mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-29 11:41:15 +03:00
all.sh: Disable TLS 1.3 when pre-requisites are not meet
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
@ -1305,6 +1305,7 @@ component_test_default_psa_crypto_client_without_crypto_provider () {
|
|||||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
||||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
|
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
|
||||||
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT
|
||||||
scripts/config.py unset MBEDTLS_LMS_C
|
scripts/config.py unset MBEDTLS_LMS_C
|
||||||
|
|
||||||
@ -1843,6 +1844,8 @@ component_test_tls1_2_default_stream_cipher_only () {
|
|||||||
scripts/config.py unset MBEDTLS_GCM_C
|
scripts/config.py unset MBEDTLS_GCM_C
|
||||||
scripts/config.py unset MBEDTLS_CCM_C
|
scripts/config.py unset MBEDTLS_CCM_C
|
||||||
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
||||||
|
#Disable TLS 1.3 (as no AEAD)
|
||||||
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||||
# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
||||||
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
|
||||||
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||||
@ -1869,6 +1872,8 @@ component_test_tls1_2_default_stream_cipher_only_use_psa () {
|
|||||||
scripts/config.py unset MBEDTLS_GCM_C
|
scripts/config.py unset MBEDTLS_GCM_C
|
||||||
scripts/config.py unset MBEDTLS_CCM_C
|
scripts/config.py unset MBEDTLS_CCM_C
|
||||||
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
||||||
|
#Disable TLS 1.3 (as no AEAD)
|
||||||
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||||
# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
||||||
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
|
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
|
||||||
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||||
@ -1894,6 +1899,8 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () {
|
|||||||
scripts/config.py unset MBEDTLS_GCM_C
|
scripts/config.py unset MBEDTLS_GCM_C
|
||||||
scripts/config.py unset MBEDTLS_CCM_C
|
scripts/config.py unset MBEDTLS_CCM_C
|
||||||
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
||||||
|
#Disable TLS 1.3 (as no AEAD)
|
||||||
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||||
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
||||||
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
|
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
|
||||||
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||||
@ -1921,6 +1928,8 @@ component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () {
|
|||||||
scripts/config.py unset MBEDTLS_GCM_C
|
scripts/config.py unset MBEDTLS_GCM_C
|
||||||
scripts/config.py unset MBEDTLS_CCM_C
|
scripts/config.py unset MBEDTLS_CCM_C
|
||||||
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
||||||
|
#Disable TLS 1.3 (as no AEAD)
|
||||||
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||||
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
||||||
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
|
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
|
||||||
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||||
@ -1947,6 +1956,8 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () {
|
|||||||
scripts/config.py unset MBEDTLS_GCM_C
|
scripts/config.py unset MBEDTLS_GCM_C
|
||||||
scripts/config.py unset MBEDTLS_CCM_C
|
scripts/config.py unset MBEDTLS_CCM_C
|
||||||
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
||||||
|
#Disable TLS 1.3 (as no AEAD)
|
||||||
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||||
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
||||||
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
|
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
|
||||||
# Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
# Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||||
@ -1974,6 +1985,8 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () {
|
|||||||
scripts/config.py unset MBEDTLS_GCM_C
|
scripts/config.py unset MBEDTLS_GCM_C
|
||||||
scripts/config.py unset MBEDTLS_CCM_C
|
scripts/config.py unset MBEDTLS_CCM_C
|
||||||
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
||||||
|
#Disable TLS 1.3 (as no AEAD)
|
||||||
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||||
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
|
||||||
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
|
scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
|
||||||
# Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
# Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||||
@ -4645,6 +4658,7 @@ component_test_no_max_fragment_length () {
|
|||||||
component_test_asan_remove_peer_certificate () {
|
component_test_asan_remove_peer_certificate () {
|
||||||
msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)"
|
msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)"
|
||||||
scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
|
scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
|
||||||
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||||
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||||
make
|
make
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user