mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-09 01:13:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #9021 from mpg/compat-fixes-3.6

Browse Source 
[3.6] Small fixes to compat.sh (partial forward-port)
This commit is contained in:
Manuel Pégourié-Gonnard 2024-04-24 07:11:54 +00:00 committed by GitHub
commit f6275b745f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 54 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
tests/compat.sh
View File

@ -588,7 +588,18 @@ add_mbedtls_ciphersuites()
# o_check_ciphersuite STANDARD_CIPHER_SUITE
o_check_ciphersuite()
{
if [ "${O_SUPPORT_ECDH}" = "NO" ]; then
# skip DTLS when lack of support was declared
if test "$OSSL_NO_DTLS" -gt 0 && is_dtls "$MODE"; then
SKIP_NEXT_="YES"
fi
# skip DTLS 1.2 is support was not detected
if [ "$O_SUPPORT_DTLS12" = "NO" -a "$MODE" = "dtls12" ]; then
SKIP_NEXT="YES"
fi
# skip static ECDH when OpenSSL doesn't support it
if [ "${O_SUPPORT_STATIC_ECDH}" = "NO" ]; then
case "$1" in
*ECDH_*) SKIP_NEXT="YES"
esac
@ -665,10 +676,25 @@ setup_arguments()
esac
case $($OPENSSL ciphers ALL) in
*ECDH-ECDSA*|*ECDH-RSA*) O_SUPPORT_ECDH="YES";;
*) O_SUPPORT_ECDH="NO";;
*ECDH-ECDSA*|*ECDH-RSA*) O_SUPPORT_STATIC_ECDH="YES";;
*) O_SUPPORT_STATIC_ECDH="NO";;
esac
case $($OPENSSL ciphers ALL) in
*DES-CBC-*) O_SUPPORT_SINGLE_DES="YES";;
*) O_SUPPORT_SINGLE_DES="NO";;
esac
# OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL
# supports -dtls1_2 from the s_server help. (The s_client
# help isn't accurate as of 1.0.2g: it supports DTLS 1.2
# but doesn't list it. But the s_server help seems to be
# accurate.)
O_SUPPORT_DTLS12="NO"
if $OPENSSL s_server -help 2>&1 | grep -q "^ *-dtls1_2 "; then
O_SUPPORT_DTLS12="YES"
fi
if [ "X$VERIFY" = "XYES" ];
then
M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
@ -1109,19 +1135,6 @@ for MODE in $MODES; do
[Oo]pen*)
if test "$OSSL_NO_DTLS" -gt 0 && is_dtls "$MODE"; then
continue;
fi
# OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL
# supports $O_MODE from the s_server help. (The s_client
# help isn't accurate as of 1.0.2g: it supports DTLS 1.2
# but doesn't list it. But the s_server help seems to be
# accurate.)
if ! $OPENSSL s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then
continue;
fi
reset_ciphersuites
add_common_ciphersuites
add_openssl_ciphersuites

45
tests/scripts/all.sh
View File

@ -1216,14 +1216,19 @@ component_test_full_cmake_gcc_asan () {
msg "test: main suites (inc. selftests) (full config, ASan build)"
make test
msg "test: selftest (ASan build)" # ~ 10s
msg "test: selftest (full config, ASan build)" # ~ 10s
programs/test/selftest
msg "test: ssl-opt.sh (full config, ASan build)"
tests/ssl-opt.sh
msg "test: compat.sh (full config, ASan build)"
tests/compat.sh
# Note: the next two invocations cover all compat.sh test cases.
# We should use the same here and in basic-build-test.sh.
msg "test: compat.sh: default version (full config, ASan build)"
tests/compat.sh -e 'ARIA\|CHACHA'
msg "test: compat.sh: next: ARIA, Chacha (full config, ASan build)"
env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
tests/context-info.sh
@ -1237,19 +1242,24 @@ component_test_full_cmake_gcc_asan_new_bignum () {
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: main suites (inc. selftests) (full config, ASan build)"
msg "test: main suites (inc. selftests) (full config, new bignum, ASan)"
make test
msg "test: selftest (ASan build)" # ~ 10s
msg "test: selftest (full config, new bignum, ASan)" # ~ 10s
programs/test/selftest
msg "test: ssl-opt.sh (full config, ASan build)"
msg "test: ssl-opt.sh (full config, new bignum, ASan)"
tests/ssl-opt.sh
msg "test: compat.sh (full config, ASan build)"
tests/compat.sh
# Note: the next two invocations cover all compat.sh test cases.
# We should use the same here and in basic-build-test.sh.
msg "test: compat.sh: default version (full config, new bignum, ASan)"
tests/compat.sh -e 'ARIA\|CHACHA'
msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
msg "test: compat.sh: next: ARIA, Chacha (full config, new bignum, ASan)"
env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
msg "test: context-info.sh (full config, new bignum, ASan)" # ~ 15 sec
tests/context-info.sh
}
@ -2165,12 +2175,6 @@ component_test_full_cmake_clang () {
msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
msg "test: compat.sh NULL (full config)" # ~ 2 min
tests/compat.sh -e '^$' -f 'NULL'
msg "test: compat.sh ARIA + ChachaPoly"
env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
}
skip_suites_without_constant_flow () {
@ -2614,13 +2618,12 @@ component_test_no_psa_crypto_full_cmake_asan() {
msg "test: ssl-opt.sh (full minus PSA crypto)"
tests/ssl-opt.sh
msg "test: compat.sh default (full minus PSA crypto)"
tests/compat.sh
# Note: the next two invocations cover all compat.sh test cases.
# We should use the same here and in basic-build-test.sh.
msg "test: compat.sh: default version (full minus PSA crypto)"
tests/compat.sh -e 'ARIA\|CHACHA'
msg "test: compat.sh NULL (full minus PSA crypto)"
tests/compat.sh -f 'NULL'
msg "test: compat.sh ARIA + ChachaPoly (full minus PSA crypto)"
msg "test: compat.sh: next: ARIA, Chacha (full minus PSA crypto)"
env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
}

6
tests/scripts/basic-build-test.sh
View File

@ -103,11 +103,7 @@ echo
echo '################ compat.sh ################'
{
echo '#### compat.sh: Default versions'
sh compat.sh
echo
echo '#### compat.sh: null cipher'
sh compat.sh -e '^$' -f 'NULL'
sh compat.sh -e 'ARIA\|CHACHA'
echo
echo '#### compat.sh: next (ARIA, ChaCha)'