Add new mbedtls_pkcs5_pbe2_ext function to replace old
function with possible security issues.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
TLS-RSA-WITH-NULL-SHA256, like other SHA256-based cipher suites, was first
introduced in TLS 1.2. Mbed TLS accepts it in earlier protocol versions as
well. This is technically a bug, which older versions of GnuTLS also have.
GnuTLS 3.4.7 fixed this bug. Adapt compat.sh to automatically omit
TLS-RSA-WITH-NULL-SHA256 in invalid protocol versions if GnuTLS doesn't
support it. It's already not included in invalid protocol versions in
OpenSSL interoperability testing.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove unnecessary "../library" prefix from test suite include. This
aligns the test suite with the development branch
Signed-off-by: David Horstmann <david.horstmann@arm.com>
When calling `add_xxx_ciphersuites`, we have to set MODE properly.
This commit adjusts order to address this issue in list_test_case
which matches what we do in a normal execution.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This commit includes:
- use subprocess.check_output to report error and capture return
value
- add comment as a reminder for option --list-test-case
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
uniform_title is used to print identical format of $TITLE between
--list-test-case and run_client. In such way, no matter how $TITLE
is developed, --list-test-case will in the same format of test case
description as stored in OUTCOME.CSV.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Test case description is printed by different block of code. This
causes code maintenance harder since we need to maintain two parts
of code with same functionality. print_test_title is used to
control test case description in compat.sh
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Test case description in compat.sh is in format of
[ogm]->[ogm] TLSmode, VERIFY CIPHERSUITE_NAME
This program calls compat.sh to list all potential test case
descriptions then checks test case duplication.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
The option --list-test-case lists all potential test cases without
executing them. The test case description is identical with $TITLE
during test case execution.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
It isn't used anywhere.
Keep the command line options of all.sh to avoid breaking any wrapper
scripts that people might have.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
None of the tests actually need GNUTLS_LEGACY (3.3.8): GNUTLS (3.4.10)
works.
Only single-DES actually needs OPENSSL_LEGACY (1.0.1j). For the rest,
OPENSSL (1.0.2g) works.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
