From a76a6ff8dfc1bae021bcad0210acd1397dfc42c4 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 1 Jul 2024 11:32:33 +0200
Subject: [PATCH] Adjust TLS protocol cases for 2.28

TLS 1.3 is still experimental and partial, and SSL3 is obsolete, so we don't
expect much coverage about them, in particular we don't expect them to be
the sole supported version. TLS 1.0 and 1.1 exist and we expect good
coverage for them.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/generate_config_tests.py               |  3 ++-
 tests/suites/test_suite_config.tls_combinations.data | 12 ++++++++----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/tests/scripts/generate_config_tests.py b/tests/scripts/generate_config_tests.py
index a0ae1d4516..7b62a65530 100755
--- a/tests/scripts/generate_config_tests.py
+++ b/tests/scripts/generate_config_tests.py
@@ -57,6 +57,7 @@ SIMPLE_DEPENDENCIES = {
     'MBEDTLS_PSA_CRYPTO_CLIENT': '!MBEDTLS_PSA_CRYPTO_C',
     'MBEDTLS_PSA_INJECT_ENTROPY': 'MBEDTLS_PSA_CRYPTO_C',
     'MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS': 'MBEDTLS_PSA_CRYPTO_C',
+    'MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL': 'MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C',
 }
 
 def dependencies_of_setting(cfg: config.Config,
@@ -92,7 +93,7 @@ def dependencies_of_setting(cfg: config.Config,
         # tests that only run Mbed TLS against itself, which only run in
         # configurations with both sides enabled.
         if name.startswith('MBEDTLS_SSL_TLS1_3_'):
-            return 'MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_PROTO_TLS1_3'
+            return 'MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL'
         if name.startswith('MBEDTLS_SSL_DTLS_'):
             return 'MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_PROTO_DTLS'
         if name.startswith('MBEDTLS_SSL_'):
diff --git a/tests/suites/test_suite_config.tls_combinations.data b/tests/suites/test_suite_config.tls_combinations.data
index cbc57d6cd3..2631d6016f 100644
--- a/tests/suites/test_suite_config.tls_combinations.data
+++ b/tests/suites/test_suite_config.tls_combinations.data
@@ -1,9 +1,13 @@
 # Interesting combinations of TLS options
 
-Config: TLS 1.2 without TLS 1.3
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3
+Config: TLS 1.0 only
+depends_on:!MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SSL_PROTO_TLS1:!MBEDTLS_SSL_PROTO_TLS1_1:!MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 pass:
 
-Config: TLS 1.3 without TLS 1.2
-depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2
+Config: TLS 1.1 only
+depends_on:!MBEDTLS_SSL_PROTO_SSL3:!MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SSL_PROTO_TLS1_1:!MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+pass:
+
+Config: TLS 1.2 only
+depends_on:!MBEDTLS_SSL_PROTO_SSL3:!MBEDTLS_SSL_PROTO_TLS1:!MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 pass: