Add requires entries for tests
To be able to pass the ssl_opt.sh with the baremetal configuration
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index ecb9a6f..a6ad765 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1343,6 +1343,7 @@
-S "dumping 'expected mac' (20 bytes)" \
-s "dumping 'expected mac' (10 bytes)"
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Truncated HMAC, DTLS: client default, server default" \
"$P_SRV dtls=1 debug_level=4" \
"$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
@@ -1599,7 +1600,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli enabled, Srv disabled" \
"$P_SRV debug_level=3 dtls=1 cid=0" \
- "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=dead" \
0 \
-s "Disable use of CID extension." \
-s "found CID extension" \
@@ -1614,7 +1615,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli disabled, Srv enabled" \
- "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \
"$P_CLI debug_level=3 dtls=1 cid=0" \
0 \
-c "Disable use of CID extension." \
@@ -1715,6 +1716,7 @@
-s "ignoring unexpected CID"
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_disabled MBEDTLS_SSL_CONF_CID_LEN
run_test "Connection ID: Cli+Srv enabled, Cli CID empty" \
"$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
"$P_CLI debug_level=3 dtls=1 cid=1" \
@@ -1735,6 +1737,7 @@
-c "Use of Connection ID has been negotiated"
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_disabled MBEDTLS_SSL_CONF_CID_LEN
run_test "Connection ID: Cli+Srv enabled, Srv CID empty" \
"$P_SRV debug_level=3 dtls=1 cid=1" \
"$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
@@ -1755,6 +1758,7 @@
-c "Use of Connection ID has been negotiated"
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_disabled MBEDTLS_SSL_CONF_CID_LEN
run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty" \
"$P_SRV debug_level=3 dtls=1 cid=1" \
"$P_CLI debug_level=3 dtls=1 cid=1" \
@@ -1793,6 +1797,7 @@
-c "Use of Connection ID has been negotiated"
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_disabled MBEDTLS_SSL_CONF_CID_LEN
run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CCM-8" \
"$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
"$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
@@ -1813,6 +1818,7 @@
-c "Use of Connection ID has been negotiated"
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_disabled MBEDTLS_SSL_CONF_CID_LEN
run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CCM-8" \
"$P_SRV debug_level=3 dtls=1 cid=1" \
"$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
@@ -1833,6 +1839,7 @@
-c "Use of Connection ID has been negotiated"
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_disabled MBEDTLS_SSL_CONF_CID_LEN
run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CCM-8" \
"$P_SRV debug_level=3 dtls=1 cid=1" \
"$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
@@ -1851,6 +1858,7 @@
-C "Use of Connection ID has been negotiated"
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_ciphersuite_enabled TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CBC" \
"$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \
"$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
@@ -1871,6 +1879,8 @@
-c "Use of Connection ID has been negotiated"
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_disabled MBEDTLS_SSL_CONF_CID_LEN
+requires_ciphersuite_enabled TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CBC" \
"$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
"$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
@@ -1891,6 +1901,8 @@
-c "Use of Connection ID has been negotiated"
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_disabled MBEDTLS_SSL_CONF_CID_LEN
+requires_ciphersuite_enabled TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CBC" \
"$P_SRV debug_level=3 dtls=1 cid=1" \
"$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
@@ -1911,6 +1923,8 @@
-c "Use of Connection ID has been negotiated"
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_disabled MBEDTLS_SSL_CONF_CID_LEN
+requires_ciphersuite_enabled TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CBC" \
"$P_SRV debug_level=3 dtls=1 cid=1" \
"$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
@@ -6967,6 +6981,7 @@
-S "hello verification requested" \
-S "SSL - The requested feature is not available"
+requires_config_enabled MBEDTLS_ERROR_C
run_test "DTLS cookie: default (failing)" \
"$P_SRV dtls=1 debug_level=2 cookies=-1" \
"$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \
@@ -7004,6 +7019,7 @@
# Tests for client reconnecting from the same port with DTLS
not_with_valgrind # spurious resend
+requires_config_disabled MBEDTLS_SSL_CONF_READ_TIMEOUT
run_test "DTLS client reconnect from same port: reference" \
"$P_SRV dtls=1 exchanges=2 read_timeout=1000" \
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000" \
@@ -7013,6 +7029,7 @@
-S "Client initiated reconnection from same port"
not_with_valgrind # spurious resend
+requires_config_disabled MBEDTLS_SSL_CONF_READ_TIMEOUT
run_test "DTLS client reconnect from same port: reconnect" \
"$P_SRV dtls=1 exchanges=2 read_timeout=1000" \
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \
@@ -7022,6 +7039,7 @@
-s "Client initiated reconnection from same port"
not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts)
+requires_config_disabled MBEDTLS_SSL_CONF_READ_TIMEOUT
run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \
"$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \
@@ -7030,6 +7048,7 @@
-s "Client initiated reconnection from same port"
only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout
+requires_config_disabled MBEDTLS_SSL_CONF_READ_TIMEOUT
run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \
"$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \
@@ -7037,6 +7056,7 @@
-S "The operation timed out" \
-s "Client initiated reconnection from same port"
+requires_config_disabled MBEDTLS_SSL_CONF_READ_TIMEOUT
run_test "DTLS client reconnect from same port: no cookies" \
"$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \
@@ -7070,6 +7090,7 @@
-c "skip write certificate$" \
-s "! Certificate verification was skipped"
+requires_ciphersuite_enabled TLS-PSK-WITH-AES-128-GCM-SHA256
run_test "DTLS wrong PSK: badmac alert" \
"$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \
"$P_CLI dtls=1 psk=abc124" \
@@ -8202,6 +8223,7 @@
-c "next record in same datagram" \
-s "next record in same datagram"
+requires_config_disabled MBEDTLS_SSL_CONF_READ_TIMEOUT
run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \
-p "$P_PXY bad_ad=1" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=1" \
@@ -8214,6 +8236,7 @@
-S "too many records with bad MAC" \
-S "Verification of the message MAC failed"
+requires_config_disabled MBEDTLS_SSL_CONF_READ_TIMEOUT
run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \
-p "$P_PXY bad_ad=1" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=1" \
@@ -8226,6 +8249,7 @@
-s "too many records with bad MAC" \
-s "Verification of the message MAC failed"
+requires_config_disabled MBEDTLS_SSL_CONF_READ_TIMEOUT
run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \
-p "$P_PXY bad_ad=1" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2" \
@@ -8238,6 +8262,7 @@
-S "too many records with bad MAC" \
-S "Verification of the message MAC failed"
+requires_config_disabled MBEDTLS_SSL_CONF_READ_TIMEOUT
run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\
-p "$P_PXY bad_ad=1" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2 exchanges=2" \
@@ -8280,7 +8305,7 @@
run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \
-p "$P_PXY delay_srv=ServerHello" \
- "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
+ "$P_SRV mtu=256 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
hs_timeout=2500-60000" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
hs_timeout=2500-60000" \
@@ -8374,6 +8399,8 @@
-S "Injecting buffered CCS message" \
-S "Remember CCS message"
+# This needs session tickets; otherwise CCS is the first message in its flight
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "DTLS reordering: Buffer out-of-order CCS message on server"\
-p "$P_PXY delay_cli=ClientKeyExchange" \
"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \