Merge pull request #7137 from lpy4105/issue/1785/ssl-test-script-fail

compat.sh: Skip static ECDH cases if unsupported in openssl
2025-01-26 12:35:20 +00:00 · 2023-02-28 18:11:39 +01:00 · 2023-02-28 18:11:39 +01:00 · e4616830b3
commit e4616830b3
parent 17152df58d 9e7bb2a92c
2 changed files with 20 additions and 3 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -52,8 +52,8 @@ jobs:
        - programs/test/selftest
        - tests/scripts/test_psa_constant_names.py
        - tests/ssl-opt.sh
-        # Modern OpenSSL does not support fixed ECDH or null ciphers.
-        - tests/compat.sh -p OpenSSL -e 'NULL\|ECDH_'
+        # Modern OpenSSL does not support null ciphers.
+        - tests/compat.sh -p OpenSSL -e 'NULL'
        - tests/scripts/travis-log-failure.sh
        # GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it.
        - tests/compat.sh -p GnuTLS -e 'CAMELLIA'
--- a/tests/compat.sh
+++ b/tests/compat.sh
@ -534,6 +534,16 @@ add_mbedtls_ciphersuites()
    esac
 }

+# o_check_ciphersuite STANDARD_CIPHER_SUITE
+o_check_ciphersuite()
+{
+    if [ "${O_SUPPORT_ECDH}" = "NO" ]; then
+        case "$1" in
+            *ECDH_*) SKIP_NEXT="YES"
+        esac
+    fi
+}
+
 setup_arguments()
 {
    O_MODE=""
@ -603,6 +613,11 @@ setup_arguments()
            ;;
    esac

+    case $($OPENSSL ciphers ALL) in
+        *ECDH-ECDSA*|*ECDH-RSA*) O_SUPPORT_ECDH="YES";;
+        *) O_SUPPORT_ECDH="NO";;
+    esac
+
    if [ "X$VERIFY" = "XYES" ];
    then
        M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
@ -819,7 +834,7 @@ run_client() {
            if [ $EXIT -eq 0 ]; then
                RESULT=0
            else
-                # If the cipher isn't supported...
+                # If it is NULL cipher ...
                if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then
                    RESULT=1
                else
@ -1033,6 +1048,7 @@ for MODE in $MODES; do
                        start_server "OpenSSL"
                        translate_ciphers m $M_CIPHERS
                        for i in $ciphers; do
+                            o_check_ciphersuite "${i%%=*}"
                            run_client mbedTLS ${i%%=*} ${i#*=}
                        done
                        stop_server
@ -1042,6 +1058,7 @@ for MODE in $MODES; do
                        start_server "mbedTLS"
                        translate_ciphers o $O_CIPHERS
                        for i in $ciphers; do
+                            o_check_ciphersuite "${i%%=*}"
                            run_client OpenSSL ${i%%=*} ${i#*=}
                        done
                        stop_server