diff --git a/tests/compat.sh b/tests/compat.sh index d7a91b47e..20f2dbda6 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -588,7 +588,18 @@ add_mbedtls_ciphersuites() # o_check_ciphersuite STANDARD_CIPHER_SUITE o_check_ciphersuite() { - if [ "${O_SUPPORT_ECDH}" = "NO" ]; then + # skip DTLS when lack of support was declared + if test "$OSSL_NO_DTLS" -gt 0 && is_dtls "$MODE"; then + SKIP_NEXT_="YES" + fi + + # skip DTLS 1.2 is support was not detected + if [ "$O_SUPPORT_DTLS12" = "NO" -a "$MODE" = "dtls12" ]; then + SKIP_NEXT="YES" + fi + + # skip static ECDH when OpenSSL doesn't support it + if [ "${O_SUPPORT_STATIC_ECDH}" = "NO" ]; then case "$1" in *ECDH_*) SKIP_NEXT="YES" esac @@ -665,10 +676,25 @@ setup_arguments() esac case $($OPENSSL ciphers ALL) in - *ECDH-ECDSA*|*ECDH-RSA*) O_SUPPORT_ECDH="YES";; - *) O_SUPPORT_ECDH="NO";; + *ECDH-ECDSA*|*ECDH-RSA*) O_SUPPORT_STATIC_ECDH="YES";; + *) O_SUPPORT_STATIC_ECDH="NO";; esac + case $($OPENSSL ciphers ALL) in + *DES-CBC-*) O_SUPPORT_SINGLE_DES="YES";; + *) O_SUPPORT_SINGLE_DES="NO";; + esac + + # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL + # supports -dtls1_2 from the s_server help. (The s_client + # help isn't accurate as of 1.0.2g: it supports DTLS 1.2 + # but doesn't list it. But the s_server help seems to be + # accurate.) + O_SUPPORT_DTLS12="NO" + if $OPENSSL s_server -help 2>&1 | grep -q "^ *-dtls1_2 "; then + O_SUPPORT_DTLS12="YES" + fi + if [ "X$VERIFY" = "XYES" ]; then M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required" @@ -1109,19 +1135,6 @@ for MODE in $MODES; do [Oo]pen*) - if test "$OSSL_NO_DTLS" -gt 0 && is_dtls "$MODE"; then - continue; - fi - - # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL - # supports $O_MODE from the s_server help. (The s_client - # help isn't accurate as of 1.0.2g: it supports DTLS 1.2 - # but doesn't list it. But the s_server help seems to be - # accurate.) - if ! $OPENSSL s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then - continue; - fi - reset_ciphersuites add_common_ciphersuites add_openssl_ciphersuites diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 985d14d39..28009d56a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1220,14 +1220,19 @@ component_test_full_cmake_gcc_asan () { msg "test: main suites (inc. selftests) (full config, ASan build)" make test - msg "test: selftest (ASan build)" # ~ 10s + msg "test: selftest (full config, ASan build)" # ~ 10s programs/test/selftest msg "test: ssl-opt.sh (full config, ASan build)" tests/ssl-opt.sh - msg "test: compat.sh (full config, ASan build)" - tests/compat.sh + # Note: the next two invocations cover all compat.sh test cases. + # We should use the same here and in basic-build-test.sh. + msg "test: compat.sh: default version (full config, ASan build)" + tests/compat.sh -e 'ARIA\|CHACHA' + + msg "test: compat.sh: next: ARIA, Chacha (full config, ASan build)" + env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec tests/context-info.sh @@ -1241,19 +1246,24 @@ component_test_full_cmake_gcc_asan_new_bignum () { CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: main suites (inc. selftests) (full config, ASan build)" + msg "test: main suites (inc. selftests) (full config, new bignum, ASan)" make test - msg "test: selftest (ASan build)" # ~ 10s + msg "test: selftest (full config, new bignum, ASan)" # ~ 10s programs/test/selftest - msg "test: ssl-opt.sh (full config, ASan build)" + msg "test: ssl-opt.sh (full config, new bignum, ASan)" tests/ssl-opt.sh - msg "test: compat.sh (full config, ASan build)" - tests/compat.sh + # Note: the next two invocations cover all compat.sh test cases. + # We should use the same here and in basic-build-test.sh. + msg "test: compat.sh: default version (full config, new bignum, ASan)" + tests/compat.sh -e 'ARIA\|CHACHA' - msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec + msg "test: compat.sh: next: ARIA, Chacha (full config, new bignum, ASan)" + env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' + + msg "test: context-info.sh (full config, new bignum, ASan)" # ~ 15 sec tests/context-info.sh } @@ -2171,12 +2181,6 @@ component_test_full_cmake_clang () { msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' - - msg "test: compat.sh NULL (full config)" # ~ 2 min - tests/compat.sh -e '^$' -f 'NULL' - - msg "test: compat.sh ARIA + ChachaPoly" - env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' } skip_suites_without_constant_flow () { @@ -2620,13 +2624,12 @@ component_test_no_psa_crypto_full_cmake_asan() { msg "test: ssl-opt.sh (full minus PSA crypto)" tests/ssl-opt.sh - msg "test: compat.sh default (full minus PSA crypto)" - tests/compat.sh + # Note: the next two invocations cover all compat.sh test cases. + # We should use the same here and in basic-build-test.sh. + msg "test: compat.sh: default version (full minus PSA crypto)" + tests/compat.sh -e 'ARIA\|CHACHA' - msg "test: compat.sh NULL (full minus PSA crypto)" - tests/compat.sh -f 'NULL' - - msg "test: compat.sh ARIA + ChachaPoly (full minus PSA crypto)" + msg "test: compat.sh: next: ARIA, Chacha (full minus PSA crypto)" env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' } diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 52617541d..d2e955f1e 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -103,11 +103,7 @@ echo echo '################ compat.sh ################' { echo '#### compat.sh: Default versions' - sh compat.sh - echo - - echo '#### compat.sh: null cipher' - sh compat.sh -e '^$' -f 'NULL' + sh compat.sh -e 'ARIA\|CHACHA' echo echo '#### compat.sh: next (ARIA, ChaCha)'