compat.sh: skip static ECDH cases if unsupported in openssl

This commit add support to detect if openssl used for testing supports static ECDH key exchange. Skip the ciphersutes if openssl doesn't support them. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2025-08-22 04:23:07 -04:00 · 2023-02-20 18:05:21 +08:00 · 2023-02-20 18:05:21 +08:00 · 02a76a507b
commit 02a76a507b
parent 4dcc08c244
1 changed files with 17 additions and 0 deletions
--- a/tests/compat.sh
+++ b/tests/compat.sh
@ -861,6 +861,16 @@ add_mbedtls_ciphersuites()
    esac
 }

+# o_check_ciphersuite CIPHER_SUITE_NAME
+o_check_ciphersuite()
+{
+    if [ "${O_SUPPORT_ECDH}" = "NO" ]; then
+        case "$1" in
+            *ECDH-*) SKIP_NEXT="YES"
+        esac
+    fi
+}
+
 setup_arguments()
 {
    O_MODE=""
@ -947,6 +957,11 @@ setup_arguments()
            ;;
    esac

+    case $($OPENSSL ciphers ALL) in
+        *ECDH-ECDSA*|*ECDH-RSA*) O_SUPPORT_ECDH="YES";;
+        *) O_SUPPORT_ECDH="NO";;
+    esac
+
    if [ "X$VERIFY" = "XYES" ];
    then
        M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
@ -1373,6 +1388,7 @@ for MODE in $MODES; do
                    if [ "X" != "X$M_CIPHERS" ]; then
                        start_server "OpenSSL"
                        for i in $M_CIPHERS; do
+                            o_check_ciphersuite "$i"
                            run_client mbedTLS $i
                        done
                        stop_server
@ -1381,6 +1397,7 @@ for MODE in $MODES; do
                    if [ "X" != "X$O_CIPHERS" ]; then
                        start_server "mbedTLS"
                        for i in $O_CIPHERS; do
+                            o_check_ciphersuite "$i"
                            run_client OpenSSL $i
                        done
                        stop_server