mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-29 12:32:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add ChachaPoly ciphersuites to compat.sh

Browse Source 
This is disabled by default since it requires OpenSSL >= 1.1.0 and the current
default version on the CI is 1.0.2. However, the CI also has 1.1.1-rc which
can be used for this.
This commit is contained in:
Manuel Pégourié-Gonnard 2018-06-18 11:38:22 +02:00
parent 2e58e8ee34
commit 9fece7ee91
2 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
tests/compat.sh
View File

@ -61,7 +61,8 @@ FILTER=""
# - RC4, single-DES: requires legacy OpenSSL/GnuTLS versions # - RC4, single-DES: requires legacy OpenSSL/GnuTLS versions
# avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL) # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL)
# - ARIA: not in default config.h + requires OpenSSL >= 1.1.1 # - ARIA: not in default config.h + requires OpenSSL >= 1.1.1
EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR\|ARIA' # - ChachaPoly: requires OpenSSL >= 1.1.0
EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR\|ARIA\|CHACHA20-POLY1305'
VERBOSE="" VERBOSE=""
MEMCHECK=0 MEMCHECK=0
PEERS="OpenSSL$PEER_GNUTLS mbedTLS" PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
@ -440,6 +441,9 @@ add_common_ciphersuites()
# NOTE: for some reason RSA-PSK doesn't work with OpenSSL, # NOTE: for some reason RSA-PSK doesn't work with OpenSSL,
# so RSA-PSK ciphersuites need to go in other sections, see # so RSA-PSK ciphersuites need to go in other sections, see
# https://github.com/ARMmbed/mbedtls/issues/1419 # https://github.com/ARMmbed/mbedtls/issues/1419
#
# ChachaPoly suites are here rather than in "common", as they were added in
# GnuTLS in 3.5.0 and the CI only has 3.4.x so far.
add_openssl_ciphersuites() add_openssl_ciphersuites()
{ {
case $TYPE in case $TYPE in
@ -471,6 +475,7 @@ add_openssl_ciphersuites()
TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \ TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \ TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \
TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \ TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \
TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
" "
O_CIPHERS="$O_CIPHERS \ O_CIPHERS="$O_CIPHERS \
ECDH-ECDSA-AES128-SHA256 \ ECDH-ECDSA-AES128-SHA256 \
@ -479,6 +484,7 @@ add_openssl_ciphersuites()
ECDH-ECDSA-AES256-GCM-SHA384 \ ECDH-ECDSA-AES256-GCM-SHA384 \
ECDHE-ECDSA-ARIA256-GCM-SHA384 \ ECDHE-ECDSA-ARIA256-GCM-SHA384 \
ECDHE-ECDSA-ARIA128-GCM-SHA256 \ ECDHE-ECDSA-ARIA128-GCM-SHA256 \
ECDHE-ECDSA-CHACHA20-POLY1305 \
" "
fi fi
;; ;;
@ -501,6 +507,8 @@ add_openssl_ciphersuites()
TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \ TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \
TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \ TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \
TLS-RSA-WITH-ARIA-128-GCM-SHA256 \ TLS-RSA-WITH-ARIA-128-GCM-SHA256 \
TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
" "
O_CIPHERS="$O_CIPHERS \ O_CIPHERS="$O_CIPHERS \
ECDHE-ARIA256-GCM-SHA384 \ ECDHE-ARIA256-GCM-SHA384 \
@ -509,6 +517,8 @@ add_openssl_ciphersuites()
ECDHE-ARIA128-GCM-SHA256 \ ECDHE-ARIA128-GCM-SHA256 \
DHE-RSA-ARIA128-GCM-SHA256 \ DHE-RSA-ARIA128-GCM-SHA256 \
ARIA128-GCM-SHA256 \ ARIA128-GCM-SHA256 \
DHE-RSA-CHACHA20-POLY1305 \
ECDHE-RSA-CHACHA20-POLY1305 \
" "
fi fi
;; ;;
@ -521,12 +531,18 @@ add_openssl_ciphersuites()
TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \ TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \
TLS-PSK-WITH-ARIA-256-GCM-SHA384 \ TLS-PSK-WITH-ARIA-256-GCM-SHA384 \
TLS-PSK-WITH-ARIA-128-GCM-SHA256 \ TLS-PSK-WITH-ARIA-128-GCM-SHA256 \
TLS-PSK-WITH-CHACHA20-POLY1305-SHA256 \
TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
" "
O_CIPHERS="$O_CIPHERS \ O_CIPHERS="$O_CIPHERS \
DHE-PSK-ARIA256-GCM-SHA384 \ DHE-PSK-ARIA256-GCM-SHA384 \
DHE-PSK-ARIA128-GCM-SHA256 \ DHE-PSK-ARIA128-GCM-SHA256 \
PSK-ARIA256-GCM-SHA384 \ PSK-ARIA256-GCM-SHA384 \
PSK-ARIA128-GCM-SHA256 \ PSK-ARIA128-GCM-SHA256 \
DHE-PSK-CHACHA20-POLY1305 \
ECDHE-PSK-CHACHA20-POLY1305 \
PSK-CHACHA20-POLY1305 \
" "
fi fi
;; ;;
@ -830,6 +846,7 @@ add_mbedtls_ciphersuites()
TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256 \ TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256 \
TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 \ TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 \
TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 \ TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 \
TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 \
" "
fi fi
;; ;;

4
tests/scripts/all.sh
View File

@ -543,8 +543,8 @@ if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min
if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
msg "test: compat.sh ARIA" msg "test: compat.sh ARIA + ChachaPoly"
if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA' if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
msg "test/build: curves.pl (gcc)" # ~ 4 min msg "test/build: curves.pl (gcc)" # ~ 4 min
cleanup cleanup