diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 6469c3d0a3..67bf6ddff7 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -44,12 +44,6 @@ The configuration building method can be one of the three following: direct dependencies, but rather non-trivial results of other configs missing. Then look for any unset symbols and handle their reverse dependencies. Examples of EXCLUSIVE_GROUPS usage: - - MBEDTLS_SHA256 job turns off all hashes except SHA256, however, when investigating - reverse dependencies, SHA224 is found to depend on SHA256, so it is disabled, - and then SHA256 is found to depend on SHA224, so it is also disabled. To handle - this, there's a field in EXCLUSIVE_GROUPS that states that in a SHA256 test SHA224 - should also be enabled before processing reverse dependencies: - 'MBEDTLS_SHA256_C': ['+MBEDTLS_SHA224_C'] - MBEDTLS_SHA512_C job turns off all hashes except SHA512. MBEDTLS_SSL_COOKIE_C requires either SHA256 or SHA384 to work, so it also has to be disabled. This is not a dependency on SHA512_C, but a result of an exclusive domain @@ -273,10 +267,6 @@ REVERSE_DEPENDENCIES = { # These are not necessarily dependencies, but just minimal required changes # if a given define is the only one enabled from an exclusive group. EXCLUSIVE_GROUPS = { - 'MBEDTLS_SHA224_C': ['+MBEDTLS_SSL_COOKIE_C'], - 'MBEDTLS_SHA256_C': ['-MBEDTLS_SSL_COOKIE_C'], - 'MBEDTLS_SHA384_C': ['+MBEDTLS_SHA512_C', - '+MBEDTLS_SSL_COOKIE_C'], 'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C', '-MBEDTLS_SSL_PROTO_TLS1_3'], 'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['-MBEDTLS_ECDSA_C', @@ -419,15 +409,16 @@ class DomainData: build_and_test), # Elliptic curves. Run the test suites. 'curves': ExclusiveDomain(curve_symbols, build_and_test), - # Hash algorithms. Exclude three groups: - # - Exclusive domain of MD, RIPEMD, SHA1 (obsolete); - # - Exclusive domain of SHA224 (tested with and depends on SHA256); - # - Complementary domain of SHA224 and SHA384 - tested with and depend - # on SHA256 and SHA512, respectively. + # Hash algorithms. Exclude two groups: + # - Exclusive domain of MD, RIPEMD, SHA1; + # - Exclusive domain of SHA224 and SHA384, because MBEDTLS_ENTROPY_C + # is extensively used across various modules, but it depends on + # either SHA256 or SHA512. As a consequence an "exclusive" test + # of SHA224/SHA384 with MBEDTLS_ENTROPY_C enabled is not possible. 'hashes': DualDomain(hash_symbols, build_and_test, exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)' \ - '|MBEDTLS_SHA224_'\ - '|!MBEDTLS_(SHA224_|SHA384_)'), + '|MBEDTLS_SHA224_' \ + '|MBEDTLS_SHA384_'), # Key exchange types. Only build the library and the sample # programs. 'kex': ExclusiveDomain(key_exchange_symbols, diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index b709112aa5..5fcbf99dfb 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -836,7 +836,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_HAS_ALG_S x509_verify:"data_files/server9-bad-saltlen.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #69 (RSASSA-PSS, wrong mgf_hash) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_verify:"data_files/server9-bad-mgfhash.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #70 (v1 trusted CA)