Adjust test scripts to new RC4 defaults
This commit is contained in:
parent
29c28f961d
commit
ea0920f079
4 changed files with 36 additions and 25 deletions
|
@ -18,6 +18,7 @@ EOU
|
|||
# POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION could be enabled if the
|
||||
# respective tests were adapted
|
||||
my @excluded = qw(
|
||||
POLARSSL_DEPRECATED_REMOVED
|
||||
POLARSSL_HAVE_INT8
|
||||
POLARSSL_HAVE_INT16
|
||||
POLARSSL_HAVE_SSE2
|
||||
|
@ -27,6 +28,7 @@ POLARSSL_ECP_DP_M383_ENABLED
|
|||
POLARSSL_ECP_DP_M511_ENABLED
|
||||
POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
|
||||
POLARSSL_NO_PLATFORM_ENTROPY
|
||||
POLARSSL_REMOVE_ARC4_CIPHERSUITES
|
||||
POLARSSL_SSL_HW_RECORD_ACCEL
|
||||
POLARSSL_SSL_DISABLE_RENEGOTIATION
|
||||
POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
|
||||
|
@ -87,7 +89,10 @@ for my $line (@config_lines) {
|
|||
}
|
||||
|
||||
if (!$done && $line =~ m!^//\s?#define! && $line !~ /$exclude_re/) {
|
||||
$line =~ s!^//!!;
|
||||
$line =~ s!^//\s?!!;
|
||||
}
|
||||
if (!$done && $line =~ m!^\s?#define! && $line =~ /$exclude_re/) {
|
||||
$line =~ s!^!//!;
|
||||
}
|
||||
} elsif ($action eq "unset") {
|
||||
if (!$done && $line =~ /^\s*#define\s*$name/) {
|
||||
|
|
|
@ -49,7 +49,7 @@ MODES="ssl3 tls1 tls1_1 tls1_2 dtls1 dtls1_2"
|
|||
VERIFIES="NO YES"
|
||||
TYPES="ECDSA RSA PSK"
|
||||
FILTER=""
|
||||
EXCLUDE='NULL\|DES-CBC-' # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL)
|
||||
EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR' # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL)
|
||||
VERBOSE=""
|
||||
MEMCHECK=0
|
||||
PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
|
||||
|
|
|
@ -119,9 +119,9 @@ cd tests
|
|||
./ssl-opt.sh -f Default
|
||||
cd ..
|
||||
|
||||
msg "test: compat.sh DES & NULL (full config)" # ~ 2 min
|
||||
msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min
|
||||
cd tests
|
||||
./compat.sh -e '^$' -f 'NULL\|3DES-EDE-CBC\|DES-CBC3'
|
||||
./compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
|
||||
cd ..
|
||||
|
||||
msg "test/build: curves.pl (gcc)" # ~ 5 min (?)
|
||||
|
|
|
@ -555,7 +555,13 @@ run_test "RC4: server disabled, client enabled" \
|
|||
"$P_SRV" \
|
||||
"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
1 \
|
||||
-s "SSL - None of the common ciphersuites is usable"
|
||||
-s "SSL - The server has no ciphersuites in common"
|
||||
|
||||
run_test "RC4: server half, client enabled" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
1 \
|
||||
-s "SSL - The server has no ciphersuites in common"
|
||||
|
||||
run_test "RC4: server enabled, client disabled" \
|
||||
"$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
|
@ -564,7 +570,7 @@ run_test "RC4: server enabled, client disabled" \
|
|||
-s "SSL - The server has no ciphersuites in common"
|
||||
|
||||
run_test "RC4: both enabled" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
0 \
|
||||
-S "SSL - None of the common ciphersuites is usable" \
|
||||
|
@ -671,7 +677,7 @@ run_test "Encrypt then MAC: client enabled, aead cipher" \
|
|||
run_test "Encrypt then MAC: client enabled, stream cipher" \
|
||||
"$P_SRV debug_level=3 etm=1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI debug_level=3 etm=1 arc4=1" \
|
||||
"$P_CLI debug_level=3 etm=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
0 \
|
||||
-c "client hello, adding encrypt_then_mac extension" \
|
||||
-s "found encrypt then mac extension" \
|
||||
|
@ -890,7 +896,7 @@ run_test "CBC Record splitting: SSLv3, splitting" \
|
|||
-s "122 bytes read"
|
||||
|
||||
run_test "CBC Record splitting: TLS 1.0 RC4, no splitting" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
|
||||
request_size=123 force_version=tls1" \
|
||||
0 \
|
||||
|
@ -2338,25 +2344,25 @@ run_test "PSK callback: wrong key" \
|
|||
# Tests for ciphersuites per version
|
||||
|
||||
run_test "Per-version suites: SSL3" \
|
||||
"$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
||||
"$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
||||
"$P_CLI force_version=ssl3" \
|
||||
0 \
|
||||
-c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA"
|
||||
|
||||
run_test "Per-version suites: TLS 1.0" \
|
||||
"$P_SRV arc4=1 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
||||
"$P_SRV arc4=1 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
||||
"$P_CLI force_version=tls1 arc4=1" \
|
||||
0 \
|
||||
-c "Ciphersuite is TLS-RSA-WITH-RC4-128-SHA"
|
||||
-c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA"
|
||||
|
||||
run_test "Per-version suites: TLS 1.1" \
|
||||
"$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
||||
"$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
||||
"$P_CLI force_version=tls1_1" \
|
||||
0 \
|
||||
-c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA"
|
||||
|
||||
run_test "Per-version suites: TLS 1.2" \
|
||||
"$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
||||
"$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
||||
"$P_CLI force_version=tls1_2" \
|
||||
0 \
|
||||
-c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256"
|
||||
|
@ -2385,7 +2391,7 @@ run_test "Small packet SSLv3 BlockCipher" \
|
|||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small packet SSLv3 StreamCipher" \
|
||||
"$P_SRV min_version=ssl3 arc4=1" \
|
||||
"$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI request_size=1 force_version=ssl3 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
0 \
|
||||
|
@ -2414,7 +2420,7 @@ run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \
|
|||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI request_size=1 force_version=tls1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
|
||||
trunc_hmac=1" \
|
||||
|
@ -2436,7 +2442,7 @@ run_test "Small packet TLS 1.1 BlockCipher without EtM" \
|
|||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small packet TLS 1.1 StreamCipher" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI request_size=1 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
0 \
|
||||
|
@ -2451,7 +2457,7 @@ run_test "Small packet TLS 1.1 BlockCipher truncated MAC" \
|
|||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI request_size=1 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
|
||||
trunc_hmac=1" \
|
||||
|
@ -2488,14 +2494,14 @@ run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \
|
|||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small packet TLS 1.2 StreamCipher" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI request_size=1 force_version=tls1_2 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI request_size=1 force_version=tls1_2 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
|
||||
trunc_hmac=1" \
|
||||
|
@ -2526,7 +2532,7 @@ run_test "Large packet SSLv3 BlockCipher" \
|
|||
-s "Read from client: 16384 bytes read"
|
||||
|
||||
run_test "Large packet SSLv3 StreamCipher" \
|
||||
"$P_SRV min_version=ssl3 arc4=1" \
|
||||
"$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI request_size=16384 force_version=ssl3 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
0 \
|
||||
|
@ -2548,7 +2554,7 @@ run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \
|
|||
-s "Read from client: 16384 bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI request_size=16384 force_version=tls1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
|
||||
trunc_hmac=1" \
|
||||
|
@ -2563,7 +2569,7 @@ run_test "Large packet TLS 1.1 BlockCipher" \
|
|||
-s "Read from client: 16384 bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.1 StreamCipher" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
0 \
|
||||
|
@ -2578,7 +2584,7 @@ run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \
|
|||
-s "Read from client: 16384 bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
|
||||
trunc_hmac=1" \
|
||||
|
@ -2608,14 +2614,14 @@ run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \
|
|||
-s "Read from client: 16384 bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.2 StreamCipher" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_2 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
0 \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_2 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
|
||||
trunc_hmac=1" \
|
||||
|
|
Loading…
Reference in a new issue