1# components-configuration-tls.sh 2# 3# Copyright The Mbed TLS Contributors 4# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 5 6# This file contains test components that are executed by all.sh 7 8################################################################ 9#### Configuration Testing - TLS 10################################################################ 11 12component_test_no_renegotiation () { 13 msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min 14 scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION 15 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 16 make 17 18 msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s 19 make test 20 21 msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min 22 tests/ssl-opt.sh 23} 24 25component_test_tls1_2_default_stream_cipher_only () { 26 msg "build: default with only stream cipher" 27 28 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C 29 scripts/config.py unset MBEDTLS_GCM_C 30 scripts/config.py unset MBEDTLS_CCM_C 31 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 32 #Disable TLS 1.3 (as no AEAD) 33 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 34 # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) 35 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC 36 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 37 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC 38 # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 39 scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER 40 # Modules that depend on AEAD 41 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 42 scripts/config.py unset MBEDTLS_SSL_TICKET_C 43 44 make 45 46 msg "test: default with only stream cipher" 47 make test 48 49 # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. 50} 51 52component_test_tls1_2_default_stream_cipher_only_use_psa () { 53 msg "build: default with only stream cipher use psa" 54 55 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 56 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) 57 scripts/config.py unset MBEDTLS_GCM_C 58 scripts/config.py unset MBEDTLS_CCM_C 59 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 60 #Disable TLS 1.3 (as no AEAD) 61 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 62 # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) 63 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC 64 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 65 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC 66 # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 67 scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER 68 # Modules that depend on AEAD 69 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 70 scripts/config.py unset MBEDTLS_SSL_TICKET_C 71 72 make 73 74 msg "test: default with only stream cipher use psa" 75 make test 76 77 # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. 78} 79 80component_test_tls1_2_default_cbc_legacy_cipher_only () { 81 msg "build: default with only CBC-legacy cipher" 82 83 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) 84 scripts/config.py unset MBEDTLS_GCM_C 85 scripts/config.py unset MBEDTLS_CCM_C 86 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 87 #Disable TLS 1.3 (as no AEAD) 88 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 89 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) 90 scripts/config.py set MBEDTLS_CIPHER_MODE_CBC 91 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 92 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC 93 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 94 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 95 # Modules that depend on AEAD 96 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 97 scripts/config.py unset MBEDTLS_SSL_TICKET_C 98 99 make 100 101 msg "test: default with only CBC-legacy cipher" 102 make test 103 104 msg "test: default with only CBC-legacy cipher - ssl-opt.sh (subset)" 105 tests/ssl-opt.sh -f "TLS 1.2" 106} 107 108component_test_tls1_2_default_cbc_legacy_cipher_only_use_psa () { 109 msg "build: default with only CBC-legacy cipher use psa" 110 111 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 112 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) 113 scripts/config.py unset MBEDTLS_GCM_C 114 scripts/config.py unset MBEDTLS_CCM_C 115 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 116 #Disable TLS 1.3 (as no AEAD) 117 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 118 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) 119 scripts/config.py set MBEDTLS_CIPHER_MODE_CBC 120 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 121 scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC 122 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 123 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 124 # Modules that depend on AEAD 125 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 126 scripts/config.py unset MBEDTLS_SSL_TICKET_C 127 128 make 129 130 msg "test: default with only CBC-legacy cipher use psa" 131 make test 132 133 msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)" 134 tests/ssl-opt.sh -f "TLS 1.2" 135} 136 137component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { 138 msg "build: default with only CBC-legacy and CBC-EtM ciphers" 139 140 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) 141 scripts/config.py unset MBEDTLS_GCM_C 142 scripts/config.py unset MBEDTLS_CCM_C 143 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 144 #Disable TLS 1.3 (as no AEAD) 145 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 146 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) 147 scripts/config.py set MBEDTLS_CIPHER_MODE_CBC 148 # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 149 scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC 150 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 151 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 152 # Modules that depend on AEAD 153 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 154 scripts/config.py unset MBEDTLS_SSL_TICKET_C 155 156 make 157 158 msg "test: default with only CBC-legacy and CBC-EtM ciphers" 159 make test 160 161 msg "test: default with only CBC-legacy and CBC-EtM ciphers - ssl-opt.sh (subset)" 162 tests/ssl-opt.sh -f "TLS 1.2" 163} 164 165component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () { 166 msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa" 167 168 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 169 # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) 170 scripts/config.py unset MBEDTLS_GCM_C 171 scripts/config.py unset MBEDTLS_CCM_C 172 scripts/config.py unset MBEDTLS_CHACHAPOLY_C 173 #Disable TLS 1.3 (as no AEAD) 174 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 175 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) 176 scripts/config.py set MBEDTLS_CIPHER_MODE_CBC 177 # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) 178 scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC 179 # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) 180 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 181 # Modules that depend on AEAD 182 scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION 183 scripts/config.py unset MBEDTLS_SSL_TICKET_C 184 185 make 186 187 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa" 188 make test 189 190 msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)" 191 tests/ssl-opt.sh -f "TLS 1.2" 192} 193 194# We're not aware of any other (open source) implementation of EC J-PAKE in TLS 195# that we could use for interop testing. However, we now have sort of two 196# implementations ourselves: one using PSA, the other not. At least test that 197# these two interoperate with each other. 198component_test_tls1_2_ecjpake_compatibility () { 199 msg "build: TLS1.2 server+client w/ EC-JPAKE w/o USE_PSA" 200 scripts/config.py set MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 201 # Explicitly make lib first to avoid a race condition: 202 # https://github.com/Mbed-TLS/mbedtls/issues/8229 203 make lib 204 make -C programs ssl/ssl_server2 ssl/ssl_client2 205 cp programs/ssl/ssl_server2 s2_no_use_psa 206 cp programs/ssl/ssl_client2 c2_no_use_psa 207 208 msg "build: TLS1.2 server+client w/ EC-JPAKE w/ USE_PSA" 209 scripts/config.py set MBEDTLS_USE_PSA_CRYPTO 210 make clean 211 make lib 212 make -C programs ssl/ssl_server2 ssl/ssl_client2 213 make -C programs test/udp_proxy test/query_compile_time_config 214 215 msg "test: server w/o USE_PSA - client w/ USE_PSA, text password" 216 P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: working, TLS" 217 msg "test: server w/o USE_PSA - client w/ USE_PSA, opaque password" 218 P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: opaque password client only, working, TLS" 219 msg "test: client w/o USE_PSA - server w/ USE_PSA, text password" 220 P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: working, TLS" 221 msg "test: client w/o USE_PSA - server w/ USE_PSA, opaque password" 222 P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f "ECJPAKE: opaque password server only, working, TLS" 223 224 rm s2_no_use_psa c2_no_use_psa 225} 226 227component_test_small_ssl_out_content_len () { 228 msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" 229 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 230 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 231 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 232 make 233 234 msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests" 235 tests/ssl-opt.sh -f "Max fragment\|Large packet" 236} 237 238component_test_small_ssl_in_content_len () { 239 msg "build: small SSL_IN_CONTENT_LEN (ASan build)" 240 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 4096 241 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 242 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 243 make 244 245 msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests" 246 tests/ssl-opt.sh -f "Max fragment" 247} 248 249component_test_small_ssl_dtls_max_buffering () { 250 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" 251 scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 252 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 253 make 254 255 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test" 256 tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" 257} 258 259component_test_small_mbedtls_ssl_dtls_max_buffering () { 260 msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" 261 scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 190 262 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 263 make 264 265 msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test" 266 tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" 267} 268 269component_test_depends_py_kex () { 270 msg "test/build: depends.py kex (gcc)" 271 tests/scripts/depends.py kex --unset-use-psa 272} 273 274component_test_depends_py_kex_psa () { 275 msg "test/build: depends.py kex (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" 276 tests/scripts/depends.py kex 277} 278 279# Common helper for component_full_without_ecdhe_ecdsa() and 280# component_full_without_ecdhe_ecdsa_and_tls13() which: 281# - starts from the "full" configuration minus the list of symbols passed in 282# as 1st parameter 283# - build 284# - test only TLS (i.e. test_suite_tls and ssl-opt) 285build_full_minus_something_and_test_tls () { 286 symbols_to_disable="$1" 287 288 msg "build: full minus something, test TLS" 289 290 scripts/config.py full 291 for sym in $symbols_to_disable; do 292 echo "Disabling $sym" 293 scripts/config.py unset $sym 294 done 295 296 make 297 298 msg "test: full minus something, test TLS" 299 ( cd tests; ./test_suite_ssl ) 300 301 msg "ssl-opt: full minus something, test TLS" 302 tests/ssl-opt.sh 303} 304 305component_full_without_ecdhe_ecdsa () { 306 build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" 307} 308 309component_full_without_ecdhe_ecdsa_and_tls13 () { 310 build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 311 MBEDTLS_SSL_PROTO_TLS1_3" 312} 313 314component_build_no_ssl_srv () { 315 msg "build: full config except SSL server, make, gcc" # ~ 30s 316 scripts/config.py full 317 scripts/config.py unset MBEDTLS_SSL_SRV_C 318 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes' 319} 320 321component_build_no_ssl_cli () { 322 msg "build: full config except SSL client, make, gcc" # ~ 30s 323 scripts/config.py full 324 scripts/config.py unset MBEDTLS_SSL_CLI_C 325 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes' 326} 327 328component_test_no_max_fragment_length () { 329 # Run max fragment length tests with MFL disabled 330 msg "build: default config except MFL extension (ASan build)" # ~ 30s 331 scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 332 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 333 make 334 335 msg "test: ssl-opt.sh, MFL-related tests" 336 tests/ssl-opt.sh -f "Max fragment length" 337} 338 339component_test_asan_remove_peer_certificate () { 340 msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)" 341 scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE 342 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 343 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 344 make 345 346 msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 347 make test 348 349 msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 350 tests/ssl-opt.sh 351 352 msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 353 tests/compat.sh 354 355 msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" 356 tests/context-info.sh 357} 358 359component_test_no_max_fragment_length_small_ssl_out_content_len () { 360 msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)" 361 scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 362 scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 363 scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 364 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 365 make 366 367 msg "test: MFL tests (disabled MFL extension case) & large packet tests" 368 tests/ssl-opt.sh -f "Max fragment length\|Large buffer" 369 370 msg "test: context-info.sh (disabled MFL extension case)" 371 tests/context-info.sh 372} 373 374component_test_variable_ssl_in_out_buffer_len () { 375 msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)" 376 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 377 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 378 make 379 380 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 381 make test 382 383 msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 384 tests/ssl-opt.sh 385 386 msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" 387 tests/compat.sh 388} 389 390component_test_dtls_cid_legacy () { 391 msg "build: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled (ASan build)" 392 scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 1 393 394 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 395 make 396 397 msg "test: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy)" 398 make test 399 400 msg "test: ssl-opt.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled" 401 tests/ssl-opt.sh 402 403 msg "test: compat.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled" 404 tests/compat.sh 405} 406 407component_test_ssl_alloc_buffer_and_mfl () { 408 msg "build: default config with memory buffer allocator and MFL extension" 409 scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C 410 scripts/config.py set MBEDTLS_PLATFORM_MEMORY 411 scripts/config.py set MBEDTLS_MEMORY_DEBUG 412 scripts/config.py set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 413 scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 414 cmake -DCMAKE_BUILD_TYPE:String=Release . 415 make 416 417 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" 418 make test 419 420 msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" 421 tests/ssl-opt.sh -f "Handshake memory usage" 422} 423 424component_test_when_no_ciphersuites_have_mac () { 425 msg "build: when no ciphersuites have MAC" 426 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER 427 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC 428 scripts/config.py unset MBEDTLS_CMAC_C 429 make 430 431 msg "test: !MBEDTLS_SSL_SOME_SUITES_USE_MAC" 432 make test 433 434 msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_SUITES_USE_MAC" 435 tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM' 436} 437 438component_test_tls12_only () { 439 msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_3, cmake, gcc, ASan" 440 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 441 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 442 make 443 444 msg "test: main suites (inc. selftests) (ASan build)" 445 make test 446 447 msg "test: ssl-opt.sh (ASan build)" 448 tests/ssl-opt.sh 449 450 msg "test: compat.sh (ASan build)" 451 tests/compat.sh 452} 453 454component_test_tls13_only () { 455 msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_2" 456 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 457 scripts/config.py set MBEDTLS_SSL_RECORD_SIZE_LIMIT 458 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 459 460 msg "test: TLS 1.3 only, all key exchange modes enabled" 461 make test 462 463 msg "ssl-opt.sh: TLS 1.3 only, all key exchange modes enabled" 464 tests/ssl-opt.sh 465} 466 467component_test_tls13_only_psk () { 468 msg "build: TLS 1.3 only from default, only PSK key exchange mode" 469 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 470 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 471 scripts/config.py unset MBEDTLS_ECDH_C 472 scripts/config.py unset MBEDTLS_DHM_C 473 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C 474 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT 475 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION 476 scripts/config.py unset MBEDTLS_ECDSA_C 477 scripts/config.py unset MBEDTLS_PKCS1_V21 478 scripts/config.py unset MBEDTLS_PKCS7_C 479 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 480 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 481 482 msg "test_suite_ssl: TLS 1.3 only, only PSK key exchange mode enabled" 483 cd tests; ./test_suite_ssl; cd .. 484 485 msg "ssl-opt.sh: TLS 1.3 only, only PSK key exchange mode enabled" 486 tests/ssl-opt.sh 487} 488 489component_test_tls13_only_ephemeral () { 490 msg "build: TLS 1.3 only from default, only ephemeral key exchange mode" 491 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 492 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 493 scripts/config.py unset MBEDTLS_SSL_EARLY_DATA 494 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 495 496 msg "test_suite_ssl: TLS 1.3 only, only ephemeral key exchange mode" 497 cd tests; ./test_suite_ssl; cd .. 498 499 msg "ssl-opt.sh: TLS 1.3 only, only ephemeral key exchange mode" 500 tests/ssl-opt.sh 501} 502 503component_test_tls13_only_ephemeral_ffdh () { 504 msg "build: TLS 1.3 only from default, only ephemeral ffdh key exchange mode" 505 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 506 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 507 scripts/config.py unset MBEDTLS_SSL_EARLY_DATA 508 scripts/config.py unset MBEDTLS_ECDH_C 509 510 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 511 512 msg "test_suite_ssl: TLS 1.3 only, only ephemeral ffdh key exchange mode" 513 cd tests; ./test_suite_ssl; cd .. 514 515 msg "ssl-opt.sh: TLS 1.3 only, only ephemeral ffdh key exchange mode" 516 tests/ssl-opt.sh 517} 518 519component_test_tls13_only_psk_ephemeral () { 520 msg "build: TLS 1.3 only from default, only PSK ephemeral key exchange mode" 521 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 522 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 523 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C 524 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT 525 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION 526 scripts/config.py unset MBEDTLS_ECDSA_C 527 scripts/config.py unset MBEDTLS_PKCS1_V21 528 scripts/config.py unset MBEDTLS_PKCS7_C 529 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 530 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 531 532 msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral key exchange mode" 533 cd tests; ./test_suite_ssl; cd .. 534 535 msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral key exchange mode" 536 tests/ssl-opt.sh 537} 538 539component_test_tls13_only_psk_ephemeral_ffdh () { 540 msg "build: TLS 1.3 only from default, only PSK ephemeral ffdh key exchange mode" 541 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 542 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 543 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C 544 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT 545 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION 546 scripts/config.py unset MBEDTLS_ECDSA_C 547 scripts/config.py unset MBEDTLS_PKCS1_V21 548 scripts/config.py unset MBEDTLS_PKCS7_C 549 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 550 scripts/config.py unset MBEDTLS_ECDH_C 551 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 552 553 msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode" 554 cd tests; ./test_suite_ssl; cd .. 555 556 msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode" 557 tests/ssl-opt.sh 558} 559 560component_test_tls13_only_psk_all () { 561 msg "build: TLS 1.3 only from default, without ephemeral key exchange mode" 562 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 563 scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C 564 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT 565 scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION 566 scripts/config.py unset MBEDTLS_ECDSA_C 567 scripts/config.py unset MBEDTLS_PKCS1_V21 568 scripts/config.py unset MBEDTLS_PKCS7_C 569 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 570 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 571 572 msg "test_suite_ssl: TLS 1.3 only, PSK and PSK ephemeral key exchange modes" 573 cd tests; ./test_suite_ssl; cd .. 574 575 msg "ssl-opt.sh: TLS 1.3 only, PSK and PSK ephemeral key exchange modes" 576 tests/ssl-opt.sh 577} 578 579component_test_tls13_only_ephemeral_all () { 580 msg "build: TLS 1.3 only from default, without PSK key exchange mode" 581 scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 582 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 583 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" 584 585 msg "test_suite_ssl: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes" 586 cd tests; ./test_suite_ssl; cd .. 587 588 msg "ssl-opt.sh: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes" 589 tests/ssl-opt.sh 590} 591 592component_test_tls13_no_padding () { 593 msg "build: default config plus early data minus padding" 594 scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1 595 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 596 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 597 make 598 msg "test: default config plus early data minus padding" 599 make test 600 msg "ssl-opt.sh (TLS 1.3 no padding)" 601 tests/ssl-opt.sh 602} 603 604component_test_tls13_no_compatibility_mode () { 605 msg "build: default config plus early data minus middlebox compatibility mode" 606 scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 607 scripts/config.py set MBEDTLS_SSL_EARLY_DATA 608 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . 609 make 610 msg "test: default config plus early data minus middlebox compatibility mode" 611 make test 612 msg "ssl-opt.sh (TLS 1.3 no compatibility mode)" 613 tests/ssl-opt.sh 614} 615 616component_test_full_minus_session_tickets () { 617 msg "build: full config without session tickets" 618 scripts/config.py full 619 scripts/config.py unset MBEDTLS_SSL_SESSION_TICKETS 620 scripts/config.py unset MBEDTLS_SSL_EARLY_DATA 621 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . 622 make 623 msg "test: full config without session tickets" 624 make test 625 msg "ssl-opt.sh (full config without session tickets)" 626 tests/ssl-opt.sh 627} 628
