From 4bb369c4eb155711099fca602d16761831532168 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 29 Oct 2022 17:44:19 +0200 Subject: [PATCH] Always enable MBEDTLS_TEST_HOOKS in TLS 1.3-only test configurations MBEDTLS_TEST_HOOKS is not supposed to change the behavior of the library, so it's generally good to have it on in functional tests. Signed-off-by: Gilles Peskine --- tests/configs/tls13-only.h | 5 +++++ tests/scripts/all.sh | 16 ++-------------- 2 files changed, 7 insertions(+), 14 deletions(-) diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h index 0a22c544b7..7483f1cd97 100644 --- a/tests/configs/tls13-only.h +++ b/tests/configs/tls13-only.h @@ -22,9 +22,11 @@ * limitations under the License. */ +/* Enable TLS 1.3 and core 1.3 features */ #define MBEDTLS_SSL_PROTO_TLS1_3 #define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +/* Disable TLS 1.2 and 1.2-specific features */ #undef MBEDTLS_SSL_ENCRYPT_THEN_MAC #undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET #undef MBEDTLS_SSL_PROTO_TLS1_2 @@ -32,3 +34,6 @@ #undef MBEDTLS_SSL_DTLS_ANTI_REPLAY #undef MBEDTLS_SSL_DTLS_HELLO_VERIFY #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE + +/* Enable some invasive tests */ +#define MBEDTLS_TEST_HOOKS diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e8f1726076..6e1d4014a0 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3248,8 +3248,8 @@ component_test_tls13_only () { msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3, without MBEDTLS_SSL_PROTO_TLS1_2" make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" - msg "test_suite_ssl: TLS 1.3 only, all key exchange modes enabled" - cd tests; ./test_suite_ssl; cd .. + msg "test: TLS 1.3 only, all key exchange modes enabled" + make test msg "ssl-opt.sh: TLS 1.3 only, all key exchange modes enabled" tests/ssl-opt.sh @@ -3334,18 +3334,6 @@ component_test_tls13_only_ephemeral_all () { tests/ssl-opt.sh } -component_test_tls13_only_with_hooks () { - msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 and MBEDTLS_TEST_HOOKS, without MBEDTLS_SSL_PROTO_TLS1_2" - scripts/config.py set MBEDTLS_TEST_HOOKS - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" - - msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without MBEDTLS_SSL_PROTO_TLS1_2" - if_build_succeeded make test - - msg "ssl-opt.sh (TLS 1.3)" - if_build_succeeded tests/ssl-opt.sh -} - component_test_tls13 () { msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3