. Use a different
+ # suffix from auxiliary scripts so that all.sh and auxiliary scripts can
+ # independently decide when to remove the backup file.
+ backup_suffix='.all.bak'
+ # Files clobbered by config.py
+ files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H"
+ if in_mbedtls_repo; then
+ # Files clobbered by in-tree cmake
+ files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile"
+ fi
+
+ append_outcome=0
+ MEMORY=0
+ FORCE=0
+ QUIET=0
+ KEEP_GOING=0
+
+ # Seed value used with the --release-test option.
+ #
+ # See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if
+ # both values are kept in sync. If you change the value here because it
+ # breaks some tests, you'll definitely want to change it in
+ # basic-build-test.sh as well.
+ RELEASE_SEED=1
+
+ # Specify character collation for regular expressions and sorting with C locale
+ export LC_COLLATE=C
+
+ : ${MBEDTLS_TEST_OUTCOME_FILE=}
+ : ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
+ export MBEDTLS_TEST_OUTCOME_FILE
+ export MBEDTLS_TEST_PLATFORM
+
+ # Default commands, can be overridden by the environment
+ : ${OPENSSL:="openssl"}
+ : ${OPENSSL_NEXT:="$OPENSSL"}
+ : ${GNUTLS_CLI:="gnutls-cli"}
+ : ${GNUTLS_SERV:="gnutls-serv"}
+ : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
+ : ${ARMC5_BIN_DIR:=/usr/bin}
+ : ${ARMC6_BIN_DIR:=/usr/bin}
+ : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
+ : ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-}
+ : ${CLANG_LATEST:="clang-latest"}
+ : ${CLANG_EARLIEST:="clang-earliest"}
+ : ${GCC_LATEST:="gcc-latest"}
+ : ${GCC_EARLIEST:="gcc-earliest"}
+ # if MAKEFLAGS is not set add the -j option to speed up invocations of make
+ if [ -z "${MAKEFLAGS+set}" ]; then
+ export MAKEFLAGS="-j$(all_sh_nproc)"
+ fi
+ # if CC is not set, use clang by default (if present) to improve build times
+ if [ -z "${CC+set}" ] && (type clang > /dev/null 2>&1); then
+ export CC="clang"
+ fi
+
+ if [ -n "${OPENSSL_3+set}" ]; then
+ export OPENSSL_NEXT="$OPENSSL_3"
+ fi
+
+ # Include more verbose output for failing tests run by CMake or make
+ export CTEST_OUTPUT_ON_FAILURE=1
+
+ # CFLAGS and LDFLAGS for Asan builds that don't use CMake
+ # default to -O2, use -Ox _after_ this if you want another level
+ ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
+ # Normally, tests should use this compiler for ASAN testing
+ ASAN_CC=clang
+
+ # Platform tests have an allocation that returns null
+ export ASAN_OPTIONS="allocator_may_return_null=1"
+ export MSAN_OPTIONS="allocator_may_return_null=1"
+
+ # Gather the list of available components. These are the functions
+ # defined in this script whose name starts with "component_".
+ ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//')
+
+ PSASIM_PATH='tests/psa-client-server/psasim/'
+
+ # Delay determining SUPPORTED_COMPONENTS until the command line options have a chance to override
+ # the commands set by the environment
+}
+
+setup_quiet_wrappers()
+{
+ # Pick up "quiet" wrappers for make and cmake, which don't output very much
+ # unless there is an error. This reduces logging overhead in the CI.
+ #
+ # Note that the cmake wrapper breaks unless we use an absolute path here.
+ if [[ -e ${PWD}/tests/scripts/quiet ]]; then
+ export PATH=${PWD}/tests/scripts/quiet:$PATH
+ fi
+}
+
+# Test whether the component $1 is included in the command line patterns.
+is_component_included()
+{
+ # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS
+ # only does word splitting.
+ set -f
+ for pattern in $COMMAND_LINE_COMPONENTS; do
+ set +f
+ case ${1#component_} in $pattern) return 0;; esac
+ done
+ set +f
+ return 1
+}
+
+usage()
+{
+ cat <<EOF
+Usage: $0 [OPTION]... [COMPONENT]...
+Run mbedtls release validation tests.
+By default, run all tests. With one or more COMPONENT, run only those.
+COMPONENT can be the name of a component or a shell wildcard pattern.
+
+Examples:
+ $0 "check_*"
+ Run all sanity checks.
+ $0 --no-armcc --except test_memsan
+ Run everything except builds that require armcc and MemSan.
+
+Special options:
+ -h|--help Print this help and exit.
+ --list-all-components List all available test components and exit.
+ --list-components List components supported on this platform and exit.
+
+General options:
+ -q|--quiet Only output component names, and errors if any.
+ -f|--force Force the tests to overwrite any modified files.
+ -k|--keep-going Run all tests and report errors at the end.
+ -m|--memory Additional optional memory tests.
+ --append-outcome Append to the outcome file (if used).
+ --arm-none-eabi-gcc-prefix=<string>
+ Prefix for a cross-compiler for arm-none-eabi
+ (default: "${ARM_NONE_EABI_GCC_PREFIX}")
+ --arm-linux-gnueabi-gcc-prefix=<string>
+ Prefix for a cross-compiler for arm-linux-gnueabi
+ (default: "${ARM_LINUX_GNUEABI_GCC_PREFIX}")
+ --armcc Run ARM Compiler builds (on by default).
+ --restore First clean up the build tree, restoring backed up
+ files. Do not run any components unless they are
+ explicitly specified.
+ --error-test Error test mode: run a failing function in addition
+ to any specified component. May be repeated.
+ --except Exclude the COMPONENTs listed on the command line,
+ instead of running only those.
+ --no-append-outcome Write a new outcome file and analyze it (default).
+ --no-armcc Skip ARM Compiler builds.
+ --no-force Refuse to overwrite modified files (default).
+ --no-keep-going Stop at the first error (default).
+ --no-memory No additional memory tests (default).
+ --no-quiet Print full output from components.
+ --out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
+ --outcome-file=<path> File where test outcomes are written (not done if
+ empty; default: \$MBEDTLS_TEST_OUTCOME_FILE).
+ --random-seed Use a random seed value for randomized tests (default).
+ -r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED}.
+ -s|--seed Integer seed value to use for this test run.
+
+Tool path options:
+ --armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory.
+ --armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory.
+ --clang-earliest=<Clang_earliest_path> Earliest version of clang available
+ --clang-latest=<Clang_latest_path> Latest version of clang available
+ --gcc-earliest=<GCC_earliest_path> Earliest version of GCC available
+ --gcc-latest=<GCC_latest_path> Latest version of GCC available
+ --gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests.
+ --gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests.
+ --openssl=<OpenSSL_path> OpenSSL executable to use for most tests.
+ --openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA
+EOF
+}
+
+# Cleanup before/after running a component.
+# Remove built files as well as the cmake cache/config.
+# Does not remove generated source files.
+cleanup()
+{
+ if in_mbedtls_repo; then
+ command make clean
+ fi
+
+ # Remove CMake artefacts
+ find . -name .git -prune -o \
+ -iname CMakeFiles -exec rm -rf {} \+ -o \
+ \( -iname cmake_install.cmake -o \
+ -iname CTestTestfile.cmake -o \
+ -iname CMakeCache.txt -o \
+ -path './cmake/*.cmake' \) -exec rm -f {} \+
+ # Remove Makefiles generated by in-tree CMake builds
+ # (Not all files will exist in all branches, but that's OK.)
+ rm -f 3rdparty/Makefile 3rdparty/*/Makefile
+ rm -f pkgconfig/Makefile framework/Makefile
+ rm -f include/Makefile programs/!(fuzz)/Makefile
+ rm -f tf-psa-crypto/Makefile tf-psa-crypto/include/Makefile
+ rm -f tf-psa-crypto/core/Makefile tf-psa-crypto/drivers/Makefile
+ rm -f tf-psa-crypto/tests/Makefile
+ rm -f tf-psa-crypto/drivers/everest/Makefile
+ rm -f tf-psa-crypto/drivers/p256-m/Makefile
+ rm -f tf-psa-crypto/drivers/builtin/Makefile
+ rm -f tf-psa-crypto/drivers/builtin/src/Makefile
+
+ # Remove any artifacts from the component_test_cmake_as_subdirectory test.
+ rm -rf programs/test/cmake_subproject/build
+ rm -f programs/test/cmake_subproject/Makefile
+ rm -f programs/test/cmake_subproject/cmake_subproject
+
+ # Remove any artifacts from the component_test_cmake_as_package test.
+ rm -rf programs/test/cmake_package/build
+ rm -f programs/test/cmake_package/Makefile
+ rm -f programs/test/cmake_package/cmake_package
+
+ # Remove any artifacts from the component_test_cmake_as_installed_package test.
+ rm -rf programs/test/cmake_package_install/build
+ rm -f programs/test/cmake_package_install/Makefile
+ rm -f programs/test/cmake_package_install/cmake_package_install
+
+ # Restore files that may have been clobbered by the job
+ restore_backed_up_files
+}
+
+# Restore files that may have been clobbered
+restore_backed_up_files () {
+ for x in $files_to_back_up; do
+ if [[ -e "$x$backup_suffix" ]]; then
+ cp -p "$x$backup_suffix" "$x"
+ fi
+ done
+}
+
+# Final cleanup when this script exits (except when exiting on a failure
+# in non-keep-going mode).
+final_cleanup () {
+ cleanup
+
+ for x in $files_to_back_up; do
+ rm -f "$x$backup_suffix"
+ done
+}
+
+# Executed on exit. May be redefined depending on command line options.
+final_report () {
+ :
+}
+
+fatal_signal () {
+ final_cleanup
+ final_report $1
+ trap - $1
+ kill -$1 $$
+}
+
+pre_set_signal_handlers () {
+ trap 'fatal_signal HUP' HUP
+ trap 'fatal_signal INT' INT
+ trap 'fatal_signal TERM' TERM
+}
+
+# Number of processors on this machine. Used as the default setting
+# for parallel make.
+all_sh_nproc ()
+{
+ {
+ nproc || # Linux
+ sysctl -n hw.ncpuonline || # NetBSD, OpenBSD
+ sysctl -n hw.ncpu || # FreeBSD
+ echo 1
+ } 2>/dev/null
+}
+
+msg()
+{
+ if [ -n "${current_component:-}" ]; then
+ current_section="${current_component#component_}: $1"
+ else
+ current_section="$1"
+ fi
+
+ if [ $QUIET -eq 1 ]; then
+ return
+ fi
+
+ echo ""
+ echo "******************************************************************"
+ echo "* $current_section "
+ printf "* "; date
+ echo "******************************************************************"
+}
+
+err_msg()
+{
+ echo "$1" >&2
+}
+
+check_tools()
+{
+ for tool in "$@"; do
+ if ! `type "$tool" >/dev/null 2>&1`; then
+ err_msg "$tool not found!"
+ exit 1
+ fi
+ done
+}
+
+pre_parse_command_line () {
+ COMMAND_LINE_COMPONENTS=
+ all_except=0
+ error_test=0
+ list_components=0
+ restore_first=0
+ no_armcc=
+
+ # Note that legacy options are ignored instead of being omitted from this
+ # list of options, so invocations that worked with previous version of
+ # all.sh will still run and work properly.
+ while [ $# -gt 0 ]; do
+ case "$1" in
+ --append-outcome) append_outcome=1;;
+ --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";;
+ --arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";;
+ --armcc) no_armcc=;;
+ --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
+ --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
+ --clang-earliest) shift; CLANG_EARLIEST="$1";;
+ --clang-latest) shift; CLANG_LATEST="$1";;
+ --error-test) error_test=$((error_test + 1));;
+ --except) all_except=1;;
+ --force|-f) FORCE=1;;
+ --gcc-earliest) shift; GCC_EARLIEST="$1";;
+ --gcc-latest) shift; GCC_LATEST="$1";;
+ --gnutls-cli) shift; GNUTLS_CLI="$1";;
+ --gnutls-legacy-cli) shift;; # ignored for backward compatibility
+ --gnutls-legacy-serv) shift;; # ignored for backward compatibility
+ --gnutls-serv) shift; GNUTLS_SERV="$1";;
+ --help|-h) usage; exit;;
+ --keep-going|-k) KEEP_GOING=1;;
+ --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;;
+ --list-components) list_components=1;;
+ --memory|-m) MEMORY=1;;
+ --no-append-outcome) append_outcome=0;;
+ --no-armcc) no_armcc=1;;
+ --no-force) FORCE=0;;
+ --no-keep-going) KEEP_GOING=0;;
+ --no-memory) MEMORY=0;;
+ --no-quiet) QUIET=0;;
+ --openssl) shift; OPENSSL="$1";;
+ --openssl-next) shift; OPENSSL_NEXT="$1";;
+ --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";;
+ --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
+ --quiet|-q) QUIET=1;;
+ --random-seed) unset SEED;;
+ --release-test|-r) SEED=$RELEASE_SEED;;
+ --restore) restore_first=1;;
+ --seed|-s) shift; SEED="$1";;
+ -*)
+ echo >&2 "Unknown option: $1"
+ echo >&2 "Run $0 --help for usage."
+ exit 120
+ ;;
+ *) COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS $1";;
+ esac
+ shift
+ done
+
+ # Exclude components that are not supported on this platform.
+ SUPPORTED_COMPONENTS=
+ for component in $ALL_COMPONENTS; do
+ case $(type "support_$component" 2>&1) in
+ *' function'*)
+ if ! support_$component; then continue; fi;;
+ esac
+ SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component"
+ done
+
+ if [ $list_components -eq 1 ]; then
+ printf '%s\n' $SUPPORTED_COMPONENTS
+ exit
+ fi
+
+ # With no list of components, run everything.
+ if [ -z "$COMMAND_LINE_COMPONENTS" ] && [ $restore_first -eq 0 ]; then
+ all_except=1
+ fi
+
+ # --no-armcc is a legacy option. The modern way is --except '*_armcc*'.
+ # Ignore it if components are listed explicitly on the command line.
+ if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then
+ COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*"
+ fi
+
+ # Error out if an explicitly requested component doesn't exist.
+ if [ $all_except -eq 0 ]; then
+ unsupported=0
+ # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS
+ # only does word splitting.
+ set -f
+ for component in $COMMAND_LINE_COMPONENTS; do
+ set +f
+ # If the requested name includes a wildcard character, don't
+ # check it. Accept wildcard patterns that don't match anything.
+ case $component in
+ *[*?\[]*) continue;;
+ esac
+ case " $SUPPORTED_COMPONENTS " in
+ *" $component "*) :;;
+ *)
+ echo >&2 "Component $component was explicitly requested, but is not known or not supported."
+ unsupported=$((unsupported + 1));;
+ esac
+ done
+ set +f
+ if [ $unsupported -ne 0 ]; then
+ exit 2
+ fi
+ fi
+
+ # Build the list of components to run.
+ RUN_COMPONENTS=
+ for component in $SUPPORTED_COMPONENTS; do
+ if is_component_included "$component"; [ $? -eq $all_except ]; then
+ RUN_COMPONENTS="$RUN_COMPONENTS $component"
+ fi
+ done
+
+ unset all_except
+ unset no_armcc
+}
+
+pre_check_git () {
+ if [ $FORCE -eq 1 ]; then
+ rm -rf "$OUT_OF_SOURCE_DIR"
+ git checkout-index -f -q $CONFIG_H
+ cleanup
+ else
+
+ if [ -d "$OUT_OF_SOURCE_DIR" ]; then
+ echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2
+ echo "You can either delete this directory manually, or force the test by rerunning"
+ echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR"
+ exit 1
+ fi
+
+ if ! git diff --quiet "$CONFIG_H"; then
+ err_msg "Warning - the configuration file '$CONFIG_H' has been edited. "
+ echo "You can either delete or preserve your work, or force the test by rerunning the"
+ echo "script as: $0 --force"
+ exit 1
+ fi
+ fi
+}
+
+pre_restore_files () {
+ # If the makefiles have been generated by a framework such as cmake,
+ # restore them from git. If the makefiles look like modifications from
+ # the ones checked into git, take care not to modify them. Whatever
+ # this function leaves behind is what the script will restore before
+ # each component.
+ case "$(head -n1 Makefile)" in
+ *[Gg]enerated*)
+ git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
+ git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
+ ;;
+ esac
+}
+
+pre_back_up () {
+ for x in $files_to_back_up; do
+ cp -p "$x" "$x$backup_suffix"
+ done
+}
+
+pre_setup_keep_going () {
+ failure_count=0 # Number of failed components
+ last_failure_status=0 # Last failure status in this component
+
+ # See err_trap
+ previous_failure_status=0
+ previous_failed_command=
+ previous_failure_funcall_depth=0
+ unset report_failed_command
+
+ start_red=
+ end_color=
+ if [ -t 1 ]; then
+ case "${TERM:-}" in
+ *color*|cygwin|linux|rxvt*|screen|[Eex]term*)
+ start_red=$(printf '\033[31m')
+ end_color=$(printf '\033[0m')
+ ;;
+ esac
+ fi
+
+ # Keep a summary of failures in a file. We'll print it out at the end.
+ failure_summary_file=$PWD/all-sh-failures-$$.log
+ : >"$failure_summary_file"
+
+ # Whether it makes sense to keep a component going after the specified
+ # command fails (test command) or not (configure or build).
+ # This function normally receives the failing simple command
+ # ($BASH_COMMAND) as an argument, but if $report_failed_command is set,
+ # this is passed instead.
+ # This doesn't have to be 100% accurate: all failures are recorded anyway.
+ # False positives result in running things that can't be expected to
+ # work. False negatives result in things not running after something else
+ # failed even though they might have given useful feedback.
+ can_keep_going_after_failure () {
+ case "$1" in
+ "msg "*) false;;
+ "cd "*) false;;
+ "diff "*) true;;
+ *make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ...
+ *test*) true;; # make test, tests/stuff, env V=v tests/stuff, ...
+ *make*check*) true;;
+ "grep "*) true;;
+ "[ "*) true;;
+ "! "*) true;;
+ *) false;;
+ esac
+ }
+
+ # This function runs if there is any error in a component.
+ # It must either exit with a nonzero status, or set
+ # last_failure_status to a nonzero value.
+ err_trap () {
+ # Save $? (status of the failing command). This must be the very
+ # first thing, before $? is overridden.
+ last_failure_status=$?
+ failed_command=${report_failed_command-$BASH_COMMAND}
+
+ if [[ $last_failure_status -eq $previous_failure_status &&
+ "$failed_command" == "$previous_failed_command" &&
+ ${#FUNCNAME[@]} == $((previous_failure_funcall_depth - 1)) ]]
+ then
+ # The same command failed twice in a row, but this time one level
+ # less deep in the function call stack. This happens when the last
+ # command of a function returns a nonzero status, and the function
+ # returns that same status. Ignore the second failure.
+ previous_failure_funcall_depth=${#FUNCNAME[@]}
+ return
+ fi
+ previous_failure_status=$last_failure_status
+ previous_failed_command=$failed_command
+ previous_failure_funcall_depth=${#FUNCNAME[@]}
+
+ text="$current_section: $failed_command -> $last_failure_status"
+ echo "${start_red}^^^^$text^^^^${end_color}" >&2
+ echo "$text" >>"$failure_summary_file"
+
+ # If the command is fatal (configure or build command), stop this
+ # component. Otherwise (test command) keep the component running
+ # (run more tests from the same build).
+ if ! can_keep_going_after_failure "$failed_command"; then
+ exit $last_failure_status
+ fi
+ }
+
+ final_report () {
+ if [ $failure_count -gt 0 ]; then
+ echo
+ echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+ echo "${start_red}FAILED: $failure_count components${end_color}"
+ cat "$failure_summary_file"
+ echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+ elif [ -z "${1-}" ]; then
+ echo "SUCCESS :)"
+ fi
+ if [ -n "${1-}" ]; then
+ echo "Killed by SIG$1."
+ fi
+ rm -f "$failure_summary_file"
+ if [ $failure_count -gt 0 ]; then
+ exit 1
+ fi
+ }
+}
+
+# '! true' does not trigger the ERR trap. Arrange to trigger it, with
+# a reasonably informative error message (not just "$@").
+not () {
+ if "$@"; then
+ report_failed_command="! $*"
+ false
+ unset report_failed_command
+ fi
+}
+
+pre_prepare_outcome_file () {
+ case "$MBEDTLS_TEST_OUTCOME_FILE" in
+ [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";;
+ esac
+ if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ] && [ "$append_outcome" -eq 0 ]; then
+ rm -f "$MBEDTLS_TEST_OUTCOME_FILE"
+ fi
+}
+
+pre_print_configuration () {
+ if [ $QUIET -eq 1 ]; then
+ return
+ fi
+
+ msg "info: $0 configuration"
+ echo "MEMORY: $MEMORY"
+ echo "FORCE: $FORCE"
+ echo "MBEDTLS_TEST_OUTCOME_FILE: ${MBEDTLS_TEST_OUTCOME_FILE:-(none)}"
+ echo "SEED: ${SEED-"UNSET"}"
+ echo
+ echo "OPENSSL: $OPENSSL"
+ echo "OPENSSL_NEXT: $OPENSSL_NEXT"
+ echo "GNUTLS_CLI: $GNUTLS_CLI"
+ echo "GNUTLS_SERV: $GNUTLS_SERV"
+ echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR"
+ echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
+}
+
+# Make sure the tools we need are available.
+pre_check_tools () {
+ # Build the list of variables to pass to output_env.sh.
+ set env
+
+ case " $RUN_COMPONENTS " in
+ # Require OpenSSL and GnuTLS if running any tests (as opposed to
+ # only doing builds). Not all tests run OpenSSL and GnuTLS, but this
+ # is a good enough approximation in practice.
+ *" test_"* | *" release_test_"*)
+ # To avoid setting OpenSSL and GnuTLS for each call to compat.sh
+ # and ssl-opt.sh, we just export the variables they require.
+ export OPENSSL="$OPENSSL"
+ export GNUTLS_CLI="$GNUTLS_CLI"
+ export GNUTLS_SERV="$GNUTLS_SERV"
+ # Avoid passing --seed flag in every call to ssl-opt.sh
+ if [ -n "${SEED-}" ]; then
+ export SEED
+ fi
+ set "$@" OPENSSL="$OPENSSL"
+ set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV"
+ check_tools "$OPENSSL" "$OPENSSL_NEXT" \
+ "$GNUTLS_CLI" "$GNUTLS_SERV"
+ ;;
+ esac
+
+ case " $RUN_COMPONENTS " in
+ *_doxygen[_\ ]*) check_tools "doxygen" "dot";;
+ esac
+
+ case " $RUN_COMPONENTS " in
+ *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";;
+ esac
+
+ case " $RUN_COMPONENTS " in
+ *_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";;
+ esac
+
+ case " $RUN_COMPONENTS " in
+ *" test_zeroize "*) check_tools "gdb";;
+ esac
+
+ case " $RUN_COMPONENTS " in
+ *_armcc*)
+ ARMC5_CC="$ARMC5_BIN_DIR/armcc"
+ ARMC5_AR="$ARMC5_BIN_DIR/armar"
+ ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf"
+ ARMC6_CC="$ARMC6_BIN_DIR/armclang"
+ ARMC6_AR="$ARMC6_BIN_DIR/armar"
+ ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf"
+ check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \
+ "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";;
+ esac
+
+ # past this point, no call to check_tool, only printing output
+ if [ $QUIET -eq 1 ]; then
+ return
+ fi
+
+ msg "info: output_env.sh"
+ case $RUN_COMPONENTS in
+ *_armcc*)
+ set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;;
+ *) set "$@" RUN_ARMCC=0;;
+ esac
+ "$@" scripts/output_env.sh
+}
+
+pre_generate_files() {
+ # since make doesn't have proper dependencies, remove any possibly outdate
+ # file that might be around before generating fresh ones
+ make neat
+ if [ $QUIET -eq 1 ]; then
+ make generated_files >/dev/null
+ else
+ make generated_files
+ fi
+}
+
+pre_load_helpers () {
+ # The path is going to change when this is moved to the framework
+ test_script_dir="${0%/*}"
+ source "$test_script_dir"/all-helpers.sh
+}
+
+################################################################
+#### Termination
+################################################################
+
+post_report () {
+ msg "Done, cleaning up"
+ final_cleanup
+
+ final_report
+}
+
+################################################################
+#### Run all the things
+################################################################
+
+# Function invoked by --error-test to test error reporting.
+pseudo_component_error_test () {
+ msg "Testing error reporting $error_test_i"
+ if [ $KEEP_GOING -ne 0 ]; then
+ echo "Expect three failing commands."
+ fi
+ # If the component doesn't run in a subshell, changing error_test_i to an
+ # invalid integer will cause an error in the loop that runs this function.
+ error_test_i=this_should_not_be_used_since_the_component_runs_in_a_subshell
+ # Expected error: 'grep non_existent /dev/null -> 1'
+ grep non_existent /dev/null
+ # Expected error: '! grep -q . tests/scripts/all.sh -> 1'
+ not grep -q . "$0"
+ # Expected error: 'make unknown_target -> 2'
+ make unknown_target
+ false "this should not be executed"
+}
+
+# Run one component and clean up afterwards.
+run_component () {
+ current_component="$1"
+ export MBEDTLS_TEST_CONFIGURATION="$current_component"
+
+ # Unconditionally create a seedfile that's sufficiently long.
+ # Do this before each component, because a previous component may
+ # have messed it up or shortened it.
+ local dd_cmd
+ dd_cmd=(dd if=/dev/urandom of=./tests/seedfile bs=64 count=1)
+ case $OSTYPE in
+ linux*|freebsd*|openbsd*) dd_cmd+=(status=none)
+ esac
+ "${dd_cmd[@]}"
+
+ if [ -d tf-psa-crypto ]; then
+ dd_cmd=(dd if=/dev/urandom of=./tf-psa-crypto/tests/seedfile bs=64 count=1)
+ case $OSTYPE in
+ linux*|freebsd*|openbsd*) dd_cmd+=(status=none)
+ esac
+ "${dd_cmd[@]}"
+ fi
+
+ # Run the component in a subshell, with error trapping and output
+ # redirection set up based on the relevant options.
+ if [ $KEEP_GOING -eq 1 ]; then
+ # We want to keep running if the subshell fails, so 'set -e' must
+ # be off when the subshell runs.
+ set +e
+ fi
+ (
+ if [ $QUIET -eq 1 ]; then
+ # msg() will be silenced, so just print the component name here.
+ echo "${current_component#component_}"
+ exec >/dev/null
+ fi
+ if [ $KEEP_GOING -eq 1 ]; then
+ # Keep "set -e" off, and run an ERR trap instead to record failures.
+ set -E
+ trap err_trap ERR
+ fi
+ # The next line is what runs the component
+ "$@"
+ if [ $KEEP_GOING -eq 1 ]; then
+ trap - ERR
+ exit $last_failure_status
+ fi
+ )
+ component_status=$?
+ if [ $KEEP_GOING -eq 1 ]; then
+ set -e
+ if [ $component_status -ne 0 ]; then
+ failure_count=$((failure_count + 1))
+ fi
+ fi
+
+ # Restore the build tree to a clean state.
+ cleanup
+ unset current_component
+}
+
+################################################################
+#### Main
+################################################################
+
+main () {
+ # Preliminary setup
+ pre_set_shell_options
+ pre_set_signal_handlers
+ pre_check_environment
+ pre_load_helpers
+ pre_load_components
+ pre_initialize_variables
+ pre_parse_command_line "$@"
+
+ setup_quiet_wrappers
+ pre_check_git
+ pre_restore_files
+ pre_back_up
+
+ build_status=0
+ if [ $KEEP_GOING -eq 1 ]; then
+ pre_setup_keep_going
+ fi
+ pre_prepare_outcome_file
+ pre_print_configuration
+ pre_check_tools
+ cleanup
+ if in_mbedtls_repo; then
+ pre_generate_files
+ fi
+
+ # Run the requested tests.
+ for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do
+ run_component pseudo_component_error_test
+ done
+ unset error_test_i
+ for component in $RUN_COMPONENTS; do
+ run_component "component_$component"
+ done
+
+ # We're done.
+ post_report
+}
diff --git a/tests/scripts/all-helpers.sh b/tests/scripts/all-helpers.sh
new file mode 100644
index 0000000..0e97f39
--- /dev/null
+++ b/tests/scripts/all-helpers.sh
@@ -0,0 +1,267 @@
+# all-helpers.sh
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+# This file contains helpers for test components that are executed by all.sh.
+# See "Files structure" in all-core.sh for other files used by all.sh.
+#
+# This file is the right place for helpers:
+# - that are used by more than one component living in more than one file;
+# - or (inclusive) that we want to share accross repos or branches.
+#
+# Helpers that are used in a single component file that is
+# repo&branch-specific can be defined in the file where they are used.
+
+################################################################
+#### Helpers for components using libtestdriver1
+################################################################
+
+# How to use libtestdriver1
+# -------------------------
+#
+# 1. Define the list algorithms and key types to accelerate,
+# designated the same way as PSA_WANT_ macros but without PSA_WANT_.
+# Examples:
+# - loc_accel_list="ALG_JPAKE"
+# - loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY"
+# 2. Make configurations changes for the driver and/or main libraries.
+# 2a. Call helper_libtestdriver1_adjust_config <base>, where the argument
+# can be either "default" to start with the default config, or a name
+# supported by scripts/config.py (for example, "full"). This selects
+# the base to use, and makes common adjustments.
+# 2b. If desired, adjust the PSA_WANT symbols in psa/crypto_config.h.
+# These changes affect both the driver and the main libraries.
+# (Note: they need to have the same set of PSA_WANT symbols, as that
+# determines the ABI between them.)
+# 2c. Adjust MBEDTLS_ symbols in mbedtls_config.h. This only affects the
+# main libraries. Typically, you want to disable the module(s) that are
+# being accelerated. You may need to also disable modules that depend
+# on them or options that are not supported with drivers.
+# 2d. On top of psa/crypto_config.h, the driver library uses its own config
+# file: tests/include/test/drivers/config_test_driver.h. You usually
+# don't need to edit it: using loc_extra_list (see below) is preferred.
+# However, when there's no PSA symbol for what you want to enable,
+# calling scripts/config.py on this file remains the only option.
+# 3. Build the driver library, then the main libraries, test, and programs.
+# 3a. Call helper_libtestdriver1_make_drivers "$loc_accel_list". You may
+# need to enable more algorithms here, typically hash algorithms when
+# accelerating some signature algorithms (ECDSA, RSAv2). This is done
+# by passing a 2nd argument listing the extra algorithms.
+# Example:
+# loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
+# helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
+# 3b. Call helper_libtestdriver1_make_main "$loc_accel_list". Any
+# additional arguments will be passed to make: this can be useful if
+# you don't want to build everything when iterating during development.
+# Example:
+# helper_libtestdriver1_make_main "$loc_accel_list" -C tests test_suite_foo
+# 4. Run the tests you want.
+
+# Adjust the configuration - for both libtestdriver1 and main library,
+# as they should have the same PSA_WANT macros.
+helper_libtestdriver1_adjust_config() {
+ base_config=$1
+ # Select the base configuration
+ if [ "$base_config" != "default" ]; then
+ scripts/config.py "$base_config"
+ fi
+
+ # Enable PSA-based config (necessary to use drivers)
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+
+ # Dynamic secure element support is a deprecated feature and needs to be disabled here.
+ # This is done to have the same form of psa_key_attributes_s for libdriver and library.
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
+
+ # If threading is enabled on the normal build, then we need to enable it in the drivers as well,
+ # otherwise we will end up running multithreaded tests without mutexes to protect them.
+ if scripts/config.py get MBEDTLS_THREADING_C; then
+ scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_C
+ fi
+
+ if scripts/config.py get MBEDTLS_THREADING_PTHREAD; then
+ scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_PTHREAD
+ fi
+}
+
+# Build the drivers library libtestdriver1.a (with ASan).
+#
+# Parameters:
+# 1. a space-separated list of things to accelerate;
+# 2. optional: a space-separate list of things to also support.
+# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
+helper_libtestdriver1_make_drivers() {
+ loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
+ make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
+}
+
+# Build the main libraries, programs and tests,
+# linking to the drivers library (with ASan).
+#
+# Parameters:
+# 1. a space-separated list of things to accelerate;
+# *. remaining arguments if any are passed directly to make
+# (examples: lib, -C tests test_suite_xxx, etc.)
+# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
+helper_libtestdriver1_make_main() {
+ loc_accel_list=$1
+ shift
+
+ # we need flags both with and without the LIBTESTDRIVER1_ prefix
+ loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
+ loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@"
+}
+
+################################################################
+#### Helpers for components using psasim
+################################################################
+
+# Set some default values $CONFIG_H in order to build server or client sides
+# in PSASIM. There is only 1 mandatory parameter:
+# - $1: target which can be "client" or "server"
+helper_psasim_config() {
+ TARGET=$1
+
+ if [ "$TARGET" == "client" ]; then
+ scripts/config.py full
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
+ # Dynamic secure element support is a deprecated feature and it is not
+ # available when CRYPTO_C and PSA_CRYPTO_STORAGE_C are disabled.
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
+ # Disable potentially problematic features
+ scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+ scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+ else
+ scripts/config.py crypto_full
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
+ # We need to match the client with MBEDTLS_PSA_CRYPTO_SE_C
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
+ # Also ensure MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER not set (to match client)
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+ fi
+}
+
+# This is a helper function to be used in psasim builds. It is meant to clean
+# up the library's workspace after the server build and before the client
+# build. Built libraries (mbedcrypto, mbedx509 and mbedtls) are supposed to be
+# already copied to psasim folder at this point.
+helper_psasim_cleanup_before_client() {
+ # Clean up library files
+ make -C library clean
+
+ # Restore files that were backup before building library files. This
+ # includes $CONFIG_H and $CRYPTO_CONFIG_H.
+ restore_backed_up_files
+}
+
+# Helper to build the libraries for client/server in PSASIM. If the server is
+# being built, then it builds also the final executable.
+# There is only 1 mandatory parameter:
+# - $1: target which can be "client" or "server"
+helper_psasim_build() {
+ TARGET=$1
+ shift
+ TARGET_LIB=${TARGET}_libs
+
+ make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB "$@"
+
+ # Build also the server application after its libraries have been built.
+ if [ "$TARGET" == "server" ]; then
+ make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_server
+ fi
+}
+
+################################################################
+#### Configuration helpers
+################################################################
+
+# When called with no parameter this function disables all builtin curves.
+# The function optionally accepts 1 parameter: a space-separated list of the
+# curves that should be kept enabled.
+helper_disable_builtin_curves() {
+ allowed_list="${1:-}"
+ scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
+
+ for curve in $allowed_list; do
+ scripts/config.py set $curve
+ done
+}
+
+# Helper returning the list of supported elliptic curves from CRYPTO_CONFIG_H,
+# without the "PSA_WANT_" prefix. This becomes handy for accelerating curves
+# in the following helpers.
+helper_get_psa_curve_list () {
+ loc_list=""
+ for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
+ loc_list="$loc_list $item"
+ done
+
+ echo "$loc_list"
+}
+
+# Helper returning the list of supported DH groups from CRYPTO_CONFIG_H,
+# without the "PSA_WANT_" prefix. This becomes handy for accelerating DH groups
+# in the following helpers.
+helper_get_psa_dh_group_list () {
+ loc_list=""
+ for item in $(sed -n 's/^#define PSA_WANT_\(DH_RFC7919_[0-9]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
+ loc_list="$loc_list $item"
+ done
+
+ echo "$loc_list"
+}
+
+# Get the list of uncommented PSA_WANT_KEY_TYPE_xxx_ from CRYPTO_CONFIG_H. This
+# is useful to easily get a list of key type symbols to accelerate.
+# The function accepts a single argument which is the key type: ECC, DH, RSA.
+helper_get_psa_key_type_list() {
+ key_type="$1"
+ loc_list=""
+ for item in $(sed -n "s/^#define PSA_WANT_\(KEY_TYPE_${key_type}_[0-9A-Z_a-z]*\).*/\1/p" <"$CRYPTO_CONFIG_H"); do
+ # Skip DERIVE for elliptic keys since there is no driver dispatch for
+ # it so it cannot be accelerated.
+ if [ "$item" != "KEY_TYPE_ECC_KEY_PAIR_DERIVE" ]; then
+ loc_list="$loc_list $item"
+ fi
+ done
+
+ echo "$loc_list"
+}
+
+################################################################
+#### Misc. helpers for components
+################################################################
+
+helper_armc6_build_test()
+{
+ FLAGS="$1"
+
+ msg "build: ARM Compiler 6 ($FLAGS)"
+ make clean
+ ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \
+ WARNING_CFLAGS='-Werror -xc -std=c99' make lib
+
+ msg "size: ARM Compiler 6 ($FLAGS)"
+ "$ARMC6_FROMELF" -z library/*.o
+ if [ -n "${PSA_CORE_PATH}" ]; then
+ "$ARMC6_FROMELF" -z ${PSA_CORE_PATH}/*.o
+ fi
+ if [ -n "${BUILTIN_SRC_PATH}" ]; then
+ "$ARMC6_FROMELF" -z ${BUILTIN_SRC_PATH}/*.o
+ fi
+}
+
+clang_version() {
+ if command -v clang > /dev/null ; then
+ clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#'
+ else
+ echo 0 # report version 0 for "no clang"
+ fi
+}
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 1a73020..6708de1 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -5,1130 +5,11 @@
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+# This file is executable; it is the entry point for users and the CI.
+# See "Files structure" in all-core.sh for other files used.
-
-################################################################
-#### Documentation
-################################################################
-
-# Purpose
-# -------
-#
-# To run all tests possible or available on the platform.
-#
-# Notes for users
-# ---------------
-#
-# Warning: the test is destructive. It includes various build modes and
-# configurations, and can and will arbitrarily change the current CMake
-# configuration. The following files must be committed into git:
-# * include/mbedtls/mbedtls_config.h
-# * Makefile, library/Makefile, programs/Makefile, tests/Makefile,
-# programs/fuzz/Makefile
-# After running this script, the CMake cache will be lost and CMake
-# will no longer be initialised.
-#
-# The script assumes the presence of a number of tools:
-# * Basic Unix tools (Windows users note: a Unix-style find must be before
-# the Windows find in the PATH)
-# * Perl
-# * GNU Make
-# * CMake
-# * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind)
-# * G++
-# * arm-gcc and mingw-gcc
-# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
-# * OpenSSL and GnuTLS command line tools, in suitable versions for the
-# interoperability tests. The following are the official versions at the
-# time of writing:
-# * GNUTLS_{CLI,SERV} = 3.4.10
-# * GNUTLS_NEXT_{CLI,SERV} = 3.7.2
-# * OPENSSL = 1.0.2g (without Debian/Ubuntu patches)
-# * OPENSSL_NEXT = 3.1.2
-# See the invocation of check_tools below for details.
-#
-# This script must be invoked from the toplevel directory of a git
-# working copy of Mbed TLS.
-#
-# The behavior on an error depends on whether --keep-going (alias -k)
-# is in effect.
-# * Without --keep-going: the script stops on the first error without
-# cleaning up. This lets you work in the configuration of the failing
-# component.
-# * With --keep-going: the script runs all requested components and
-# reports failures at the end. In particular the script always cleans
-# up on exit.
-#
-# Note that the output is not saved. You may want to run
-# script -c tests/scripts/all.sh
-# or
-# tests/scripts/all.sh >all.log 2>&1
-#
-# Notes for maintainers
-# ---------------------
-#
-# The bulk of the code is organized into functions that follow one of the
-# following naming conventions:
-# * pre_XXX: things to do before running the tests, in order.
-# * component_XXX: independent components. They can be run in any order.
-# * component_check_XXX: quick tests that aren't worth parallelizing.
-# * component_build_XXX: build things but don't run them.
-# * component_test_XXX: build and test.
-# * component_release_XXX: tests that the CI should skip during PR testing.
-# * support_XXX: if support_XXX exists and returns false then
-# component_XXX is not run by default.
-# * post_XXX: things to do after running the tests.
-# * other: miscellaneous support functions.
-#
-# Each component must start by invoking `msg` with a short informative message.
-#
-# Warning: due to the way bash detects errors, the failure of a command
-# inside 'if' or '!' is not detected. Use the 'not' function instead of '!'.
-#
-# Each component is executed in a separate shell process. The component
-# fails if any command in it returns a non-zero status.
-#
-# The framework performs some cleanup tasks after each component. This
-# means that components can assume that the working directory is in a
-# cleaned-up state, and don't need to perform the cleanup themselves.
-# * Run `make clean`.
-# * Restore `include/mbedtls/mbedtls_config.h` from a backup made before running
-# the component.
-# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`,
-# `tests/Makefile` and `programs/fuzz/Makefile` from git.
-# This cleans up after an in-tree use of CMake.
-#
-# The tests are roughly in order from fastest to slowest. This doesn't
-# have to be exact, but in general you should add slower tests towards
-# the end and fast checks near the beginning.
-
-
-
-################################################################
-#### Initialization and command line parsing
-################################################################
-
-# Abort on errors (even on the left-hand side of a pipe).
-# Treat uninitialised variables as errors.
-set -e -o pipefail -u
-
-# Enable ksh/bash extended file matching patterns
-shopt -s extglob
-
-# For project detection
-in_mbedtls_repo () {
- test "$PROJECT_NAME" = "Mbed TLS"
-}
-
-in_tf_psa_crypto_repo () {
- test "$PROJECT_NAME" = "TF-PSA-Crypto"
-}
-
-pre_check_environment () {
- # For project detection
- PROJECT_NAME_FILE='./scripts/project_name.txt'
- if read -r PROJECT_NAME < "$PROJECT_NAME_FILE"; then :; else
- echo "$PROJECT_NAME_FILE does not exist... Exiting..." >&2
- exit 1
- fi
-
- if in_mbedtls_repo || in_tf_psa_crypto_repo; then :; else
- echo "Must be run from Mbed TLS / TF-PSA-Crypto root" >&2
- exit 1
- fi
-}
-
-pre_initialize_variables () {
- if in_mbedtls_repo; then
- CONFIG_H='include/mbedtls/mbedtls_config.h'
- else
- CONFIG_H='drivers/builtin/include/mbedtls/mbedtls_config.h'
- fi
- CRYPTO_CONFIG_H='include/psa/crypto_config.h'
- CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h'
-
- # Files that are clobbered by some jobs will be backed up. Use a different
- # suffix from auxiliary scripts so that all.sh and auxiliary scripts can
- # independently decide when to remove the backup file.
- backup_suffix='.all.bak'
- # Files clobbered by config.py
- files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H"
- if in_mbedtls_repo; then
- # Files clobbered by in-tree cmake
- files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile"
- fi
-
- append_outcome=0
- MEMORY=0
- FORCE=0
- QUIET=0
- KEEP_GOING=0
-
- # Seed value used with the --release-test option.
- #
- # See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if
- # both values are kept in sync. If you change the value here because it
- # breaks some tests, you'll definitely want to change it in
- # basic-build-test.sh as well.
- RELEASE_SEED=1
-
- # Specify character collation for regular expressions and sorting with C locale
- export LC_COLLATE=C
-
- : ${MBEDTLS_TEST_OUTCOME_FILE=}
- : ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
- export MBEDTLS_TEST_OUTCOME_FILE
- export MBEDTLS_TEST_PLATFORM
-
- # Default commands, can be overridden by the environment
- : ${OPENSSL:="openssl"}
- : ${OPENSSL_NEXT:="$OPENSSL"}
- : ${GNUTLS_CLI:="gnutls-cli"}
- : ${GNUTLS_SERV:="gnutls-serv"}
- : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
- : ${ARMC5_BIN_DIR:=/usr/bin}
- : ${ARMC6_BIN_DIR:=/usr/bin}
- : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
- : ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-}
- : ${CLANG_LATEST:="clang-latest"}
- : ${CLANG_EARLIEST:="clang-earliest"}
- : ${GCC_LATEST:="gcc-latest"}
- : ${GCC_EARLIEST:="gcc-earliest"}
- # if MAKEFLAGS is not set add the -j option to speed up invocations of make
- if [ -z "${MAKEFLAGS+set}" ]; then
- export MAKEFLAGS="-j$(all_sh_nproc)"
- fi
- # if CC is not set, use clang by default (if present) to improve build times
- if [ -z "${CC+set}" ] && (type clang > /dev/null 2>&1); then
- export CC="clang"
- fi
-
- if [ -n "${OPENSSL_3+set}" ]; then
- export OPENSSL_NEXT="$OPENSSL_3"
- fi
-
- # Include more verbose output for failing tests run by CMake or make
- export CTEST_OUTPUT_ON_FAILURE=1
-
- # CFLAGS and LDFLAGS for Asan builds that don't use CMake
- # default to -O2, use -Ox _after_ this if you want another level
- ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
- # Normally, tests should use this compiler for ASAN testing
- ASAN_CC=clang
-
- # Platform tests have an allocation that returns null
- export ASAN_OPTIONS="allocator_may_return_null=1"
- export MSAN_OPTIONS="allocator_may_return_null=1"
-
- # Gather the list of available components. These are the functions
- # defined in this script whose name starts with "component_".
- ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//')
-
- # Delay determining SUPPORTED_COMPONENTS until the command line options have a chance to override
- # the commands set by the environment
-}
-
-setup_quiet_wrappers()
-{
- # Pick up "quiet" wrappers for make and cmake, which don't output very much
- # unless there is an error. This reduces logging overhead in the CI.
- #
- # Note that the cmake wrapper breaks unless we use an absolute path here.
- if [[ -e ${PWD}/tests/scripts/quiet ]]; then
- export PATH=${PWD}/tests/scripts/quiet:$PATH
- fi
-}
-
-# Test whether the component $1 is included in the command line patterns.
-is_component_included()
-{
- # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS
- # only does word splitting.
- set -f
- for pattern in $COMMAND_LINE_COMPONENTS; do
- set +f
- case ${1#component_} in $pattern) return 0;; esac
- done
- set +f
- return 1
-}
-
-usage()
-{
- cat <<EOF
-Usage: $0 [OPTION]... [COMPONENT]...
-Run mbedtls release validation tests.
-By default, run all tests. With one or more COMPONENT, run only those.
-COMPONENT can be the name of a component or a shell wildcard pattern.
-
-Examples:
- $0 "check_*"
- Run all sanity checks.
- $0 --no-armcc --except test_memsan
- Run everything except builds that require armcc and MemSan.
-
-Special options:
- -h|--help Print this help and exit.
- --list-all-components List all available test components and exit.
- --list-components List components supported on this platform and exit.
-
-General options:
- -q|--quiet Only output component names, and errors if any.
- -f|--force Force the tests to overwrite any modified files.
- -k|--keep-going Run all tests and report errors at the end.
- -m|--memory Additional optional memory tests.
- --append-outcome Append to the outcome file (if used).
- --arm-none-eabi-gcc-prefix=<string>
- Prefix for a cross-compiler for arm-none-eabi
- (default: "${ARM_NONE_EABI_GCC_PREFIX}")
- --arm-linux-gnueabi-gcc-prefix=<string>
- Prefix for a cross-compiler for arm-linux-gnueabi
- (default: "${ARM_LINUX_GNUEABI_GCC_PREFIX}")
- --armcc Run ARM Compiler builds (on by default).
- --restore First clean up the build tree, restoring backed up
- files. Do not run any components unless they are
- explicitly specified.
- --error-test Error test mode: run a failing function in addition
- to any specified component. May be repeated.
- --except Exclude the COMPONENTs listed on the command line,
- instead of running only those.
- --no-append-outcome Write a new outcome file and analyze it (default).
- --no-armcc Skip ARM Compiler builds.
- --no-force Refuse to overwrite modified files (default).
- --no-keep-going Stop at the first error (default).
- --no-memory No additional memory tests (default).
- --no-quiet Print full output from components.
- --out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
- --outcome-file=<path> File where test outcomes are written (not done if
- empty; default: \$MBEDTLS_TEST_OUTCOME_FILE).
- --random-seed Use a random seed value for randomized tests (default).
- -r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED}.
- -s|--seed Integer seed value to use for this test run.
-
-Tool path options:
- --armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory.
- --armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory.
- --clang-earliest=<Clang_earliest_path> Earliest version of clang available
- --clang-latest=<Clang_latest_path> Latest version of clang available
- --gcc-earliest=<GCC_earliest_path> Earliest version of GCC available
- --gcc-latest=<GCC_latest_path> Latest version of GCC available
- --gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests.
- --gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests.
- --openssl=<OpenSSL_path> OpenSSL executable to use for most tests.
- --openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA
-EOF
-}
-
-# Cleanup before/after running a component.
-# Remove built files as well as the cmake cache/config.
-# Does not remove generated source files.
-cleanup()
-{
- if in_mbedtls_repo; then
- command make clean
- fi
-
- # Remove CMake artefacts
- find . -name .git -prune -o \
- -iname CMakeFiles -exec rm -rf {} \+ -o \
- \( -iname cmake_install.cmake -o \
- -iname CTestTestfile.cmake -o \
- -iname CMakeCache.txt -o \
- -path './cmake/*.cmake' \) -exec rm -f {} \+
- # Remove Makefiles generated by in-tree CMake builds
- rm -f 3rdparty/Makefile 3rdparty/*/Makefile pkgconfig/Makefile framework/Makefile
- rm -f include/Makefile programs/!(fuzz)/Makefile
-
- # Remove any artifacts from the component_test_cmake_as_subdirectory test.
- rm -rf programs/test/cmake_subproject/build
- rm -f programs/test/cmake_subproject/Makefile
- rm -f programs/test/cmake_subproject/cmake_subproject
-
- # Remove any artifacts from the component_test_cmake_as_package test.
- rm -rf programs/test/cmake_package/build
- rm -f programs/test/cmake_package/Makefile
- rm -f programs/test/cmake_package/cmake_package
-
- # Remove any artifacts from the component_test_cmake_as_installed_package test.
- rm -rf programs/test/cmake_package_install/build
- rm -f programs/test/cmake_package_install/Makefile
- rm -f programs/test/cmake_package_install/cmake_package_install
-
- # Restore files that may have been clobbered by the job
- for x in $files_to_back_up; do
- if [[ -e "$x$backup_suffix" ]]; then
- cp -p "$x$backup_suffix" "$x"
- fi
- done
-}
-
-# Final cleanup when this script exits (except when exiting on a failure
-# in non-keep-going mode).
-final_cleanup () {
- cleanup
-
- for x in $files_to_back_up; do
- rm -f "$x$backup_suffix"
- done
-}
-
-# Executed on exit. May be redefined depending on command line options.
-final_report () {
- :
-}
-
-fatal_signal () {
- final_cleanup
- final_report $1
- trap - $1
- kill -$1 $$
-}
-
-trap 'fatal_signal HUP' HUP
-trap 'fatal_signal INT' INT
-trap 'fatal_signal TERM' TERM
-
-# Number of processors on this machine. Used as the default setting
-# for parallel make.
-all_sh_nproc ()
-{
- {
- nproc || # Linux
- sysctl -n hw.ncpuonline || # NetBSD, OpenBSD
- sysctl -n hw.ncpu || # FreeBSD
- echo 1
- } 2>/dev/null
-}
-
-msg()
-{
- if [ -n "${current_component:-}" ]; then
- current_section="${current_component#component_}: $1"
- else
- current_section="$1"
- fi
-
- if [ $QUIET -eq 1 ]; then
- return
- fi
-
- echo ""
- echo "******************************************************************"
- echo "* $current_section "
- printf "* "; date
- echo "******************************************************************"
-}
-
-armc6_build_test()
-{
- FLAGS="$1"
-
- msg "build: ARM Compiler 6 ($FLAGS)"
- make clean
- ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \
- WARNING_CFLAGS='-Werror -xc -std=c99' make lib
-
- msg "size: ARM Compiler 6 ($FLAGS)"
- "$ARMC6_FROMELF" -z library/*.o
-}
-
-err_msg()
-{
- echo "$1" >&2
-}
-
-check_tools()
-{
- for tool in "$@"; do
- if ! `type "$tool" >/dev/null 2>&1`; then
- err_msg "$tool not found!"
- exit 1
- fi
- done
-}
-
-pre_parse_command_line () {
- COMMAND_LINE_COMPONENTS=
- all_except=0
- error_test=0
- list_components=0
- restore_first=0
- no_armcc=
-
- # Note that legacy options are ignored instead of being omitted from this
- # list of options, so invocations that worked with previous version of
- # all.sh will still run and work properly.
- while [ $# -gt 0 ]; do
- case "$1" in
- --append-outcome) append_outcome=1;;
- --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";;
- --arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";;
- --armcc) no_armcc=;;
- --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
- --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
- --clang-earliest) shift; CLANG_EARLIEST="$1";;
- --clang-latest) shift; CLANG_LATEST="$1";;
- --error-test) error_test=$((error_test + 1));;
- --except) all_except=1;;
- --force|-f) FORCE=1;;
- --gcc-earliest) shift; GCC_EARLIEST="$1";;
- --gcc-latest) shift; GCC_LATEST="$1";;
- --gnutls-cli) shift; GNUTLS_CLI="$1";;
- --gnutls-legacy-cli) shift;; # ignored for backward compatibility
- --gnutls-legacy-serv) shift;; # ignored for backward compatibility
- --gnutls-serv) shift; GNUTLS_SERV="$1";;
- --help|-h) usage; exit;;
- --keep-going|-k) KEEP_GOING=1;;
- --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;;
- --list-components) list_components=1;;
- --memory|-m) MEMORY=1;;
- --no-append-outcome) append_outcome=0;;
- --no-armcc) no_armcc=1;;
- --no-force) FORCE=0;;
- --no-keep-going) KEEP_GOING=0;;
- --no-memory) MEMORY=0;;
- --no-quiet) QUIET=0;;
- --openssl) shift; OPENSSL="$1";;
- --openssl-next) shift; OPENSSL_NEXT="$1";;
- --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";;
- --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
- --quiet|-q) QUIET=1;;
- --random-seed) unset SEED;;
- --release-test|-r) SEED=$RELEASE_SEED;;
- --restore) restore_first=1;;
- --seed|-s) shift; SEED="$1";;
- -*)
- echo >&2 "Unknown option: $1"
- echo >&2 "Run $0 --help for usage."
- exit 120
- ;;
- *) COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS $1";;
- esac
- shift
- done
-
- # Exclude components that are not supported on this platform.
- SUPPORTED_COMPONENTS=
- for component in $ALL_COMPONENTS; do
- case $(type "support_$component" 2>&1) in
- *' function'*)
- if ! support_$component; then continue; fi;;
- esac
- SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component"
- done
-
- if [ $list_components -eq 1 ]; then
- printf '%s\n' $SUPPORTED_COMPONENTS
- exit
- fi
-
- # With no list of components, run everything.
- if [ -z "$COMMAND_LINE_COMPONENTS" ] && [ $restore_first -eq 0 ]; then
- all_except=1
- fi
-
- # --no-armcc is a legacy option. The modern way is --except '*_armcc*'.
- # Ignore it if components are listed explicitly on the command line.
- if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then
- COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*"
- fi
-
- # Error out if an explicitly requested component doesn't exist.
- if [ $all_except -eq 0 ]; then
- unsupported=0
- # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS
- # only does word splitting.
- set -f
- for component in $COMMAND_LINE_COMPONENTS; do
- set +f
- # If the requested name includes a wildcard character, don't
- # check it. Accept wildcard patterns that don't match anything.
- case $component in
- *[*?\[]*) continue;;
- esac
- case " $SUPPORTED_COMPONENTS " in
- *" $component "*) :;;
- *)
- echo >&2 "Component $component was explicitly requested, but is not known or not supported."
- unsupported=$((unsupported + 1));;
- esac
- done
- set +f
- if [ $unsupported -ne 0 ]; then
- exit 2
- fi
- fi
-
- # Build the list of components to run.
- RUN_COMPONENTS=
- for component in $SUPPORTED_COMPONENTS; do
- if is_component_included "$component"; [ $? -eq $all_except ]; then
- RUN_COMPONENTS="$RUN_COMPONENTS $component"
- fi
- done
-
- unset all_except
- unset no_armcc
-}
-
-pre_check_git () {
- if [ $FORCE -eq 1 ]; then
- rm -rf "$OUT_OF_SOURCE_DIR"
- git checkout-index -f -q $CONFIG_H
- cleanup
- else
-
- if [ -d "$OUT_OF_SOURCE_DIR" ]; then
- echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2
- echo "You can either delete this directory manually, or force the test by rerunning"
- echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR"
- exit 1
- fi
-
- if ! git diff --quiet "$CONFIG_H"; then
- err_msg "Warning - the configuration file '$CONFIG_H' has been edited. "
- echo "You can either delete or preserve your work, or force the test by rerunning the"
- echo "script as: $0 --force"
- exit 1
- fi
- fi
-}
-
-pre_restore_files () {
- # If the makefiles have been generated by a framework such as cmake,
- # restore them from git. If the makefiles look like modifications from
- # the ones checked into git, take care not to modify them. Whatever
- # this function leaves behind is what the script will restore before
- # each component.
- case "$(head -n1 Makefile)" in
- *[Gg]enerated*)
- git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
- git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
- ;;
- esac
-}
-
-pre_back_up () {
- for x in $files_to_back_up; do
- cp -p "$x" "$x$backup_suffix"
- done
-}
-
-pre_setup_keep_going () {
- failure_count=0 # Number of failed components
- last_failure_status=0 # Last failure status in this component
-
- # See err_trap
- previous_failure_status=0
- previous_failed_command=
- previous_failure_funcall_depth=0
- unset report_failed_command
-
- start_red=
- end_color=
- if [ -t 1 ]; then
- case "${TERM:-}" in
- *color*|cygwin|linux|rxvt*|screen|[Eex]term*)
- start_red=$(printf '\033[31m')
- end_color=$(printf '\033[0m')
- ;;
- esac
- fi
-
- # Keep a summary of failures in a file. We'll print it out at the end.
- failure_summary_file=$PWD/all-sh-failures-$$.log
- : >"$failure_summary_file"
-
- # Whether it makes sense to keep a component going after the specified
- # command fails (test command) or not (configure or build).
- # This function normally receives the failing simple command
- # ($BASH_COMMAND) as an argument, but if $report_failed_command is set,
- # this is passed instead.
- # This doesn't have to be 100% accurate: all failures are recorded anyway.
- # False positives result in running things that can't be expected to
- # work. False negatives result in things not running after something else
- # failed even though they might have given useful feedback.
- can_keep_going_after_failure () {
- case "$1" in
- "msg "*) false;;
- "cd "*) false;;
- "diff "*) true;;
- *make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ...
- *test*) true;; # make test, tests/stuff, env V=v tests/stuff, ...
- *make*check*) true;;
- "grep "*) true;;
- "[ "*) true;;
- "! "*) true;;
- *) false;;
- esac
- }
-
- # This function runs if there is any error in a component.
- # It must either exit with a nonzero status, or set
- # last_failure_status to a nonzero value.
- err_trap () {
- # Save $? (status of the failing command). This must be the very
- # first thing, before $? is overridden.
- last_failure_status=$?
- failed_command=${report_failed_command-$BASH_COMMAND}
-
- if [[ $last_failure_status -eq $previous_failure_status &&
- "$failed_command" == "$previous_failed_command" &&
- ${#FUNCNAME[@]} == $((previous_failure_funcall_depth - 1)) ]]
- then
- # The same command failed twice in a row, but this time one level
- # less deep in the function call stack. This happens when the last
- # command of a function returns a nonzero status, and the function
- # returns that same status. Ignore the second failure.
- previous_failure_funcall_depth=${#FUNCNAME[@]}
- return
- fi
- previous_failure_status=$last_failure_status
- previous_failed_command=$failed_command
- previous_failure_funcall_depth=${#FUNCNAME[@]}
-
- text="$current_section: $failed_command -> $last_failure_status"
- echo "${start_red}^^^^$text^^^^${end_color}" >&2
- echo "$text" >>"$failure_summary_file"
-
- # If the command is fatal (configure or build command), stop this
- # component. Otherwise (test command) keep the component running
- # (run more tests from the same build).
- if ! can_keep_going_after_failure "$failed_command"; then
- exit $last_failure_status
- fi
- }
-
- final_report () {
- if [ $failure_count -gt 0 ]; then
- echo
- echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
- echo "${start_red}FAILED: $failure_count components${end_color}"
- cat "$failure_summary_file"
- echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
- elif [ -z "${1-}" ]; then
- echo "SUCCESS :)"
- fi
- if [ -n "${1-}" ]; then
- echo "Killed by SIG$1."
- fi
- rm -f "$failure_summary_file"
- if [ $failure_count -gt 0 ]; then
- exit 1
- fi
- }
-}
-
-# record_status() and if_build_succeeded() are kept temporarily for backward
-# compatibility. Don't use them in new components.
-record_status () {
- "$@"
-}
-if_build_succeeded () {
- "$@"
-}
-
-# '! true' does not trigger the ERR trap. Arrange to trigger it, with
-# a reasonably informative error message (not just "$@").
-not () {
- if "$@"; then
- report_failed_command="! $*"
- false
- unset report_failed_command
- fi
-}
-
-pre_prepare_outcome_file () {
- case "$MBEDTLS_TEST_OUTCOME_FILE" in
- [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";;
- esac
- if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ] && [ "$append_outcome" -eq 0 ]; then
- rm -f "$MBEDTLS_TEST_OUTCOME_FILE"
- fi
-}
-
-pre_print_configuration () {
- if [ $QUIET -eq 1 ]; then
- return
- fi
-
- msg "info: $0 configuration"
- echo "MEMORY: $MEMORY"
- echo "FORCE: $FORCE"
- echo "MBEDTLS_TEST_OUTCOME_FILE: ${MBEDTLS_TEST_OUTCOME_FILE:-(none)}"
- echo "SEED: ${SEED-"UNSET"}"
- echo
- echo "OPENSSL: $OPENSSL"
- echo "OPENSSL_NEXT: $OPENSSL_NEXT"
- echo "GNUTLS_CLI: $GNUTLS_CLI"
- echo "GNUTLS_SERV: $GNUTLS_SERV"
- echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR"
- echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
-}
-
-# Make sure the tools we need are available.
-pre_check_tools () {
- # Build the list of variables to pass to output_env.sh.
- set env
-
- case " $RUN_COMPONENTS " in
- # Require OpenSSL and GnuTLS if running any tests (as opposed to
- # only doing builds). Not all tests run OpenSSL and GnuTLS, but this
- # is a good enough approximation in practice.
- *" test_"* | *" release_test_"*)
- # To avoid setting OpenSSL and GnuTLS for each call to compat.sh
- # and ssl-opt.sh, we just export the variables they require.
- export OPENSSL="$OPENSSL"
- export GNUTLS_CLI="$GNUTLS_CLI"
- export GNUTLS_SERV="$GNUTLS_SERV"
- # Avoid passing --seed flag in every call to ssl-opt.sh
- if [ -n "${SEED-}" ]; then
- export SEED
- fi
- set "$@" OPENSSL="$OPENSSL"
- set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV"
- check_tools "$OPENSSL" "$OPENSSL_NEXT" \
- "$GNUTLS_CLI" "$GNUTLS_SERV"
- ;;
- esac
-
- case " $RUN_COMPONENTS " in
- *_doxygen[_\ ]*) check_tools "doxygen" "dot";;
- esac
-
- case " $RUN_COMPONENTS " in
- *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";;
- esac
-
- case " $RUN_COMPONENTS " in
- *_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";;
- esac
-
- case " $RUN_COMPONENTS " in
- *" test_zeroize "*) check_tools "gdb";;
- esac
-
- case " $RUN_COMPONENTS " in
- *_armcc*)
- ARMC5_CC="$ARMC5_BIN_DIR/armcc"
- ARMC5_AR="$ARMC5_BIN_DIR/armar"
- ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf"
- ARMC6_CC="$ARMC6_BIN_DIR/armclang"
- ARMC6_AR="$ARMC6_BIN_DIR/armar"
- ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf"
- check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \
- "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";;
- esac
-
- # past this point, no call to check_tool, only printing output
- if [ $QUIET -eq 1 ]; then
- return
- fi
-
- msg "info: output_env.sh"
- case $RUN_COMPONENTS in
- *_armcc*)
- set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;;
- *) set "$@" RUN_ARMCC=0;;
- esac
- "$@" scripts/output_env.sh
-}
-
-pre_generate_files () {
- # since make doesn't have proper dependencies, remove any possibly outdate
- # file that might be around before generating fresh ones
- make neat
- if [ $QUIET -eq 1 ]; then
- make generated_files >/dev/null
- else
- make generated_files
- fi
-}
-
-clang_version () {
- if command -v clang > /dev/null ; then
- clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#'
- else
- echo 0 # report version 0 for "no clang"
- fi
-}
-
-################################################################
-#### Helpers for components using libtestdriver1
-################################################################
-
-# How to use libtestdriver1
-# -------------------------
-#
-# 1. Define the list algorithms and key types to accelerate,
-# designated the same way as PSA_WANT_ macros but without PSA_WANT_.
-# Examples:
-# - loc_accel_list="ALG_JPAKE"
-# - loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY"
-# 2. Make configurations changes for the driver and/or main libraries.
-# 2a. Call helper_libtestdriver1_adjust_config <base>, where the argument
-# can be either "default" to start with the default config, or a name
-# supported by scripts/config.py (for example, "full"). This selects
-# the base to use, and makes common adjustments.
-# 2b. If desired, adjust the PSA_WANT symbols in psa/crypto_config.h.
-# These changes affect both the driver and the main libraries.
-# (Note: they need to have the same set of PSA_WANT symbols, as that
-# determines the ABI between them.)
-# 2c. Adjust MBEDTLS_ symbols in mbedtls_config.h. This only affects the
-# main libraries. Typically, you want to disable the module(s) that are
-# being accelerated. You may need to also disable modules that depend
-# on them or options that are not supported with drivers.
-# 2d. On top of psa/crypto_config.h, the driver library uses its own config
-# file: tests/include/test/drivers/config_test_driver.h. You usually
-# don't need to edit it: using loc_extra_list (see below) is preferred.
-# However, when there's no PSA symbol for what you want to enable,
-# calling scripts/config.py on this file remains the only option.
-# 3. Build the driver library, then the main libraries, test, and programs.
-# 3a. Call helper_libtestdriver1_make_drivers "$loc_accel_list". You may
-# need to enable more algorithms here, typically hash algorithms when
-# accelerating some signature algorithms (ECDSA, RSAv2). This is done
-# by passing a 2nd argument listing the extra algorithms.
-# Example:
-# loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
-# helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
-# 3b. Call helper_libtestdriver1_make_main "$loc_accel_list". Any
-# additional arguments will be passed to make: this can be useful if
-# you don't want to build everything when iterating during development.
-# Example:
-# helper_libtestdriver1_make_main "$loc_accel_list" -C tests test_suite_foo
-# 4. Run the tests you want.
-
-# Adjust the configuration - for both libtestdriver1 and main library,
-# as they should have the same PSA_WANT macros.
-helper_libtestdriver1_adjust_config () {
- base_config=$1
- # Select the base configuration
- if [ "$base_config" != "default" ]; then
- scripts/config.py "$base_config"
- fi
-
- # Enable PSA-based config (necessary to use drivers)
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
-
- # Dynamic secure element support is a deprecated feature and needs to be disabled here.
- # This is done to have the same form of psa_key_attributes_s for libdriver and library.
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
-
- # If threading is enabled on the normal build, then we need to enable it in the drivers as well,
- # otherwise we will end up running multithreaded tests without mutexes to protect them.
- if scripts/config.py get MBEDTLS_THREADING_C; then
- scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_C
- fi
-
- if scripts/config.py get MBEDTLS_THREADING_PTHREAD; then
- scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_PTHREAD
- fi
-}
-
-# When called with no parameter this function disables all builtin curves.
-# The function optionally accepts 1 parameter: a space-separated list of the
-# curves that should be kept enabled.
-helper_disable_builtin_curves () {
- allowed_list="${1:-}"
- scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
-
- for curve in $allowed_list; do
- scripts/config.py set $curve
- done
-}
-
-# Helper returning the list of supported elliptic curves from CRYPTO_CONFIG_H,
-# without the "PSA_WANT_" prefix. This becomes handy for accelerating curves
-# in the following helpers.
-helper_get_psa_curve_list () {
- loc_list=""
- for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
- loc_list="$loc_list $item"
- done
-
- echo "$loc_list"
-}
-
-# Helper returning the list of supported DH groups from CRYPTO_CONFIG_H,
-# without the "PSA_WANT_" prefix. This becomes handy for accelerating DH groups
-# in the following helpers.
-helper_get_psa_dh_group_list () {
- loc_list=""
- for item in $(sed -n 's/^#define PSA_WANT_\(DH_RFC7919_[0-9]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
- loc_list="$loc_list $item"
- done
-
- echo "$loc_list"
-}
-
-# Get the list of uncommented PSA_WANT_KEY_TYPE_xxx_ from CRYPTO_CONFIG_H. This
-# is useful to easily get a list of key type symbols to accelerate.
-# The function accepts a single argument which is the key type: ECC, DH, RSA.
-helper_get_psa_key_type_list () {
- key_type="$1"
- loc_list=""
- for item in $(sed -n "s/^#define PSA_WANT_\(KEY_TYPE_${key_type}_[0-9A-Z_a-z]*\).*/\1/p" <"$CRYPTO_CONFIG_H"); do
- # Skip DERIVE for elliptic keys since there is no driver dispatch for
- # it so it cannot be accelerated.
- if [ "$item" != "KEY_TYPE_ECC_KEY_PAIR_DERIVE" ]; then
- loc_list="$loc_list $item"
- fi
- done
-
- echo "$loc_list"
-}
-
-# Build the drivers library libtestdriver1.a (with ASan).
-#
-# Parameters:
-# 1. a space-separated list of things to accelerate;
-# 2. optional: a space-separate list of things to also support.
-# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
-helper_libtestdriver1_make_drivers () {
- loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
- make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# Build the main libraries, programs and tests,
-# linking to the drivers library (with ASan).
-#
-# Parameters:
-# 1. a space-separated list of things to accelerate;
-# *. remaining arguments if any are passed directly to make
-# (examples: lib, -C tests test_suite_xxx, etc.)
-# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
-helper_libtestdriver1_make_main () {
- loc_accel_list=$1
- shift
-
- # we need flags both with and without the LIBTESTDRIVER1_ prefix
- loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
- loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@"
-}
-
-# Include the components from components.sh
+# The path is going to change when this is moved to the framework
test_script_dir="${0%/*}"
-for file in "$test_script_dir"/components*.sh; do
- source $file
-done
+source "$test_script_dir"/all-core.sh
-################################################################
-#### Termination
-################################################################
-
-post_report () {
- msg "Done, cleaning up"
- final_cleanup
-
- final_report
-}
-
-################################################################
-#### Run all the things
-################################################################
-
-# Function invoked by --error-test to test error reporting.
-pseudo_component_error_test () {
- msg "Testing error reporting $error_test_i"
- if [ $KEEP_GOING -ne 0 ]; then
- echo "Expect three failing commands."
- fi
- # If the component doesn't run in a subshell, changing error_test_i to an
- # invalid integer will cause an error in the loop that runs this function.
- error_test_i=this_should_not_be_used_since_the_component_runs_in_a_subshell
- # Expected error: 'grep non_existent /dev/null -> 1'
- grep non_existent /dev/null
- # Expected error: '! grep -q . tests/scripts/all.sh -> 1'
- not grep -q . "$0"
- # Expected error: 'make unknown_target -> 2'
- make unknown_target
- false "this should not be executed"
-}
-
-# Run one component and clean up afterwards.
-run_component () {
- current_component="$1"
- export MBEDTLS_TEST_CONFIGURATION="$current_component"
-
- # Unconditionally create a seedfile that's sufficiently long.
- # Do this before each component, because a previous component may
- # have messed it up or shortened it.
- local dd_cmd
- dd_cmd=(dd if=/dev/urandom of=./tests/seedfile bs=64 count=1)
- case $OSTYPE in
- linux*|freebsd*|openbsd*) dd_cmd+=(status=none)
- esac
- "${dd_cmd[@]}"
-
- # Run the component in a subshell, with error trapping and output
- # redirection set up based on the relevant options.
- if [ $KEEP_GOING -eq 1 ]; then
- # We want to keep running if the subshell fails, so 'set -e' must
- # be off when the subshell runs.
- set +e
- fi
- (
- if [ $QUIET -eq 1 ]; then
- # msg() will be silenced, so just print the component name here.
- echo "${current_component#component_}"
- exec >/dev/null
- fi
- if [ $KEEP_GOING -eq 1 ]; then
- # Keep "set -e" off, and run an ERR trap instead to record failures.
- set -E
- trap err_trap ERR
- fi
- # The next line is what runs the component
- "$@"
- if [ $KEEP_GOING -eq 1 ]; then
- trap - ERR
- exit $last_failure_status
- fi
- )
- component_status=$?
- if [ $KEEP_GOING -eq 1 ]; then
- set -e
- if [ $component_status -ne 0 ]; then
- failure_count=$((failure_count + 1))
- fi
- fi
-
- # Restore the build tree to a clean state.
- cleanup
- unset current_component
-}
-
-# Preliminary setup
-pre_check_environment
-pre_initialize_variables
-pre_parse_command_line "$@"
-
-setup_quiet_wrappers
-pre_check_git
-pre_restore_files
-pre_back_up
-
-build_status=0
-if [ $KEEP_GOING -eq 1 ]; then
- pre_setup_keep_going
-fi
-pre_prepare_outcome_file
-pre_print_configuration
-pre_check_tools
-cleanup
-if in_mbedtls_repo; then
- pre_generate_files
-fi
-
-# Run the requested tests.
-for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do
- run_component pseudo_component_error_test
-done
-unset error_test_i
-for component in $RUN_COMPONENTS; do
- run_component "component_$component"
-done
-
-# We're done.
-post_report
+main "$@"
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 58c1783..1f7e98c 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -6,791 +6,767 @@
less likely to be useful.
"""
-import argparse
-import sys
-import traceback
import re
-import subprocess
-import os
import typing
-import check_test_cases
+import scripts_path # pylint: disable=unused-import
+from mbedtls_framework import outcome_analysis
-# `ComponentOutcomes` is a named tuple which is defined as:
-# ComponentOutcomes(
-# successes = {
-# "<suite_case>",
-# ...
-# },
-# failures = {
-# "<suite_case>",
-# ...
-# }
-# )
-# suite_case = "<suite>;<case>"
-ComponentOutcomes = typing.NamedTuple('ComponentOutcomes',
- [('successes', typing.Set[str]),
- ('failures', typing.Set[str])])
-
-# `Outcomes` is a representation of the outcomes file,
-# which defined as:
-# Outcomes = {
-# "<component>": ComponentOutcomes,
-# ...
-# }
-Outcomes = typing.Dict[str, ComponentOutcomes]
-
-
-class Results:
- """Process analysis results."""
-
- def __init__(self):
- self.error_count = 0
- self.warning_count = 0
-
- def new_section(self, fmt, *args, **kwargs):
- self._print_line('\n*** ' + fmt + ' ***\n', *args, **kwargs)
-
- def info(self, fmt, *args, **kwargs):
- self._print_line('Info: ' + fmt, *args, **kwargs)
-
- def error(self, fmt, *args, **kwargs):
- self.error_count += 1
- self._print_line('Error: ' + fmt, *args, **kwargs)
-
- def warning(self, fmt, *args, **kwargs):
- self.warning_count += 1
- self._print_line('Warning: ' + fmt, *args, **kwargs)
+class CoverageTask(outcome_analysis.CoverageTask):
+ """Justify test cases that are never executed."""
@staticmethod
- def _print_line(fmt, *args, **kwargs):
- sys.stderr.write((fmt + '\n').format(*args, **kwargs))
+ def _has_word_re(words: typing.Iterable[str],
+ exclude: typing.Optional[str] = None) -> typing.Pattern:
+ """Construct a regex that matches if any of the words appears.
-def execute_reference_driver_tests(results: Results, ref_component: str, driver_component: str, \
- outcome_file: str) -> None:
- """Run the tests specified in ref_component and driver_component. Results
- are stored in the output_file and they will be used for the following
- coverage analysis"""
- results.new_section("Test {} and {}", ref_component, driver_component)
+ The occurrence must start and end at a word boundary.
- shell_command = "tests/scripts/all.sh --outcome-file " + outcome_file + \
- " " + ref_component + " " + driver_component
- results.info("Running: {}", shell_command)
- ret_val = subprocess.run(shell_command.split(), check=False).returncode
+ If exclude is specified, strings containing a match for that
+ regular expression will not match the returned pattern.
+ """
+ exclude_clause = r''
+ if exclude:
+ exclude_clause = r'(?!.*' + exclude + ')'
+ return re.compile(exclude_clause +
+ r'.*\b(?:' + r'|'.join(words) + r')\b.*',
+ re.DOTALL)
- if ret_val != 0:
- results.error("failed to run reference/driver components")
+ # generate_psa_tests.py generates test cases involving cryptographic
+ # mechanisms (key types, families, algorithms) that are declared but
+ # not implemented. Until we improve the Python scripts, ignore those
+ # test cases in the analysis.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9572
+ _PSA_MECHANISMS_NOT_IMPLEMENTED = [
+ r'CBC_MAC',
+ r'DETERMINISTIC_DSA',
+ r'DET_DSA',
+ r'DSA',
+ r'ECC_KEY_PAIR\(BRAINPOOL_P_R1\) (?:160|192|224|320)-bit',
+ r'ECC_KEY_PAIR\(SECP_K1\) 225-bit',
+ r'ECC_PAIR\(BP_R1\) (?:160|192|224|320)-bit',
+ r'ECC_PAIR\(SECP_K1\) 225-bit',
+ r'ECC_PUBLIC_KEY\(BRAINPOOL_P_R1\) (?:160|192|224|320)-bit',
+ r'ECC_PUBLIC_KEY\(SECP_K1\) 225-bit',
+ r'ECC_PUB\(BP_R1\) (?:160|192|224|320)-bit',
+ r'ECC_PUB\(SECP_K1\) 225-bit',
+ r'ED25519PH',
+ r'ED448PH',
+ r'PEPPER',
+ r'PURE_EDDSA',
+ r'SECP_R2',
+ r'SECT_K1',
+ r'SECT_R1',
+ r'SECT_R2',
+ r'SHAKE256_512',
+ r'SHA_512_224',
+ r'SHA_512_256',
+ r'TWISTED_EDWARDS',
+ r'XTS',
+ ]
+ PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE = \
+ _has_word_re(_PSA_MECHANISMS_NOT_IMPLEMENTED)
-def analyze_coverage(results: Results, outcomes: Outcomes,
- allow_list: typing.List[str], full_coverage: bool) -> None:
- """Check that all available test cases are executed at least once."""
- # Make sure that the generated data files are present (and up-to-date).
- # This allows analyze_outcomes.py to run correctly on a fresh Git
- # checkout.
- cp = subprocess.run(['make', 'generated_files'],
- cwd='tests',
- stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
- check=False)
- if cp.returncode != 0:
- sys.stderr.write(cp.stdout.decode('utf-8'))
- results.error("Failed \"make generated_files\" in tests. "
- "Coverage analysis may be incorrect.")
- available = check_test_cases.collect_available_test_cases()
- for suite_case in available:
- hit = any(suite_case in comp_outcomes.successes or
- suite_case in comp_outcomes.failures
- for comp_outcomes in outcomes.values())
+ IGNORED_TESTS = {
+ 'ssl-opt': [
+ # We don't run ssl-opt.sh with Valgrind on the CI because
+ # it's extremely slow. We don't intend to change this.
+ 'DTLS client reconnect from same port: reconnect, nbio, valgrind',
+ # We don't have IPv6 in our CI environment.
+ # https://github.com/Mbed-TLS/mbedtls-test/issues/176
+ 'DTLS cookie: enabled, IPv6',
+ # Disabled due to OpenSSL bug.
+ # https://github.com/openssl/openssl/issues/18887
+ 'DTLS fragmenting: 3d, openssl client, DTLS 1.2',
+ # We don't run ssl-opt.sh with Valgrind on the CI because
+ # it's extremely slow. We don't intend to change this.
+ 'DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)',
+ # It seems that we don't run `ssl-opt.sh` with
+ # `MBEDTLS_USE_PSA_CRYPTO` enabled but `MBEDTLS_SSL_ASYNC_PRIVATE`
+ # disabled.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9581
+ 'Opaque key for server authentication: invalid key: decrypt with ECC key, no async',
+ 'Opaque key for server authentication: invalid key: ecdh with RSA key, no async',
+ ],
+ 'test_suite_config.mbedtls_boolean': [
+ # We never test with CBC/PKCS5/PKCS12 enabled but
+ # PKCS7 padding disabled.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9580
+ 'Config: !MBEDTLS_CIPHER_PADDING_PKCS7',
+ # https://github.com/Mbed-TLS/mbedtls/issues/9583
+ 'Config: !MBEDTLS_ECP_NIST_OPTIM',
+ # MBEDTLS_ECP_NO_FALLBACK only affects builds using a partial
+ # alternative implementation of ECP arithmetic (with
+ # MBEDTLS_ECP_INTERNAL_ALT enabled). We don't test those builds.
+ # The configuration enumeration script skips xxx_ALT options
+ # but not MBEDTLS_ECP_NO_FALLBACK, so it appears in the report,
+ # but we don't care about it.
+ 'Config: MBEDTLS_ECP_NO_FALLBACK',
+ # Missing coverage of test configurations.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9585
+ 'Config: !MBEDTLS_SSL_DTLS_ANTI_REPLAY',
+ # Missing coverage of test configurations.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9585
+ 'Config: !MBEDTLS_SSL_DTLS_HELLO_VERIFY',
+ # We don't run test_suite_config when we test this.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9586
+ 'Config: !MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED',
+ # We only test multithreading with pthreads.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9584
+ 'Config: !MBEDTLS_THREADING_PTHREAD',
+ # Built but not tested.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9587
+ 'Config: MBEDTLS_AES_USE_HARDWARE_ONLY',
+ # Untested platform-specific optimizations.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9588
+ 'Config: MBEDTLS_HAVE_SSE2',
+ # Obsolete configuration option, to be replaced by
+ # PSA entropy drivers.
+ # https://github.com/Mbed-TLS/mbedtls/issues/8150
+ 'Config: MBEDTLS_NO_PLATFORM_ENTROPY',
+ # Untested aspect of the platform interface.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9589
+ 'Config: MBEDTLS_PLATFORM_NO_STD_FUNCTIONS',
+ # In a client-server build, test_suite_config runs in the
+ # client configuration, so it will never report
+ # MBEDTLS_PSA_CRYPTO_SPM as enabled. That's ok.
+ 'Config: MBEDTLS_PSA_CRYPTO_SPM',
+ # We don't test on armv8 yet.
+ 'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
+ 'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY',
+ 'Config: MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY',
+ 'Config: MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY',
+ # We don't run test_suite_config when we test this.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9586
+ 'Config: MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND',
+ ],
+ 'test_suite_config.psa_boolean': [
+ # We don't test with HMAC disabled.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9591
+ 'Config: !PSA_WANT_ALG_HMAC',
+ # The DERIVE key type is always enabled.
+ 'Config: !PSA_WANT_KEY_TYPE_DERIVE',
+ # More granularity of key pair type enablement macros
+ # than we care to test.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9590
+ 'Config: !PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT',
+ 'Config: !PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE',
+ 'Config: !PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT',
+ # More granularity of key pair type enablement macros
+ # than we care to test.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9590
+ 'Config: !PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT',
+ 'Config: !PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT',
+ # We don't test with HMAC disabled.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9591
+ 'Config: !PSA_WANT_KEY_TYPE_HMAC',
+ # The PASSWORD key type is always enabled.
+ 'Config: !PSA_WANT_KEY_TYPE_PASSWORD',
+ # The PASSWORD_HASH key type is always enabled.
+ 'Config: !PSA_WANT_KEY_TYPE_PASSWORD_HASH',
+ # The RAW_DATA key type is always enabled.
+ 'Config: !PSA_WANT_KEY_TYPE_RAW_DATA',
+ # More granularity of key pair type enablement macros
+ # than we care to test.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9590
+ 'Config: !PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT',
+ 'Config: !PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT',
+ # Algorithm declared but not supported.
+ 'Config: PSA_WANT_ALG_CBC_MAC',
+ # Algorithm declared but not supported.
+ 'Config: PSA_WANT_ALG_XTS',
+ # Family declared but not supported.
+ 'Config: PSA_WANT_ECC_SECP_K1_224',
+ # More granularity of key pair type enablement macros
+ # than we care to test.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9590
+ 'Config: PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE',
+ 'Config: PSA_WANT_KEY_TYPE_ECC_KEY_PAIR',
+ 'Config: PSA_WANT_KEY_TYPE_RSA_KEY_PAIR',
+ 'Config: PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE',
+ ],
+ 'test_suite_config.psa_combinations': [
+ # We don't test this unusual, but sensible configuration.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9592
+ 'Config: PSA_WANT_ALG_DETERMINSTIC_ECDSA without PSA_WANT_ALG_ECDSA',
+ ],
+ 'test_suite_pkcs12': [
+ # We never test with CBC/PKCS5/PKCS12 enabled but
+ # PKCS7 padding disabled.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9580
+ 'PBE Decrypt, (Invalid padding & PKCS7 padding disabled)',
+ 'PBE Encrypt, pad = 8 (PKCS7 padding disabled)',
+ ],
+ 'test_suite_pkcs5': [
+ # We never test with CBC/PKCS5/PKCS12 enabled but
+ # PKCS7 padding disabled.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9580
+ 'PBES2 Decrypt (Invalid padding & PKCS7 padding disabled)',
+ 'PBES2 Encrypt, pad=6 (PKCS7 padding disabled)',
+ 'PBES2 Encrypt, pad=8 (PKCS7 padding disabled)',
+ ],
+ 'test_suite_psa_crypto_generate_key.generated': [
+ # Ignore mechanisms that are not implemented, except
+ # for public keys for which we always test that
+ # psa_generate_key() returns PSA_ERROR_INVALID_ARGUMENT
+ # regardless of whether the specific key type is supported.
+ _has_word_re((mech
+ for mech in _PSA_MECHANISMS_NOT_IMPLEMENTED
+ if not mech.startswith('ECC_PUB')),
+ exclude=r'ECC_PUB'),
+ ],
+ 'test_suite_psa_crypto_metadata': [
+ # Algorithms declared but not supported.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9579
+ 'Asymmetric signature: Ed25519ph',
+ 'Asymmetric signature: Ed448ph',
+ 'Asymmetric signature: pure EdDSA',
+ 'Cipher: XTS',
+ 'MAC: CBC_MAC-3DES',
+ 'MAC: CBC_MAC-AES-128',
+ 'MAC: CBC_MAC-AES-192',
+ 'MAC: CBC_MAC-AES-256',
+ ],
+ 'test_suite_psa_crypto_not_supported.generated': [
+ # It is a bug that not-supported test cases aren't getting
+ # run for never-implemented key types.
+ # https://github.com/Mbed-TLS/mbedtls/issues/7915
+ PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE,
+ # We never test with DH key support disabled but support
+ # for a DH group enabled. The dependencies of these test
+ # cases don't really make sense.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9574
+ re.compile(r'PSA \w+ DH_.*type not supported'),
+ # We only test partial support for DH with the 2048-bit group
+ # enabled and the other groups disabled.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9575
+ 'PSA generate DH_KEY_PAIR(RFC7919) 2048-bit group not supported',
+ 'PSA import DH_KEY_PAIR(RFC7919) 2048-bit group not supported',
+ 'PSA import DH_PUBLIC_KEY(RFC7919) 2048-bit group not supported',
+ ],
+ 'test_suite_psa_crypto_op_fail.generated': [
+ # Ignore mechanisms that are not implemented, except
+ # for test cases that assume the mechanism is not supported.
+ _has_word_re(_PSA_MECHANISMS_NOT_IMPLEMENTED,
+ exclude=(r'.*: !(?:' +
+ r'|'.join(_PSA_MECHANISMS_NOT_IMPLEMENTED) +
+ r')\b')),
+ # Incorrect dependency generation. To be fixed as part of the
+ # resolution of https://github.com/Mbed-TLS/mbedtls/issues/9167
+ # by forward-porting the commit
+ # "PSA test case generation: dependency inference class: operation fail"
+ # from https://github.com/Mbed-TLS/mbedtls/pull/9025 .
+ re.compile(r'.* with (?:DH|ECC)_(?:KEY_PAIR|PUBLIC_KEY)\(.*'),
+ # PBKDF2_HMAC is not in the default configuration, so we don't
+ # enable it in depends.py where we remove hashes.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9576
+ re.compile(r'PSA key_derivation PBKDF2_HMAC\(\w+\): !(?!PBKDF2_HMAC\Z).*'),
- if not hit and suite_case not in allow_list:
- if full_coverage:
- results.error('Test case not executed: {}', suite_case)
- else:
- results.warning('Test case not executed: {}', suite_case)
- elif hit and suite_case in allow_list:
- # Test Case should be removed from the allow list.
- if full_coverage:
- results.error('Allow listed test case was executed: {}', suite_case)
- else:
- results.warning('Allow listed test case was executed: {}', suite_case)
+ # We never test with the HMAC algorithm enabled but the HMAC
+ # key type disabled. Those dependencies don't really make sense.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9573
+ re.compile(r'.* !HMAC with HMAC'),
+ # There's something wrong with PSA_WANT_ALG_RSA_PSS_ANY_SALT
+ # differing from PSA_WANT_ALG_RSA_PSS.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9578
+ re.compile(r'PSA sign RSA_PSS_ANY_SALT.*!(?:MD|RIPEMD|SHA).*'),
+ ],
+ 'test_suite_psa_crypto_storage_format.current': [
+ PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE,
+ ],
+ 'test_suite_psa_crypto_storage_format.v0': [
+ PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE,
+ ],
+ 'tls13-misc': [
+ # Disabled due to OpenSSL bug.
+ # https://github.com/openssl/openssl/issues/10714
+ 'TLS 1.3 O->m: resumption',
+ # Disabled due to OpenSSL command line limitation.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9582
+ 'TLS 1.3 m->O: resumption with early data',
+ ],
+ }
-def name_matches_pattern(name: str, str_or_re) -> bool:
- """Check if name matches a pattern, that may be a string or regex.
- - If the pattern is a string, name must be equal to match.
- - If the pattern is a regex, name must fully match.
- """
- # The CI's python is too old for re.Pattern
- #if isinstance(str_or_re, re.Pattern):
- if not isinstance(str_or_re, str):
- return str_or_re.fullmatch(name) is not None
- else:
- return str_or_re == name
-def analyze_driver_vs_reference(results: Results, outcomes: Outcomes,
- component_ref: str, component_driver: str,
- ignored_suites: typing.List[str], ignored_tests=None) -> None:
- """Check that all tests passing in the driver component are also
- passing in the corresponding reference component.
- Skip:
- - full test suites provided in ignored_suites list
- - only some specific test inside a test suite, for which the corresponding
- output string is provided
- """
- ref_outcomes = outcomes.get("component_" + component_ref)
- driver_outcomes = outcomes.get("component_" + component_driver)
+# The names that we give to classes derived from DriverVSReference do not
+# follow the usual naming convention, because it's more readable to use
+# underscores and parts of the configuration names. Also, these classes
+# are just there to specify some data, so they don't need repetitive
+# documentation.
+#pylint: disable=invalid-name,missing-class-docstring
- if ref_outcomes is None or driver_outcomes is None:
- results.error("required components are missing: bad outcome file?")
- return
+class DriverVSReference_hash(outcome_analysis.DriverVSReference):
+ REFERENCE = 'test_psa_crypto_config_reference_hash_use_psa'
+ DRIVER = 'test_psa_crypto_config_accel_hash_use_psa'
+ IGNORED_SUITES = [
+ 'shax', 'mdx', # the software implementations that are being excluded
+ 'md.psa', # purposefully depends on whether drivers are present
+ 'psa_crypto_low_hash.generated', # testing the builtins
+ ]
+ IGNORED_TESTS = {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(MD5|RIPEMD160|SHA[0-9]+)_.*'),
+ ],
+ 'test_suite_platform': [
+ # Incompatible with sanitizers (e.g. ASan). If the driver
+ # component uses a sanitizer but the reference component
+ # doesn't, we have a PASS vs SKIP mismatch.
+ 'Check mbedtls_calloc overallocation',
+ ],
+ }
- if not ref_outcomes.successes:
- results.error("no passing test in reference component: bad outcome file?")
- return
+class DriverVSReference_hmac(outcome_analysis.DriverVSReference):
+ REFERENCE = 'test_psa_crypto_config_reference_hmac'
+ DRIVER = 'test_psa_crypto_config_accel_hmac'
+ IGNORED_SUITES = [
+ # These suites require legacy hash support, which is disabled
+ # in the accelerated component.
+ 'shax', 'mdx',
+ # This suite tests builtins directly, but these are missing
+ # in the accelerated case.
+ 'psa_crypto_low_hash.generated',
+ ]
+ IGNORED_TESTS = {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(MD5|RIPEMD160|SHA[0-9]+)_.*'),
+ re.compile(r'.*\bMBEDTLS_MD_C\b')
+ ],
+ 'test_suite_md': [
+ # Builtin HMAC is not supported in the accelerate component.
+ re.compile('.*HMAC.*'),
+ # Following tests make use of functions which are not available
+ # when MD_C is disabled, as it happens in the accelerated
+ # test component.
+ re.compile('generic .* Hash file .*'),
+ 'MD list',
+ ],
+ 'test_suite_md.psa': [
+ # "legacy only" tests require hash algorithms to be NOT
+ # accelerated, but this of course false for the accelerated
+ # test component.
+ re.compile('PSA dispatch .* legacy only'),
+ ],
+ 'test_suite_platform': [
+ # Incompatible with sanitizers (e.g. ASan). If the driver
+ # component uses a sanitizer but the reference component
+ # doesn't, we have a PASS vs SKIP mismatch.
+ 'Check mbedtls_calloc overallocation',
+ ],
+ }
- for suite_case in ref_outcomes.successes:
- # suite_case is like "test_suite_foo.bar;Description of test case"
- (full_test_suite, test_string) = suite_case.split(';')
- test_suite = full_test_suite.split('.')[0] # retrieve main part of test suite name
+class DriverVSReference_cipher_aead_cmac(outcome_analysis.DriverVSReference):
+ REFERENCE = 'test_psa_crypto_config_reference_cipher_aead_cmac'
+ DRIVER = 'test_psa_crypto_config_accel_cipher_aead_cmac'
+ # Modules replaced by drivers.
+ IGNORED_SUITES = [
+ # low-level (block/stream) cipher modules
+ 'aes', 'aria', 'camellia', 'des', 'chacha20',
+ # AEAD modes and CMAC
+ 'ccm', 'chachapoly', 'cmac', 'gcm',
+ # The Cipher abstraction layer
+ 'cipher',
+ ]
+ IGNORED_TESTS = {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA|CHACHA20|DES)_.*'),
+ re.compile(r'.*\bMBEDTLS_(CCM|CHACHAPOLY|CMAC|GCM)_.*'),
+ re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'),
+ re.compile(r'.*\bMBEDTLS_CIPHER_.*'),
+ ],
+ # PEM decryption is not supported so far.
+ # The rest of PEM (write, unencrypted read) works though.
+ 'test_suite_pem': [
+ re.compile(r'PEM read .*(AES|DES|\bencrypt).*'),
+ ],
+ 'test_suite_platform': [
+ # Incompatible with sanitizers (e.g. ASan). If the driver
+ # component uses a sanitizer but the reference component
+ # doesn't, we have a PASS vs SKIP mismatch.
+ 'Check mbedtls_calloc overallocation',
+ ],
+ # Following tests depend on AES_C/DES_C but are not about
+ # them really, just need to know some error code is there.
+ 'test_suite_error': [
+ 'Low and high error',
+ 'Single low error'
+ ],
+ # Similar to test_suite_error above.
+ 'test_suite_version': [
+ 'Check for MBEDTLS_AES_C when already present',
+ ],
+ # The en/decryption part of PKCS#12 is not supported so far.
+ # The rest of PKCS#12 (key derivation) works though.
+ 'test_suite_pkcs12': [
+ re.compile(r'PBE Encrypt, .*'),
+ re.compile(r'PBE Decrypt, .*'),
+ ],
+ # The en/decryption part of PKCS#5 is not supported so far.
+ # The rest of PKCS#5 (PBKDF2) works though.
+ 'test_suite_pkcs5': [
+ re.compile(r'PBES2 Encrypt, .*'),
+ re.compile(r'PBES2 Decrypt .*'),
+ ],
+ # Encrypted keys are not supported so far.
+ # pylint: disable=line-too-long
+ 'test_suite_pkparse': [
+ 'Key ASN1 (Encrypted key PKCS12, trailing garbage data)',
+ 'Key ASN1 (Encrypted key PKCS5, trailing garbage data)',
+ re.compile(r'Parse (RSA|EC) Key .*\(.* ([Ee]ncrypted|password).*\)'),
+ ],
+ # Encrypted keys are not supported so far.
+ 'ssl-opt': [
+ 'TLS: password protected server key',
+ 'TLS: password protected client key',
+ 'TLS: password protected server key, two certificates',
+ ],
+ }
- # Immediately skip fully-ignored test suites
- if test_suite in ignored_suites or full_test_suite in ignored_suites:
- continue
+class DriverVSReference_ecp_light_only(outcome_analysis.DriverVSReference):
+ REFERENCE = 'test_psa_crypto_config_reference_ecc_ecp_light_only'
+ DRIVER = 'test_psa_crypto_config_accel_ecc_ecp_light_only'
+ IGNORED_SUITES = [
+ # Modules replaced by drivers
+ 'ecdsa', 'ecdh', 'ecjpake',
+ ]
+ IGNORED_TESTS = {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
+ ],
+ 'test_suite_platform': [
+ # Incompatible with sanitizers (e.g. ASan). If the driver
+ # component uses a sanitizer but the reference component
+ # doesn't, we have a PASS vs SKIP mismatch.
+ 'Check mbedtls_calloc overallocation',
+ ],
+ # This test wants a legacy function that takes f_rng, p_rng
+ # arguments, and uses legacy ECDSA for that. The test is
+ # really about the wrapper around the PSA RNG, not ECDSA.
+ 'test_suite_random': [
+ 'PSA classic wrapper: ECDSA signature (SECP256R1)',
+ ],
+ # In the accelerated test ECP_C is not set (only ECP_LIGHT is)
+ # so we must ignore disparities in the tests for which ECP_C
+ # is required.
+ 'test_suite_ecp': [
+ re.compile(r'ECP check public-private .*'),
+ re.compile(r'ECP calculate public: .*'),
+ re.compile(r'ECP gen keypair .*'),
+ re.compile(r'ECP point muladd .*'),
+ re.compile(r'ECP point multiplication .*'),
+ re.compile(r'ECP test vectors .*'),
+ ],
+ 'test_suite_ssl': [
+ # This deprecated function is only present when ECP_C is On.
+ 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
+ ],
+ }
- # For ignored test cases inside test suites, just remember and:
- # don't issue an error if they're skipped with drivers,
- # but issue an error if they're not (means we have a bad entry).
- ignored = False
- for str_or_re in (ignored_tests.get(full_test_suite, []) +
- ignored_tests.get(test_suite, [])):
- if name_matches_pattern(test_string, str_or_re):
- ignored = True
+class DriverVSReference_no_ecp_at_all(outcome_analysis.DriverVSReference):
+ REFERENCE = 'test_psa_crypto_config_reference_ecc_no_ecp_at_all'
+ DRIVER = 'test_psa_crypto_config_accel_ecc_no_ecp_at_all'
+ IGNORED_SUITES = [
+ # Modules replaced by drivers
+ 'ecp', 'ecdsa', 'ecdh', 'ecjpake',
+ ]
+ IGNORED_TESTS = {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
+ re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'),
+ ],
+ 'test_suite_platform': [
+ # Incompatible with sanitizers (e.g. ASan). If the driver
+ # component uses a sanitizer but the reference component
+ # doesn't, we have a PASS vs SKIP mismatch.
+ 'Check mbedtls_calloc overallocation',
+ ],
+ # See ecp_light_only
+ 'test_suite_random': [
+ 'PSA classic wrapper: ECDSA signature (SECP256R1)',
+ ],
+ 'test_suite_pkparse': [
+ # When PK_PARSE_C and ECP_C are defined then PK_PARSE_EC_COMPRESSED
+ # is automatically enabled in build_info.h (backward compatibility)
+ # even if it is disabled in config_psa_crypto_no_ecp_at_all(). As a
+ # consequence compressed points are supported in the reference
+ # component but not in the accelerated one, so they should be skipped
+ # while checking driver's coverage.
+ re.compile(r'Parse EC Key .*compressed\)'),
+ re.compile(r'Parse Public EC Key .*compressed\)'),
+ ],
+ # See ecp_light_only
+ 'test_suite_ssl': [
+ 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
+ ],
+ }
- if not ignored and not suite_case in driver_outcomes.successes:
- results.error("SKIP/FAIL -> PASS: {}", suite_case)
- if ignored and suite_case in driver_outcomes.successes:
- results.error("uselessly ignored: {}", suite_case)
+class DriverVSReference_ecc_no_bignum(outcome_analysis.DriverVSReference):
+ REFERENCE = 'test_psa_crypto_config_reference_ecc_no_bignum'
+ DRIVER = 'test_psa_crypto_config_accel_ecc_no_bignum'
+ IGNORED_SUITES = [
+ # Modules replaced by drivers
+ 'ecp', 'ecdsa', 'ecdh', 'ecjpake',
+ 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
+ 'bignum.generated', 'bignum.misc',
+ ]
+ IGNORED_TESTS = {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'),
+ re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
+ re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'),
+ ],
+ 'test_suite_platform': [
+ # Incompatible with sanitizers (e.g. ASan). If the driver
+ # component uses a sanitizer but the reference component
+ # doesn't, we have a PASS vs SKIP mismatch.
+ 'Check mbedtls_calloc overallocation',
+ ],
+ # See ecp_light_only
+ 'test_suite_random': [
+ 'PSA classic wrapper: ECDSA signature (SECP256R1)',
+ ],
+ # See no_ecp_at_all
+ 'test_suite_pkparse': [
+ re.compile(r'Parse EC Key .*compressed\)'),
+ re.compile(r'Parse Public EC Key .*compressed\)'),
+ ],
+ 'test_suite_asn1parse': [
+ 'INTEGER too large for mpi',
+ ],
+ 'test_suite_asn1write': [
+ re.compile(r'ASN.1 Write mpi.*'),
+ ],
+ 'test_suite_debug': [
+ re.compile(r'Debug print mbedtls_mpi.*'),
+ ],
+ # See ecp_light_only
+ 'test_suite_ssl': [
+ 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
+ ],
+ }
-def analyze_outcomes(results: Results, outcomes: Outcomes, args) -> None:
- """Run all analyses on the given outcome collection."""
- analyze_coverage(results, outcomes, args['allow_list'],
- args['full_coverage'])
+class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference):
+ REFERENCE = 'test_psa_crypto_config_reference_ecc_ffdh_no_bignum'
+ DRIVER = 'test_psa_crypto_config_accel_ecc_ffdh_no_bignum'
+ IGNORED_SUITES = [
+ # Modules replaced by drivers
+ 'ecp', 'ecdsa', 'ecdh', 'ecjpake', 'dhm',
+ 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
+ 'bignum.generated', 'bignum.misc',
+ ]
+ IGNORED_TESTS = {
+ 'ssl-opt': [
+ # DHE support in TLS 1.2 requires built-in MBEDTLS_DHM_C
+ # (because it needs custom groups, which PSA does not
+ # provide), even with MBEDTLS_USE_PSA_CRYPTO.
+ re.compile(r'PSK callback:.*\bdhe-psk\b.*'),
+ ],
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'),
+ re.compile(r'.*\bMBEDTLS_DHM_C\b.*'),
+ re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
+ re.compile(r'.*\bMBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED\b.*'),
+ re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'),
+ ],
+ 'test_suite_platform': [
+ # Incompatible with sanitizers (e.g. ASan). If the driver
+ # component uses a sanitizer but the reference component
+ # doesn't, we have a PASS vs SKIP mismatch.
+ 'Check mbedtls_calloc overallocation',
+ ],
+ # See ecp_light_only
+ 'test_suite_random': [
+ 'PSA classic wrapper: ECDSA signature (SECP256R1)',
+ ],
+ # See no_ecp_at_all
+ 'test_suite_pkparse': [
+ re.compile(r'Parse EC Key .*compressed\)'),
+ re.compile(r'Parse Public EC Key .*compressed\)'),
+ ],
+ 'test_suite_asn1parse': [
+ 'INTEGER too large for mpi',
+ ],
+ 'test_suite_asn1write': [
+ re.compile(r'ASN.1 Write mpi.*'),
+ ],
+ 'test_suite_debug': [
+ re.compile(r'Debug print mbedtls_mpi.*'),
+ ],
+ # See ecp_light_only
+ 'test_suite_ssl': [
+ 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
+ ],
+ }
-def read_outcome_file(outcome_file: str) -> Outcomes:
- """Parse an outcome file and return an outcome collection.
- """
- outcomes = {}
- with open(outcome_file, 'r', encoding='utf-8') as input_file:
- for line in input_file:
- (_platform, component, suite, case, result, _cause) = line.split(';')
- # Note that `component` is not unique. If a test case passes on Linux
- # and fails on FreeBSD, it'll end up in both the successes set and
- # the failures set.
- suite_case = ';'.join([suite, case])
- if component not in outcomes:
- outcomes[component] = ComponentOutcomes(set(), set())
- if result == 'PASS':
- outcomes[component].successes.add(suite_case)
- elif result == 'FAIL':
- outcomes[component].failures.add(suite_case)
+class DriverVSReference_ffdh_alg(outcome_analysis.DriverVSReference):
+ REFERENCE = 'test_psa_crypto_config_reference_ffdh'
+ DRIVER = 'test_psa_crypto_config_accel_ffdh'
+ IGNORED_SUITES = ['dhm']
+ IGNORED_TESTS = {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_DHM_C\b.*'),
+ ],
+ 'test_suite_platform': [
+ # Incompatible with sanitizers (e.g. ASan). If the driver
+ # component uses a sanitizer but the reference component
+ # doesn't, we have a PASS vs SKIP mismatch.
+ 'Check mbedtls_calloc overallocation',
+ ],
+ }
- return outcomes
+class DriverVSReference_tfm_config(outcome_analysis.DriverVSReference):
+ REFERENCE = 'test_tfm_config_no_p256m'
+ DRIVER = 'test_tfm_config_p256m_driver_accel_ec'
+ IGNORED_SUITES = [
+ # Modules replaced by drivers
+ 'asn1parse', 'asn1write',
+ 'ecp', 'ecdsa', 'ecdh', 'ecjpake',
+ 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
+ 'bignum.generated', 'bignum.misc',
+ ]
+ IGNORED_TESTS = {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'),
+ re.compile(r'.*\bMBEDTLS_(ASN1\w+)_C\b.*'),
+ re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECP)_.*'),
+ re.compile(r'.*\bMBEDTLS_PSA_P256M_DRIVER_ENABLED\b.*')
+ ],
+ 'test_suite_config.crypto_combinations': [
+ 'Config: ECC: Weierstrass curves only',
+ ],
+ 'test_suite_platform': [
+ # Incompatible with sanitizers (e.g. ASan). If the driver
+ # component uses a sanitizer but the reference component
+ # doesn't, we have a PASS vs SKIP mismatch.
+ 'Check mbedtls_calloc overallocation',
+ ],
+ # See ecp_light_only
+ 'test_suite_random': [
+ 'PSA classic wrapper: ECDSA signature (SECP256R1)',
+ ],
+ }
-def do_analyze_coverage(results: Results, outcomes: Outcomes, args) -> None:
- """Perform coverage analysis."""
- results.new_section("Analyze coverage")
- analyze_outcomes(results, outcomes, args)
+class DriverVSReference_rsa(outcome_analysis.DriverVSReference):
+ REFERENCE = 'test_psa_crypto_config_reference_rsa_crypto'
+ DRIVER = 'test_psa_crypto_config_accel_rsa_crypto'
+ IGNORED_SUITES = [
+ # Modules replaced by drivers.
+ 'rsa', 'pkcs1_v15', 'pkcs1_v21',
+ # We temporarily don't care about PK stuff.
+ 'pk', 'pkwrite', 'pkparse'
+ ]
+ IGNORED_TESTS = {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(PKCS1|RSA)_.*'),
+ re.compile(r'.*\bMBEDTLS_GENPRIME\b.*')
+ ],
+ 'test_suite_platform': [
+ # Incompatible with sanitizers (e.g. ASan). If the driver
+ # component uses a sanitizer but the reference component
+ # doesn't, we have a PASS vs SKIP mismatch.
+ 'Check mbedtls_calloc overallocation',
+ ],
+ # Following tests depend on RSA_C but are not about
+ # them really, just need to know some error code is there.
+ 'test_suite_error': [
+ 'Low and high error',
+ 'Single high error'
+ ],
+ # Constant time operations only used for PKCS1_V15
+ 'test_suite_constant_time': [
+ re.compile(r'mbedtls_ct_zeroize_if .*'),
+ re.compile(r'mbedtls_ct_memmove_left .*')
+ ],
+ 'test_suite_psa_crypto': [
+ # We don't support generate_key_custom entry points
+ # in drivers yet.
+ re.compile(r'PSA generate key custom: RSA, e=.*'),
+ re.compile(r'PSA generate key ext: RSA, e=.*'),
+ ],
+ }
-def do_analyze_driver_vs_reference(results: Results, outcomes: Outcomes, args) -> None:
- """Perform driver vs reference analyze."""
- results.new_section("Analyze driver {} vs reference {}",
- args['component_driver'], args['component_ref'])
+class DriverVSReference_block_cipher_dispatch(outcome_analysis.DriverVSReference):
+ REFERENCE = 'test_full_block_cipher_legacy_dispatch'
+ DRIVER = 'test_full_block_cipher_psa_dispatch'
+ IGNORED_SUITES = [
+ # Skipped in the accelerated component
+ 'aes', 'aria', 'camellia',
+ # These require AES_C, ARIA_C or CAMELLIA_C to be enabled in
+ # order for the cipher module (actually cipher_wrapper) to work
+ # properly. However these symbols are disabled in the accelerated
+ # component so we ignore them.
+ 'cipher.ccm', 'cipher.gcm', 'cipher.aes', 'cipher.aria',
+ 'cipher.camellia',
+ ]
+ IGNORED_TESTS = {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA)_.*'),
+ re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'),
+ ],
+ 'test_suite_cmac': [
+ # Following tests require AES_C/ARIA_C/CAMELLIA_C to be enabled,
+ # but these are not available in the accelerated component.
+ 'CMAC null arguments',
+ re.compile('CMAC.* (AES|ARIA|Camellia).*'),
+ ],
+ 'test_suite_cipher.padding': [
+ # Following tests require AES_C/CAMELLIA_C to be enabled,
+ # but these are not available in the accelerated component.
+ re.compile('Set( non-existent)? padding with (AES|CAMELLIA).*'),
+ ],
+ 'test_suite_pkcs5': [
+ # The AES part of PKCS#5 PBES2 is not yet supported.
+ # The rest of PKCS#5 (PBKDF2) works, though.
+ re.compile(r'PBES2 .* AES-.*')
+ ],
+ 'test_suite_pkparse': [
+ # PEM (called by pkparse) requires AES_C in order to decrypt
+ # the key, but this is not available in the accelerated
+ # component.
+ re.compile('Parse RSA Key.*(password|AES-).*'),
+ ],
+ 'test_suite_pem': [
+ # Following tests require AES_C, but this is diabled in the
+ # accelerated component.
+ re.compile('PEM read .*AES.*'),
+ 'PEM read (unknown encryption algorithm)',
+ ],
+ 'test_suite_error': [
+ # Following tests depend on AES_C but are not about them
+ # really, just need to know some error code is there.
+ 'Single low error',
+ 'Low and high error',
+ ],
+ 'test_suite_version': [
+ # Similar to test_suite_error above.
+ 'Check for MBEDTLS_AES_C when already present',
+ ],
+ 'test_suite_platform': [
+ # Incompatible with sanitizers (e.g. ASan). If the driver
+ # component uses a sanitizer but the reference component
+ # doesn't, we have a PASS vs SKIP mismatch.
+ 'Check mbedtls_calloc overallocation',
+ ],
+ }
- ignored_suites = ['test_suite_' + x for x in args['ignored_suites']]
+#pylint: enable=invalid-name,missing-class-docstring
- analyze_driver_vs_reference(results, outcomes,
- args['component_ref'], args['component_driver'],
- ignored_suites, args['ignored_tests'])
# List of tasks with a function that can handle this task and additional arguments if required
KNOWN_TASKS = {
- 'analyze_coverage': {
- 'test_function': do_analyze_coverage,
- 'args': {
- 'allow_list': [
- # Algorithm not supported yet
- 'test_suite_psa_crypto_metadata;Asymmetric signature: pure EdDSA',
- # Algorithm not supported yet
- 'test_suite_psa_crypto_metadata;Cipher: XTS',
- ],
- 'full_coverage': False,
- }
- },
- # There are 2 options to use analyze_driver_vs_reference_xxx locally:
- # 1. Run tests and then analysis:
- # - tests/scripts/all.sh --outcome-file "$PWD/out.csv" <component_ref> <component_driver>
- # - tests/scripts/analyze_outcomes.py out.csv analyze_driver_vs_reference_xxx
- # 2. Let this script run both automatically:
- # - tests/scripts/analyze_outcomes.py out.csv analyze_driver_vs_reference_xxx
- 'analyze_driver_vs_reference_hash': {
- 'test_function': do_analyze_driver_vs_reference,
- 'args': {
- 'component_ref': 'test_psa_crypto_config_reference_hash_use_psa',
- 'component_driver': 'test_psa_crypto_config_accel_hash_use_psa',
- 'ignored_suites': [
- 'shax', 'mdx', # the software implementations that are being excluded
- 'md.psa', # purposefully depends on whether drivers are present
- 'psa_crypto_low_hash.generated', # testing the builtins
- ],
- 'ignored_tests': {
- 'test_suite_config': [
- re.compile(r'.*\bMBEDTLS_(MD5|RIPEMD160|SHA[0-9]+)_.*'),
- ],
- 'test_suite_platform': [
- # Incompatible with sanitizers (e.g. ASan). If the driver
- # component uses a sanitizer but the reference component
- # doesn't, we have a PASS vs SKIP mismatch.
- 'Check mbedtls_calloc overallocation',
- ],
- }
- }
- },
- 'analyze_driver_vs_reference_hmac': {
- 'test_function': do_analyze_driver_vs_reference,
- 'args': {
- 'component_ref': 'test_psa_crypto_config_reference_hmac',
- 'component_driver': 'test_psa_crypto_config_accel_hmac',
- 'ignored_suites': [
- # These suites require legacy hash support, which is disabled
- # in the accelerated component.
- 'shax', 'mdx',
- # This suite tests builtins directly, but these are missing
- # in the accelerated case.
- 'psa_crypto_low_hash.generated',
- ],
- 'ignored_tests': {
- 'test_suite_config': [
- re.compile(r'.*\bMBEDTLS_(MD5|RIPEMD160|SHA[0-9]+)_.*'),
- re.compile(r'.*\bMBEDTLS_MD_C\b')
- ],
- 'test_suite_md': [
- # Builtin HMAC is not supported in the accelerate component.
- re.compile('.*HMAC.*'),
- # Following tests make use of functions which are not available
- # when MD_C is disabled, as it happens in the accelerated
- # test component.
- re.compile('generic .* Hash file .*'),
- 'MD list',
- ],
- 'test_suite_md.psa': [
- # "legacy only" tests require hash algorithms to be NOT
- # accelerated, but this of course false for the accelerated
- # test component.
- re.compile('PSA dispatch .* legacy only'),
- ],
- 'test_suite_platform': [
- # Incompatible with sanitizers (e.g. ASan). If the driver
- # component uses a sanitizer but the reference component
- # doesn't, we have a PASS vs SKIP mismatch.
- 'Check mbedtls_calloc overallocation',
- ],
- }
- }
- },
- 'analyze_driver_vs_reference_cipher_aead_cmac': {
- 'test_function': do_analyze_driver_vs_reference,
- 'args': {
- 'component_ref': 'test_psa_crypto_config_reference_cipher_aead_cmac',
- 'component_driver': 'test_psa_crypto_config_accel_cipher_aead_cmac',
- # Modules replaced by drivers.
- 'ignored_suites': [
- # low-level (block/stream) cipher modules
- 'aes', 'aria', 'camellia', 'des', 'chacha20',
- # AEAD modes and CMAC
- 'ccm', 'chachapoly', 'cmac', 'gcm',
- # The Cipher abstraction layer
- 'cipher',
- ],
- 'ignored_tests': {
- 'test_suite_config': [
- re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA|CHACHA20|DES)_.*'),
- re.compile(r'.*\bMBEDTLS_(CCM|CHACHAPOLY|CMAC|GCM)_.*'),
- re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'),
- re.compile(r'.*\bMBEDTLS_CIPHER_.*'),
- ],
- # PEM decryption is not supported so far.
- # The rest of PEM (write, unencrypted read) works though.
- 'test_suite_pem': [
- re.compile(r'PEM read .*(AES|DES|\bencrypt).*'),
- ],
- 'test_suite_platform': [
- # Incompatible with sanitizers (e.g. ASan). If the driver
- # component uses a sanitizer but the reference component
- # doesn't, we have a PASS vs SKIP mismatch.
- 'Check mbedtls_calloc overallocation',
- ],
- # Following tests depend on AES_C/DES_C but are not about
- # them really, just need to know some error code is there.
- 'test_suite_error': [
- 'Low and high error',
- 'Single low error'
- ],
- # Similar to test_suite_error above.
- 'test_suite_version': [
- 'Check for MBEDTLS_AES_C when already present',
- ],
- # The en/decryption part of PKCS#12 is not supported so far.
- # The rest of PKCS#12 (key derivation) works though.
- 'test_suite_pkcs12': [
- re.compile(r'PBE Encrypt, .*'),
- re.compile(r'PBE Decrypt, .*'),
- ],
- # The en/decryption part of PKCS#5 is not supported so far.
- # The rest of PKCS#5 (PBKDF2) works though.
- 'test_suite_pkcs5': [
- re.compile(r'PBES2 Encrypt, .*'),
- re.compile(r'PBES2 Decrypt .*'),
- ],
- # Encrypted keys are not supported so far.
- # pylint: disable=line-too-long
- 'test_suite_pkparse': [
- 'Key ASN1 (Encrypted key PKCS12, trailing garbage data)',
- 'Key ASN1 (Encrypted key PKCS5, trailing garbage data)',
- re.compile(r'Parse (RSA|EC) Key .*\(.* ([Ee]ncrypted|password).*\)'),
- ],
- # Encrypted keys are not supported so far.
- 'ssl-opt': [
- 'TLS: password protected server key',
- 'TLS: password protected client key',
- 'TLS: password protected server key, two certificates',
- ],
- }
- }
- },
- 'analyze_driver_vs_reference_ecp_light_only': {
- 'test_function': do_analyze_driver_vs_reference,
- 'args': {
- 'component_ref': 'test_psa_crypto_config_reference_ecc_ecp_light_only',
- 'component_driver': 'test_psa_crypto_config_accel_ecc_ecp_light_only',
- 'ignored_suites': [
- # Modules replaced by drivers
- 'ecdsa', 'ecdh', 'ecjpake',
- ],
- 'ignored_tests': {
- 'test_suite_config': [
- re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
- ],
- 'test_suite_platform': [
- # Incompatible with sanitizers (e.g. ASan). If the driver
- # component uses a sanitizer but the reference component
- # doesn't, we have a PASS vs SKIP mismatch.
- 'Check mbedtls_calloc overallocation',
- ],
- # This test wants a legacy function that takes f_rng, p_rng
- # arguments, and uses legacy ECDSA for that. The test is
- # really about the wrapper around the PSA RNG, not ECDSA.
- 'test_suite_random': [
- 'PSA classic wrapper: ECDSA signature (SECP256R1)',
- ],
- # In the accelerated test ECP_C is not set (only ECP_LIGHT is)
- # so we must ignore disparities in the tests for which ECP_C
- # is required.
- 'test_suite_ecp': [
- re.compile(r'ECP check public-private .*'),
- re.compile(r'ECP calculate public: .*'),
- re.compile(r'ECP gen keypair .*'),
- re.compile(r'ECP point muladd .*'),
- re.compile(r'ECP point multiplication .*'),
- re.compile(r'ECP test vectors .*'),
- ],
- 'test_suite_ssl': [
- # This deprecated function is only present when ECP_C is On.
- 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
- ],
- }
- }
- },
- 'analyze_driver_vs_reference_no_ecp_at_all': {
- 'test_function': do_analyze_driver_vs_reference,
- 'args': {
- 'component_ref': 'test_psa_crypto_config_reference_ecc_no_ecp_at_all',
- 'component_driver': 'test_psa_crypto_config_accel_ecc_no_ecp_at_all',
- 'ignored_suites': [
- # Modules replaced by drivers
- 'ecp', 'ecdsa', 'ecdh', 'ecjpake',
- ],
- 'ignored_tests': {
- 'test_suite_config': [
- re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
- re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'),
- ],
- 'test_suite_platform': [
- # Incompatible with sanitizers (e.g. ASan). If the driver
- # component uses a sanitizer but the reference component
- # doesn't, we have a PASS vs SKIP mismatch.
- 'Check mbedtls_calloc overallocation',
- ],
- # See ecp_light_only
- 'test_suite_random': [
- 'PSA classic wrapper: ECDSA signature (SECP256R1)',
- ],
- 'test_suite_pkparse': [
- # When PK_PARSE_C and ECP_C are defined then PK_PARSE_EC_COMPRESSED
- # is automatically enabled in build_info.h (backward compatibility)
- # even if it is disabled in config_psa_crypto_no_ecp_at_all(). As a
- # consequence compressed points are supported in the reference
- # component but not in the accelerated one, so they should be skipped
- # while checking driver's coverage.
- re.compile(r'Parse EC Key .*compressed\)'),
- re.compile(r'Parse Public EC Key .*compressed\)'),
- ],
- # See ecp_light_only
- 'test_suite_ssl': [
- 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
- ],
- }
- }
- },
- 'analyze_driver_vs_reference_ecc_no_bignum': {
- 'test_function': do_analyze_driver_vs_reference,
- 'args': {
- 'component_ref': 'test_psa_crypto_config_reference_ecc_no_bignum',
- 'component_driver': 'test_psa_crypto_config_accel_ecc_no_bignum',
- 'ignored_suites': [
- # Modules replaced by drivers
- 'ecp', 'ecdsa', 'ecdh', 'ecjpake',
- 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
- 'bignum.generated', 'bignum.misc',
- ],
- 'ignored_tests': {
- 'test_suite_config': [
- re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'),
- re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
- re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'),
- ],
- 'test_suite_platform': [
- # Incompatible with sanitizers (e.g. ASan). If the driver
- # component uses a sanitizer but the reference component
- # doesn't, we have a PASS vs SKIP mismatch.
- 'Check mbedtls_calloc overallocation',
- ],
- # See ecp_light_only
- 'test_suite_random': [
- 'PSA classic wrapper: ECDSA signature (SECP256R1)',
- ],
- # See no_ecp_at_all
- 'test_suite_pkparse': [
- re.compile(r'Parse EC Key .*compressed\)'),
- re.compile(r'Parse Public EC Key .*compressed\)'),
- ],
- 'test_suite_asn1parse': [
- 'INTEGER too large for mpi',
- ],
- 'test_suite_asn1write': [
- re.compile(r'ASN.1 Write mpi.*'),
- ],
- 'test_suite_debug': [
- re.compile(r'Debug print mbedtls_mpi.*'),
- ],
- # See ecp_light_only
- 'test_suite_ssl': [
- 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
- ],
- }
- }
- },
- 'analyze_driver_vs_reference_ecc_ffdh_no_bignum': {
- 'test_function': do_analyze_driver_vs_reference,
- 'args': {
- 'component_ref': 'test_psa_crypto_config_reference_ecc_ffdh_no_bignum',
- 'component_driver': 'test_psa_crypto_config_accel_ecc_ffdh_no_bignum',
- 'ignored_suites': [
- # Modules replaced by drivers
- 'ecp', 'ecdsa', 'ecdh', 'ecjpake', 'dhm',
- 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
- 'bignum.generated', 'bignum.misc',
- ],
- 'ignored_tests': {
- 'ssl-opt': [
- # DHE support in TLS 1.2 requires built-in MBEDTLS_DHM_C
- # (because it needs custom groups, which PSA does not
- # provide), even with MBEDTLS_USE_PSA_CRYPTO.
- re.compile(r'PSK callback:.*\bdhe-psk\b.*'),
- ],
- 'test_suite_config': [
- re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'),
- re.compile(r'.*\bMBEDTLS_DHM_C\b.*'),
- re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
- re.compile(r'.*\bMBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED\b.*'),
- re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'),
- ],
- 'test_suite_platform': [
- # Incompatible with sanitizers (e.g. ASan). If the driver
- # component uses a sanitizer but the reference component
- # doesn't, we have a PASS vs SKIP mismatch.
- 'Check mbedtls_calloc overallocation',
- ],
- # See ecp_light_only
- 'test_suite_random': [
- 'PSA classic wrapper: ECDSA signature (SECP256R1)',
- ],
- # See no_ecp_at_all
- 'test_suite_pkparse': [
- re.compile(r'Parse EC Key .*compressed\)'),
- re.compile(r'Parse Public EC Key .*compressed\)'),
- ],
- 'test_suite_asn1parse': [
- 'INTEGER too large for mpi',
- ],
- 'test_suite_asn1write': [
- re.compile(r'ASN.1 Write mpi.*'),
- ],
- 'test_suite_debug': [
- re.compile(r'Debug print mbedtls_mpi.*'),
- ],
- # See ecp_light_only
- 'test_suite_ssl': [
- 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
- ],
- }
- }
- },
- 'analyze_driver_vs_reference_ffdh_alg': {
- 'test_function': do_analyze_driver_vs_reference,
- 'args': {
- 'component_ref': 'test_psa_crypto_config_reference_ffdh',
- 'component_driver': 'test_psa_crypto_config_accel_ffdh',
- 'ignored_suites': ['dhm'],
- 'ignored_tests': {
- 'test_suite_config': [
- re.compile(r'.*\bMBEDTLS_DHM_C\b.*'),
- ],
- 'test_suite_platform': [
- # Incompatible with sanitizers (e.g. ASan). If the driver
- # component uses a sanitizer but the reference component
- # doesn't, we have a PASS vs SKIP mismatch.
- 'Check mbedtls_calloc overallocation',
- ],
- }
- }
- },
- 'analyze_driver_vs_reference_tfm_config': {
- 'test_function': do_analyze_driver_vs_reference,
- 'args': {
- 'component_ref': 'test_tfm_config',
- 'component_driver': 'test_tfm_config_p256m_driver_accel_ec',
- 'ignored_suites': [
- # Modules replaced by drivers
- 'asn1parse', 'asn1write',
- 'ecp', 'ecdsa', 'ecdh', 'ecjpake',
- 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
- 'bignum.generated', 'bignum.misc',
- ],
- 'ignored_tests': {
- 'test_suite_config': [
- re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'),
- re.compile(r'.*\bMBEDTLS_(ASN1\w+)_C\b.*'),
- re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECP)_.*'),
- re.compile(r'.*\bMBEDTLS_PSA_P256M_DRIVER_ENABLED\b.*')
- ],
- 'test_suite_config.crypto_combinations': [
- 'Config: ECC: Weierstrass curves only',
- ],
- 'test_suite_platform': [
- # Incompatible with sanitizers (e.g. ASan). If the driver
- # component uses a sanitizer but the reference component
- # doesn't, we have a PASS vs SKIP mismatch.
- 'Check mbedtls_calloc overallocation',
- ],
- # See ecp_light_only
- 'test_suite_random': [
- 'PSA classic wrapper: ECDSA signature (SECP256R1)',
- ],
- }
- }
- },
- 'analyze_driver_vs_reference_rsa': {
- 'test_function': do_analyze_driver_vs_reference,
- 'args': {
- 'component_ref': 'test_psa_crypto_config_reference_rsa_crypto',
- 'component_driver': 'test_psa_crypto_config_accel_rsa_crypto',
- 'ignored_suites': [
- # Modules replaced by drivers.
- 'rsa', 'pkcs1_v15', 'pkcs1_v21',
- # We temporarily don't care about PK stuff.
- 'pk', 'pkwrite', 'pkparse'
- ],
- 'ignored_tests': {
- 'test_suite_config': [
- re.compile(r'.*\bMBEDTLS_(PKCS1|RSA)_.*'),
- re.compile(r'.*\bMBEDTLS_GENPRIME\b.*')
- ],
- 'test_suite_platform': [
- # Incompatible with sanitizers (e.g. ASan). If the driver
- # component uses a sanitizer but the reference component
- # doesn't, we have a PASS vs SKIP mismatch.
- 'Check mbedtls_calloc overallocation',
- ],
- # Following tests depend on RSA_C but are not about
- # them really, just need to know some error code is there.
- 'test_suite_error': [
- 'Low and high error',
- 'Single high error'
- ],
- # Constant time operations only used for PKCS1_V15
- 'test_suite_constant_time': [
- re.compile(r'mbedtls_ct_zeroize_if .*'),
- re.compile(r'mbedtls_ct_memmove_left .*')
- ],
- 'test_suite_psa_crypto': [
- # We don't support generate_key_custom entry points
- # in drivers yet.
- re.compile(r'PSA generate key custom: RSA, e=.*'),
- re.compile(r'PSA generate key ext: RSA, e=.*'),
- ],
- }
- }
- },
- 'analyze_block_cipher_dispatch': {
- 'test_function': do_analyze_driver_vs_reference,
- 'args': {
- 'component_ref': 'test_full_block_cipher_legacy_dispatch',
- 'component_driver': 'test_full_block_cipher_psa_dispatch',
- 'ignored_suites': [
- # Skipped in the accelerated component
- 'aes', 'aria', 'camellia',
- # These require AES_C, ARIA_C or CAMELLIA_C to be enabled in
- # order for the cipher module (actually cipher_wrapper) to work
- # properly. However these symbols are disabled in the accelerated
- # component so we ignore them.
- 'cipher.ccm', 'cipher.gcm', 'cipher.aes', 'cipher.aria',
- 'cipher.camellia',
- ],
- 'ignored_tests': {
- 'test_suite_config': [
- re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA)_.*'),
- re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'),
- ],
- 'test_suite_cmac': [
- # Following tests require AES_C/ARIA_C/CAMELLIA_C to be enabled,
- # but these are not available in the accelerated component.
- 'CMAC null arguments',
- re.compile('CMAC.* (AES|ARIA|Camellia).*'),
- ],
- 'test_suite_cipher.padding': [
- # Following tests require AES_C/CAMELLIA_C to be enabled,
- # but these are not available in the accelerated component.
- re.compile('Set( non-existent)? padding with (AES|CAMELLIA).*'),
- ],
- 'test_suite_pkcs5': [
- # The AES part of PKCS#5 PBES2 is not yet supported.
- # The rest of PKCS#5 (PBKDF2) works, though.
- re.compile(r'PBES2 .* AES-.*')
- ],
- 'test_suite_pkparse': [
- # PEM (called by pkparse) requires AES_C in order to decrypt
- # the key, but this is not available in the accelerated
- # component.
- re.compile('Parse RSA Key.*(password|AES-).*'),
- ],
- 'test_suite_pem': [
- # Following tests require AES_C, but this is diabled in the
- # accelerated component.
- re.compile('PEM read .*AES.*'),
- 'PEM read (unknown encryption algorithm)',
- ],
- 'test_suite_error': [
- # Following tests depend on AES_C but are not about them
- # really, just need to know some error code is there.
- 'Single low error',
- 'Low and high error',
- ],
- 'test_suite_version': [
- # Similar to test_suite_error above.
- 'Check for MBEDTLS_AES_C when already present',
- ],
- 'test_suite_platform': [
- # Incompatible with sanitizers (e.g. ASan). If the driver
- # component uses a sanitizer but the reference component
- # doesn't, we have a PASS vs SKIP mismatch.
- 'Check mbedtls_calloc overallocation',
- ],
- }
- }
- }
+ 'analyze_coverage': CoverageTask,
+ 'analyze_driver_vs_reference_hash': DriverVSReference_hash,
+ 'analyze_driver_vs_reference_hmac': DriverVSReference_hmac,
+ 'analyze_driver_vs_reference_cipher_aead_cmac': DriverVSReference_cipher_aead_cmac,
+ 'analyze_driver_vs_reference_ecp_light_only': DriverVSReference_ecp_light_only,
+ 'analyze_driver_vs_reference_no_ecp_at_all': DriverVSReference_no_ecp_at_all,
+ 'analyze_driver_vs_reference_ecc_no_bignum': DriverVSReference_ecc_no_bignum,
+ 'analyze_driver_vs_reference_ecc_ffdh_no_bignum': DriverVSReference_ecc_ffdh_no_bignum,
+ 'analyze_driver_vs_reference_ffdh_alg': DriverVSReference_ffdh_alg,
+ 'analyze_driver_vs_reference_tfm_config': DriverVSReference_tfm_config,
+ 'analyze_driver_vs_reference_rsa': DriverVSReference_rsa,
+ 'analyze_block_cipher_dispatch': DriverVSReference_block_cipher_dispatch,
}
-def main():
- main_results = Results()
-
- try:
- parser = argparse.ArgumentParser(description=__doc__)
- parser.add_argument('outcomes', metavar='OUTCOMES.CSV',
- help='Outcome file to analyze')
- parser.add_argument('specified_tasks', default='all', nargs='?',
- help='Analysis to be done. By default, run all tasks. '
- 'With one or more TASK, run only those. '
- 'TASK can be the name of a single task or '
- 'comma/space-separated list of tasks. ')
- parser.add_argument('--list', action='store_true',
- help='List all available tasks and exit.')
- parser.add_argument('--require-full-coverage', action='store_true',
- dest='full_coverage', help="Require all available "
- "test cases to be executed and issue an error "
- "otherwise. This flag is ignored if 'task' is "
- "neither 'all' nor 'analyze_coverage'")
- options = parser.parse_args()
-
- if options.list:
- for task in KNOWN_TASKS:
- print(task)
- sys.exit(0)
-
- if options.specified_tasks == 'all':
- tasks_list = KNOWN_TASKS.keys()
- else:
- tasks_list = re.split(r'[, ]+', options.specified_tasks)
- for task in tasks_list:
- if task not in KNOWN_TASKS:
- sys.stderr.write('invalid task: {}\n'.format(task))
- sys.exit(2)
-
- KNOWN_TASKS['analyze_coverage']['args']['full_coverage'] = options.full_coverage
-
- # If the outcome file exists, parse it once and share the result
- # among tasks to improve performance.
- # Otherwise, it will be generated by execute_reference_driver_tests.
- if not os.path.exists(options.outcomes):
- if len(tasks_list) > 1:
- sys.stderr.write("mutiple tasks found, please provide a valid outcomes file.\n")
- sys.exit(2)
-
- task_name = tasks_list[0]
- task = KNOWN_TASKS[task_name]
- if task['test_function'] != do_analyze_driver_vs_reference: # pylint: disable=comparison-with-callable
- sys.stderr.write("please provide valid outcomes file for {}.\n".format(task_name))
- sys.exit(2)
-
- execute_reference_driver_tests(main_results,
- task['args']['component_ref'],
- task['args']['component_driver'],
- options.outcomes)
-
- outcomes = read_outcome_file(options.outcomes)
-
- for task in tasks_list:
- test_function = KNOWN_TASKS[task]['test_function']
- test_args = KNOWN_TASKS[task]['args']
- test_function(main_results, outcomes, test_args)
-
- main_results.info("Overall results: {} warnings and {} errors",
- main_results.warning_count, main_results.error_count)
-
- sys.exit(0 if (main_results.error_count == 0) else 1)
-
- except Exception: # pylint: disable=broad-except
- # Print the backtrace and exit explicitly with our chosen status.
- traceback.print_exc()
- sys.exit(120)
-
if __name__ == '__main__':
- main()
+ outcome_analysis.main(KNOWN_TASKS)
diff --git a/tests/scripts/basic-in-docker.sh b/tests/scripts/basic-in-docker.sh
index 3aca3a1..81ee8d6 100755
--- a/tests/scripts/basic-in-docker.sh
+++ b/tests/scripts/basic-in-docker.sh
@@ -31,7 +31,6 @@
run_in_docker programs/test/selftest
run_in_docker -e OSSL_NO_DTLS=1 tests/compat.sh
run_in_docker tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl'
- run_in_docker tests/scripts/test-ref-configs.pl
run_in_docker tests/scripts/depends.py curves
run_in_docker tests/scripts/depends.py kex
done
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 09c850a..b480000 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -140,7 +140,8 @@
check scripts/generate_errors.pl library/error.c
check scripts/generate_query_config.pl programs/test/query_config.c
check scripts/generate_features.pl library/version_features.c
- check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
+ check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
+ check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh
check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h
# generate_visualc_files enumerates source files (library/*.c). It doesn't
# care about their content, but the files must exist. So it must run after
diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py
deleted file mode 100755
index d67e678..0000000
--- a/tests/scripts/check_test_cases.py
+++ /dev/null
@@ -1,241 +0,0 @@
-#!/usr/bin/env python3
-
-"""Sanity checks for test data.
-
-This program contains a class for traversing test cases that can be used
-independently of the checks.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-import argparse
-import glob
-import os
-import re
-import subprocess
-import sys
-
-class ScriptOutputError(ValueError):
- """A kind of ValueError that indicates we found
- the script doesn't list test cases in an expected
- pattern.
- """
-
- @property
- def script_name(self):
- return super().args[0]
-
- @property
- def idx(self):
- return super().args[1]
-
- @property
- def line(self):
- return super().args[2]
-
-class Results:
- """Store file and line information about errors or warnings in test suites."""
-
- def __init__(self, options):
- self.errors = 0
- self.warnings = 0
- self.ignore_warnings = options.quiet
-
- def error(self, file_name, line_number, fmt, *args):
- sys.stderr.write(('{}:{}:ERROR:' + fmt + '\n').
- format(file_name, line_number, *args))
- self.errors += 1
-
- def warning(self, file_name, line_number, fmt, *args):
- if not self.ignore_warnings:
- sys.stderr.write(('{}:{}:Warning:' + fmt + '\n')
- .format(file_name, line_number, *args))
- self.warnings += 1
-
-class TestDescriptionExplorer:
- """An iterator over test cases with descriptions.
-
-The test cases that have descriptions are:
-* Individual unit tests (entries in a .data file) in test suites.
-* Individual test cases in ssl-opt.sh.
-
-This is an abstract class. To use it, derive a class that implements
-the process_test_case method, and call walk_all().
-"""
-
- def process_test_case(self, per_file_state,
- file_name, line_number, description):
- """Process a test case.
-
-per_file_state: an object created by new_per_file_state() at the beginning
- of each file.
-file_name: a relative path to the file containing the test case.
-line_number: the line number in the given file.
-description: the test case description as a byte string.
-"""
- raise NotImplementedError
-
- def new_per_file_state(self):
- """Return a new per-file state object.
-
-The default per-file state object is None. Child classes that require per-file
-state may override this method.
-"""
- #pylint: disable=no-self-use
- return None
-
- def walk_test_suite(self, data_file_name):
- """Iterate over the test cases in the given unit test data file."""
- in_paragraph = False
- descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none
- with open(data_file_name, 'rb') as data_file:
- for line_number, line in enumerate(data_file, 1):
- line = line.rstrip(b'\r\n')
- if not line:
- in_paragraph = False
- continue
- if line.startswith(b'#'):
- continue
- if not in_paragraph:
- # This is a test case description line.
- self.process_test_case(descriptions,
- data_file_name, line_number, line)
- in_paragraph = True
-
- def collect_from_script(self, script_name):
- """Collect the test cases in a script by calling its listing test cases
-option"""
- descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none
- listed = subprocess.check_output(['sh', script_name, '--list-test-cases'])
- # Assume test file is responsible for printing identical format of
- # test case description between --list-test-cases and its OUTCOME.CSV
- #
- # idx indicates the number of test case since there is no line number
- # in the script for each test case.
- for idx, line in enumerate(listed.splitlines()):
- # We are expecting the script to list the test cases in
- # `<suite_name>;<description>` pattern.
- script_outputs = line.split(b';', 1)
- if len(script_outputs) == 2:
- suite_name, description = script_outputs
- else:
- raise ScriptOutputError(script_name, idx, line.decode("utf-8"))
-
- self.process_test_case(descriptions,
- suite_name.decode('utf-8'),
- idx,
- description.rstrip())
-
- @staticmethod
- def collect_test_directories():
- """Get the relative path for the TLS and Crypto test directories."""
- if os.path.isdir('tests'):
- tests_dir = 'tests'
- elif os.path.isdir('suites'):
- tests_dir = '.'
- elif os.path.isdir('../suites'):
- tests_dir = '..'
- directories = [tests_dir]
- return directories
-
- def walk_all(self):
- """Iterate over all named test cases."""
- test_directories = self.collect_test_directories()
- for directory in test_directories:
- for data_file_name in glob.glob(os.path.join(directory, 'suites',
- '*.data')):
- self.walk_test_suite(data_file_name)
-
- for sh_file in ['ssl-opt.sh', 'compat.sh']:
- sh_file = os.path.join(directory, sh_file)
- self.collect_from_script(sh_file)
-
-class TestDescriptions(TestDescriptionExplorer):
- """Collect the available test cases."""
-
- def __init__(self):
- super().__init__()
- self.descriptions = set()
-
- def process_test_case(self, _per_file_state,
- file_name, _line_number, description):
- """Record an available test case."""
- base_name = re.sub(r'\.[^.]*$', '', re.sub(r'.*/', '', file_name))
- key = ';'.join([base_name, description.decode('utf-8')])
- self.descriptions.add(key)
-
-def collect_available_test_cases():
- """Collect the available test cases."""
- explorer = TestDescriptions()
- explorer.walk_all()
- return sorted(explorer.descriptions)
-
-class DescriptionChecker(TestDescriptionExplorer):
- """Check all test case descriptions.
-
-* Check that each description is valid (length, allowed character set, etc.).
-* Check that there is no duplicated description inside of one test suite.
-"""
-
- def __init__(self, results):
- self.results = results
-
- def new_per_file_state(self):
- """Dictionary mapping descriptions to their line number."""
- return {}
-
- def process_test_case(self, per_file_state,
- file_name, line_number, description):
- """Check test case descriptions for errors."""
- results = self.results
- seen = per_file_state
- if description in seen:
- results.error(file_name, line_number,
- 'Duplicate description (also line {})',
- seen[description])
- return
- if re.search(br'[\t;]', description):
- results.error(file_name, line_number,
- 'Forbidden character \'{}\' in description',
- re.search(br'[\t;]', description).group(0).decode('ascii'))
- if re.search(br'[^ -~]', description):
- results.error(file_name, line_number,
- 'Non-ASCII character in description')
- if len(description) > 66:
- results.warning(file_name, line_number,
- 'Test description too long ({} > 66)',
- len(description))
- seen[description] = line_number
-
-def main():
- parser = argparse.ArgumentParser(description=__doc__)
- parser.add_argument('--list-all',
- action='store_true',
- help='List all test cases, without doing checks')
- parser.add_argument('--quiet', '-q',
- action='store_true',
- help='Hide warnings')
- parser.add_argument('--verbose', '-v',
- action='store_false', dest='quiet',
- help='Show warnings (default: on; undoes --quiet)')
- options = parser.parse_args()
- if options.list_all:
- descriptions = collect_available_test_cases()
- sys.stdout.write('\n'.join(descriptions + ['']))
- return
- results = Results(options)
- checker = DescriptionChecker(results)
- try:
- checker.walk_all()
- except ScriptOutputError as e:
- results.error(e.script_name, e.idx,
- '"{}" should be listed as "<suite_name>;<description>"',
- e.line)
- if (results.warnings or results.errors) and not options.quiet:
- sys.stderr.write('{}: {} errors, {} warnings\n'
- .format(sys.argv[0], results.errors, results.warnings))
- sys.exit(1 if results.errors else 0)
-
-if __name__ == '__main__':
- main()
diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh
index 053aacf..7b60b49 100644
--- a/tests/scripts/components-basic-checks.sh
+++ b/tests/scripts/components-basic-checks.sh
@@ -68,7 +68,7 @@
else
opt=''
fi
- tests/scripts/check_test_cases.py -q $opt
+ framework/scripts/check_test_cases.py -q $opt
unset opt
}
@@ -106,6 +106,9 @@
# the test code and that's probably the most convenient way of achieving
# the test's goal.
echo "MBEDTLS_ASN1_WRITE_C" >> $expected
+ # No PSA equivalent - used in test_suite_psa_crypto to get some "known" size
+ # for raw key generation.
+ echo "MBEDTLS_CTR_DRBG_MAX_REQUEST" >> $expected
# No PSA equivalent - we should probably have one in the future.
echo "MBEDTLS_ECP_RESTARTABLE" >> $expected
# No PSA equivalent - needed by some init tests
@@ -157,6 +160,5 @@
./framework/scripts/test_generate_test_code.py 2>&1
msg "unit test: translate_ciphers.py"
- python3 -m unittest tests/scripts/translate_ciphers.py 2>&1
+ python3 -m unittest framework/scripts/translate_ciphers.py 2>&1
}
-
diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh
index 9b688af..5d22735 100644
--- a/tests/scripts/components-compiler.sh
+++ b/tests/scripts/components-compiler.sh
@@ -18,7 +18,7 @@
cp configs/config-tfm.h "$CONFIG_H"
msg "build: TF-M config, armclang armv7-m thumb2"
- armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe"
+ helper_armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe"
}
test_build_opt () {
diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index 93f7f77..c9ec333 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -31,6 +31,25 @@
make test
}
+component_test_crypto_with_static_key_slots() {
+ msg "build: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS"
+ scripts/config.py crypto_full
+ scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS
+ # Intentionally set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE to a value that
+ # is enough to contain:
+ # - all RSA public keys up to 4096 bits (max of PSA_VENDOR_RSA_MAX_KEY_BITS).
+ # - RSA key pairs up to 1024 bits, but not 2048 or larger.
+ # - all FFDH key pairs and public keys up to 8192 bits (max of PSA_VENDOR_FFDH_MAX_KEY_BITS).
+ # - all EC key pairs and public keys up to 521 bits (max of PSA_VENDOR_ECC_MAX_CURVE_BITS).
+ scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 1212
+ # Disable the fully dynamic key store (default on) since it conflicts
+ # with the static behavior that we're testing here.
+ scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC
+
+ msg "test: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS"
+ make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test
+}
+
# check_renamed_symbols HEADER LIB
# Check that if HEADER contains '#define MACRO ...' then MACRO is not a symbol
# name in LIB.
@@ -56,6 +75,68 @@
check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
}
+# The goal of this component is to build a configuration where:
+# - test code and libtestdriver1 can make use of calloc/free and
+# - core library (including PSA core) cannot use calloc/free.
+component_test_psa_crypto_without_heap() {
+ msg "crypto without heap: build libtestdriver1"
+ # Disable PSA features that cannot be accelerated and whose builtin support
+ # requires calloc/free.
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
+ scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_HKDF"
+ scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_PBKDF2_"
+ scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_TLS12_"
+ # RSA key support requires ASN1 parse/write support for testing, but ASN1
+ # is disabled below.
+ scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_KEY_TYPE_RSA_"
+ scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_RSA_"
+ # DES requires built-in support for key generation (parity check) so it
+ # cannot be accelerated
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
+ # EC-JPAKE use calloc/free in PSA core
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
+
+ # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H).
+ PSA_SYM_LIST=$(./scripts/config.py -f $CRYPTO_CONFIG_H get-all-enabled PSA_WANT)
+ loc_accel_list=$(echo $PSA_SYM_LIST | sed 's/PSA_WANT_//g')
+
+ helper_libtestdriver1_adjust_config crypto
+ helper_libtestdriver1_make_drivers "$loc_accel_list"
+
+ msg "crypto without heap: build main library"
+ # Disable all legacy MBEDTLS_xxx symbols.
+ scripts/config.py unset-all "^MBEDTLS_"
+ # Build the PSA core using the proper config file.
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_C
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+ # Enable fully-static key slots in PSA core.
+ scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS
+ # Prevent PSA core from creating a copy of input/output buffers.
+ scripts/config.py set MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
+ # Prevent PSA core from using CTR-DRBG or HMAC-DRBG for random generation.
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
+ # Set calloc/free as null pointer functions. Calling them would crash
+ # the program so we can use this as a "sentinel" for being sure no module
+ # is making use of these functions in the library.
+ scripts/config.py set MBEDTLS_PLATFORM_C
+ scripts/config.py set MBEDTLS_PLATFORM_MEMORY
+ scripts/config.py set MBEDTLS_PLATFORM_STD_CALLOC NULL
+ scripts/config.py set MBEDTLS_PLATFORM_STD_FREE NULL
+
+ helper_libtestdriver1_make_main "$loc_accel_list" lib
+
+ msg "crypto without heap: build test suites and helpers"
+ # Reset calloc/free functions to normal operations so that test code can
+ # freely use them.
+ scripts/config.py unset MBEDTLS_PLATFORM_MEMORY
+ scripts/config.py unset MBEDTLS_PLATFORM_STD_CALLOC
+ scripts/config.py unset MBEDTLS_PLATFORM_STD_FREE
+ helper_libtestdriver1_make_main "$loc_accel_list" tests
+
+ msg "crypto without heap: test"
+ make test
+}
+
# Get a list of library-wise undefined symbols and ensure that they only
# belong to psa_xxx() functions and not to mbedtls_yyy() ones.
# This function is a common helper used by both:
@@ -162,6 +243,25 @@
tests/context-info.sh
}
+component_test_config_no_entropy () {
+ msg "build: configs/config-no-entropy.h"
+ cp configs/config-no-entropy.h "$CONFIG_H"
+ # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
+ # want to re-generate generated files that depend on it, quite correctly.
+ # However this doesn't work as the generation script expects a specific
+ # format for mbedtls_config.h, which the other files don't follow. Also,
+ # cmake can't know this, but re-generation is actually not necessary as
+ # the generated files only depend on the list of available options, not
+ # whether they're on or off. So, disable cmake's (over-sensitive here)
+ # dependency resolution for generated files and just rely on them being
+ # present (thanks to pre_generate_files) by turning GEN_FILES off.
+ CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: configs/config-no-entropy.h - unit tests"
+ make test
+}
+
component_test_no_ctr_drbg_classic () {
msg "build: Full minus CTR_DRBG, classic crypto in TLS"
scripts/config.py full
@@ -516,6 +616,46 @@
make test
}
+component_test_config_symmetric_only_legacy () {
+ msg "build: configs/config-symmetric-only.h"
+ cp configs/config-symmetric-only.h "$CONFIG_H"
+ # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
+ # want to re-generate generated files that depend on it, quite correctly.
+ # However this doesn't work as the generation script expects a specific
+ # format for mbedtls_config.h, which the other files don't follow. Also,
+ # cmake can't know this, but re-generation is actually not necessary as
+ # the generated files only depend on the list of available options, not
+ # whether they're on or off. So, disable cmake's (over-sensitive here)
+ # dependency resolution for generated files and just rely on them being
+ # present (thanks to pre_generate_files) by turning GEN_FILES off.
+ CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: configs/config-symmetric-only.h - unit tests"
+ make test
+}
+
+component_test_config_symmetric_only_psa () {
+ msg "build: configs/config-symmetric-only.h + USE_PSA_CRYPTO"
+ cp configs/config-symmetric-only.h "$CONFIG_H"
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_C
+ scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
+ # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
+ # want to re-generate generated files that depend on it, quite correctly.
+ # However this doesn't work as the generation script expects a specific
+ # format for mbedtls_config.h, which the other files don't follow. Also,
+ # cmake can't know this, but re-generation is actually not necessary as
+ # the generated files only depend on the list of available options, not
+ # whether they're on or off. So, disable cmake's (over-sensitive here)
+ # dependency resolution for generated files and just rely on them being
+ # present (thanks to pre_generate_files) by turning GEN_FILES off.
+ CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: configs/config-symmetric-only.h + USE_PSA_CRYPTO - unit tests"
+ make test
+}
+
component_test_full_no_bignum () {
msg "build: full minus bignum"
scripts/config.py full
@@ -841,7 +981,7 @@
# -----
# These hashes are needed for some ECDSA signature tests.
- loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
+ loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
@@ -1581,9 +1721,19 @@
common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC_DH"
}
+component_test_tfm_config_as_is () {
+ msg "build: configs/config-tfm.h"
+ cp configs/config-tfm.h "$CONFIG_H"
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: configs/config-tfm.h - unit tests"
+ make test
+}
+
# Helper for setting common configurations between:
# - component_test_tfm_config_p256m_driver_accel_ec()
-# - component_test_tfm_config()
+# - component_test_tfm_config_no_p256m()
common_tfm_config () {
# Enable TF-M config
cp configs/config-tfm.h "$CONFIG_H"
@@ -1637,14 +1787,14 @@
# Keep this in sync with component_test_tfm_config_p256m_driver_accel_ec() as
# they are both meant to be used in analyze_outcomes.py for driver's coverage
# analysis.
-component_test_tfm_config () {
+component_test_tfm_config_no_p256m () {
common_tfm_config
# Disable P256M driver, which is on by default, so that analyze_outcomes
# can compare this test with test_tfm_config_p256m_driver_accel_ec
echo "#undef MBEDTLS_PSA_P256M_DRIVER_ENABLED" >> "$CONFIG_H"
- msg "build: TF-M config"
+ msg "build: TF-M config without p256m"
make CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' tests
# Check that p256m was not built
@@ -1654,7 +1804,7 @@
# files, so we want to ensure that it has not be re-enabled accidentally.
not grep mbedtls_cipher library/cipher.o
- msg "test: TF-M config"
+ msg "test: TF-M config without p256m"
make test
}
@@ -1697,6 +1847,8 @@
driver_only=$1
# Start from crypto_full config (no X.509, no TLS)
+ # Note: PK will be ignored when comparing driver to reference in
+ # analyze_outcomes.py
helper_libtestdriver1_adjust_config "crypto_full"
if [ "$driver_only" -eq 1 ]; then
@@ -2778,12 +2930,12 @@
msg "AESCE, build with default configuration."
scripts/config.py set MBEDTLS_AESCE_C
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
- armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
+ helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
msg "AESCE, build AESCE only"
scripts/config.py set MBEDTLS_AESCE_C
scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
- armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
+ helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
}
support_build_aes_aesce_armcc () {
@@ -3013,7 +3165,7 @@
# test AESCE baremetal build
scripts/config.py set MBEDTLS_AESCE_C
msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESCE"
- armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra"
+ helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra"
# Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
not grep mbedtls_aes_setkey_dec library/aes.o
diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh
index 7debb34..23c9d68 100644
--- a/tests/scripts/components-configuration-tls.sh
+++ b/tests/scripts/components-configuration-tls.sh
@@ -9,6 +9,72 @@
#### Configuration Testing - TLS
################################################################
+component_test_config_suite_b_legacy () {
+ msg "build: configs/config-suite-b.h"
+ cp configs/config-suite-b.h "$CONFIG_H"
+ # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
+ # want to re-generate generated files that depend on it, quite correctly.
+ # However this doesn't work as the generation script expects a specific
+ # format for mbedtls_config.h, which the other files don't follow. Also,
+ # cmake can't know this, but re-generation is actually not necessary as
+ # the generated files only depend on the list of available options, not
+ # whether they're on or off. So, disable cmake's (over-sensitive here)
+ # dependency resolution for generated files and just rely on them being
+ # present (thanks to pre_generate_files) by turning GEN_FILES off.
+ CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: configs/config-suite-b.h - unit tests"
+ make test
+
+ msg "test: configs/config-suite-b.h - compat.sh"
+ tests/compat.sh -m tls12 -f 'ECDHE_ECDSA.*AES.*GCM' -p mbedTLS
+
+ msg "build: configs/config-suite-b.h + DEBUG"
+ MBEDTLS_TEST_CONFIGURATION="$MBEDTLS_TEST_CONFIGURATION+DEBUG"
+ make clean
+ scripts/config.py set MBEDTLS_DEBUG_C
+ scripts/config.py set MBEDTLS_ERROR_C
+ make ssl-opt
+
+ msg "test: configs/config-suite-b.h + DEBUG - ssl-opt.sh"
+ tests/ssl-opt.sh
+}
+
+component_test_config_suite_b_psa () {
+ msg "build: configs/config-suite-b.h + USE_PSA_CRYPTO"
+ cp configs/config-suite-b.h "$CONFIG_H"
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_C
+ scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
+ # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
+ # want to re-generate generated files that depend on it, quite correctly.
+ # However this doesn't work as the generation script expects a specific
+ # format for mbedtls_config.h, which the other files don't follow. Also,
+ # cmake can't know this, but re-generation is actually not necessary as
+ # the generated files only depend on the list of available options, not
+ # whether they're on or off. So, disable cmake's (over-sensitive here)
+ # dependency resolution for generated files and just rely on them being
+ # present (thanks to pre_generate_files) by turning GEN_FILES off.
+ CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: configs/config-suite-b.h + USE_PSA_CRYPTO - unit tests"
+ make test
+
+ msg "test: configs/config-suite-b.h + USE_PSA_CRYPTO - compat.sh"
+ tests/compat.sh -m tls12 -f 'ECDHE_ECDSA.*AES.*GCM' -p mbedTLS
+
+ msg "build: configs/config-suite-b.h + USE_PSA_CRYPTO + DEBUG"
+ MBEDTLS_TEST_CONFIGURATION="$MBEDTLS_TEST_CONFIGURATION+DEBUG"
+ make clean
+ scripts/config.py set MBEDTLS_DEBUG_C
+ scripts/config.py set MBEDTLS_ERROR_C
+ make ssl-opt
+
+ msg "test: configs/config-suite-b.h + USE_PSA_CRYPTO + DEBUG - ssl-opt.sh"
+ tests/ssl-opt.sh
+}
+
component_test_no_renegotiation () {
msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min
scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION
@@ -191,6 +257,52 @@
tests/ssl-opt.sh -f "TLS 1.2"
}
+component_test_config_thread_legacy () {
+ msg "build: configs/config-thread.h"
+ cp configs/config-thread.h "$CONFIG_H"
+ # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
+ # want to re-generate generated files that depend on it, quite correctly.
+ # However this doesn't work as the generation script expects a specific
+ # format for mbedtls_config.h, which the other files don't follow. Also,
+ # cmake can't know this, but re-generation is actually not necessary as
+ # the generated files only depend on the list of available options, not
+ # whether they're on or off. So, disable cmake's (over-sensitive here)
+ # dependency resolution for generated files and just rely on them being
+ # present (thanks to pre_generate_files) by turning GEN_FILES off.
+ CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: configs/config-thread.h - unit tests"
+ make test
+
+ msg "test: configs/config-thread.h - ssl-opt.sh"
+ tests/ssl-opt.sh -f 'ECJPAKE.*nolog'
+}
+
+component_test_config_thread_psa () {
+ msg "build: configs/config-thread.h + USE_PSA_CRYPTO"
+ cp configs/config-thread.h "$CONFIG_H"
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_C
+ scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
+ # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
+ # want to re-generate generated files that depend on it, quite correctly.
+ # However this doesn't work as the generation script expects a specific
+ # format for mbedtls_config.h, which the other files don't follow. Also,
+ # cmake can't know this, but re-generation is actually not necessary as
+ # the generated files only depend on the list of available options, not
+ # whether they're on or off. So, disable cmake's (over-sensitive here)
+ # dependency resolution for generated files and just rely on them being
+ # present (thanks to pre_generate_files) by turning GEN_FILES off.
+ CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: configs/config-thread.h + USE_PSA_CRYPTO - unit tests"
+ make test
+
+ msg "test: configs/config-thread.h + USE_PSA_CRYPTO - ssl-opt.sh"
+ tests/ssl-opt.sh -f 'ECJPAKE.*nolog'
+}
+
# We're not aware of any other (open source) implementation of EC J-PAKE in TLS
# that we could use for interop testing. However, we now have sort of two
# implementations ourselves: one using PSA, the other not. At least test that
@@ -224,6 +336,118 @@
rm s2_no_use_psa c2_no_use_psa
}
+component_test_tls1_2_ccm_psk_legacy () {
+ msg "build: configs/config-ccm-psk-tls1_2.h"
+ cp configs/config-ccm-psk-tls1_2.h "$CONFIG_H"
+ # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
+ # want to re-generate generated files that depend on it, quite correctly.
+ # However this doesn't work as the generation script expects a specific
+ # format for mbedtls_config.h, which the other files don't follow. Also,
+ # cmake can't know this, but re-generation is actually not necessary as
+ # the generated files only depend on the list of available options, not
+ # whether they're on or off. So, disable cmake's (over-sensitive here)
+ # dependency resolution for generated files and just rely on them being
+ # present (thanks to pre_generate_files) by turning GEN_FILES off.
+ CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: configs/config-ccm-psk-tls1_2.h - unit tests"
+ make test
+
+ msg "test: configs/config-ccm-psk-tls1_2.h - compat.sh"
+ tests/compat.sh -m tls12 -f '^TLS_PSK_WITH_AES_..._CCM_8'
+}
+
+component_test_tls1_2_ccm_psk_psa () {
+ msg "build: configs/config-ccm-psk-tls1_2.h + USE_PSA_CRYPTO"
+ cp configs/config-ccm-psk-tls1_2.h "$CONFIG_H"
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_C
+ scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
+ # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
+ # want to re-generate generated files that depend on it, quite correctly.
+ # However this doesn't work as the generation script expects a specific
+ # format for mbedtls_config.h, which the other files don't follow. Also,
+ # cmake can't know this, but re-generation is actually not necessary as
+ # the generated files only depend on the list of available options, not
+ # whether they're on or off. So, disable cmake's (over-sensitive here)
+ # dependency resolution for generated files and just rely on them being
+ # present (thanks to pre_generate_files) by turning GEN_FILES off.
+ CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: configs/config-ccm-psk-tls1_2.h + USE_PSA_CRYPTO - unit tests"
+ make test
+
+ msg "test: configs/config-ccm-psk-tls1_2.h + USE_PSA_CRYPTO - compat.sh"
+ tests/compat.sh -m tls12 -f '^TLS_PSK_WITH_AES_..._CCM_8'
+}
+
+component_test_tls1_2_ccm_psk_dtls_legacy () {
+ msg "build: configs/config-ccm-psk-dtls1_2.h"
+ cp configs/config-ccm-psk-dtls1_2.h "$CONFIG_H"
+ # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
+ # want to re-generate generated files that depend on it, quite correctly.
+ # However this doesn't work as the generation script expects a specific
+ # format for mbedtls_config.h, which the other files don't follow. Also,
+ # cmake can't know this, but re-generation is actually not necessary as
+ # the generated files only depend on the list of available options, not
+ # whether they're on or off. So, disable cmake's (over-sensitive here)
+ # dependency resolution for generated files and just rely on them being
+ # present (thanks to pre_generate_files) by turning GEN_FILES off.
+ CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: configs/config-ccm-psk-dtls1_2.h - unit tests"
+ make test
+
+ msg "test: configs/config-ccm-psk-dtls1_2.h - compat.sh"
+ tests/compat.sh -m dtls12 -f '^TLS_PSK_WITH_AES_..._CCM_8'
+
+ msg "build: configs/config-ccm-psk-dtls1_2.h + DEBUG"
+ MBEDTLS_TEST_CONFIGURATION="$MBEDTLS_TEST_CONFIGURATION+DEBUG"
+ make clean
+ scripts/config.py set MBEDTLS_DEBUG_C
+ scripts/config.py set MBEDTLS_ERROR_C
+ make ssl-opt
+
+ msg "test: configs/config-ccm-psk-dtls1_2.h + DEBUG - ssl-opt.sh"
+ tests/ssl-opt.sh
+}
+
+component_test_tls1_2_ccm_psk_dtls_psa () {
+ msg "build: configs/config-ccm-psk-dtls1_2.h + USE_PSA_CRYPTO"
+ cp configs/config-ccm-psk-dtls1_2.h "$CONFIG_H"
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_C
+ scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
+ # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
+ # want to re-generate generated files that depend on it, quite correctly.
+ # However this doesn't work as the generation script expects a specific
+ # format for mbedtls_config.h, which the other files don't follow. Also,
+ # cmake can't know this, but re-generation is actually not necessary as
+ # the generated files only depend on the list of available options, not
+ # whether they're on or off. So, disable cmake's (over-sensitive here)
+ # dependency resolution for generated files and just rely on them being
+ # present (thanks to pre_generate_files) by turning GEN_FILES off.
+ CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: configs/config-ccm-psk-dtls1_2.h + USE_PSA_CRYPTO - unit tests"
+ make test
+
+ msg "test: configs/config-ccm-psk-dtls1_2.h + USE_PSA_CRYPTO - compat.sh"
+ tests/compat.sh -m dtls12 -f '^TLS_PSK_WITH_AES_..._CCM_8'
+
+ msg "build: configs/config-ccm-psk-dtls1_2.h + USE_PSA_CRYPTO + DEBUG"
+ MBEDTLS_TEST_CONFIGURATION="$MBEDTLS_TEST_CONFIGURATION+DEBUG"
+ make clean
+ scripts/config.py set MBEDTLS_DEBUG_C
+ scripts/config.py set MBEDTLS_ERROR_C
+ make ssl-opt
+
+ msg "test: configs/config-ccm-psk-dtls1_2.h + USE_PSA_CRYPTO + DEBUG - ssl-opt.sh"
+ tests/ssl-opt.sh
+}
+
component_test_small_ssl_out_content_len () {
msg "build: small SSL_OUT_CONTENT_LEN (ASan build)"
scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384
diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh
index 3a75c4c..559f353 100644
--- a/tests/scripts/components-configuration.sh
+++ b/tests/scripts/components-configuration.sh
@@ -129,21 +129,6 @@
tests/context-info.sh
}
-component_test_ref_configs () {
- msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
- # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
- # want to re-generate generated files that depend on it, quite correctly.
- # However this doesn't work as the generation script expects a specific
- # format for mbedtls_config.h, which the other files don't follow. Also,
- # cmake can't know this, but re-generation is actually not necessary as
- # the generated files only depend on the list of available options, not
- # whether they're on or off. So, disable cmake's (over-sensitive here)
- # dependency resolution for generated files and just rely on them being
- # present (thanks to pre_generate_files) by turning GEN_FILES off.
- CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
- tests/scripts/test-ref-configs.pl
-}
-
component_test_full_cmake_clang () {
msg "build: cmake, full config, clang" # ~ 50s
scripts/config.py full
diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh
index 1edb90b..5f26ba4 100644
--- a/tests/scripts/components-platform.sh
+++ b/tests/scripts/components-platform.sh
@@ -457,32 +457,32 @@
# Compile mostly with -O1 since some Arm inline assembly is disabled for -O0.
# ARM Compiler 6 - Target ARMv7-A
- armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-a"
+ helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-a"
# ARM Compiler 6 - Target ARMv7-M
- armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m"
+ helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m"
# ARM Compiler 6 - Target ARMv7-M+DSP
- armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m+dsp"
+ helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m+dsp"
# ARM Compiler 6 - Target ARMv8-A - AArch32
- armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8.2-a"
+ helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8.2-a"
# ARM Compiler 6 - Target ARMv8-M
- armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main"
+ helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main"
# ARM Compiler 6 - Target Cortex-M0 - no optimisation
- armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0"
+ helper_armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0"
# ARM Compiler 6 - Target Cortex-M0
- armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0"
+ helper_armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0"
# ARM Compiler 6 - Target ARMv8.2-A - AArch64
#
# Re-enable MBEDTLS_AESCE_C as this should be supported by the version of armclang
# that we have in our CI
scripts/config.py set MBEDTLS_AESCE_C
- armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto"
+ helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto"
}
support_build_armcc () {
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 1990cd2..64a3d46 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -537,7 +537,7 @@
default=True)
options = parser.parse_args()
os.chdir(options.directory)
- conf = config.ConfigFile(options.config)
+ conf = config.MbedTLSConfig(options.config)
domain_data = DomainData(options, conf)
if options.tasks is True:
diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py
deleted file mode 100755
index dde37b7..0000000
--- a/tests/scripts/generate_tls13_compat_tests.py
+++ /dev/null
@@ -1,661 +0,0 @@
-#!/usr/bin/env python3
-
-# generate_tls13_compat_tests.py
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-"""
-Generate TLSv1.3 Compat test cases
-
-"""
-
-import sys
-import os
-import argparse
-import itertools
-from collections import namedtuple
-
-# define certificates configuration entry
-Certificate = namedtuple("Certificate", ['cafile', 'certfile', 'keyfile'])
-# define the certificate parameters for signature algorithms
-CERTIFICATES = {
- 'ecdsa_secp256r1_sha256': Certificate('$DATA_FILES_PATH/test-ca2.crt',
- '$DATA_FILES_PATH/ecdsa_secp256r1.crt',
- '$DATA_FILES_PATH/ecdsa_secp256r1.key'),
- 'ecdsa_secp384r1_sha384': Certificate('$DATA_FILES_PATH/test-ca2.crt',
- '$DATA_FILES_PATH/ecdsa_secp384r1.crt',
- '$DATA_FILES_PATH/ecdsa_secp384r1.key'),
- 'ecdsa_secp521r1_sha512': Certificate('$DATA_FILES_PATH/test-ca2.crt',
- '$DATA_FILES_PATH/ecdsa_secp521r1.crt',
- '$DATA_FILES_PATH/ecdsa_secp521r1.key'),
- 'rsa_pss_rsae_sha256': Certificate('$DATA_FILES_PATH/test-ca_cat12.crt',
- '$DATA_FILES_PATH/server2-sha256.crt',
- '$DATA_FILES_PATH/server2.key')
-}
-
-CIPHER_SUITE_IANA_VALUE = {
- "TLS_AES_128_GCM_SHA256": 0x1301,
- "TLS_AES_256_GCM_SHA384": 0x1302,
- "TLS_CHACHA20_POLY1305_SHA256": 0x1303,
- "TLS_AES_128_CCM_SHA256": 0x1304,
- "TLS_AES_128_CCM_8_SHA256": 0x1305
-}
-
-SIG_ALG_IANA_VALUE = {
- "ecdsa_secp256r1_sha256": 0x0403,
- "ecdsa_secp384r1_sha384": 0x0503,
- "ecdsa_secp521r1_sha512": 0x0603,
- 'rsa_pss_rsae_sha256': 0x0804,
-}
-
-NAMED_GROUP_IANA_VALUE = {
- 'secp256r1': 0x17,
- 'secp384r1': 0x18,
- 'secp521r1': 0x19,
- 'x25519': 0x1d,
- 'x448': 0x1e,
- # Only one finite field group to keep testing time within reasonable bounds.
- 'ffdhe2048': 0x100,
-}
-
-class TLSProgram:
- """
- Base class for generate server/client command.
- """
-
- # pylint: disable=too-many-arguments
- def __init__(self, ciphersuite=None, signature_algorithm=None, named_group=None,
- cert_sig_alg=None, compat_mode=True):
- self._ciphers = []
- self._sig_algs = []
- self._named_groups = []
- self._cert_sig_algs = []
- if ciphersuite:
- self.add_ciphersuites(ciphersuite)
- if named_group:
- self.add_named_groups(named_group)
- if signature_algorithm:
- self.add_signature_algorithms(signature_algorithm)
- if cert_sig_alg:
- self.add_cert_signature_algorithms(cert_sig_alg)
- self._compat_mode = compat_mode
-
- # add_ciphersuites should not override by sub class
- def add_ciphersuites(self, *ciphersuites):
- self._ciphers.extend(
- [cipher for cipher in ciphersuites if cipher not in self._ciphers])
-
- # add_signature_algorithms should not override by sub class
- def add_signature_algorithms(self, *signature_algorithms):
- self._sig_algs.extend(
- [sig_alg for sig_alg in signature_algorithms if sig_alg not in self._sig_algs])
-
- # add_named_groups should not override by sub class
- def add_named_groups(self, *named_groups):
- self._named_groups.extend(
- [named_group for named_group in named_groups if named_group not in self._named_groups])
-
- # add_cert_signature_algorithms should not override by sub class
- def add_cert_signature_algorithms(self, *signature_algorithms):
- self._cert_sig_algs.extend(
- [sig_alg for sig_alg in signature_algorithms if sig_alg not in self._cert_sig_algs])
-
- # pylint: disable=no-self-use
- def pre_checks(self):
- return []
-
- # pylint: disable=no-self-use
- def cmd(self):
- if not self._cert_sig_algs:
- self._cert_sig_algs = list(CERTIFICATES.keys())
- return self.pre_cmd()
-
- # pylint: disable=no-self-use
- def post_checks(self):
- return []
-
- # pylint: disable=no-self-use
- def pre_cmd(self):
- return ['false']
-
- # pylint: disable=unused-argument,no-self-use
- def hrr_post_checks(self, named_group):
- return []
-
-
-class OpenSSLBase(TLSProgram):
- """
- Generate base test commands for OpenSSL.
- """
-
- NAMED_GROUP = {
- 'secp256r1': 'P-256',
- 'secp384r1': 'P-384',
- 'secp521r1': 'P-521',
- 'x25519': 'X25519',
- 'x448': 'X448',
- 'ffdhe2048': 'ffdhe2048',
- }
-
- def cmd(self):
- ret = super().cmd()
-
- if self._ciphers:
- ciphersuites = ':'.join(self._ciphers)
- ret += ["-ciphersuites {ciphersuites}".format(ciphersuites=ciphersuites)]
-
- if self._sig_algs:
- signature_algorithms = set(self._sig_algs + self._cert_sig_algs)
- signature_algorithms = ':'.join(signature_algorithms)
- ret += ["-sigalgs {signature_algorithms}".format(
- signature_algorithms=signature_algorithms)]
-
- if self._named_groups:
- named_groups = ':'.join(
- map(lambda named_group: self.NAMED_GROUP[named_group], self._named_groups))
- ret += ["-groups {named_groups}".format(named_groups=named_groups)]
-
- ret += ['-msg -tls1_3']
- if not self._compat_mode:
- ret += ['-no_middlebox']
-
- return ret
-
- def pre_checks(self):
- ret = ["requires_openssl_tls1_3"]
-
- # ffdh groups require at least openssl 3.0
- ffdh_groups = ['ffdhe2048']
-
- if any(x in ffdh_groups for x in self._named_groups):
- ret = ["requires_openssl_tls1_3_with_ffdh"]
-
- return ret
-
-
-class OpenSSLServ(OpenSSLBase):
- """
- Generate test commands for OpenSSL server.
- """
-
- def cmd(self):
- ret = super().cmd()
- ret += ['-num_tickets 0 -no_resume_ephemeral -no_cache']
- return ret
-
- def post_checks(self):
- return ['-c "HTTP/1.0 200 ok"']
-
- def pre_cmd(self):
- ret = ['$O_NEXT_SRV_NO_CERT']
- for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
- ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)]
- return ret
-
-
-class OpenSSLCli(OpenSSLBase):
- """
- Generate test commands for OpenSSL client.
- """
-
- def pre_cmd(self):
- return ['$O_NEXT_CLI_NO_CERT',
- '-CAfile {cafile}'.format(cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
-
-
-class GnuTLSBase(TLSProgram):
- """
- Generate base test commands for GnuTLS.
- """
-
- CIPHER_SUITE = {
- 'TLS_AES_256_GCM_SHA384': [
- 'AES-256-GCM',
- 'SHA384',
- 'AEAD'],
- 'TLS_AES_128_GCM_SHA256': [
- 'AES-128-GCM',
- 'SHA256',
- 'AEAD'],
- 'TLS_CHACHA20_POLY1305_SHA256': [
- 'CHACHA20-POLY1305',
- 'SHA256',
- 'AEAD'],
- 'TLS_AES_128_CCM_SHA256': [
- 'AES-128-CCM',
- 'SHA256',
- 'AEAD'],
- 'TLS_AES_128_CCM_8_SHA256': [
- 'AES-128-CCM-8',
- 'SHA256',
- 'AEAD']}
-
- SIGNATURE_ALGORITHM = {
- 'ecdsa_secp256r1_sha256': ['SIGN-ECDSA-SECP256R1-SHA256'],
- 'ecdsa_secp521r1_sha512': ['SIGN-ECDSA-SECP521R1-SHA512'],
- 'ecdsa_secp384r1_sha384': ['SIGN-ECDSA-SECP384R1-SHA384'],
- 'rsa_pss_rsae_sha256': ['SIGN-RSA-PSS-RSAE-SHA256']}
-
- NAMED_GROUP = {
- 'secp256r1': ['GROUP-SECP256R1'],
- 'secp384r1': ['GROUP-SECP384R1'],
- 'secp521r1': ['GROUP-SECP521R1'],
- 'x25519': ['GROUP-X25519'],
- 'x448': ['GROUP-X448'],
- 'ffdhe2048': ['GROUP-FFDHE2048'],
- }
-
- def pre_checks(self):
- return ["requires_gnutls_tls1_3",
- "requires_gnutls_next_no_ticket",
- "requires_gnutls_next_disable_tls13_compat", ]
-
- def cmd(self):
- ret = super().cmd()
-
- priority_string_list = []
-
- def update_priority_string_list(items, map_table):
- for item in items:
- for i in map_table[item]:
- if i not in priority_string_list:
- yield i
-
- if self._ciphers:
- priority_string_list.extend(update_priority_string_list(
- self._ciphers, self.CIPHER_SUITE))
- else:
- priority_string_list.extend(['CIPHER-ALL', 'MAC-ALL'])
-
- if self._sig_algs:
- signature_algorithms = set(self._sig_algs + self._cert_sig_algs)
- priority_string_list.extend(update_priority_string_list(
- signature_algorithms, self.SIGNATURE_ALGORITHM))
- else:
- priority_string_list.append('SIGN-ALL')
-
-
- if self._named_groups:
- priority_string_list.extend(update_priority_string_list(
- self._named_groups, self.NAMED_GROUP))
- else:
- priority_string_list.append('GROUP-ALL')
-
- priority_string_list = ['NONE'] + \
- priority_string_list + ['VERS-TLS1.3']
-
- priority_string = ':+'.join(priority_string_list)
- priority_string += ':%NO_TICKETS'
-
- if not self._compat_mode:
- priority_string += [':%DISABLE_TLS13_COMPAT_MODE']
-
- ret += ['--priority={priority_string}'.format(
- priority_string=priority_string)]
- return ret
-
-class GnuTLSServ(GnuTLSBase):
- """
- Generate test commands for GnuTLS server.
- """
-
- def pre_cmd(self):
- ret = ['$G_NEXT_SRV_NO_CERT', '--http', '--disable-client-cert', '--debug=4']
-
- for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
- ret += ['--x509certfile {cert} --x509keyfile {key}'.format(
- cert=cert, key=key)]
- return ret
-
- def post_checks(self):
- return ['-c "HTTP/1.0 200 OK"']
-
-
-class GnuTLSCli(GnuTLSBase):
- """
- Generate test commands for GnuTLS client.
- """
-
- def pre_cmd(self):
- return ['$G_NEXT_CLI_NO_CERT', '--debug=4', '--single-key-share',
- '--x509cafile {cafile}'.format(cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
-
-
-class MbedTLSBase(TLSProgram):
- """
- Generate base test commands for mbedTLS.
- """
-
- CIPHER_SUITE = {
- 'TLS_AES_256_GCM_SHA384': 'TLS1-3-AES-256-GCM-SHA384',
- 'TLS_AES_128_GCM_SHA256': 'TLS1-3-AES-128-GCM-SHA256',
- 'TLS_CHACHA20_POLY1305_SHA256': 'TLS1-3-CHACHA20-POLY1305-SHA256',
- 'TLS_AES_128_CCM_SHA256': 'TLS1-3-AES-128-CCM-SHA256',
- 'TLS_AES_128_CCM_8_SHA256': 'TLS1-3-AES-128-CCM-8-SHA256'}
-
- def cmd(self):
- ret = super().cmd()
- ret += ['debug_level=4']
-
-
- if self._ciphers:
- ciphers = ','.join(
- map(lambda cipher: self.CIPHER_SUITE[cipher], self._ciphers))
- ret += ["force_ciphersuite={ciphers}".format(ciphers=ciphers)]
-
- if self._sig_algs + self._cert_sig_algs:
- ret += ['sig_algs={sig_algs}'.format(
- sig_algs=','.join(set(self._sig_algs + self._cert_sig_algs)))]
-
- if self._named_groups:
- named_groups = ','.join(self._named_groups)
- ret += ["groups={named_groups}".format(named_groups=named_groups)]
- return ret
-
- #pylint: disable=missing-function-docstring
- def add_ffdh_group_requirements(self, requirement_list):
- if 'ffdhe2048' in self._named_groups:
- requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048')
- if 'ffdhe3072' in self._named_groups:
- requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048')
- if 'ffdhe4096' in self._named_groups:
- requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048')
- if 'ffdhe6144' in self._named_groups:
- requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048')
- if 'ffdhe8192' in self._named_groups:
- requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048')
-
- def pre_checks(self):
- ret = ['requires_config_enabled MBEDTLS_DEBUG_C',
- 'requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED']
-
- if self._compat_mode:
- ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE']
-
- if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs:
- ret.append(
- 'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')
-
- ec_groups = ['secp256r1', 'secp384r1', 'secp521r1', 'x25519', 'x448']
- ffdh_groups = ['ffdhe2048', 'ffdhe3072', 'ffdhe4096', 'ffdhe6144', 'ffdhe8192']
-
- if any(x in ec_groups for x in self._named_groups):
- ret.append('requires_config_enabled PSA_WANT_ALG_ECDH')
-
- if any(x in ffdh_groups for x in self._named_groups):
- ret.append('requires_config_enabled PSA_WANT_ALG_FFDH')
- self.add_ffdh_group_requirements(ret)
-
- return ret
-
-
-class MbedTLSServ(MbedTLSBase):
- """
- Generate test commands for mbedTLS server.
- """
-
- def cmd(self):
- ret = super().cmd()
- ret += ['tls13_kex_modes=ephemeral cookies=0 tickets=0']
- return ret
-
- def pre_checks(self):
- return ['requires_config_enabled MBEDTLS_SSL_SRV_C'] + super().pre_checks()
-
- def post_checks(self):
- check_strings = ["Protocol is TLSv1.3"]
- if self._ciphers:
- check_strings.append(
- "server hello, chosen ciphersuite: {} ( id={:04d} )".format(
- self.CIPHER_SUITE[self._ciphers[0]],
- CIPHER_SUITE_IANA_VALUE[self._ciphers[0]]))
- if self._sig_algs:
- check_strings.append(
- "received signature algorithm: 0x{:x}".format(
- SIG_ALG_IANA_VALUE[self._sig_algs[0]]))
-
- for named_group in self._named_groups:
- check_strings += ['got named group: {named_group}({iana_value:04x})'.format(
- named_group=named_group,
- iana_value=NAMED_GROUP_IANA_VALUE[named_group])]
-
- check_strings.append("Certificate verification was skipped")
- return ['-s "{}"'.format(i) for i in check_strings]
-
- def pre_cmd(self):
- ret = ['$P_SRV']
- for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
- ret += ['crt_file={cert} key_file={key}'.format(cert=cert, key=key)]
- return ret
-
- def hrr_post_checks(self, named_group):
- return ['-s "HRR selected_group: {:s}"'.format(named_group)]
-
-
-class MbedTLSCli(MbedTLSBase):
- """
- Generate test commands for mbedTLS client.
- """
-
- def pre_cmd(self):
- return ['$P_CLI',
- 'ca_file={cafile}'.format(cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
-
- def pre_checks(self):
- return ['requires_config_enabled MBEDTLS_SSL_CLI_C'] + super().pre_checks()
-
- def hrr_post_checks(self, named_group):
- ret = ['-c "received HelloRetryRequest message"']
- ret += ['-c "selected_group ( {:d} )"'.format(NAMED_GROUP_IANA_VALUE[named_group])]
- return ret
-
- def post_checks(self):
- check_strings = ["Protocol is TLSv1.3"]
- if self._ciphers:
- check_strings.append(
- "server hello, chosen ciphersuite: ( {:04x} ) - {}".format(
- CIPHER_SUITE_IANA_VALUE[self._ciphers[0]],
- self.CIPHER_SUITE[self._ciphers[0]]))
- if self._sig_algs:
- check_strings.append(
- "Certificate Verify: Signature algorithm ( {:04x} )".format(
- SIG_ALG_IANA_VALUE[self._sig_algs[0]]))
-
- for named_group in self._named_groups:
- check_strings += ['NamedGroup: {named_group} ( {iana_value:x} )'.format(
- named_group=named_group,
- iana_value=NAMED_GROUP_IANA_VALUE[named_group])]
-
- check_strings.append("Verifying peer X.509 certificate... ok")
- return ['-c "{}"'.format(i) for i in check_strings]
-
-
-SERVER_CLASSES = {'OpenSSL': OpenSSLServ, 'GnuTLS': GnuTLSServ, 'mbedTLS': MbedTLSServ}
-CLIENT_CLASSES = {'OpenSSL': OpenSSLCli, 'GnuTLS': GnuTLSCli, 'mbedTLS': MbedTLSCli}
-
-
-def generate_compat_test(client=None, server=None, cipher=None, named_group=None, sig_alg=None):
- """
- Generate test case with `ssl-opt.sh` format.
- """
- name = 'TLS 1.3 {client[0]}->{server[0]}: {cipher},{named_group},{sig_alg}'.format(
- client=client, server=server, cipher=cipher[4:], sig_alg=sig_alg, named_group=named_group)
-
- server_object = SERVER_CLASSES[server](ciphersuite=cipher,
- named_group=named_group,
- signature_algorithm=sig_alg,
- cert_sig_alg=sig_alg)
- client_object = CLIENT_CLASSES[client](ciphersuite=cipher,
- named_group=named_group,
- signature_algorithm=sig_alg,
- cert_sig_alg=sig_alg)
-
- cmd = ['run_test "{}"'.format(name),
- '"{}"'.format(' '.join(server_object.cmd())),
- '"{}"'.format(' '.join(client_object.cmd())),
- '0']
- cmd += server_object.post_checks()
- cmd += client_object.post_checks()
- cmd += ['-C "received HelloRetryRequest message"']
- prefix = ' \\\n' + (' '*9)
- cmd = prefix.join(cmd)
- return '\n'.join(server_object.pre_checks() + client_object.pre_checks() + [cmd])
-
-
-def generate_hrr_compat_test(client=None, server=None,
- client_named_group=None, server_named_group=None,
- cert_sig_alg=None):
- """
- Generate Hello Retry Request test case with `ssl-opt.sh` format.
- """
- name = 'TLS 1.3 {client[0]}->{server[0]}: HRR {c_named_group} -> {s_named_group}'.format(
- client=client, server=server, c_named_group=client_named_group,
- s_named_group=server_named_group)
- server_object = SERVER_CLASSES[server](named_group=server_named_group,
- cert_sig_alg=cert_sig_alg)
-
- client_object = CLIENT_CLASSES[client](named_group=client_named_group,
- cert_sig_alg=cert_sig_alg)
- client_object.add_named_groups(server_named_group)
-
- cmd = ['run_test "{}"'.format(name),
- '"{}"'.format(' '.join(server_object.cmd())),
- '"{}"'.format(' '.join(client_object.cmd())),
- '0']
- cmd += server_object.post_checks()
- cmd += client_object.post_checks()
- cmd += server_object.hrr_post_checks(server_named_group)
- cmd += client_object.hrr_post_checks(server_named_group)
- prefix = ' \\\n' + (' '*9)
- cmd = prefix.join(cmd)
- return '\n'.join(server_object.pre_checks() +
- client_object.pre_checks() +
- [cmd])
-
-SSL_OUTPUT_HEADER = '''#!/bin/sh
-
-# {filename}
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-# Purpose
-#
-# List TLS1.3 compat test cases. They are generated by
-# `{cmd}`.
-#
-# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
-# AND REGENERATE THIS FILE.
-#
-'''
-DATA_FILES_PATH_VAR = '''
-DATA_FILES_PATH=../framework/data_files
-'''
-
-def main():
- """
- Main function of this program
- """
- parser = argparse.ArgumentParser()
-
- parser.add_argument('-o', '--output', nargs='?',
- default=None, help='Output file path if `-a` was set')
-
- parser.add_argument('-a', '--generate-all-tls13-compat-tests', action='store_true',
- default=False, help='Generate all available tls13 compat tests')
-
- parser.add_argument('--list-ciphers', action='store_true',
- default=False, help='List supported ciphersuites')
-
- parser.add_argument('--list-sig-algs', action='store_true',
- default=False, help='List supported signature algorithms')
-
- parser.add_argument('--list-named-groups', action='store_true',
- default=False, help='List supported named groups')
-
- parser.add_argument('--list-servers', action='store_true',
- default=False, help='List supported TLS servers')
-
- parser.add_argument('--list-clients', action='store_true',
- default=False, help='List supported TLS Clients')
-
- parser.add_argument('server', choices=SERVER_CLASSES.keys(), nargs='?',
- default=list(SERVER_CLASSES.keys())[0],
- help='Choose TLS server program for test')
- parser.add_argument('client', choices=CLIENT_CLASSES.keys(), nargs='?',
- default=list(CLIENT_CLASSES.keys())[0],
- help='Choose TLS client program for test')
- parser.add_argument('cipher', choices=CIPHER_SUITE_IANA_VALUE.keys(), nargs='?',
- default=list(CIPHER_SUITE_IANA_VALUE.keys())[0],
- help='Choose cipher suite for test')
- parser.add_argument('sig_alg', choices=SIG_ALG_IANA_VALUE.keys(), nargs='?',
- default=list(SIG_ALG_IANA_VALUE.keys())[0],
- help='Choose cipher suite for test')
- parser.add_argument('named_group', choices=NAMED_GROUP_IANA_VALUE.keys(), nargs='?',
- default=list(NAMED_GROUP_IANA_VALUE.keys())[0],
- help='Choose cipher suite for test')
-
- args = parser.parse_args()
-
- def get_all_test_cases():
- # Generate normal compat test cases
- for client, server, cipher, named_group, sig_alg in \
- itertools.product(CLIENT_CLASSES.keys(),
- SERVER_CLASSES.keys(),
- CIPHER_SUITE_IANA_VALUE.keys(),
- NAMED_GROUP_IANA_VALUE.keys(),
- SIG_ALG_IANA_VALUE.keys()):
- if server == 'mbedTLS' or client == 'mbedTLS':
- yield generate_compat_test(client=client, server=server,
- cipher=cipher, named_group=named_group,
- sig_alg=sig_alg)
-
-
- # Generate Hello Retry Request compat test cases
- for client, server, client_named_group, server_named_group in \
- itertools.product(CLIENT_CLASSES.keys(),
- SERVER_CLASSES.keys(),
- NAMED_GROUP_IANA_VALUE.keys(),
- NAMED_GROUP_IANA_VALUE.keys()):
-
- if (client == 'mbedTLS' or server == 'mbedTLS') and \
- client_named_group != server_named_group:
- yield generate_hrr_compat_test(client=client, server=server,
- client_named_group=client_named_group,
- server_named_group=server_named_group,
- cert_sig_alg="ecdsa_secp256r1_sha256")
-
- if args.generate_all_tls13_compat_tests:
- if args.output:
- with open(args.output, 'w', encoding="utf-8") as f:
- f.write(SSL_OUTPUT_HEADER.format(
- filename=os.path.basename(args.output), cmd=' '.join(sys.argv)))
- f.write(DATA_FILES_PATH_VAR)
- f.write('\n\n'.join(get_all_test_cases()))
- f.write('\n')
- else:
- print('\n\n'.join(get_all_test_cases()))
- return 0
-
- if args.list_ciphers or args.list_sig_algs or args.list_named_groups \
- or args.list_servers or args.list_clients:
- if args.list_ciphers:
- print(*CIPHER_SUITE_IANA_VALUE.keys())
- if args.list_sig_algs:
- print(*SIG_ALG_IANA_VALUE.keys())
- if args.list_named_groups:
- print(*NAMED_GROUP_IANA_VALUE.keys())
- if args.list_servers:
- print(*SERVER_CLASSES.keys())
- if args.list_clients:
- print(*CLIENT_CLASSES.keys())
- return 0
-
- print(generate_compat_test(server=args.server, client=args.client, sig_alg=args.sig_alg,
- cipher=args.cipher, named_group=args.named_group))
- return 0
-
-
-if __name__ == "__main__":
- sys.exit(main())
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
deleted file mode 100755
index 5557de3..0000000
--- a/tests/scripts/test-ref-configs.pl
+++ /dev/null
@@ -1,158 +0,0 @@
-#!/usr/bin/env perl
-
-# test-ref-configs.pl
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-# Purpose
-#
-# For each reference configuration file in the configs directory, build the
-# configuration, run the test suites and compat.sh
-#
-# Usage: tests/scripts/test-ref-configs.pl [config-name [...]]
-
-use warnings;
-use strict;
-
-my %configs = (
- 'config-ccm-psk-tls1_2.h' => {
- 'compat' => '-m tls12 -f \'^TLS_PSK_WITH_AES_..._CCM_8\'',
- },
- 'config-ccm-psk-dtls1_2.h' => {
- 'compat' => '-m dtls12 -f \'^TLS_PSK_WITH_AES_..._CCM_8\'',
- 'opt' => ' ',
- 'opt_needs_debug' => 1,
- },
- 'config-no-entropy.h' => {
- },
- 'config-suite-b.h' => {
- 'compat' => "-m tls12 -f 'ECDHE_ECDSA.*AES.*GCM' -p mbedTLS",
- 'opt' => ' ',
- 'opt_needs_debug' => 1,
- },
- 'config-symmetric-only.h' => {
- },
- 'config-tfm.h' => {
- },
- 'config-thread.h' => {
- 'opt' => '-f ECJPAKE.*nolog',
- },
-);
-
-# If no config-name is provided, use all known configs.
-# Otherwise, use the provided names only.
-my @configs_to_test = sort keys %configs;
-if ($#ARGV >= 0) {
- foreach my $conf_name ( @ARGV ) {
- if( ! exists $configs{$conf_name} ) {
- die "Unknown configuration: $conf_name\n";
- }
- }
- @configs_to_test = @ARGV;
-}
-
--d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
-
-my $config_h = 'include/mbedtls/mbedtls_config.h';
-
-system( "cp $config_h $config_h.bak" ) and die;
-sub abort {
- system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
- # use an exit code between 1 and 124 for git bisect (die returns 255)
- warn $_[0];
- exit 1;
-}
-
-# Create a seedfile for configurations that enable MBEDTLS_ENTROPY_NV_SEED.
-# For test purposes, this doesn't have to be cryptographically random.
-if (!-e "tests/seedfile" || -s "tests/seedfile" < 64) {
- local *SEEDFILE;
- open SEEDFILE, ">tests/seedfile" or die;
- print SEEDFILE "*" x 64 or die;
- close SEEDFILE or die;
-}
-
-sub perform_test {
- my $conf_file = $_[0];
- my $data = $_[1];
- my $test_with_psa = $_[2];
-
- my $conf_name = $conf_file;
- if ( $test_with_psa )
- {
- $conf_name .= "+PSA";
- }
-
- system( "cp $config_h.bak $config_h" ) and die;
- system( "make clean" ) and die;
-
- print "\n******************************************\n";
- print "* Testing configuration: $conf_name\n";
- print "******************************************\n";
-
- $ENV{MBEDTLS_TEST_CONFIGURATION} = $conf_name;
-
- system( "cp configs/$conf_file $config_h" )
- and abort "Failed to activate $conf_file\n";
-
- if ( $test_with_psa )
- {
- system( "scripts/config.py set MBEDTLS_PSA_CRYPTO_C" );
- system( "scripts/config.py set MBEDTLS_USE_PSA_CRYPTO" );
- }
-
- system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf_name\n";
- system( "make test" ) and abort "Failed test suite: $conf_name\n";
-
- my $compat = $data->{'compat'};
- if( $compat )
- {
- print "\nrunning compat.sh $compat ($conf_name)\n";
- system( "tests/compat.sh $compat" )
- and abort "Failed compat.sh: $conf_name\n";
- }
- else
- {
- print "\nskipping compat.sh ($conf_name)\n";
- }
-
- my $opt = $data->{'opt'};
- if( $opt )
- {
- if( $data->{'opt_needs_debug'} )
- {
- print "\nrebuilding with debug traces for ssl-opt ($conf_name)\n";
- $conf_name .= '+DEBUG';
- $ENV{MBEDTLS_TEST_CONFIGURATION} = $conf_name;
- system( "make clean" );
- system( "scripts/config.py set MBEDTLS_DEBUG_C" );
- system( "scripts/config.py set MBEDTLS_ERROR_C" );
- system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf_name\n";
- }
-
- print "\nrunning ssl-opt.sh $opt ($conf_name)\n";
- system( "tests/ssl-opt.sh $opt" )
- and abort "Failed ssl-opt.sh: $conf_name\n";
- }
- else
- {
- print "\nskipping ssl-opt.sh ($conf_name)\n";
- }
-}
-
-foreach my $conf ( @configs_to_test ) {
- system("grep '//#define MBEDTLS_USE_PSA_CRYPTO' configs/$conf > /dev/null");
- die "grep ... configs/$conf: $!" if $? != 0 && $? != 0x100;
- my $test_with_psa = $? == 0;
-
- if ( $test_with_psa )
- {
- perform_test( $conf, $configs{$conf}, $test_with_psa );
- }
- perform_test( $conf, $configs{$conf}, 0 );
-}
-
-system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
-system( "make clean" );
-exit 0;
diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py
deleted file mode 100755
index 90514fc..0000000
--- a/tests/scripts/translate_ciphers.py
+++ /dev/null
@@ -1,180 +0,0 @@
-#!/usr/bin/env python3
-
-# translate_ciphers.py
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-"""
-Translate standard ciphersuite names to GnuTLS, OpenSSL and Mbed TLS standards.
-
-To test the translation functions run:
-python3 -m unittest translate_cipher.py
-"""
-
-import re
-import argparse
-import unittest
-
-class TestTranslateCiphers(unittest.TestCase):
- """
- Ensure translate_ciphers.py translates and formats ciphersuite names
- correctly
- """
- def test_translate_all_cipher_names(self):
- """
- Translate standard ciphersuite names to GnuTLS, OpenSSL and
- Mbed TLS counterpart. Use only a small subset of ciphers
- that exercise each step of the translation functions
- """
- ciphers = [
- ("TLS_ECDHE_ECDSA_WITH_NULL_SHA",
- "+ECDHE-ECDSA:+NULL:+SHA1",
- "ECDHE-ECDSA-NULL-SHA",
- "TLS-ECDHE-ECDSA-WITH-NULL-SHA"),
- ("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
- "+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
- "ECDHE-ECDSA-AES128-GCM-SHA256",
- "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256"),
- ("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
- "+DHE-RSA:+3DES-CBC:+SHA1",
- "EDH-RSA-DES-CBC3-SHA",
- "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA"),
- ("TLS_RSA_WITH_AES_256_CBC_SHA",
- "+RSA:+AES-256-CBC:+SHA1",
- "AES256-SHA",
- "TLS-RSA-WITH-AES-256-CBC-SHA"),
- ("TLS_PSK_WITH_3DES_EDE_CBC_SHA",
- "+PSK:+3DES-CBC:+SHA1",
- "PSK-3DES-EDE-CBC-SHA",
- "TLS-PSK-WITH-3DES-EDE-CBC-SHA"),
- ("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
- None,
- "ECDHE-ECDSA-CHACHA20-POLY1305",
- "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256"),
- ("TLS_ECDHE_ECDSA_WITH_AES_128_CCM",
- "+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
- None,
- "TLS-ECDHE-ECDSA-WITH-AES-128-CCM"),
- ("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384",
- None,
- "ECDHE-ARIA256-GCM-SHA384",
- "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384"),
- ]
-
- for s, g_exp, o_exp, m_exp in ciphers:
-
- if g_exp is not None:
- g = translate_gnutls(s)
- self.assertEqual(g, g_exp)
-
- if o_exp is not None:
- o = translate_ossl(s)
- self.assertEqual(o, o_exp)
-
- if m_exp is not None:
- m = translate_mbedtls(s)
- self.assertEqual(m, m_exp)
-
-def translate_gnutls(s_cipher):
- """
- Translate s_cipher from standard ciphersuite naming convention
- and return the GnuTLS naming convention
- """
-
- # Replace "_" with "-" to handle ciphersuite names based on Mbed TLS
- # naming convention
- s_cipher = s_cipher.replace("_", "-")
-
- s_cipher = re.sub(r'\ATLS-', '+', s_cipher)
- s_cipher = s_cipher.replace("-WITH-", ":+")
- s_cipher = s_cipher.replace("-EDE", "")
-
- # SHA in Mbed TLS == SHA1 GnuTLS,
- # if the last 3 chars are SHA append 1
- if s_cipher[-3:] == "SHA":
- s_cipher = s_cipher+"1"
-
- # CCM or CCM-8 should be followed by ":+AEAD"
- # Replace "GCM:+SHAxyz" with "GCM:+AEAD"
- if "CCM" in s_cipher or "GCM" in s_cipher:
- s_cipher = re.sub(r"GCM-SHA\d\d\d", "GCM", s_cipher)
- s_cipher = s_cipher+":+AEAD"
-
- # Replace the last "-" with ":+"
- else:
- index = s_cipher.rindex("-")
- s_cipher = s_cipher[:index] + ":+" + s_cipher[index+1:]
-
- return s_cipher
-
-def translate_ossl(s_cipher):
- """
- Translate s_cipher from standard ciphersuite naming convention
- and return the OpenSSL naming convention
- """
-
- # Replace "_" with "-" to handle ciphersuite names based on Mbed TLS
- # naming convention
- s_cipher = s_cipher.replace("_", "-")
-
- s_cipher = re.sub(r'^TLS-', '', s_cipher)
- s_cipher = s_cipher.replace("-WITH", "")
-
- # Remove the "-" from "ABC-xyz"
- s_cipher = s_cipher.replace("AES-", "AES")
- s_cipher = s_cipher.replace("CAMELLIA-", "CAMELLIA")
- s_cipher = s_cipher.replace("ARIA-", "ARIA")
-
- # Remove "RSA" if it is at the beginning
- s_cipher = re.sub(r'^RSA-', r'', s_cipher)
-
- # For all circumstances outside of PSK
- if "PSK" not in s_cipher:
- s_cipher = s_cipher.replace("-EDE", "")
- s_cipher = s_cipher.replace("3DES-CBC", "DES-CBC3")
-
- # Remove "CBC" if it is not prefixed by DES
- s_cipher = re.sub(r'(?<!DES-)CBC-', r'', s_cipher)
-
- # ECDHE-RSA-ARIA does not exist in OpenSSL
- s_cipher = s_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA")
-
- # POLY1305 should not be followed by anything
- if "POLY1305" in s_cipher:
- index = s_cipher.rindex("POLY1305")
- s_cipher = s_cipher[:index+8]
-
- # If DES is being used, Replace DHE with EDH
- if "DES" in s_cipher and "DHE" in s_cipher and "ECDHE" not in s_cipher:
- s_cipher = s_cipher.replace("DHE", "EDH")
-
- return s_cipher
-
-def translate_mbedtls(s_cipher):
- """
- Translate s_cipher from standard ciphersuite naming convention
- and return Mbed TLS ciphersuite naming convention
- """
-
- # Replace "_" with "-"
- s_cipher = s_cipher.replace("_", "-")
-
- return s_cipher
-
-def format_ciphersuite_names(mode, names):
- t = {"g": translate_gnutls,
- "o": translate_ossl,
- "m": translate_mbedtls
- }[mode]
- return " ".join(c + '=' + t(c) for c in names)
-
-def main(target, names):
- print(format_ciphersuite_names(target, names))
-
-if __name__ == "__main__":
- PARSER = argparse.ArgumentParser()
- PARSER.add_argument('target', metavar='TARGET', choices=['o', 'g', 'm'])
- PARSER.add_argument('names', metavar='NAMES', nargs='+')
- ARGS = PARSER.parse_args()
- main(ARGS.target, ARGS.names)
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 83d6d73..3315ba2 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -491,6 +491,37 @@
requires_certificate_authentication;;
esac
+ case " $CMD_LINE " in
+ *"programs/ssl/dtls_client "*|\
+ *"programs/ssl/ssl_client1 "*)
+ requires_config_enabled MBEDTLS_CTR_DRBG_C
+ requires_config_enabled MBEDTLS_ENTROPY_C
+ requires_config_enabled MBEDTLS_PEM_PARSE_C
+ requires_config_enabled MBEDTLS_SSL_CLI_C
+ requires_certificate_authentication
+ ;;
+ *"programs/ssl/dtls_server "*|\
+ *"programs/ssl/ssl_fork_server "*|\
+ *"programs/ssl/ssl_pthread_server "*|\
+ *"programs/ssl/ssl_server "*)
+ requires_config_enabled MBEDTLS_CTR_DRBG_C
+ requires_config_enabled MBEDTLS_ENTROPY_C
+ requires_config_enabled MBEDTLS_PEM_PARSE_C
+ requires_config_enabled MBEDTLS_SSL_SRV_C
+ requires_certificate_authentication
+ # The actual minimum depends on the configuration since it's
+ # mostly about the certificate size.
+ # In config-suite-b.h, for the test certificates (server5.crt),
+ # 1024 is not enough.
+ requires_config_value_at_least MBEDTLS_SSL_OUT_CONTENT_LEN 2000
+ ;;
+ esac
+
+ case " $CMD_LINE " in
+ *"programs/ssl/ssl_pthread_server "*)
+ requires_config_enabled MBEDTLS_THREADING_PTHREAD;;
+ esac
+
case "$CMD_LINE" in
*[-_\ =]psk*|*[-_\ =]PSK*) :;; # No certificate requirement with PSK
*/server5*|\
@@ -1252,7 +1283,7 @@
# check if the given command uses dtls and sets global variable DTLS
detect_dtls() {
case "$1" in
- *dtls=1*|*-dtls*|*-u*) DTLS=1;;
+ *dtls=1*|*-dtls*|*-u*|*/dtls_*) DTLS=1;;
*) DTLS=0;;
esac
}
@@ -1372,9 +1403,13 @@
# Outputs:
# * $CLI_CMD, $PXY_CMD, $SRV_CMD: may be tweaked.
analyze_test_commands() {
- # if the test uses DTLS but no custom proxy, add a simple proxy
- # as it provides timing info that's useful to debug failures
- if [ -z "$PXY_CMD" ] && [ "$DTLS" -eq 1 ]; then
+ # If the test uses DTLS, does not force a specific port, and does not
+ # specify a custom proxy, add a simple proxy.
+ # It provides timing info that's useful to debug failures.
+ if [ "$DTLS" -eq 1 ] &&
+ [ "$THIS_SRV_PORT" = "$SRV_PORT" ] &&
+ [ -z "$PXY_CMD" ]
+ then
PXY_CMD="$P_PXY"
case " $SRV_CMD " in
*' server_addr=::1 '*)
@@ -1410,7 +1445,20 @@
if [ -n "$PXY_CMD" ]; then
CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g )
else
- CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$SRV_PORT/g )
+ CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$THIS_SRV_PORT/g )
+ fi
+
+ # If the test forces a specific port and the server is OpenSSL or
+ # GnuTLS, override its port specification.
+ if [ "$THIS_SRV_PORT" != "$SRV_PORT" ]; then
+ case "$SRV_CMD" in
+ "$G_SRV"*|"$G_NEXT_SRV"*)
+ SRV_CMD=$(
+ printf %s "$SRV_CMD " |
+ sed -e "s/ -p $SRV_PORT / -p $THIS_SRV_PORT /"
+ );;
+ "$O_SRV"*|"$O_NEXT_SRV"*) SRV_CMD="$SRV_CMD -accept $THIS_SRV_PORT";;
+ esac
fi
# prepend valgrind to our commands if active
@@ -1609,7 +1657,7 @@
printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT
provide_input | $SRV_CMD >> $SRV_OUT 2>&1 &
SRV_PID=$!
- wait_server_start "$SRV_PORT" "$SRV_PID"
+ wait_server_start "$THIS_SRV_PORT" "$SRV_PID"
printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT
# The client must be a subprocess of the script in order for killing it to
@@ -1732,7 +1780,7 @@
esac
fi
- # does this test use a proxy?
+ # Does this test specify a proxy?
if [ "X$1" = "X-p" ]; then
PXY_CMD="$2"
shift 2
@@ -1740,6 +1788,14 @@
PXY_CMD=""
fi
+ # Does this test force a specific port?
+ if [ "$1" = "-P" ]; then
+ THIS_SRV_PORT="$2"
+ shift 2
+ else
+ THIS_SRV_PORT="$SRV_PORT"
+ fi
+
# get commands and client output
SRV_CMD="$1"
CLI_CMD="$2"
@@ -1761,7 +1817,10 @@
# Check if we are trying to use an external tool which does not support ECDH
EXT_WO_ECDH=$(use_ext_tool_without_ecdh_support "$SRV_CMD" "$CLI_CMD")
- # Guess the TLS version which is going to be used
+ # Guess the TLS version which is going to be used.
+ # Note that this detection is wrong in some cases, which causes unduly
+ # skipped test cases in builds with TLS 1.3 but not TLS 1.2.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9560
if [ "$EXT_WO_ECDH" = "no" ]; then
TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD")
else
@@ -4901,7 +4960,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Server-side parsing and debug output" \
@@ -4915,7 +4975,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \
@@ -4947,7 +5008,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 1 fragment" \
@@ -4966,7 +5028,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 2 fragments" \
@@ -4985,7 +5048,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 3 fragments" \
@@ -5004,7 +5068,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 1 fragment" \
@@ -5020,7 +5085,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 2 fragments" \
@@ -5036,7 +5102,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 3 fragments" \
@@ -5052,7 +5119,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 1 fragment" \
@@ -5068,7 +5136,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 2 fragments" \
@@ -5084,7 +5153,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 3 fragments" \
@@ -5100,7 +5170,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 1 fragment" \
@@ -5116,7 +5187,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 2 fragments" \
@@ -5132,7 +5204,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 3 fragments" \
@@ -5148,7 +5221,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 1 fragment" \
@@ -5164,7 +5238,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 2 fragments" \
@@ -5180,7 +5255,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 3 fragments" \
@@ -5196,7 +5272,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 1 fragment" \
@@ -5212,7 +5289,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 2 fragments" \
@@ -5228,7 +5306,8 @@
requires_gnutls_tls1_3
requires_gnutls_record_size_limit
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 3 fragments" \
@@ -5246,7 +5325,9 @@
# MBEDTLS_SSL_IN_CONTENT_LEN. Once we support variable buffer length of
# RecordSizeLimit, we need to modify value of RecordSizeLimit in below test.
requires_config_value_equals "MBEDTLS_SSL_IN_CONTENT_LEN" 16384
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Record Size Limit: TLS 1.3 m->m: both peer comply with record size limit (default)" \
@@ -7102,7 +7183,8 @@
# Tests for version negotiation, MbedTLS client and server
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Version nego m->m: cli 1.2, srv 1.2 -> 1.2" \
@@ -7114,8 +7196,10 @@
-s "Protocol is TLSv1.2" \
-c "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Version nego m->m: cli max=1.2, srv max=1.2 -> 1.2" \
"$P_SRV max_version=tls12" \
@@ -7126,8 +7210,9 @@
-s "Protocol is TLSv1.2" \
-c "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Version nego m->m: cli 1.3, srv 1.3 -> 1.3" \
"$P_SRV" \
@@ -7138,9 +7223,11 @@
-s "Protocol is TLSv1.3" \
-c "Protocol is TLSv1.3"
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Version nego m->m: cli min=1.3, srv min=1.3 -> 1.3" \
"$P_SRV min_version=tls13" \
"$P_CLI min_version=tls13" \
@@ -7150,9 +7237,11 @@
-s "Protocol is TLSv1.3" \
-c "Protocol is TLSv1.3"
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Version nego m->m: cli 1.2+1.3, srv 1.2+1.3 -> 1.3" \
"$P_SRV" \
"$P_CLI" \
@@ -7162,9 +7251,11 @@
-s "Protocol is TLSv1.3" \
-c "Protocol is TLSv1.3"
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Version nego m->m: cli 1.2+1.3, srv min=1.3 -> 1.3" \
"$P_SRV min_version=tls13" \
"$P_CLI" \
@@ -7174,8 +7265,10 @@
-s "Protocol is TLSv1.3" \
-c "Protocol is TLSv1.3"
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Version nego m->m: cli 1.2+1.3, srv max=1.2 -> 1.2" \
"$P_SRV max_version=tls12" \
@@ -7186,8 +7279,10 @@
-s "Protocol is TLSv1.2" \
-c "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Version nego m->m: cli max=1.2, srv 1.2+1.3 -> 1.2" \
"$P_SRV" \
@@ -7198,9 +7293,11 @@
-s "Protocol is TLSv1.2" \
-c "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Version nego m->m: cli min=1.3, srv 1.2+1.3 -> 1.3" \
"$P_SRV" \
"$P_CLI min_version=tls13" \
@@ -7210,8 +7307,10 @@
-s "Protocol is TLSv1.3" \
-c "Protocol is TLSv1.3"
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "Not supported version m->m: cli max=1.2, srv min=1.3" \
"$P_SRV min_version=tls13" \
"$P_CLI max_version=tls12" \
@@ -7222,8 +7321,10 @@
-S "Protocol is TLSv1.3" \
-C "Protocol is TLSv1.3"
-requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "Not supported version m->m: cli min=1.3, srv max=1.2" \
"$P_SRV max_version=tls12" \
"$P_CLI min_version=tls13" \
@@ -7236,7 +7337,8 @@
# Tests of version negotiation on server side against GnuTLS client
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Server version nego G->m: cli 1.2, srv 1.2+(1.3) -> 1.2" \
"$P_SRV" \
@@ -7245,8 +7347,9 @@
-S "mbedtls_ssl_handshake returned" \
-s "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Server version nego G->m: cli 1.2, srv max=1.2 -> 1.2" \
"$P_SRV max_version=tls12" \
@@ -7255,9 +7358,9 @@
-S "mbedtls_ssl_handshake returned" \
-s "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Server version nego G->m: cli 1.3, srv (1.2)+1.3 -> 1.3" \
"$P_SRV" \
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \
@@ -7265,10 +7368,10 @@
-S "mbedtls_ssl_handshake returned" \
-s "Protocol is TLSv1.3"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Server version nego G->m: cli 1.3, srv min=1.3 -> 1.3" \
"$P_SRV min_version=tls13" \
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \
@@ -7276,9 +7379,9 @@
-S "mbedtls_ssl_handshake returned" \
-s "Protocol is TLSv1.3"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Server version nego G->m: cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \
"$P_SRV" \
"$G_NEXT_CLI localhost --priority=NORMAL" \
@@ -7287,8 +7390,9 @@
-s "Protocol is TLSv1.3"
requires_gnutls_next_disable_tls13_compat
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Server version nego G->m (no compat): cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \
"$P_SRV" \
"$G_NEXT_CLI localhost --priority=NORMAL:%DISABLE_TLS13_COMPAT_MODE" \
@@ -7304,19 +7408,19 @@
# if TLS 1.2 was its preferred version. Keeping the test even if the
# handshake fails eventually as it exercices parts of the Mbed TLS
# implementation that are otherwise not exercised.
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "Server version nego G->m: cli 1.2+1.3 (1.2 preferred!), srv 1.2+1.3 -> 1.2" \
"$P_SRV" \
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" \
1 \
-c "Detected downgrade to TLS 1.2 from TLS 1.3"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Server version nego G->m: cli 1.2+1.3, srv min=1.3 -> 1.3" \
"$P_SRV min_version=tls13" \
"$G_NEXT_CLI localhost --priority=NORMAL" \
@@ -7334,8 +7438,9 @@
-S "mbedtls_ssl_handshake returned" \
-s "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Server version nego G->m: cli 1.2+1.3, max=1.2 -> 1.2" \
"$P_SRV max_version=tls12" \
@@ -7379,8 +7484,9 @@
-s "The handshake negotiation failed" \
-S "Protocol is TLSv1.3"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "Not supported version G->m: cli 1.2, srv min=1.3" \
"$P_SRV min_version=tls13" \
"$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \
@@ -7388,8 +7494,9 @@
-s "Handshake protocol not within min/max boundaries" \
-S "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "Not supported version G->m: cli 1.3, srv max=1.2" \
"$P_SRV max_version=tls12" \
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \
@@ -7400,7 +7507,8 @@
# Tests of version negotiation on server side against OpenSSL client
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Server version nego O->m: cli 1.2, srv 1.2+(1.3) -> 1.2" \
"$P_SRV" \
@@ -7409,8 +7517,9 @@
-S "mbedtls_ssl_handshake returned" \
-s "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Server version nego O->m: cli 1.2, srv max=1.2 -> 1.2" \
"$P_SRV max_version=tls12" \
@@ -7420,9 +7529,9 @@
-s "Protocol is TLSv1.2"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Server version nego O->m: cli 1.3, srv (1.2)+1.3 -> 1.3" \
"$P_SRV" \
"$O_NEXT_CLI -tls1_3" \
@@ -7431,10 +7540,10 @@
-s "Protocol is TLSv1.3"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Server version nego O->m: cli 1.3, srv min=1.3 -> 1.3" \
"$P_SRV min_version=tls13" \
"$O_NEXT_CLI -tls1_3" \
@@ -7443,9 +7552,9 @@
-s "Protocol is TLSv1.3"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Server version nego O->m: cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \
"$P_SRV" \
"$O_NEXT_CLI" \
@@ -7454,8 +7563,9 @@
-s "Protocol is TLSv1.3"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Server version nego O->m (no compat): cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \
"$P_SRV" \
"$O_NEXT_CLI -no_middlebox" \
@@ -7464,10 +7574,10 @@
-s "Protocol is TLSv1.3"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3 \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
- MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Server version nego O->m: cli 1.2+1.3, srv min=1.3 -> 1.3" \
"$P_SRV min_version=tls13" \
"$O_NEXT_CLI" \
@@ -7485,8 +7595,9 @@
-S "mbedtls_ssl_handshake returned" \
-s "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Server version nego O->m: cli 1.2+1.3, srv max=1.2 -> 1.2" \
"$P_SRV max_version=tls12" \
@@ -7530,8 +7641,9 @@
-s "The handshake negotiation failed" \
-S "Protocol is TLSv1.3"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "Not supported version O->m: cli 1.2, srv min=1.3" \
"$P_SRV min_version=tls13" \
"$O_NEXT_CLI -tls1_2" \
@@ -7539,8 +7651,9 @@
-s "Handshake protocol not within min/max boundaries" \
-S "Protocol is TLSv1.2"
-requires_all_configs_enabled MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "Not supported version O->m: cli 1.3, srv max=1.2" \
"$P_SRV max_version=tls12" \
"$O_NEXT_CLI -tls1_3" \
@@ -7889,8 +8002,7 @@
-c "! Usage does not match the keyUsage extension"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: DigitalSignature, RSA: OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ds.crt" \
@@ -7901,8 +8013,7 @@
-c "Ciphersuite is"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ds_ke.crt" \
@@ -7913,8 +8024,7 @@
-c "Ciphersuite is"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \
@@ -7928,8 +8038,7 @@
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ka.crt" \
@@ -7943,8 +8052,7 @@
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ds.crt" \
@@ -7955,8 +8063,7 @@
-c "Ciphersuite is"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ke.crt" \
@@ -7970,8 +8077,7 @@
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ka.crt" \
@@ -8066,8 +8172,7 @@
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \
@@ -8078,8 +8183,7 @@
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature+KeyEncipherment: OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \
@@ -8090,8 +8194,7 @@
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \
@@ -8103,8 +8206,7 @@
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (hard)" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \
"$P_CLI key_file=$DATA_FILES_PATH/server2.key \
@@ -8118,8 +8220,7 @@
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
@@ -8130,8 +8231,7 @@
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
@@ -8142,8 +8242,7 @@
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (hard)" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \
"$P_CLI key_file=$DATA_FILES_PATH/server5.key \
@@ -8241,8 +8340,7 @@
# MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: serverAuth -> OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-srv.crt" \
@@ -8253,8 +8351,7 @@
-c "Ciphersuite is"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \
@@ -8265,8 +8362,7 @@
-c "Ciphersuite is"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \
@@ -8277,8 +8373,7 @@
-c "Ciphersuite is"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: codeSign -> fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs.crt" \
@@ -8344,8 +8439,7 @@
# MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: clientAuth -> OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
@@ -8355,8 +8449,7 @@
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: serverAuth,clientAuth -> OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
@@ -8366,8 +8459,7 @@
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign,anyEKU -> OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
@@ -8377,8 +8469,7 @@
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
@@ -8390,8 +8481,7 @@
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (hard)" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \
"$P_CLI key_file=$DATA_FILES_PATH/server5.key \
@@ -12563,8 +12653,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: minimal feature sets - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=3" \
@@ -12596,8 +12685,7 @@
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: minimal feature sets - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=3" \
@@ -12630,8 +12718,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_ALPN
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: alpn - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -alpn h2" \
"$P_CLI debug_level=3 alpn=h2" \
@@ -12665,8 +12752,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_ALPN
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: alpn - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert --alpn=h2" \
"$P_CLI debug_level=3 alpn=h2" \
@@ -12729,8 +12815,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, no client certificate - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -verify 10" \
"$P_CLI debug_level=4 crt_file=none key_file=none" \
@@ -12745,8 +12830,7 @@
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --verify-client-cert" \
"$P_CLI debug_level=3 crt_file=none key_file=none" \
@@ -12789,8 +12873,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \
@@ -12805,8 +12888,7 @@
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \
@@ -12820,8 +12902,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \
@@ -12836,8 +12917,7 @@
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \
@@ -12851,8 +12931,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
@@ -12867,8 +12946,7 @@
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
@@ -12883,8 +12961,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
@@ -12900,8 +12977,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
@@ -12916,8 +12992,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
@@ -12933,8 +13008,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
@@ -12949,8 +13023,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
@@ -12966,8 +13039,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
@@ -12982,8 +13054,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, client alg not in server list - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10
-sigalgs ecdsa_secp256r1_sha256" \
@@ -13000,8 +13071,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, client alg not in server list - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
@@ -13047,8 +13117,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \
@@ -13064,8 +13133,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \
@@ -13080,8 +13148,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \
@@ -13097,8 +13164,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \
@@ -13113,8 +13179,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
@@ -13130,8 +13195,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
@@ -13147,8 +13211,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
@@ -13165,8 +13228,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
@@ -13182,8 +13244,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
@@ -13200,8 +13261,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
@@ -13217,8 +13277,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
@@ -13235,8 +13294,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
@@ -13252,8 +13310,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10
-sigalgs ecdsa_secp256r1_sha256" \
@@ -13271,8 +13328,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
@@ -13286,8 +13342,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - openssl" \
"$O_NEXT_SRV -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=4" \
@@ -13301,8 +13356,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \
"$O_NEXT_SRV -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=4" \
@@ -13318,8 +13372,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled PSA_WANT_ALG_ECDH
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \
"$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4" \
@@ -13335,8 +13388,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled PSA_WANT_ALG_ECDH
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - gnutls" \
"$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4" \
@@ -13525,8 +13577,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - openssl with sni" \
"$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \
sni=localhost,$DATA_FILES_PATH/server5.crt,$DATA_FILES_PATH/server5.key,$DATA_FILES_PATH/test-ca_cat12.crt,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
@@ -13538,8 +13589,7 @@
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - gnutls with sni" \
"$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \
sni=localhost,$DATA_FILES_PATH/server5.crt,$DATA_FILES_PATH/server5.key,$DATA_FILES_PATH/test-ca_cat12.crt,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
@@ -13551,8 +13601,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - mbedtls with sni" \
"$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \
sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
@@ -13587,8 +13636,8 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m both with middlebox compat support" \
"$P_SRV debug_level=4 tickets=0" \
"$P_CLI debug_level=4" \
@@ -13619,14 +13668,15 @@
run_test "TLS 1.3 m->O server with middlebox compat support, not client" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=4" \
- 1 \
- -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->O both with middlebox compat support" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=4" \
@@ -13658,15 +13708,16 @@
run_test "TLS 1.3 m->G server with middlebox compat support, not client" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4" \
- 1 \
- -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->G both with middlebox compat support" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4" \
@@ -13690,8 +13741,8 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m server with middlebox compat support, not client" \
"$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
"$O_NEXT_CLI -msg -debug -no_middlebox" \
@@ -13702,8 +13753,8 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m both with middlebox compat support" \
"$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
"$O_NEXT_CLI -msg -debug" \
@@ -13732,8 +13783,8 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m server with middlebox compat support, not client" \
"$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
@@ -13748,8 +13799,8 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m both with middlebox compat support" \
"$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
@@ -13777,8 +13828,8 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled PSA_WANT_ALG_ECDH
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m HRR both with middlebox compat support" \
"$P_SRV debug_level=4 groups=secp384r1 tickets=0" \
"$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
@@ -13811,15 +13862,16 @@
run_test "TLS 1.3 m->O HRR server with middlebox compat support, not client" \
"$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_cache" \
"$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
- 1 \
+ 0 \
-c "received HelloRetryRequest message" \
- -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
+ -c "Protocol is TLSv1.3" \
+ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->O HRR both with middlebox compat support" \
"$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
@@ -13852,17 +13904,18 @@
run_test "TLS 1.3 m->G HRR server with middlebox compat support, not client" \
"$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
- 1 \
+ 0 \
-c "received HelloRetryRequest message" \
- -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
+ -c "Protocol is TLSv1.3" \
+ -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled PSA_WANT_ALG_ECDH
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->G HRR both with middlebox compat support" \
"$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
@@ -13886,8 +13939,8 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \
"$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \
"$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \
@@ -13898,8 +13951,8 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m HRR both with middlebox compat support" \
"$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \
"$O_NEXT_CLI -msg -debug -groups P-256:P-384" \
@@ -13929,8 +13982,8 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled PSA_WANT_ALG_ECDH
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \
"$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
@@ -13946,8 +13999,8 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled PSA_WANT_ALG_ECDH
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m HRR both with middlebox compat support" \
"$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
@@ -13959,8 +14012,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, m->O" \
"$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key
-msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache
@@ -13975,8 +14027,7 @@
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, m->G" \
"$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key
-d 4
@@ -13991,8 +14042,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, m->m" \
"$P_SRV debug_level=4 auth_mode=required
crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
@@ -14010,8 +14060,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, O->m" \
"$P_SRV debug_level=4 auth_mode=required
crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
@@ -14028,8 +14077,7 @@
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, G->m" \
"$P_SRV debug_level=4 auth_mode=required
crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
@@ -14047,8 +14095,7 @@
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable signature algorithm, G->m" \
"$P_SRV debug_level=4 auth_mode=required
crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
@@ -14063,8 +14110,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable signature algorithm, O->m" \
"$P_SRV debug_level=4 auth_mode=required
crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
@@ -14079,8 +14125,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable signature algorithm, m->m" \
"$P_SRV debug_level=4 auth_mode=required
crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
@@ -14094,8 +14139,7 @@
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable certificate, G->m" \
"$P_SRV debug_level=4
crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key
@@ -14108,8 +14152,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable certificate, O->m" \
"$P_SRV debug_level=4
crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key
@@ -14122,8 +14165,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable certificate, m->m" \
"$P_SRV debug_level=4
crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key
@@ -14136,8 +14178,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check client no signature algorithm, m->O" \
"$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key
-msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache
@@ -14150,8 +14191,7 @@
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check client no signature algorithm, m->G" \
"$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key
-d 4
@@ -14164,8 +14204,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check client no signature algorithm, m->m" \
"$P_SRV debug_level=4 auth_mode=required
crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
@@ -14210,7 +14249,6 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_3072
@@ -14235,7 +14273,6 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_3072
@@ -14254,7 +14291,6 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_4096
@@ -14279,7 +14315,6 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_4096
@@ -14298,7 +14333,6 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_6144
@@ -14322,7 +14356,6 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_6144
@@ -14341,7 +14374,6 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_8192
@@ -14366,7 +14398,6 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_8192
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index cb420ae..331e5a0 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -895,15 +895,15 @@
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY pair DECRYPT (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY_DH pair DECRYPT (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECDSA pair DECRYPT (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SIGN
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY public DECRYPT (bad)
@@ -919,15 +919,15 @@
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY pair ENCRYPT (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY_DH pair ENCRYPT (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECDSA pair ENCRYPT (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SIGN
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY public ENCRYPT (bad)
@@ -943,15 +943,15 @@
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY pair DERIVE
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH
PSA attributes for pk: ECKEY_DH pair DERIVE
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_get_psa_attributes:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH
PSA attributes for pk: ECDSA pair DERIVE (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SIGN
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY public DERIVE (bad)
@@ -967,35 +967,35 @@
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY pair SIGN_MESSAGE
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
PSA attributes for pk: ECDSA pair SIGN_MESSAGE
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SIGN
pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
PSA attributes for pk: ECKEY pair SIGN_HASH
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
PSA attributes for pk: ECDSA pair SIGN_HASH
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SIGN
pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
PSA attributes for pk: ECKEY pair->public VERIFY_MESSAGE
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
PSA attributes for pk: ECDSA pair->public VERIFY_MESSAGE
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SIGN
pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
PSA attributes for pk: ECKEY pair->public VERIFY_HASH
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
PSA attributes for pk: ECDSA pair->public VERIFY_HASH
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SIGN
pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
PSA attributes for pk: ECKEY public VERIFY_MESSAGE
@@ -1031,19 +1031,19 @@
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY_DH pair SIGN_MESSAGE (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY_DH pair SIGN_HASH (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY_DH pair VERIFY_MESSAGE (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY_DH pair VERIFY_HASH (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY_DH public SIGN_MESSAGE (bad)
@@ -1223,39 +1223,39 @@
pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:RSA_KEY_SIZE + 8:MBEDTLS_ERR_PK_INVALID_ALG
PSA import into PSA: ECKEY pair to RSA (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:0:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: ECKEY_DH pair to RSA (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:0:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: ECDSA pair to RSA (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SIGN
pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:0:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: ECKEY pair to different curve (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: ECKEY_DH pair to different curve (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: ECDSA pair to different curve (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SIGN
pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: ECKEY pair to public, different curve (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: ECKEY_DH pair to public, different curve (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: ECDSA pair to public, different curve (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SIGN
pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: ECKEY public to different curve (bad)
@@ -1271,15 +1271,15 @@
pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: ECKEY pair to different bits (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: ECKEY_DH pair to different bits (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: ECDSA pair to different bits (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_PK_CAN_ECDSA_SOME
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_PK_CAN_ECDSA_SIGN
pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: ECKEY public to different bits (bad)
@@ -1295,15 +1295,15 @@
pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: ECKEY private to public, different bits (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: ECKEY_DH private to public, different bits (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: ECDSA private to public, different bits (bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_PK_CAN_ECDSA_SOME
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_PK_CAN_ECDSA_SIGN
pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: ECKEY public to pair (bad)
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index 1442749..b25a796 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -51,23 +51,23 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_2048_aes256.pem":"testkey":0
Parse RSA Key #14 (4096-bit, DES Encrypted)
-depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_4096_des.pem":"testkey":0
Parse RSA Key #15 (4096-bit, 3DES Encrypted)
-depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_4096_3des.pem":"testkey":0
Parse RSA Key #16 (4096-bit, AES-128 Encrypted)
-depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_4096_aes128.pem":"testkey":0
Parse RSA Key #17 (4096-bit, AES-192 Encrypted)
-depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_4096_aes192.pem":"testkey":0
Parse RSA Key #18 (4096-bit, AES-256 Encrypted)
-depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_4096_aes256.pem":"testkey":0
Parse RSA Key #19 (PKCS#8 wrapped)
@@ -99,15 +99,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #22 (PKCS#8 encrypted SHA1-3DES, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"PolarSSLTest":0
Parse RSA Key #22.1 (PKCS#8 encrypted SHA1-3DES, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #22.2 (PKCS#8 encrypted SHA1-3DES, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #23 (PKCS#8 encrypted SHA1-3DES DER)
@@ -119,7 +119,7 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_2048_3des.der":"PolarSSLTest":0
Parse RSA Key #25 (PKCS#8 encrypted SHA1-3DES DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.der":"PolarSSLTest":0
Parse RSA Key #26 (PKCS#8 encrypted SHA1-2DES)
@@ -147,15 +147,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #28 (PKCS#8 encrypted SHA1-2DES, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"PolarSSLTest":0
Parse RSA Key #28.1 (PKCS#8 encrypted SHA1-2DES, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #28.2 (PKCS#8 encrypted SHA1-2DES, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #29 (PKCS#8 encrypted SHA1-2DES DER)
@@ -167,7 +167,7 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_2048_2des.der":"PolarSSLTest":0
Parse RSA Key #31 (PKCS#8 encrypted SHA1-2DES DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.der":"PolarSSLTest":0
Parse RSA Key #38 (PKCS#8 encrypted v2 PBKDF2 3DES)
@@ -195,15 +195,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #40 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTest":0
Parse RSA Key #40.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #40.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #41 (PKCS#8 encrypted v2 PBKDF2 3DES DER)
@@ -231,15 +231,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #43 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTest":0
Parse RSA Key #43.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #43.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #44 (PKCS#8 encrypted v2 PBKDF2 DES)
@@ -267,15 +267,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #46 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTest":0
Parse RSA Key #46.1 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #46.2 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #47 (PKCS#8 encrypted v2 PBKDF2 DES DER)
@@ -303,15 +303,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #49 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTest":0
Parse RSA Key #49.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #50 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224)
@@ -339,15 +339,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #52 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTest":0
Parse RSA Key #52.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #52.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #53 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER)
@@ -375,15 +375,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #55 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTest":0
Parse RSA Key #55.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #55.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #56 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224)
@@ -411,15 +411,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #58 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTest":0
Parse RSA Key #58.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #58.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #59 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER)
@@ -447,15 +447,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #61 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTest":0
Parse RSA Key #61.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #61.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #62 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256)
@@ -483,15 +483,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #64 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTest":0
Parse RSA Key #64.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #64.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #65 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER)
@@ -519,15 +519,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #67 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTest":0
Parse RSA Key #68.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #68.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #69 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256)
@@ -555,15 +555,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #71 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTest":0
Parse RSA Key #71.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #71.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #72 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER)
@@ -591,15 +591,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #74 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTest":0
Parse RSA Key #74.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #74.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #75 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384)
@@ -627,15 +627,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #77 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTest":0
Parse RSA Key #77.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #77.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #78 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER)
@@ -663,15 +663,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #80 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTest":0
Parse RSA Key #80.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #80.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #81 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384)
@@ -699,15 +699,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #83 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTest":0
Parse RSA Key #83.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #83.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #84 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER)
@@ -735,15 +735,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #87 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTest":0
Parse RSA Key #87.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #87.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #88 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512)
@@ -771,15 +771,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #90 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTest":0
Parse RSA Key #90.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #90.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #91 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER)
@@ -807,15 +807,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #93 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTest":0
Parse RSA Key #93.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #93.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #94 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512)
@@ -843,15 +843,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #96 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTest":0
Parse RSA Key #96.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #96.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #97 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER)
@@ -879,15 +879,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #99 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTest":0
Parse RSA Key #99.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #99.3 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384, 2048-bit)
diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data
index b1fb73b..d333ddd 100644
--- a/tests/suites/test_suite_pkwrite.data
+++ b/tests/suites/test_suite_pkwrite.data
@@ -7,11 +7,11 @@
pk_write_pubkey_check:"../framework/data_files/server1.pubkey.der":TEST_DER
Public key write check RSA 4096
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_write_pubkey_check:"../framework/data_files/rsa4096_pub.pem":TEST_PEM
Public key write check RSA 4096 (DER)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_write_pubkey_check:"../framework/data_files/rsa4096_pub.der":TEST_DER
Public key write check EC 192 bits
@@ -30,13 +30,16 @@
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP521R1
pk_write_pubkey_check:"../framework/data_files/ec_521_pub.der":TEST_DER
-Public key write check EC Brainpool 512 bits
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_BP512R1
-pk_write_pubkey_check:"../framework/data_files/ec_bp512_pub.pem":TEST_PEM
+## The pk_write_pubkey_check sometimes take ~3 hours to run with
+## GCC+Asan on the CI in the full config. Comment out the slowest
+## ones while we investigate and release 3.6.2.
+# Public key write check EC Brainpool 512 bits
+# depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_BP512R1
+# pk_write_pubkey_check:"../framework/data_files/ec_bp512_pub.pem":TEST_PEM
-Public key write check EC Brainpool 512 bits (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_BP512R1
-pk_write_pubkey_check:"../framework/data_files/ec_bp512_pub.der":TEST_DER
+# Public key write check EC Brainpool 512 bits (DER)
+# depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_BP512R1
+# pk_write_pubkey_check:"../framework/data_files/ec_bp512_pub.der":TEST_DER
Public key write check EC X25519
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_CURVE25519
@@ -63,11 +66,11 @@
pk_write_key_check:"../framework/data_files/server1.key.der":TEST_DER
Private key write check RSA 4096
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_write_key_check:"../framework/data_files/rsa4096_prv.pem":TEST_PEM
Private key write check RSA 4096 (DER)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_write_key_check:"../framework/data_files/rsa4096_prv.der":TEST_DER
Private key write check EC 192 bits
@@ -131,7 +134,7 @@
pk_write_public_from_private:"../framework/data_files/server1.key.der":"../framework/data_files/server1.pubkey.der"
Derive public key RSA 4096
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_write_public_from_private:"../framework/data_files/rsa4096_prv.der":"../framework/data_files/rsa4096_pub.der"
Derive public key EC 192 bits
diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function
index 735c125..491bc48 100644
--- a/tests/suites/test_suite_pkwrite.function
+++ b/tests/suites/test_suite_pkwrite.function
@@ -2,6 +2,7 @@
#include "pk_internal.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
+#include "mbedtls/base64.h"
#include "psa/crypto_sizes.h"
typedef enum {
@@ -73,6 +74,7 @@
unsigned char *check_buf = NULL;
unsigned char *start_buf;
size_t buf_len, check_buf_len;
+ int expected_result;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t opaque_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
@@ -109,6 +111,17 @@
start_buf = buf;
buf_len = check_buf_len;
+ if (is_der) {
+ expected_result = MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ } else {
+ expected_result = MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
+ }
+ /* Intentionally pass a wrong size for the provided output buffer and check
+ * that the writing functions fails as expected. */
+ for (size_t i = 1; i < buf_len; i++) {
+ TEST_EQUAL(pk_write_any_key(&key, &start_buf, &i, is_public_key,
+ is_der), expected_result);
+ }
TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key,
is_der), 0);
@@ -127,6 +140,12 @@
TEST_EQUAL(mbedtls_pk_setup_opaque(&key, opaque_id), 0);
start_buf = buf;
buf_len = check_buf_len;
+ /* Intentionally pass a wrong size for the provided output buffer and check
+ * that the writing functions fails as expected. */
+ for (size_t i = 1; i < buf_len; i++) {
+ TEST_EQUAL(pk_write_any_key(&key, &start_buf, &i, is_public_key,
+ is_der), expected_result);
+ }
TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key,
is_der), 0);
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 4149fdb..bbf7575 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -7170,7 +7170,7 @@
# and not expected to be raised any time soon) is less than the maximum
# output from HKDF-SHA512 (255*64 = 16320 bytes).
PSA key derivation: largest possible key
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS)
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS:PSA_SUCCESS:1
PSA key derivation: key too large
@@ -7414,12 +7414,15 @@
generate_key:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0
PSA generate key: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits
+depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1)
generate_key:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0
PSA generate key: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits
+depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1)
generate_key:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0
PSA generate key: raw data, 65528 bits (large key, ok if it fits)
+depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= PSA_BITS_TO_BYTES(65528)
generate_key:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1
PSA generate key: raw data, 65536 bits (not supported)
@@ -7490,6 +7493,17 @@
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0
+# Following 2 tests are meant to be tested from the component_test_crypto_with_static_key_slots()
+# test component. There MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is intentionally set to a value
+# that is OK for all public RSA key bit sizes, but only valid up to 2048 bits for key pairs.
+PSA generate key: RSA, key pair size does not fit in static key buffer
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:!MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096:PSA_VENDOR_RSA_MAX_KEY_BITS>=4096
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:4096:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA generate key: RSA, key pair size fits in static key buffer
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_2048:PSA_VENDOR_RSA_MAX_KEY_BITS>=2048
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:2048:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0
+
PSA generate key: ECC, SECP256R1, good
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0
@@ -7655,15 +7669,15 @@
concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5
PSA concurrent key generation: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits
-depends_on:MBEDTLS_THREADING_PTHREAD
+depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1)
concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5
PSA concurrent key generation: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits
-depends_on:MBEDTLS_THREADING_PTHREAD
+depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1)
concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5
PSA concurrent key generation: raw data, 65528 bits (large key, ok if it fits)
-depends_on:MBEDTLS_THREADING_PTHREAD
+depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE > PSA_BITS_TO_BYTES(65528)
concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1:8:5
PSA concurrent key generation: raw data, 65536 bits (not supported)
@@ -7859,9 +7873,7 @@
depends_on:PSA_WANT_ECC_SECP_K1_192
ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192K1:PSA_ECC_FAMILY_SECP_K1:192
-ECP group ID <-> PSA family - SECP224K1
-depends_on:PSA_WANT_ECC_SECP_K1_224
-ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224K1:PSA_ECC_FAMILY_SECP_K1:224
+# No test case for SECP224K1, which is not implemented in the PSA API.
ECP group ID <-> PSA family - SECP256K1
depends_on:PSA_WANT_ECC_SECP_K1_256
@@ -7876,4 +7888,3 @@
ECP group ID <-> PSA family - Wrong values
ecc_conversion_functions_fail
-
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 2e513ea..94bf28b 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -1236,7 +1236,7 @@
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) && defined(MBEDTLS_ASN1_PARSE_C)
static int rsa_test_e(mbedtls_svc_key_id_t key,
size_t bits,
const data_t *e_arg)
@@ -1639,7 +1639,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on: !MBEDTLS_PSA_STATIC_KEY_SLOTS*/
/* Construct and attempt to import a large unstructured key. */
void import_large_key(int type_arg, int byte_size_arg,
int expected_status_arg)
@@ -10246,7 +10246,7 @@
TEST_EQUAL(psa_get_key_type(&got_attributes), type);
TEST_EQUAL(psa_get_key_bits(&got_attributes), bits);
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) && defined(MBEDTLS_ASN1_PARSE_C)
if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
TEST_ASSERT(rsa_test_e(key, bits, custom_data));
}
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index 84611fa..49b1c15 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -6,13 +6,14 @@
size_t pake_expected_hit_count = 0;
int pake_in_driver = 0;
+#if defined(PSA_WANT_ALG_JPAKE) && \
+ defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
+ defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256)
+
/* The only two JPAKE user/peer identifiers supported for the time being. */
static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' };
static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
-#if defined(PSA_WANT_ALG_JPAKE) && \
- defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
- defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256)
static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
psa_pake_operation_t *server,
psa_pake_operation_t *client,
@@ -437,6 +438,11 @@
mbedtls_mpi_init(&D);
mbedtls_mpi_init(&C);
mbedtls_mpi_init(&X);
+#else /* MBEDTLS_BIGNUM_C */
+ (void) alg;
+ (void) private_exponent;
+ (void) input_data;
+ (void) buf;
#endif /* MBEDTLS_BIGNUM_C */
int ok = 0;
@@ -843,7 +849,7 @@
{
psa_key_lifetime_t lifetime =
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
- PSA_KEY_PERSISTENCE_DEFAULT, location);
+ PSA_KEY_PERSISTENCE_VOLATILE, location);
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(owner_id_arg, id_arg);
psa_status_t force_status = force_status_arg;
psa_status_t expected_status = expected_status_arg;
diff --git a/tests/suites/test_suite_psa_crypto_storage_format.function b/tests/suites/test_suite_psa_crypto_storage_format.function
index efaaba5..5788742 100644
--- a/tests/suites/test_suite_psa_crypto_storage_format.function
+++ b/tests/suites/test_suite_psa_crypto_storage_format.function
@@ -1,14 +1,16 @@
/* BEGIN_HEADER */
#include <psa/crypto.h>
+#include <psa_crypto_storage.h>
#include <test/psa_crypto_helpers.h>
#include <test/psa_exercise_key.h>
#include <psa_crypto_its.h>
-#define TEST_FLAG_EXERCISE 0x00000001
-#define TEST_FLAG_READ_ONLY 0x00000002
+#define TEST_FLAG_EXERCISE 0x00000001
+#define TEST_FLAG_READ_ONLY 0x00000002
+#define TEST_FLAG_OVERSIZED_KEY 0x00000004
/** Write a key with the given attributes and key material to storage.
* Test that it has the expected representation.
@@ -158,6 +160,12 @@
/* Prime the storage with a key file. */
PSA_ASSERT(psa_its_set(uid, representation->len, representation->x, 0));
+ if (flags & TEST_FLAG_OVERSIZED_KEY) {
+ TEST_EQUAL(psa_get_key_attributes(key_id, &actual_attributes), PSA_ERROR_DATA_INVALID);
+ ok = 1;
+ goto exit;
+ }
+
/* Check that the injected key exists and looks as expected. */
PSA_ASSERT(psa_get_key_attributes(key_id, &actual_attributes));
TEST_ASSERT(mbedtls_svc_key_id_equal(key_id,
@@ -281,6 +289,7 @@
mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(0, 1);
psa_storage_uid_t uid = 1;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ uint8_t *custom_key_data = NULL, *custom_storage_data = NULL;
PSA_INIT();
TEST_USES_KEY_ID(key_id);
@@ -293,6 +302,23 @@
psa_set_key_algorithm(&attributes, alg);
psa_set_key_enrollment_algorithm(&attributes, alg2);
+ /* Create a persistent key which is intentionally larger than the specified
+ * bit size. */
+ if (flags & TEST_FLAG_OVERSIZED_KEY) {
+ TEST_CALLOC(custom_key_data, PSA_BITS_TO_BYTES(bits));
+ memset(custom_key_data, 0xAA, PSA_BITS_TO_BYTES(bits));
+ material->len = PSA_BITS_TO_BYTES(bits);
+ material->x = custom_key_data;
+
+ /* 36 bytes are the overhead of psa_persistent_key_storage_format */
+ TEST_CALLOC(custom_storage_data, PSA_BITS_TO_BYTES(bits) + 36);
+ representation->len = PSA_BITS_TO_BYTES(bits) + 36;
+ representation->x = custom_storage_data;
+
+ psa_format_key_data_for_storage(custom_key_data, PSA_BITS_TO_BYTES(bits),
+ &attributes, custom_storage_data);
+ }
+
/* Test that we can use a key with the given representation. This
* guarantees backward compatibility with keys that were stored by
* past versions of Mbed TLS. */
@@ -300,6 +326,8 @@
uid, representation, flags));
exit:
+ mbedtls_free(custom_key_data);
+ mbedtls_free(custom_storage_data);
psa_reset_key_attributes(&attributes);
PSA_DONE();
}
diff --git a/tests/suites/test_suite_psa_crypto_storage_format.misc.data b/tests/suites/test_suite_psa_crypto_storage_format.misc.data
index 48e3804..359053e 100644
--- a/tests/suites/test_suite_psa_crypto_storage_format.misc.data
+++ b/tests/suites/test_suite_psa_crypto_storage_format.misc.data
@@ -9,3 +9,9 @@
PSA storage save: AES-GCM+CTR
depends_on:PSA_WANT_KEY_TYPE_AES
key_storage_save:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_GCM:PSA_ALG_CTR:"404142434445464748494a4b4c4d4e4f":"505341004b45590000000000010000000024800001010000000250050010c00410000000404142434445464748494a4b4c4d4e4f"
+
+# Create a persistent key which is larger than MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
+# so that when psa_get_key_attributes() tries to load it from the storage it will fail.
+PSA storage read: key larger than MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA:MBEDTLS_PSA_STATIC_KEY_SLOTS
+key_storage_read:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RAW_DATA:PSA_BYTES_TO_BITS(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE + 1):PSA_KEY_USAGE_EXPORT:PSA_ALG_NONE:PSA_ALG_NONE:"":"":TEST_FLAG_OVERSIZED_KEY
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 489d5d3..ed0fa74 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -377,11 +377,11 @@
handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:0
Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
-depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0
Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0
Handshake, PSK-WITH-AES-128-CBC-SHA
@@ -405,11 +405,11 @@
handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:1
DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
-depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1
DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1
DTLS Handshake, PSK-WITH-AES-128-CBC-SHA
@@ -521,23 +521,23 @@
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad usage
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque
@@ -557,23 +557,23 @@
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Sending app data via TLS, MFL=512 without fragmentation
@@ -2858,7 +2858,7 @@
# - App data payload: 70696e67
# - Complete record: 1703030015c74061535eb12f5f25a781957874742ab7fb305dd5
# - Padding used: No (== granularity 1)
-depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256
ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5"
SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2
@@ -2869,7 +2869,7 @@
# - App data payload: 706f6e67
# - Complete record: 1703030015370e5f168afa7fb16b663ecdfca3dbb81931a90ca7
# - Padding used: No (== granularity 1)
-depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256
ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7"
SSL TLS 1.3 Record Encryption RFC 8448 Example #1
@@ -2888,7 +2888,7 @@
# 62 97 4e 1f 5a 62 92 a2 97 70 14 bd 1e 3d ea e6
# 3a ee bb 21 69 49 15 e4
# - Padding used: No (== granularity 1)
-depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256
ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4"
SSL TLS 1.3 Record Encryption RFC 8448 Example #2
@@ -2907,7 +2907,7 @@
# fc c4 9c 4b f2 e5 f0 a2 1c 00 47 c2 ab f3 32 54
# 0d d0 32 e1 67 c2 95 5d
# - Padding used: No (== granularity 1)
-depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256
ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d"
SSL TLS 1.3 Key schedule: Application secrets derivation helper
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 343e58a..a16ac64 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3297,7 +3297,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SOME */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN */
void raw_key_agreement_fail(int bad_server_ecdhe_key)
{
enum { BUFFSIZE = 17000 };
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 670e06b..cc71a4e 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compile time library version
-check_compiletime_version:"3.6.1"
+check_compiletime_version:"3.6.2"
Check runtime library version
-check_runtime_version:"3.6.1"
+check_runtime_version:"3.6.2"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0