Add some missing dependencies on crypto features

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-14 01:26:49 +00:00 · 2024-04-29 17:42:52 +02:00 · 2024-04-29 17:42:52 +02:00 · 80e54a20ac
commit 80e54a20ac
parent 02cd7168e6
1 changed files with 23 additions and 1 deletions
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -2705,12 +2705,15 @@ run_test    "Context-specific CRT verification callback" \
            -C "error"

 # Tests for SHA-1 support
+requires_hash_alg SHA_1
+requires_config_enabled MBEDTLS_RSA_C
 run_test    "SHA-1 forbidden by default in server certificate" \
            "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
            "$P_CLI debug_level=2 force_version=tls12 allow_sha1=0" \
            1 \
            -c "The certificate is signed with an unacceptable hash"

+requires_hash_alg SHA_1
 run_test    "SHA-1 explicitly allowed in server certificate" \
            "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
            "$P_CLI force_version=tls12 allow_sha1=1" \
@ -2721,17 +2724,23 @@ run_test    "SHA-256 allowed by default in server certificate" \
            "$P_CLI force_version=tls12 allow_sha1=0" \
            0

+requires_hash_alg SHA_1
+requires_config_enabled MBEDTLS_RSA_C
 run_test    "SHA-1 forbidden by default in client certificate" \
            "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \
            "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
            1 \
            -s "The certificate is signed with an unacceptable hash"

+requires_hash_alg SHA_1
+requires_config_enabled MBEDTLS_RSA_C
 run_test    "SHA-1 explicitly allowed in client certificate" \
            "$P_SRV force_version=tls12 auth_mode=required allow_sha1=1" \
            "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
            0

+requires_config_enabled MBEDTLS_RSA_C
+requires_hash_alg SHA_256
 run_test    "SHA-256 allowed by default in client certificate" \
            "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \
            "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \
@ -9076,11 +9085,24 @@ run_test    "ECJPAKE: working, DTLS, nolog" \

 # Test for ClientHello without extensions

+# Without extensions, ECC is impossible (no curve negotiation).
+requires_config_enabled MBEDTLS_RSA_C
 requires_gnutls
-run_test    "ClientHello without extensions" \
+run_test    "ClientHello without extensions: RSA" \
            "$P_SRV force_version=tls12 debug_level=3" \
            "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
            0 \
+            -s "Ciphersuite is .*-RSA-WITH-.*" \
+            -S "Ciphersuite is .*-EC.*" \
+            -s "dumping 'client hello extensions' (0 bytes)"
+
+requires_gnutls
+run_test    "ClientHello without extensions: PSK" \
+            "$P_SRV force_version=tls12 debug_level=3 psk=73776f726466697368" \
+            "$G_CLI --priority=NORMAL:+PSK:-RSA:-DHE-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \
+            0 \
+            -s "Ciphersuite is .*-PSK-.*" \
+            -S "Ciphersuite is .*-EC.*" \
            -s "dumping 'client hello extensions' (0 bytes)"

 # Tests for mbedtls_ssl_get_bytes_avail()