diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b4477181e..dcc050ec2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1196,7 +1196,7 @@ run_test_psa() { requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSA-supported ciphersuite: $1" \ "$P_SRV debug_level=3 force_version=tls12" \ - "$P_CLI debug_level=3 force_version=tls12 force_ciphersuite=$1" \ + "$P_CLI debug_level=3 force_ciphersuite=$1" \ 0 \ -c "PSA calc verify" \ -c "calc PSA finished" \ @@ -1216,7 +1216,7 @@ run_test_psa_force_curve() { requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSA - ECDH with $1" \ "$P_SRV debug_level=4 force_version=tls12 curves=$1" \ - "$P_CLI debug_level=4 force_version=tls12 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \ + "$P_CLI debug_level=4 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \ 0 \ -c "PSA calc verify" \ -c "calc PSA finished" \ @@ -1245,7 +1245,7 @@ run_test_memory_after_hanshake_with_mfl() run_test "Handshake memory usage (MFL $1)" \ "$P_SRV debug_level=3 auth_mode=required force_version=tls12" \ - "$P_CLI debug_level=3 force_version=tls12 \ + "$P_CLI debug_level=3 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM max_frag_len=$1" \ 0 \ @@ -1264,7 +1264,7 @@ run_tests_memory_after_hanshake() MEMORY_USAGE_MFL_16K=0 run_test "Handshake memory usage initial (MFL 16384 - default)" \ "$P_SRV debug_level=3 auth_mode=required force_version=tls12" \ - "$P_CLI debug_level=3 force_version=tls12 \ + "$P_CLI debug_level=3 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM" \ 0 \ @@ -2790,9 +2790,9 @@ run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "CBC Record splitting: TLS 1.2, no splitting" \ - "$P_SRV" \ + "$P_SRV force_version=tls12" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ - request_size=123 force_version=tls12" \ + request_size=123" \ 0 \ -s "Read from client: 123 bytes read" \ -S "Read from client: 1 bytes read" \ @@ -5021,11 +5021,11 @@ run_test "Authentication, CA callback: client max_int chain, server required" requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ - "$P_SRV crt_file=data_files/server5.crt \ + "$P_SRV force_version=tls12 crt_file=data_files/server5.crt \ key_file=data_files/server5.key \ crt_file2=data_files/server5-sha1.crt \ key_file2=data_files/server5.key" \ - "$P_CLI force_version=tls12" \ + "$P_CLI" \ 0 \ -c "signed using.*ECDSA with SHA256" \ -C "signed using.*ECDSA with SHA1" @@ -6535,40 +6535,40 @@ run_test "mbedtls_ssl_get_bytes_avail: extra data" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet TLS 1.2 BlockCipher" \ - "$P_SRV" \ - "$P_CLI request_size=1 force_version=tls12 \ + "$P_SRV force_version=tls12" \ + "$P_CLI request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \ - "$P_SRV" \ - "$P_CLI request_size=1 force_version=tls12 \ + "$P_SRV force_version=tls12" \ + "$P_CLI request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 0 \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ - "$P_SRV" \ - "$P_CLI request_size=1 force_version=tls12 \ + "$P_SRV force_version=tls12" \ + "$P_CLI request_size=1 \ force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 0 \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet TLS 1.2 AEAD" \ - "$P_SRV" \ - "$P_CLI request_size=1 force_version=tls12 \ + "$P_SRV force_version=tls12" \ + "$P_CLI request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 0 \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet TLS 1.2 AEAD shorter tag" \ - "$P_SRV" \ - "$P_CLI request_size=1 force_version=tls12 \ + "$P_SRV force_version=tls12" \ + "$P_CLI request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 0 \ -s "Read from client: 1 bytes read" @@ -6597,41 +6597,36 @@ run_test "Small client packet DTLS 1.2, without EtM" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet TLS 1.2 BlockCipher" \ - "$P_SRV response_size=1" \ - "$P_CLI force_version=tls12 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + "$P_SRV response_size=1 force_version=tls12" \ + "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -c "Read from server: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \ - "$P_SRV response_size=1" \ - "$P_CLI force_version=tls12 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ + "$P_SRV response_size=1 force_version=tls12" \ + "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 0 \ -c "Read from server: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ - "$P_SRV response_size=1" \ - "$P_CLI force_version=tls12 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ + "$P_SRV response_size=1 force_version=tls12" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 0 \ -c "Read from server: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet TLS 1.2 AEAD" \ - "$P_SRV response_size=1" \ - "$P_CLI force_version=tls12 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ + "$P_SRV response_size=1 force_version=tls12" \ + "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 0 \ -c "Read from server: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet TLS 1.2 AEAD shorter tag" \ - "$P_SRV response_size=1" \ - "$P_CLI force_version=tls12 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ + "$P_SRV response_size=1 force_version=tls12" \ + "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 0 \ -c "Read from server: 1 bytes read" @@ -6664,8 +6659,8 @@ fragments_for_write() { requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large client packet TLS 1.2 BlockCipher" \ - "$P_SRV" \ - "$P_CLI request_size=16384 force_version=tls12 \ + "$P_SRV force_version=tls12" \ + "$P_CLI request_size=16384 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ @@ -6673,16 +6668,16 @@ run_test "Large client packet TLS 1.2 BlockCipher" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \ - "$P_SRV" \ - "$P_CLI request_size=16384 force_version=tls12 etm=0 \ + "$P_SRV force_version=tls12" \ + "$P_CLI request_size=16384 etm=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: $MAX_CONTENT_LEN bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ - "$P_SRV" \ - "$P_CLI request_size=16384 force_version=tls12 \ + "$P_SRV force_version=tls12" \ + "$P_CLI request_size=16384 \ force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 0 \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ @@ -6690,8 +6685,8 @@ run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large client packet TLS 1.2 AEAD" \ - "$P_SRV" \ - "$P_CLI request_size=16384 force_version=tls12 \ + "$P_SRV force_version=tls12" \ + "$P_CLI request_size=16384 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 0 \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ @@ -6699,8 +6694,8 @@ run_test "Large client packet TLS 1.2 AEAD" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large client packet TLS 1.2 AEAD shorter tag" \ - "$P_SRV" \ - "$P_CLI request_size=16384 force_version=tls12 \ + "$P_SRV force_version=tls12" \ + "$P_CLI request_size=16384 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 0 \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ @@ -6709,51 +6704,45 @@ run_test "Large client packet TLS 1.2 AEAD shorter tag" \ # The tests below fail when the server's OUT_CONTENT_LEN is less than 16384. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 BlockCipher" \ - "$P_SRV response_size=16384" \ - "$P_CLI force_version=tls12 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + "$P_SRV response_size=16384 force_version=tls12" \ + "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -c "Read from server: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \ - "$P_SRV response_size=16384" \ - "$P_CLI force_version=tls12 etm=0 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + "$P_SRV response_size=16384 force_version=tls12" \ + "$P_CLI etm=0 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "16384 bytes written in 1 fragments" \ -c "Read from server: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ - "$P_SRV response_size=16384" \ - "$P_CLI force_version=tls12 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ + "$P_SRV response_size=16384 force_version=tls12" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 0 \ -c "Read from server: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV response_size=16384 trunc_hmac=1" \ - "$P_CLI force_version=tls12 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ + "$P_SRV response_size=16384 trunc_hmac=1 force_version=tls12" \ + "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 0 \ -s "16384 bytes written in 1 fragments" \ -c "Read from server: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 AEAD" \ - "$P_SRV response_size=16384" \ - "$P_CLI force_version=tls12 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ + "$P_SRV response_size=16384 force_version=tls12" \ + "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 0 \ -c "Read from server: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 AEAD shorter tag" \ - "$P_SRV response_size=16384" \ - "$P_CLI force_version=tls12 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ + "$P_SRV response_size=16384 force_version=tls12" \ + "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 0 \ -c "Read from server: 16384 bytes read"