mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-16 08:42:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add some missing dependencies on crypto features

Browse Source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-04-29 17:42:52 +02:00
parent 77c13e67d4
commit 3b81ea1e9c
1 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
tests/ssl-opt.sh
View File

@ -2705,12 +2705,15 @@ run_test "Context-specific CRT verification callback" \
-C "error" -C "error"
# Tests for SHA-1 support # Tests for SHA-1 support
requires_hash_alg SHA_1
requires_config_enabled MBEDTLS_RSA_C
run_test "SHA-1 forbidden by default in server certificate" \ run_test "SHA-1 forbidden by default in server certificate" \
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
"$P_CLI debug_level=2 force_version=tls12 allow_sha1=0" \ "$P_CLI debug_level=2 force_version=tls12 allow_sha1=0" \
1 \ 1 \
-c "The certificate is signed with an unacceptable hash" -c "The certificate is signed with an unacceptable hash"
requires_hash_alg SHA_1
run_test "SHA-1 explicitly allowed in server certificate" \ run_test "SHA-1 explicitly allowed in server certificate" \
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
"$P_CLI force_version=tls12 allow_sha1=1" \ "$P_CLI force_version=tls12 allow_sha1=1" \
@ -2721,17 +2724,23 @@ run_test "SHA-256 allowed by default in server certificate" \
"$P_CLI force_version=tls12 allow_sha1=0" \ "$P_CLI force_version=tls12 allow_sha1=0" \
0 0
requires_hash_alg SHA_1
requires_config_enabled MBEDTLS_RSA_C
run_test "SHA-1 forbidden by default in client certificate" \ run_test "SHA-1 forbidden by default in client certificate" \
"$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \ "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
1 \ 1 \
-s "The certificate is signed with an unacceptable hash" -s "The certificate is signed with an unacceptable hash"
requires_hash_alg SHA_1
requires_config_enabled MBEDTLS_RSA_C
run_test "SHA-1 explicitly allowed in client certificate" \ run_test "SHA-1 explicitly allowed in client certificate" \
"$P_SRV force_version=tls12 auth_mode=required allow_sha1=1" \ "$P_SRV force_version=tls12 auth_mode=required allow_sha1=1" \
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
0 0
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
run_test "SHA-256 allowed by default in client certificate" \ run_test "SHA-256 allowed by default in client certificate" \
"$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \ "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \ "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \
@ -9076,11 +9085,24 @@ run_test "ECJPAKE: working, DTLS, nolog" \
# Test for ClientHello without extensions # Test for ClientHello without extensions
# Without extensions, ECC is impossible (no curve negotiation).
requires_config_enabled MBEDTLS_RSA_C
requires_gnutls requires_gnutls
run_test "ClientHello without extensions" \ run_test "ClientHello without extensions: RSA" \
"$P_SRV force_version=tls12 debug_level=3" \ "$P_SRV force_version=tls12 debug_level=3" \
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \ "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
0 \ 0 \
-s "Ciphersuite is .*-RSA-WITH-.*" \
-S "Ciphersuite is .*-EC.*" \
-s "dumping 'client hello extensions' (0 bytes)"
requires_gnutls
run_test "ClientHello without extensions: PSK" \
"$P_SRV force_version=tls12 debug_level=3 psk=73776f726466697368" \
"$G_CLI --priority=NORMAL:+PSK:-RSA:-DHE-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \
0 \
-s "Ciphersuite is .*-PSK-.*" \
-S "Ciphersuite is .*-EC.*" \
-s "dumping 'client hello extensions' (0 bytes)" -s "dumping 'client hello extensions' (0 bytes)"
# Tests for mbedtls_ssl_get_bytes_avail() # Tests for mbedtls_ssl_get_bytes_avail()