From f27472b12879cceee843ab014e0f21c050099ff1 Mon Sep 17 00:00:00 2001 From: valerio Date: Thu, 9 Mar 2023 16:19:35 +0100 Subject: [PATCH 1/5] ssl-opt: enable test and fix failures for reference ECDH + USE_PSA" Signed-off-by: valerio --- tests/scripts/all.sh | 3 ++- tests/ssl-opt.sh | 26 ++++++++++++++++++-------- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5a9ccbcff5..9b4f526a04 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2328,7 +2328,8 @@ component_test_psa_crypto_config_reference_ecdh_use_psa () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with reference ECDH + USE_PSA" make test - # ssl-opt.sh later when the accel component is ready + msg "test: ssl-opt.sh" + tests/ssl-opt.sh } component_test_psa_crypto_config_accel_rsa_signature () { diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d73ef0f873..2951513bd8 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -284,10 +284,16 @@ TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" +# An optional parameter can be specified in order to limit key exchanges in +# TLS 1.2 (in TLS 1.3 it has no effect). requires_key_exchange_with_cert_in_tls12_or_tls13_enabled() { + KEX_SUBSET=${1:-} if $P_QUERY -all MBEDTLS_SSL_PROTO_TLS1_2 then - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT + case $KEX_SUBSET in + ECDSA) requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT ;; + *) requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT ;; + esac elif ! $P_QUERY -all MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED then SKIP_NEXT="YES" @@ -1965,6 +1971,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED requires_hash_alg SHA_256 run_test "Opaque key for client authentication: ECDHE-RSA" \ "$P_SRV auth_mode=required crt_file=data_files/server2-sha256.crt \ @@ -2244,6 +2251,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED requires_hash_alg SHA_256 run_test "Opaque key for server authentication: ECDHE-RSA" \ "$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \ @@ -2330,6 +2338,7 @@ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED run_test "Opaque keys for server authentication: RSA keys with different algs" \ "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \ key_file=data_files/server2.key key_opaque_algs=rsa-sign-pss,none \ @@ -2394,6 +2403,7 @@ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED run_test "Opaque key for client/server authentication: ECDHE-RSA" \ "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \ key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ @@ -5622,7 +5632,7 @@ MAX_IM_CA='8' # are in place so that the semantics are consistent with the test description. requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled +requires_key_exchange_with_cert_in_tls12_or_tls13_enabled ECDSA run_test "Authentication: server max_int chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ key_file=data_files/dir-maxpath/09.key" \ @@ -5632,7 +5642,7 @@ run_test "Authentication: server max_int chain, client default" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled +requires_key_exchange_with_cert_in_tls12_or_tls13_enabled ECDSA run_test "Authentication: server max_int+1 chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -5643,7 +5653,7 @@ run_test "Authentication: server max_int+1 chain, client default" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Authentication: server max_int+1 chain, client optional" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -5655,7 +5665,7 @@ run_test "Authentication: server max_int+1 chain, client optional" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Authentication: server max_int+1 chain, client none" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -5929,7 +5939,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Authentication, CA callback: server max_int chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ key_file=data_files/dir-maxpath/09.key" \ @@ -5942,7 +5952,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Authentication, CA callback: server max_int+1 chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -5955,7 +5965,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Authentication, CA callback: server max_int+1 chain, client optional" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ From 2bf85e349dabedfec59128f3ac3b5a5eeb049363 Mon Sep 17 00:00:00 2001 From: valerio Date: Thu, 9 Mar 2023 16:39:07 +0100 Subject: [PATCH 2/5] ssl-opt: enable test for accelerated ECDH + USE_PSA Signed-off-by: valerio --- tests/scripts/all.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9b4f526a04..d811446754 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2309,7 +2309,8 @@ component_test_psa_crypto_config_accel_ecdh_use_psa () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA" make test - # ssl-opt.sh later (probably doesn't pass right now) + msg "test: ssl-opt.sh" + tests/ssl-opt.sh } # Keep in sync with component_test_psa_crypto_config_accel_ecdh_use_psa. From 77588e94516ee2b34f0e7067b94e3e6f55a01a51 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Mar 2023 12:00:10 +0100 Subject: [PATCH 3/5] ssl-opt: uniformize requirements in tests Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2951513bd8..f08d055751 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -284,16 +284,10 @@ TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" -# An optional parameter can be specified in order to limit key exchanges in -# TLS 1.2 (in TLS 1.3 it has no effect). requires_key_exchange_with_cert_in_tls12_or_tls13_enabled() { - KEX_SUBSET=${1:-} if $P_QUERY -all MBEDTLS_SSL_PROTO_TLS1_2 then - case $KEX_SUBSET in - ECDSA) requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT ;; - *) requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT ;; - esac + requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT elif ! $P_QUERY -all MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED then SKIP_NEXT="YES" @@ -530,7 +524,7 @@ populate_enabled_hash_algs() hash_alg_variable=HAS_ALG_${hash_alg} eval ${hash_alg_variable}=YES fi - done + done } # skip next test if the given hash alg is not supported @@ -5632,7 +5626,8 @@ MAX_IM_CA='8' # are in place so that the semantics are consistent with the test description. requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled ECDSA +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Authentication: server max_int chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ key_file=data_files/dir-maxpath/09.key" \ @@ -5642,7 +5637,8 @@ run_test "Authentication: server max_int chain, client default" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled ECDSA +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Authentication: server max_int+1 chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ From 80318d2775ffff85e2b95f9adc52f695bcb29709 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Mar 2023 12:26:42 +0100 Subject: [PATCH 4/5] ssl-opt: automatically detect requirements when using certs in dir-maxpath Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 27 ++------------------------- 1 file changed, 2 insertions(+), 25 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f08d055751..e8fe6d9ab1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -395,7 +395,8 @@ detect_required_features() { case "$1" in *server5*|\ - *server7*) + *server7*|\ + *dir-maxpath*) if [ "$3" = "TLS13" ]; then # In case of TLS13 the support for ECDSA is enough requires_pk_alg "ECDSA" @@ -5626,8 +5627,6 @@ MAX_IM_CA='8' # are in place so that the semantics are consistent with the test description. requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Authentication: server max_int chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ key_file=data_files/dir-maxpath/09.key" \ @@ -5637,8 +5636,6 @@ run_test "Authentication: server max_int chain, client default" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Authentication: server max_int+1 chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -5648,8 +5645,6 @@ run_test "Authentication: server max_int+1 chain, client default" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Authentication: server max_int+1 chain, client optional" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -5660,8 +5655,6 @@ run_test "Authentication: server max_int+1 chain, client optional" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Authentication: server max_int+1 chain, client none" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -5672,7 +5665,6 @@ run_test "Authentication: server max_int+1 chain, client none" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: client max_int+1 chain, server default" \ "$P_SRV ca_file=data_files/dir-maxpath/00.crt" \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ @@ -5682,7 +5674,6 @@ run_test "Authentication: client max_int+1 chain, server default" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: client max_int+1 chain, server optional" \ "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ @@ -5692,7 +5683,6 @@ run_test "Authentication: client max_int+1 chain, server optional" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: client max_int+1 chain, server required" \ "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ @@ -5702,7 +5692,6 @@ run_test "Authentication: client max_int+1 chain, server required" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: client max_int chain, server required" \ "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \ @@ -5934,8 +5923,6 @@ run_test "Authentication, CA callback: client badcert, server optional" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Authentication, CA callback: server max_int chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ key_file=data_files/dir-maxpath/09.key" \ @@ -5947,8 +5934,6 @@ run_test "Authentication, CA callback: server max_int chain, client default" requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Authentication, CA callback: server max_int+1 chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -5960,8 +5945,6 @@ run_test "Authentication, CA callback: server max_int+1 chain, client default requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Authentication, CA callback: server max_int+1 chain, client optional" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -5974,8 +5957,6 @@ run_test "Authentication, CA callback: server max_int+1 chain, client optiona requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client max_int+1 chain, server optional" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ @@ -5987,8 +5968,6 @@ run_test "Authentication, CA callback: client max_int+1 chain, server optiona requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client max_int+1 chain, server required" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ @@ -6000,8 +5979,6 @@ run_test "Authentication, CA callback: client max_int+1 chain, server require requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client max_int chain, server required" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \ From e7f896d73f769d3d15c800597436e841a95752d4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Mar 2023 13:55:28 +0100 Subject: [PATCH 5/5] fix extra whitespaces Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e8fe6d9ab1..e2b1e04fff 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -287,7 +287,7 @@ TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ requires_key_exchange_with_cert_in_tls12_or_tls13_enabled() { if $P_QUERY -all MBEDTLS_SSL_PROTO_TLS1_2 then - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT + requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT elif ! $P_QUERY -all MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED then SKIP_NEXT="YES" @@ -525,7 +525,7 @@ populate_enabled_hash_algs() hash_alg_variable=HAS_ALG_${hash_alg} eval ${hash_alg_variable}=YES fi - done + done } # skip next test if the given hash alg is not supported