cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

tests: Make compat mode optional in script generating tests

Browse Source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-12-10 09:55:15 +01:00
parent d4c64027a5
commit ae93725ae8
2 changed files with 212 additions and 202 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

400
tests/opt-testcases/tls13-compat.sh
View File

File diff suppressed because it is too large Load Diff

14
tests/scripts/generate_tls13_compat_tests.py
View File

@ -76,13 +76,14 @@ class TLSProgram(metaclass=abc.ABCMeta):
Base class for generate server/client command. Base class for generate server/client command.
""" """
def __init__(self, ciphersuite, signature_algorithm, named_group): def __init__(self, ciphersuite, signature_algorithm, named_group, compat_mode=True):
self._ciphers = [] self._ciphers = []
self._sig_algs = [] self._sig_algs = []
self._named_groups = [] self._named_groups = []
self.add_ciphersuites(ciphersuite) self.add_ciphersuites(ciphersuite)
self.add_named_groups(named_group) self.add_named_groups(named_group)
self.add_signature_algorithms(signature_algorithm) self.add_signature_algorithms(signature_algorithm)
self._compat_mode = compat_mode
# add_ciphersuites should not override by sub class # add_ciphersuites should not override by sub class
def add_ciphersuites(self, *ciphersuites): def add_ciphersuites(self, *ciphersuites):
@ -139,6 +140,9 @@ class OpenSSLServ(TLSProgram):
signature_algorithms=signature_algorithms), signature_algorithms=signature_algorithms),
"-groups {named_groups}".format(named_groups=named_groups)] "-groups {named_groups}".format(named_groups=named_groups)]
ret += ['-msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache'] ret += ['-msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache']
if not self._compat_mode:
ret += ['-no_middlebox']
return ' '.join(ret) return ' '.join(ret)
def pre_checks(self): def pre_checks(self):
@ -222,6 +226,9 @@ class GnuTLSServ(TLSProgram):
priority_string = ':+'.join(priority_string_list) priority_string = ':+'.join(priority_string_list)
priority_string += ':%NO_TICKETS' priority_string += ':%NO_TICKETS'
if not self._compat_mode:
priority_string += [':%DISABLE_TLS13_COMPAT_MODE']
ret += ['--priority={priority_string}'.format( ret += ['--priority={priority_string}'.format(
priority_string=priority_string)] priority_string=priority_string)]
ret = ' '.join(ret) ret = ' '.join(ret)
@ -272,8 +279,11 @@ class MbedTLSCli(TLSProgram):
ret = ['requires_config_enabled MBEDTLS_DEBUG_C', ret = ['requires_config_enabled MBEDTLS_DEBUG_C',
'requires_config_enabled MBEDTLS_SSL_CLI_C', 'requires_config_enabled MBEDTLS_SSL_CLI_C',
'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL', 'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL',
'requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE',
'requires_config_disabled MBEDTLS_USE_PSA_CRYPTO'] 'requires_config_disabled MBEDTLS_USE_PSA_CRYPTO']
if self._compat_mode:
ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE']
if 'rsa_pss_rsae_sha256' in self._sig_algs: if 'rsa_pss_rsae_sha256' in self._sig_algs:
ret.append( ret.append(
'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT') 'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')