From a1be1b8fbb3042e206dfc547ff39724c1a718ed3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 30 Oct 2024 14:20:14 +0100 Subject: [PATCH] Remove ECJPAKE interoperability testing We no longer have two (only partially distinct) implementations of ECJ-PAKE cipher suites in TLS, now that the non-MBEDTLS_USE_PSA_CRYPTO implementation is being removed. We may want to add this testing back in the future, but we'll have to use an old Mbed TLS instead of a differently-built one. https://github.com/Mbed-TLS/mbedtls/issues/9740 Signed-off-by: Gilles Peskine --- tests/scripts/components-configuration-tls.sh | 33 ------------------- 1 file changed, 33 deletions(-) diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index b8834d6095..e01a5989df 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -184,39 +184,6 @@ component_test_config_thread () { tests/ssl-opt.sh -f 'ECJPAKE.*nolog' } -# We're not aware of any other (open source) implementation of EC J-PAKE in TLS -# that we could use for interop testing. However, we now have sort of two -# implementations ourselves: one using PSA, the other not. At least test that -# these two interoperate with each other. -component_test_tls1_2_ecjpake_compatibility () { - msg "build: TLS1.2 server+client w/ EC-JPAKE w/o USE_PSA" - scripts/config.py set MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - # Explicitly make lib first to avoid a race condition: - # https://github.com/Mbed-TLS/mbedtls/issues/8229 - make lib - make -C programs ssl/ssl_server2 ssl/ssl_client2 - cp programs/ssl/ssl_server2 s2_no_use_psa - cp programs/ssl/ssl_client2 c2_no_use_psa - - msg "build: TLS1.2 server+client w/ EC-JPAKE w/ USE_PSA" - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO - make clean - make lib - make -C programs ssl/ssl_server2 ssl/ssl_client2 - make -C programs test/udp_proxy test/query_compile_time_config - - msg "test: server w/o USE_PSA - client w/ USE_PSA, text password" - P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: working, TLS" - msg "test: server w/o USE_PSA - client w/ USE_PSA, opaque password" - P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: opaque password client only, working, TLS" - msg "test: client w/o USE_PSA - server w/ USE_PSA, text password" - P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: working, TLS" - msg "test: client w/o USE_PSA - server w/ USE_PSA, opaque password" - P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: opaque password server only, working, TLS" - - rm s2_no_use_psa c2_no_use_psa -} - component_test_tls1_2_ccm_psk () { msg "build: configs/config-ccm-psk-tls1_2.h" cp configs/config-ccm-psk-tls1_2.h "$CONFIG_H"