Adjust test scripts to new RC4 defaults

This commit is contained in:
Manuel Pégourié-Gonnard 2015-03-24 09:50:15 +01:00
parent 29c28f961d
commit ea0920f079
4 changed files with 36 additions and 25 deletions

View file

@ -18,6 +18,7 @@ EOU
# POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION could be enabled if the # POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION could be enabled if the
# respective tests were adapted # respective tests were adapted
my @excluded = qw( my @excluded = qw(
POLARSSL_DEPRECATED_REMOVED
POLARSSL_HAVE_INT8 POLARSSL_HAVE_INT8
POLARSSL_HAVE_INT16 POLARSSL_HAVE_INT16
POLARSSL_HAVE_SSE2 POLARSSL_HAVE_SSE2
@ -27,6 +28,7 @@ POLARSSL_ECP_DP_M383_ENABLED
POLARSSL_ECP_DP_M511_ENABLED POLARSSL_ECP_DP_M511_ENABLED
POLARSSL_NO_DEFAULT_ENTROPY_SOURCES POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
POLARSSL_NO_PLATFORM_ENTROPY POLARSSL_NO_PLATFORM_ENTROPY
POLARSSL_REMOVE_ARC4_CIPHERSUITES
POLARSSL_SSL_HW_RECORD_ACCEL POLARSSL_SSL_HW_RECORD_ACCEL
POLARSSL_SSL_DISABLE_RENEGOTIATION POLARSSL_SSL_DISABLE_RENEGOTIATION
POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
@ -87,7 +89,10 @@ for my $line (@config_lines) {
} }
if (!$done && $line =~ m!^//\s?#define! && $line !~ /$exclude_re/) { if (!$done && $line =~ m!^//\s?#define! && $line !~ /$exclude_re/) {
$line =~ s!^//!!; $line =~ s!^//\s?!!;
}
if (!$done && $line =~ m!^\s?#define! && $line =~ /$exclude_re/) {
$line =~ s!^!//!;
} }
} elsif ($action eq "unset") { } elsif ($action eq "unset") {
if (!$done && $line =~ /^\s*#define\s*$name/) { if (!$done && $line =~ /^\s*#define\s*$name/) {

View file

@ -49,7 +49,7 @@ MODES="ssl3 tls1 tls1_1 tls1_2 dtls1 dtls1_2"
VERIFIES="NO YES" VERIFIES="NO YES"
TYPES="ECDSA RSA PSK" TYPES="ECDSA RSA PSK"
FILTER="" FILTER=""
EXCLUDE='NULL\|DES-CBC-' # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL) EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR' # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL)
VERBOSE="" VERBOSE=""
MEMCHECK=0 MEMCHECK=0
PEERS="OpenSSL$PEER_GNUTLS mbedTLS" PEERS="OpenSSL$PEER_GNUTLS mbedTLS"

View file

@ -119,9 +119,9 @@ cd tests
./ssl-opt.sh -f Default ./ssl-opt.sh -f Default
cd .. cd ..
msg "test: compat.sh DES & NULL (full config)" # ~ 2 min msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min
cd tests cd tests
./compat.sh -e '^$' -f 'NULL\|3DES-EDE-CBC\|DES-CBC3' ./compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
cd .. cd ..
msg "test/build: curves.pl (gcc)" # ~ 5 min (?) msg "test/build: curves.pl (gcc)" # ~ 5 min (?)

View file

@ -555,7 +555,13 @@ run_test "RC4: server disabled, client enabled" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1 \ 1 \
-s "SSL - None of the common ciphersuites is usable" -s "SSL - The server has no ciphersuites in common"
run_test "RC4: server half, client enabled" \
"$P_SRV arc4=1" \
"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1 \
-s "SSL - The server has no ciphersuites in common"
run_test "RC4: server enabled, client disabled" \ run_test "RC4: server enabled, client disabled" \
"$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
@ -564,7 +570,7 @@ run_test "RC4: server enabled, client disabled" \
-s "SSL - The server has no ciphersuites in common" -s "SSL - The server has no ciphersuites in common"
run_test "RC4: both enabled" \ run_test "RC4: both enabled" \
"$P_SRV arc4=1" \ "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \ 0 \
-S "SSL - None of the common ciphersuites is usable" \ -S "SSL - None of the common ciphersuites is usable" \
@ -671,7 +677,7 @@ run_test "Encrypt then MAC: client enabled, aead cipher" \
run_test "Encrypt then MAC: client enabled, stream cipher" \ run_test "Encrypt then MAC: client enabled, stream cipher" \
"$P_SRV debug_level=3 etm=1 \ "$P_SRV debug_level=3 etm=1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI debug_level=3 etm=1 arc4=1" \ "$P_CLI debug_level=3 etm=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \ 0 \
-c "client hello, adding encrypt_then_mac extension" \ -c "client hello, adding encrypt_then_mac extension" \
-s "found encrypt then mac extension" \ -s "found encrypt then mac extension" \
@ -890,7 +896,7 @@ run_test "CBC Record splitting: SSLv3, splitting" \
-s "122 bytes read" -s "122 bytes read"
run_test "CBC Record splitting: TLS 1.0 RC4, no splitting" \ run_test "CBC Record splitting: TLS 1.0 RC4, no splitting" \
"$P_SRV arc4=1" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
request_size=123 force_version=tls1" \ request_size=123 force_version=tls1" \
0 \ 0 \
@ -2338,25 +2344,25 @@ run_test "PSK callback: wrong key" \
# Tests for ciphersuites per version # Tests for ciphersuites per version
run_test "Per-version suites: SSL3" \ run_test "Per-version suites: SSL3" \
"$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=ssl3" \ "$P_CLI force_version=ssl3" \
0 \ 0 \
-c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA" -c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA"
run_test "Per-version suites: TLS 1.0" \ run_test "Per-version suites: TLS 1.0" \
"$P_SRV arc4=1 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_SRV arc4=1 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=tls1 arc4=1" \ "$P_CLI force_version=tls1 arc4=1" \
0 \ 0 \
-c "Ciphersuite is TLS-RSA-WITH-RC4-128-SHA" -c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA"
run_test "Per-version suites: TLS 1.1" \ run_test "Per-version suites: TLS 1.1" \
"$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=tls1_1" \ "$P_CLI force_version=tls1_1" \
0 \ 0 \
-c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA" -c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA"
run_test "Per-version suites: TLS 1.2" \ run_test "Per-version suites: TLS 1.2" \
"$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=tls1_2" \ "$P_CLI force_version=tls1_2" \
0 \ 0 \
-c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256" -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256"
@ -2385,7 +2391,7 @@ run_test "Small packet SSLv3 BlockCipher" \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet SSLv3 StreamCipher" \ run_test "Small packet SSLv3 StreamCipher" \
"$P_SRV min_version=ssl3 arc4=1" \ "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=ssl3 \ "$P_CLI request_size=1 force_version=ssl3 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \ 0 \
@ -2414,7 +2420,7 @@ run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \ run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \
"$P_SRV arc4=1" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1 \ "$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \ trunc_hmac=1" \
@ -2436,7 +2442,7 @@ run_test "Small packet TLS 1.1 BlockCipher without EtM" \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.1 StreamCipher" \ run_test "Small packet TLS 1.1 StreamCipher" \
"$P_SRV arc4=1" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_1 \ "$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \ 0 \
@ -2451,7 +2457,7 @@ run_test "Small packet TLS 1.1 BlockCipher truncated MAC" \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \ run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \
"$P_SRV arc4=1" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_1 \ "$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \ trunc_hmac=1" \
@ -2488,14 +2494,14 @@ run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.2 StreamCipher" \ run_test "Small packet TLS 1.2 StreamCipher" \
"$P_SRV arc4=1" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \ run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \
"$P_SRV arc4=1" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \ trunc_hmac=1" \
@ -2526,7 +2532,7 @@ run_test "Large packet SSLv3 BlockCipher" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
run_test "Large packet SSLv3 StreamCipher" \ run_test "Large packet SSLv3 StreamCipher" \
"$P_SRV min_version=ssl3 arc4=1" \ "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=ssl3 \ "$P_CLI request_size=16384 force_version=ssl3 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \ 0 \
@ -2548,7 +2554,7 @@ run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \ run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \
"$P_SRV arc4=1" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1 \ "$P_CLI request_size=16384 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \ trunc_hmac=1" \
@ -2563,7 +2569,7 @@ run_test "Large packet TLS 1.1 BlockCipher" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.1 StreamCipher" \ run_test "Large packet TLS 1.1 StreamCipher" \
"$P_SRV arc4=1" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1_1 \ "$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \ 0 \
@ -2578,7 +2584,7 @@ run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \ run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \
"$P_SRV arc4=1" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1_1 \ "$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \ trunc_hmac=1" \
@ -2608,14 +2614,14 @@ run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 StreamCipher" \ run_test "Large packet TLS 1.2 StreamCipher" \
"$P_SRV arc4=1" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1_2 \ "$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \ 0 \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \ run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \
"$P_SRV arc4=1" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1_2 \ "$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \ trunc_hmac=1" \