From f941455e3b9f8fc7b7aced4a916f0daef57965ed Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 9 Nov 2023 10:43:20 +0100 Subject: [PATCH 1/7] all.sh: enable ssl-opt testing in psa_crypto_config_[accel/reference]_cipher_aead Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 73206a811a..09c9819157 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3641,7 +3641,7 @@ common_psa_crypto_config_accel_cipher_aead() { # are meant to be used together in analyze_outcomes.py script in order to test # driver's coverage for ciphers and AEADs. component_test_psa_crypto_config_accel_cipher_aead () { - msg "test: crypto config with accelerated cipher and AEAD" + msg "build: crypto config with accelerated cipher and AEAD" loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB \ ALG_OFB ALG_XTS ALG_STREAM_CIPHER \ @@ -3687,18 +3687,29 @@ component_test_psa_crypto_config_accel_cipher_aead () { not grep mbedtls_chachapoly library/chachapoly.o not grep mbedtls_cmac library/cmac.o + make + # Run the tests # ------------- msg "test: crypto config with accelerated cipher and AEAD" make test + + msg "ssl-opt: crypto config with accelerated cipher and AEAD" + tests/ssl-opt.sh } component_test_psa_crypto_config_reference_cipher_aead () { + msg "build: crypto config with non-accelerated cipher and AEAD" common_psa_crypto_config_accel_cipher_aead + make + msg "test: crypto config with non-accelerated cipher and AEAD" make test + + msg "ssl-opt: crypto config with non-accelerated cipher and AEAD" + tests/ssl-opt.sh } component_test_aead_chachapoly_disabled() { From dd43d7b3a4f1f1dd6a1ead02b3acac7b6c943496 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 9 Nov 2023 14:10:51 +0100 Subject: [PATCH 2/7] ssl-opt: set proper dependencies on tests with encrypted server5 key Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9c317d1fc8..befe1e1820 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2090,6 +2090,11 @@ run_test "key size: TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ -c "Key size is 128" requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled MBEDTLS_MD_CAN_MD5 +# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM +# module does not support PSA dispatching so we need builtin support. +requires_config_enabled MBEDTLS_CIPHER_MODE_CBC +requires_config_enabled MBEDTLS_AES_C requires_hash_alg SHA_256 run_test "TLS: password protected client key" \ "$P_SRV force_version=tls12 auth_mode=required" \ @@ -2097,6 +2102,11 @@ run_test "TLS: password protected client key" \ 0 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled MBEDTLS_MD_CAN_MD5 +# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM +# module does not support PSA dispatching so we need builtin support. +requires_config_enabled MBEDTLS_CIPHER_MODE_CBC +requires_config_enabled MBEDTLS_AES_C requires_hash_alg SHA_256 run_test "TLS: password protected server key" \ "$P_SRV crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \ @@ -2105,6 +2115,11 @@ run_test "TLS: password protected server key" \ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_MD_CAN_MD5 +# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM +# module does not support PSA dispatching so we need builtin support. +requires_config_enabled MBEDTLS_CIPHER_MODE_CBC +requires_config_enabled MBEDTLS_AES_C requires_hash_alg SHA_256 run_test "TLS: password protected server key, two certificates" \ "$P_SRV force_version=tls12\ From 01c4fa3e889551ce3f17d32e879ccf85ec4b58bc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 9 Nov 2023 10:46:36 +0100 Subject: [PATCH 3/7] ssl: move MBEDTLS_SSL_HAVE internal symbols to ssl.h This is useful to properly define MBEDTLS_PSK_MAX_LEN when it is not defined explicitly in mbedtls_config.h Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 22 +++++++++++++++++++++- library/ssl_misc.h | 20 -------------------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c9110dead3..0177df17c2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -600,6 +600,26 @@ #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01 +/* Some internal helpers to determine which keys are availble. */ +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES)) +#define MBEDTLS_SSL_HAVE_AES +#endif +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CAMELLIA_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_CAMELLIA)) +#define MBEDTLS_SSL_HAVE_CAMELLIA +#endif +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ARIA_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ARIA)) +#define MBEDTLS_SSL_HAVE_ARIA +#endif + +/* Some internal helpers to determine which operation modes are availble. */ +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING)) +#define MBEDTLS_SSL_HAVE_CBC +#endif + /* * Size defines */ @@ -613,7 +633,7 @@ */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_AES_C) && defined(MBEDTLS_GCM_C) && \ + defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_GCM) && \ defined(MBEDTLS_MD_CAN_SHA384) #define MBEDTLS_PSK_MAX_LEN 48 /* 384 bits */ #else diff --git a/library/ssl_misc.h b/library/ssl_misc.h index bde55b6ce1..4ddd9c4bb4 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -249,26 +249,6 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type); * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256). */ -/* Some internal helpers to determine which keys are availble. */ -#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES)) -#define MBEDTLS_SSL_HAVE_AES -#endif -#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CAMELLIA_C)) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_CAMELLIA)) -#define MBEDTLS_SSL_HAVE_CAMELLIA -#endif -#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ARIA_C)) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ARIA)) -#define MBEDTLS_SSL_HAVE_ARIA -#endif - -/* Some internal helpers to determine which operation modes are availble. */ -#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING)) -#define MBEDTLS_SSL_HAVE_CBC -#endif - #if defined(MBEDTLS_SSL_PROTO_TLS1_2) /* This macro determines whether CBC is supported. */ From 38e75fb1a72f49a4ec42dc7196ae0a02dff270f2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 9 Nov 2023 16:52:39 +0100 Subject: [PATCH 4/7] ssl_server2: remove usage of mbedtls_cipher_info_from_string() This removes the dependency from cipher module and legacy key/modes symbols which are used in cipher_wrap. Signed-off-by: Valerio Setti --- programs/ssl/ssl_server2.c | 56 +++++++++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 16 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 1bab9157b3..fbcbb8dc8f 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -281,18 +281,11 @@ int main(void) #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) -#if defined(MBEDTLS_CIPHER_C) #define USAGE_TICKETS \ " tickets=%%d default: 1 (enabled)\n" \ " ticket_rotate=%%d default: 0 (disabled)\n" \ " ticket_timeout=%%d default: 86400 (one day)\n" \ " ticket_aead=%%s default: \"AES-256-GCM\"\n" -#else /* MBEDTLS_CIPHER_C */ -#define USAGE_TICKETS \ - " tickets=%%d default: 1 (enabled)\n" \ - " ticket_rotate=%%d default: 0 (disabled)\n" \ - " ticket_timeout=%%d default: 86400 (one day)\n" -#endif /* MBEDTLS_CIPHER_C */ #else /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */ #define USAGE_TICKETS "" #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */ @@ -1463,6 +1456,42 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, } #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_HAVE_TIME */ +int parse_cipher(char *buf) +{ + if (strcmp(buf, "AES-128-CCM")) { + return MBEDTLS_CIPHER_AES_128_CCM; + } else if (strcmp(buf, "AES-128-GCM")) { + return MBEDTLS_CIPHER_AES_128_GCM; + } else if (strcmp(buf, "AES-192-CCM")) { + return MBEDTLS_CIPHER_AES_192_CCM; + } else if (strcmp(buf, "AES-192-GCM")) { + return MBEDTLS_CIPHER_AES_192_GCM; + } else if (strcmp(buf, "AES-256-CCM")) { + return MBEDTLS_CIPHER_AES_256_CCM; + } else if (strcmp(buf, "ARIA-128-CCM")) { + return MBEDTLS_CIPHER_ARIA_128_CCM; + } else if (strcmp(buf, "ARIA-128-GCM")) { + return MBEDTLS_CIPHER_ARIA_128_GCM; + } else if (strcmp(buf, "ARIA-192-CCM")) { + return MBEDTLS_CIPHER_ARIA_192_CCM; + } else if (strcmp(buf, "ARIA-192-GCM")) { + return MBEDTLS_CIPHER_ARIA_192_GCM; + } else if (strcmp(buf, "ARIA-256-CCM")) { + return MBEDTLS_CIPHER_ARIA_256_CCM; + } else if (strcmp(buf, "ARIA-256-GCM")) { + return MBEDTLS_CIPHER_ARIA_256_GCM; + } else if (strcmp(buf, "CAMELLIA-128-CCM")) { + return MBEDTLS_CIPHER_CAMELLIA_128_CCM; + } else if (strcmp(buf, "CAMELLIA-192-CCM")) { + return MBEDTLS_CIPHER_CAMELLIA_192_CCM; + } else if (strcmp(buf, "CAMELLIA-256-CCM")) { + return MBEDTLS_CIPHER_CAMELLIA_256_CCM; + } else if (strcmp(buf, "CHACHA20-POLY1305")) { + return MBEDTLS_CIPHER_CHACHA20_POLY1305; + } + return MBEDTLS_CIPHER_NONE; +} + int main(int argc, char *argv[]) { int ret = 0, len, written, frags, exchanges_left; @@ -2143,18 +2172,13 @@ usage: if (opt.ticket_timeout < 0) { goto usage; } - } -#if defined(MBEDTLS_CIPHER_C) - else if (strcmp(p, "ticket_aead") == 0) { - const mbedtls_cipher_info_t *ci = mbedtls_cipher_info_from_string(q); + } else if (strcmp(p, "ticket_aead") == 0) { + opt.ticket_aead = parse_cipher(q); - if (ci == NULL) { + if (opt.ticket_aead == MBEDTLS_CIPHER_NONE) { goto usage; } - opt.ticket_aead = mbedtls_cipher_info_get_type(ci); - } -#endif - else if (strcmp(p, "cache_max") == 0) { + } else if (strcmp(p, "cache_max") == 0) { opt.cache_max = atoi(q); if (opt.cache_max < 0) { goto usage; From 73d053123f9df90855938b0789b5d0fc79fb9ddb Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 9 Nov 2023 16:53:59 +0100 Subject: [PATCH 5/7] ssl-opt: set proper cipher dependencies in tests using ticket_aead parameters Check either legacy or PSA symbols based on USE_PSA_CRYPTO Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index befe1e1820..5879b255ab 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -368,6 +368,34 @@ requires_ciphersuite_enabled() { esac } +requires_cipher_enabled() { + KEY_TYPE=$1 + MODE=${2:-} + if is_config_enabled MBEDTLS_USE_PSA_CRYPTO; then + case "$KEY_TYPE" in + CHACHA20) + requires_config_enabled PSA_WANT_ALG_CHACHA20_POLY1305 + requires_config_enabled PSA_WANT_KEY_TYPE_CHACHA20 + ;; + *) + requires_config_enabled PSA_WANT_ALG_${MODE} + requires_config_enabled PSA_WANT_KEY_TYPE_${KEY_TYPE} + ;; + esac + else + case "$KEY_TYPE" in + CHACHA20) + requires_config_enabled MBEDTLS_CHACHA20_C + requires_config_enabled MBEDTLS_CHACHAPOLY_C + ;; + *) + requires_config_enabled MBEDTLS_${MODE}_C + requires_config_enabled MBEDTLS_${KEY_TYPE}_C + ;; + esac + fi +} + # Automatically detect required features based on command line parameters. # Parameters are: # - $1 = command line (call to a TLS client or server program) @@ -3848,6 +3876,7 @@ run_test "Session resume using tickets: openssl client" \ -s "session successfully restored from ticket" \ -s "a session has been resumed" +requires_cipher_enabled "AES" "GCM" run_test "Session resume using tickets: AES-128-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3862,6 +3891,7 @@ run_test "Session resume using tickets: AES-128-GCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "AES" "GCM" run_test "Session resume using tickets: AES-192-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3876,6 +3906,7 @@ run_test "Session resume using tickets: AES-192-GCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "AES" "CCM" run_test "Session resume using tickets: AES-128-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3890,6 +3921,7 @@ run_test "Session resume using tickets: AES-128-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "AES" "CCM" run_test "Session resume using tickets: AES-192-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3904,6 +3936,7 @@ run_test "Session resume using tickets: AES-192-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "AES" "CCM" run_test "Session resume using tickets: AES-256-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-256-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3918,6 +3951,7 @@ run_test "Session resume using tickets: AES-256-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "CAMELLIA" "CCM" run_test "Session resume using tickets: CAMELLIA-128-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-128-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3932,6 +3966,7 @@ run_test "Session resume using tickets: CAMELLIA-128-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "CAMELLIA" "CCM" run_test "Session resume using tickets: CAMELLIA-192-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-192-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3946,6 +3981,7 @@ run_test "Session resume using tickets: CAMELLIA-192-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "CAMELLIA" "CCM" run_test "Session resume using tickets: CAMELLIA-256-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-256-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3960,6 +3996,7 @@ run_test "Session resume using tickets: CAMELLIA-256-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "ARIA" "CCM" run_test "Session resume using tickets: ARIA-128-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3974,6 +4011,7 @@ run_test "Session resume using tickets: ARIA-128-GCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "ARIA" "CCM" run_test "Session resume using tickets: ARIA-192-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3988,6 +4026,7 @@ run_test "Session resume using tickets: ARIA-192-GCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "ARIA" "CCM" run_test "Session resume using tickets: ARIA-256-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -4002,6 +4041,7 @@ run_test "Session resume using tickets: ARIA-256-GCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "ARIA" "CCM" run_test "Session resume using tickets: ARIA-128-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -4016,6 +4056,7 @@ run_test "Session resume using tickets: ARIA-128-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "ARIA" "CCM" run_test "Session resume using tickets: ARIA-192-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -4030,6 +4071,7 @@ run_test "Session resume using tickets: ARIA-192-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "ARIA" "CCM" run_test "Session resume using tickets: ARIA-256-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -4044,6 +4086,7 @@ run_test "Session resume using tickets: ARIA-256-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "CHACHA20" run_test "Session resume using tickets: CHACHA20-POLY1305" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=CHACHA20-POLY1305" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ From c7473068487cf5763980a7396d05cc788031ce90 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:51:52 +0100 Subject: [PATCH 6/7] all.sh: remove redundant make in test_psa_crypto_config_accel_cipher_aead() Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 09c9819157..07e0e49835 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3687,8 +3687,6 @@ component_test_psa_crypto_config_accel_cipher_aead () { not grep mbedtls_chachapoly library/chachapoly.o not grep mbedtls_cmac library/cmac.o - make - # Run the tests # ------------- From 04c85e146c5c9bcffcd7020239809115f5a4b4e0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:54:05 +0100 Subject: [PATCH 7/7] ssl-opt: fix wrong CCM dependencies with GCM Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5879b255ab..9f00cc4f5c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3996,7 +3996,7 @@ run_test "Session resume using tickets: CAMELLIA-256-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_cipher_enabled "ARIA" "CCM" +requires_cipher_enabled "ARIA" "GCM" run_test "Session resume using tickets: ARIA-128-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -4011,7 +4011,7 @@ run_test "Session resume using tickets: ARIA-128-GCM" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_cipher_enabled "ARIA" "CCM" +requires_cipher_enabled "ARIA" "GCM" run_test "Session resume using tickets: ARIA-192-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -4026,7 +4026,7 @@ run_test "Session resume using tickets: ARIA-192-GCM" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_cipher_enabled "ARIA" "CCM" +requires_cipher_enabled "ARIA" "GCM" run_test "Session resume using tickets: ARIA-256-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \