mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-14 07:20:52 +00:00
Skip "no USE_PSA" test cases in ssl-opt.sh
These test cases are desirable, but they will fail until we resolve https://github.com/Mbed-TLS/mbedtls/issues/7294 . Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
fb31ebd6d5
commit
005370f0be
@ -9701,10 +9701,23 @@ run_test "EC restart: TLS, max_ops=65535" \
|
||||
-C "mbedtls_ecdh_make_public.*4b00" \
|
||||
-C "mbedtls_pk_sign.*4b00"
|
||||
|
||||
# The following test cases for restartable ECDH come in two variants:
|
||||
# * The "(USE_PSA)" variant expects the current behavior, which is the behavior
|
||||
# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is disabled. This tests
|
||||
# the partial implementation where ECDH in TLS is not actually restartable.
|
||||
# * The "(no USE_PSA)" variant expects the desired behavior. These test
|
||||
# cases cannot currently pass because the implementation of restartable ECC
|
||||
# in TLS is partial: ECDH is not actually restartable. This is the behavior
|
||||
# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled.
|
||||
#
|
||||
# As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294,
|
||||
# we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test
|
||||
# cases.
|
||||
|
||||
# With USE_PSA disabled we expect full restartable behaviour.
|
||||
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
|
||||
skip_next_test
|
||||
run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \
|
||||
"$P_SRV groups=secp256r1 auth_mode=required" \
|
||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
@ -9754,7 +9767,7 @@ run_test "EC restart: TLS, max_ops=1000, badsign" \
|
||||
# With USE_PSA disabled we expect full restartable behaviour.
|
||||
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
|
||||
skip_next_test
|
||||
run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \
|
||||
"$P_SRV groups=secp256r1 auth_mode=required \
|
||||
crt_file=$DATA_FILES_PATH/server5-badsign.crt \
|
||||
@ -9794,7 +9807,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)
|
||||
# With USE_PSA disabled we expect full restartable behaviour.
|
||||
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
|
||||
skip_next_test
|
||||
run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \
|
||||
"$P_SRV groups=secp256r1 auth_mode=required \
|
||||
crt_file=$DATA_FILES_PATH/server5-badsign.crt \
|
||||
@ -9834,7 +9847,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \
|
||||
# With USE_PSA disabled we expect full restartable behaviour.
|
||||
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
|
||||
skip_next_test
|
||||
run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \
|
||||
"$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
|
||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
@ -9864,7 +9877,7 @@ run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \
|
||||
# With USE_PSA disabled we expect full restartable behaviour.
|
||||
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
|
||||
skip_next_test
|
||||
run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \
|
||||
"$P_SRV groups=secp256r1" \
|
||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
|
Loading…
x
Reference in New Issue
Block a user