Always enable MBEDTLS_TEST_HOOKS in TLS 1.3-only test configurations

MBEDTLS_TEST_HOOKS is not supposed to change the behavior of the library, so it's generally good to have it on in functional tests. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2026-03-20 19:21:09 +01:00 · 2022-10-29 17:44:19 +02:00
parent 04e2133f45
commit 4bb369c4eb
2 changed files with 7 additions and 14 deletions
--- a/tests/configs/tls13-only.h
+++ b/tests/configs/tls13-only.h
@@ -22,9 +22,11 @@
 *  limitations under the License.
 */

+/* Enable TLS 1.3 and core 1.3 features */
 #define MBEDTLS_SSL_PROTO_TLS1_3
 #define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE

+/* Disable TLS 1.2 and 1.2-specific features */
 #undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
 #undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
 #undef MBEDTLS_SSL_PROTO_TLS1_2
@@ -32,3 +34,6 @@
 #undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
 #undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
 #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+
+/* Enable some invasive tests */
+#define MBEDTLS_TEST_HOOKS
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -3248,8 +3248,8 @@ component_test_tls13_only () {
    msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3, without MBEDTLS_SSL_PROTO_TLS1_2"
    make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"

-    msg "test_suite_ssl: TLS 1.3 only, all key exchange modes enabled"
-    cd tests; ./test_suite_ssl; cd ..
+    msg "test: TLS 1.3 only, all key exchange modes enabled"
+    make test

    msg "ssl-opt.sh: TLS 1.3 only, all key exchange modes enabled"
    tests/ssl-opt.sh
@@ -3334,18 +3334,6 @@ component_test_tls13_only_ephemeral_all () {
    tests/ssl-opt.sh
 }

-component_test_tls13_only_with_hooks () {
-    msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 and MBEDTLS_TEST_HOOKS, without MBEDTLS_SSL_PROTO_TLS1_2"
-    scripts/config.py set MBEDTLS_TEST_HOOKS
-    make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
-
-    msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without MBEDTLS_SSL_PROTO_TLS1_2"
-    if_build_succeeded make test
-
-    msg "ssl-opt.sh (TLS 1.3)"
-    if_build_succeeded tests/ssl-opt.sh
-}
-
 component_test_tls13 () {
    msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
    scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3