mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-29 22:20:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

test: fix depends.py for hash tests

Browse Source 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit is contained in:
Valerio Setti 2022-12-22 14:28:03 +01:00
parent 543d00ef6f
commit b6bf7dcc28
2 changed files with 9 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
tests/scripts/depends.py
View File

@ -44,12 +44,6 @@ The configuration building method can be one of the three following:
direct dependencies, but rather non-trivial results of other configs missing. Then
look for any unset symbols and handle their reverse dependencies.
Examples of EXCLUSIVE_GROUPS usage:
- MBEDTLS_SHA256 job turns off all hashes except SHA256, however, when investigating
reverse dependencies, SHA224 is found to depend on SHA256, so it is disabled,
and then SHA256 is found to depend on SHA224, so it is also disabled. To handle
this, there's a field in EXCLUSIVE_GROUPS that states that in a SHA256 test SHA224
should also be enabled before processing reverse dependencies:
'MBEDTLS_SHA256_C': ['+MBEDTLS_SHA224_C']
- MBEDTLS_SHA512_C job turns off all hashes except SHA512. MBEDTLS_SSL_COOKIE_C
requires either SHA256 or SHA384 to work, so it also has to be disabled.
This is not a dependency on SHA512_C, but a result of an exclusive domain
@ -273,10 +267,6 @@ REVERSE_DEPENDENCIES = {
# These are not necessarily dependencies, but just minimal required changes
# if a given define is the only one enabled from an exclusive group.
EXCLUSIVE_GROUPS = {
'MBEDTLS_SHA224_C': ['+MBEDTLS_SSL_COOKIE_C'],
'MBEDTLS_SHA256_C': ['-MBEDTLS_SSL_COOKIE_C'],
'MBEDTLS_SHA384_C': ['+MBEDTLS_SHA512_C',
'+MBEDTLS_SSL_COOKIE_C'],
'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C',
'-MBEDTLS_SSL_PROTO_TLS1_3'],
'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['-MBEDTLS_ECDSA_C',
@ -419,15 +409,16 @@ class DomainData:
build_and_test),
# Elliptic curves. Run the test suites.
'curves': ExclusiveDomain(curve_symbols, build_and_test),
# Hash algorithms. Exclude three groups:
# - Exclusive domain of MD, RIPEMD, SHA1 (obsolete);
# - Exclusive domain of SHA224 (tested with and depends on SHA256);
# - Complementary domain of SHA224 and SHA384 - tested with and depend
# on SHA256 and SHA512, respectively.
# Hash algorithms. Exclude two groups:
# - Exclusive domain of MD, RIPEMD, SHA1;
# - Exclusive domain of SHA224 and SHA384, because MBEDTLS_ENTROPY_C
# is extensively used across various modules, but it depends on
# either SHA256 or SHA512. As a consequence an "exclusive" test
# of SHA224/SHA384 with MBEDTLS_ENTROPY_C enabled is not possible.
'hashes': DualDomain(hash_symbols, build_and_test,
exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)' \
'|MBEDTLS_SHA224_'\
'|!MBEDTLS_(SHA224_|SHA384_)'),
'|MBEDTLS_SHA224_' \
'|MBEDTLS_SHA384_'),
# Key exchange types. Only build the library and the sample
# programs.
'kex': ExclusiveDomain(key_exchange_symbols,

2
tests/suites/test_suite_x509parse.data
View File

@ -836,7 +836,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_HAS_ALG_S
x509_verify:"data_files/server9-bad-saltlen.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #69 (RSASSA-PSS, wrong mgf_hash)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_verify:"data_files/server9-bad-mgfhash.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #70 (v1 trusted CA)