lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-28 23:14:56 +03:00
Code Activity

Reduce adherence on "legacy" OpenSSL and GnuTLS

Browse Source 
None of the tests actually need GNUTLS_LEGACY (3.3.8): GNUTLS (3.4.10)
works.

Only single-DES actually needs OPENSSL_LEGACY (1.0.1j). For the rest,
OPENSSL (1.0.2g) works.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2023-08-27 21:33:41 +02:00
parent af2ad3dba7
commit c67c3b3db6
2 changed files with 13 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
tests/scripts/all.sh
View File

@@ -1031,8 +1031,7 @@ component_test_sslv3 () {
make test make test
msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min
tests/compat.sh -m 'tls1 tls1_1 tls12 dtls1 dtls12' tests/compat.sh -m 'ssl3 tls1 tls1_1 tls12 dtls1 dtls12'
env OPENSSL="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min
tests/ssl-opt.sh tests/ssl-opt.sh
@@ -1590,8 +1589,11 @@ component_test_full_cmake_clang () {
msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
msg "test: compat.sh RC4, DES, 3DES & NULL (full config)" # ~ 2 min msg "test: compat.sh RC4, 3DES & NULL (full config)" # ~ 2min
env OPENSSL="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' tests/compat.sh -e '^$' -f 'NULL\|3DES\|DES-CBC3\|RC4\|ARCFOUR'
msg "test: compat.sh single-DES (full config)" # ~ 30s
env OPENSSL="$OPENSSL_LEGACY" tests/compat.sh -e '3DES\|DES-CBC3' -f 'DES'
msg "test: compat.sh ARIA + ChachaPoly" msg "test: compat.sh ARIA + ChachaPoly"
env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
@@ -1881,8 +1883,11 @@ component_test_no_use_psa_crypto_full_cmake_asan() {
msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)" msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)"
tests/compat.sh tests/compat.sh
msg "test: compat.sh RC4, DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)" msg "test: compat.sh RC4, 3DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
env OPENSSL="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' tests/compat.sh -e '^$' -f 'NULL\|3DES\|DES-CBC3\|RC4\|ARCFOUR'
msg "test: compat.sh single-DES (full minus MBEDTLS_USE_PSA_CRYPTO)"
env OPENSSL="$OPENSSL_LEGACY" tests/compat.sh -e '3DES\|DES-CBC3' -f 'DES'
msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)" msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)"
env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'

8
tests/scripts/basic-build-test.sh
View File

@@ -120,12 +120,8 @@ echo
# Step 2c - Compatibility tests (keep going even if some tests fail) # Step 2c - Compatibility tests (keep going even if some tests fail)
echo '################ compat.sh ################' echo '################ compat.sh ################'
{ {
echo '#### compat.sh: Default versions' echo '#### compat.sh: Default ciphers'
sh compat.sh -m 'tls1 tls1_1 tls12 dtls1 dtls12' sh compat.sh -m 'ssl3 tls1 tls1_1 tls12 dtls1 dtls12'
echo
echo '#### compat.sh: legacy (SSLv3)'
OPENSSL="$OPENSSL_LEGACY" sh compat.sh -m 'ssl3'
echo echo
echo '#### compat.sh: legacy (null, DES, RC4)' echo '#### compat.sh: legacy (null, DES, RC4)'