Fix erroneous skip of test cases for disabled ciphersuites
Test cases that force a specific ciphersuites are only executed if this ciphersuite is enabled. But there are test cases (for RC4) whose goal is to check that the ciphersuite is not used. These test cases must run even if (or only if) the ciphersuite is disable, so add an exception for these test cases. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
7eefa22fb1
commit
0d7216511f
1 changed files with 30 additions and 11 deletions
|
@ -241,6 +241,33 @@ requires_ciphersuite_enabled() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# maybe_requires_ciphersuite_enabled CMD [RUN_TEST_OPTION...]
|
||||||
|
# If CMD (call to a TLS client or server program) requires a specific
|
||||||
|
# ciphersuite, arrange to only run the test case if this ciphersuite is
|
||||||
|
# enabled. As an exception, do run the test case if it expects a ciphersuite
|
||||||
|
# mismatch.
|
||||||
|
maybe_requires_ciphersuite_enabled() {
|
||||||
|
case "$1" in
|
||||||
|
*\ force_ciphersuite=*) :;;
|
||||||
|
*) return;; # No specific required ciphersuite
|
||||||
|
esac
|
||||||
|
ciphersuite="${1##*\ force_ciphersuite=}"
|
||||||
|
ciphersuite="${ciphersuite%%[!-0-9A-Z_a-z]*}"
|
||||||
|
shift
|
||||||
|
|
||||||
|
case "$*" in
|
||||||
|
*"-s SSL - The server has no ciphersuites in common"*)
|
||||||
|
# This test case expects a ciphersuite mismatch, so it doesn't
|
||||||
|
# require the ciphersuite to be enabled.
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
requires_ciphersuite_enabled "$ciphersuite"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
unset ciphersuite
|
||||||
|
}
|
||||||
|
|
||||||
# skip next test if OpenSSL doesn't support FALLBACK_SCSV
|
# skip next test if OpenSSL doesn't support FALLBACK_SCSV
|
||||||
requires_openssl_with_fallback_scsv() {
|
requires_openssl_with_fallback_scsv() {
|
||||||
if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
|
if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
|
||||||
|
@ -658,17 +685,9 @@ run_test() {
|
||||||
requires_config_enabled MBEDTLS_FS_IO
|
requires_config_enabled MBEDTLS_FS_IO
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check if server forces ciphersuite
|
# If the client or serve requires a ciphersuite, check that it's enabled.
|
||||||
FORCE_CIPHERSUITE=$(echo "$SRV_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p')
|
maybe_requires_ciphersuite_enabled "$SRV_CMD" "$@"
|
||||||
if [ ! -z "$FORCE_CIPHERSUITE" ]; then
|
maybe_requires_ciphersuite_enabled "$CLI_CMD" "$@"
|
||||||
requires_ciphersuite_enabled $FORCE_CIPHERSUITE
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Check if client forces ciphersuite
|
|
||||||
FORCE_CIPHERSUITE=$(echo "$CLI_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p')
|
|
||||||
if [ ! -z "$FORCE_CIPHERSUITE" ]; then
|
|
||||||
requires_ciphersuite_enabled $FORCE_CIPHERSUITE
|
|
||||||
fi
|
|
||||||
|
|
||||||
# should we skip?
|
# should we skip?
|
||||||
if [ "X$SKIP_NEXT" = "XYES" ]; then
|
if [ "X$SKIP_NEXT" = "XYES" ]; then
|
||||||
|
|
Loading…
Reference in a new issue