all.sh: Remove dependency on TLS, NET, and X.509
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 0f3d3ec..2806426 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -38,10 +38,6 @@
# * G++
# * arm-gcc and mingw-gcc
# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
-# * OpenSSL and GnuTLS command line tools, recent enough for the
-# interoperability tests. If they don't support SSLv3 then a legacy
-# version of these tools must be present as well (search for LEGACY
-# below).
# See the invocation of check_tools below for details.
#
# This script must be invoked from the toplevel directory of a git
@@ -116,18 +112,10 @@
CONFIG_H='include/mbedtls/config.h'
CONFIG_BAK="$CONFIG_H.bak"
- MEMORY=0
FORCE=0
KEEP_GOING=0
# Default commands, can be overridden by the environment
- : ${OPENSSL:="openssl"}
- : ${OPENSSL_LEGACY:="$OPENSSL"}
- : ${OPENSSL_NEXT:="$OPENSSL"}
- : ${GNUTLS_CLI:="gnutls-cli"}
- : ${GNUTLS_SERV:="gnutls-serv"}
- : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
- : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
: ${ARMC5_BIN_DIR:=/usr/bin}
: ${ARMC6_BIN_DIR:=/usr/bin}
@@ -207,13 +195,6 @@
Tool path options:
--armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory.
--armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory.
- --gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests.
- --gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests.
- --gnutls-legacy-cli=<GnuTLS_cli_path> GnuTLS client executable to use for legacy tests.
- --gnutls-legacy-serv=<GnuTLS_serv_path> GnuTLS server executable to use for legacy tests.
- --openssl=<OpenSSL_path> OpenSSL executable to use for most tests.
- --openssl-legacy=<OpenSSL_path> OpenSSL executable to use for legacy tests e.g. SSLv3.
- --openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA
EOF
}
@@ -310,6 +291,9 @@
all_except=0
no_armcc=
+ # Note that legacy options are ignored instead of being omitted from this
+ # list of options, so invocations that worked with previous version of
+ # all.sh will still run and work properly.
while [ $# -gt 0 ]; do
case "$1" in
--armcc) no_armcc=;;
@@ -317,26 +301,26 @@
--armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
--except) all_except=1;;
--force|-f) FORCE=1;;
- --gnutls-cli) shift; GNUTLS_CLI="$1";;
- --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";;
- --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";;
- --gnutls-serv) shift; GNUTLS_SERV="$1";;
+ --gnutls-cli) shift;;
+ --gnutls-legacy-cli) shift;;
+ --gnutls-legacy-serv) shift;;
+ --gnutls-serv) shift;;
--help|-h) usage; exit;;
--keep-going|-k) KEEP_GOING=1;;
--list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;;
--list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;;
- --memory|-m) MEMORY=1;;
+ --memory|-m) ;;
--no-armcc) no_armcc=1;;
--no-force) FORCE=0;;
--no-keep-going) KEEP_GOING=0;;
- --no-memory) MEMORY=0;;
- --openssl) shift; OPENSSL="$1";;
- --openssl-legacy) shift; OPENSSL_LEGACY="$1";;
- --openssl-next) shift; OPENSSL_NEXT="$1";;
+ --no-memory) ;;
+ --openssl) shift;;
+ --openssl-legacy) shift;;
+ --openssl-next) shift;;
--out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
- --random-seed) unset SEED;;
- --release-test|-r) SEED=1;;
- --seed|-s) shift; SEED="$1";;
+ --random-seed) ;;
+ --release-test|-r) ;;
+ --seed|-s) shift;;
-*)
echo >&2 "Unknown option: $1"
echo >&2 "Run $0 --help for usage."
@@ -469,16 +453,7 @@
pre_print_configuration () {
msg "info: $0 configuration"
- echo "MEMORY: $MEMORY"
echo "FORCE: $FORCE"
- echo "SEED: ${SEED-"UNSET"}"
- echo "OPENSSL: $OPENSSL"
- echo "OPENSSL_LEGACY: $OPENSSL_LEGACY"
- echo "OPENSSL_NEXT: $OPENSSL_NEXT"
- echo "GNUTLS_CLI: $GNUTLS_CLI"
- echo "GNUTLS_SERV: $GNUTLS_SERV"
- echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI"
- echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV"
echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR"
echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
}
@@ -489,30 +464,6 @@
set env
case " $RUN_COMPONENTS " in
- # Require OpenSSL and GnuTLS if running any tests (as opposed to
- # only doing builds). Not all tests run OpenSSL and GnuTLS, but this
- # is a good enough approximation in practice.
- *" test_"*)
- # To avoid setting OpenSSL and GnuTLS for each call to compat.sh
- # and ssl-opt.sh, we just export the variables they require.
- export OPENSSL_CMD="$OPENSSL"
- export GNUTLS_CLI="$GNUTLS_CLI"
- export GNUTLS_SERV="$GNUTLS_SERV"
- # Avoid passing --seed flag in every call to ssl-opt.sh
- if [ -n "${SEED-}" ]; then
- export SEED
- fi
- set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY"
- set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV"
- set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI"
- set "$@" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV"
- check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \
- "$GNUTLS_CLI" "$GNUTLS_SERV" \
- "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV"
- ;;
- esac
-
- case " $RUN_COMPONENTS " in
*_doxygen[_\ ]*) check_tools "doxygen" "dot";;
esac
@@ -605,12 +556,6 @@
msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
make test
-
- msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
- if_build_succeeded tests/ssl-opt.sh
-
- msg "test: compat.sh (ASan build)" # ~ 6 min
- if_build_succeeded tests/compat.sh
}
component_test_ref_configs () {
@@ -619,36 +564,6 @@
record_status tests/scripts/test-ref-configs.pl
}
-component_test_sslv3 () {
- msg "build: Default + SSLv3 (ASan build)" # ~ 6 min
- scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s
- make test
-
- msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min
- if_build_succeeded tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2'
- if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
-
- msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min
- if_build_succeeded tests/ssl-opt.sh
-}
-
-component_test_no_renegotiation () {
- msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min
- scripts/config.pl unset MBEDTLS_SSL_RENEGOTIATION
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s
- make test
-
- msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min
- if_build_succeeded tests/ssl-opt.sh
-}
-
component_test_rsa_no_crt () {
msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
scripts/config.pl set MBEDTLS_RSA_NO_CRT
@@ -657,54 +572,6 @@
msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s
make test
-
- msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s
- if_build_succeeded tests/ssl-opt.sh -f RSA
-
- msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
- if_build_succeeded tests/compat.sh -t RSA
-}
-
-component_test_small_ssl_out_content_len () {
- msg "build: small SSL_OUT_CONTENT_LEN (ASan build)"
- scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384
- scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests"
- if_build_succeeded tests/ssl-opt.sh -f "Max fragment\|Large packet"
-}
-
-component_test_small_ssl_in_content_len () {
- msg "build: small SSL_IN_CONTENT_LEN (ASan build)"
- scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 4096
- scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 16384
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
- if_build_succeeded tests/ssl-opt.sh -f "Max fragment"
-}
-
-component_test_small_ssl_dtls_max_buffering () {
- msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0"
- scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test"
- if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg"
-}
-
-component_test_small_mbedtls_ssl_dtls_max_buffering () {
- msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1"
- scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 240
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test"
- if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket"
}
component_test_full_cmake_clang () {
@@ -719,15 +586,6 @@
msg "test: psa_constant_names (full config)" # ~ 1s
record_status tests/scripts/test_psa_constant_names.py
-
- msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
- if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
-
- msg "test: compat.sh RC4, DES, 3DES & NULL (full config)" # ~ 2 min
- if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR'
-
- msg "test: compat.sh ARIA + ChachaPoly"
- if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
}
component_build_deprecated () {
@@ -764,11 +622,6 @@
record_status tests/scripts/depends-pkalgs.pl
}
-component_build_key_exchanges () {
- msg "test/build: key-exchanges (gcc)" # ~ 1 min
- record_status tests/scripts/key-exchanges.pl
-}
-
component_build_default_make_gcc_and_cxx () {
msg "build: Unix make, -Os (gcc)" # ~ 30s
make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
@@ -793,21 +646,6 @@
msg "test: main suites (MBEDTLS_USE_PSA_CRYPTO)"
make test
-
- msg "test: ssl-opt.sh (MBEDTLS_USE_PSA_CRYPTO)"
- if_build_succeeded tests/ssl-opt.sh
-
- msg "test: compat.sh default (MBEDTLS_USE_PSA_CRYPTO)"
- if_build_succeeded tests/compat.sh
-
- msg "test: compat.sh ssl3 (MBEDTLS_USE_PSA_CRYPTO)"
- if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
-
- msg "test: compat.sh RC4, DES & NULL (MBEDTLS_USE_PSA_CRYPTO)"
- if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
-
- msg "test: compat.sh ARIA + ChachaPoly (MBEDTLS_USE_PSA_CRYPTO)"
- if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
}
component_test_check_params_without_platform () {
@@ -868,69 +706,6 @@
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
}
-component_build_no_ssl_srv () {
- msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s
- scripts/config.pl full
- scripts/config.pl unset MBEDTLS_SSL_SRV_C
- make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
-}
-
-component_build_no_ssl_cli () {
- msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s
- scripts/config.pl full
- scripts/config.pl unset MBEDTLS_SSL_CLI_C
- make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
-}
-
-component_build_no_sockets () {
- # Note, C99 compliance can also be tested with the sockets support disabled,
- # as that requires a POSIX platform (which isn't the same as C99).
- msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s
- scripts/config.pl full
- scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc.
- scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
- make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' lib
-}
-
-component_test_no_max_fragment_length () {
- # Run max fragment length tests with MFL disabled
- msg "build: default config except MFL extension (ASan build)" # ~ 30s
- scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: ssl-opt.sh, MFL-related tests"
- if_build_succeeded tests/ssl-opt.sh -f "Max fragment length"
-}
-
-component_test_asan_remove_peer_certificate () {
- msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)"
- scripts/config.pl unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
- make test
-
- msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
- if_build_succeeded tests/ssl-opt.sh
-
- msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
- if_build_succeeded tests/compat.sh
-}
-
-component_test_no_max_fragment_length_small_ssl_out_content_len () {
- msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)"
- scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
- scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384
- scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: MFL tests (disabled MFL extension case) & large packet tests"
- if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
-}
-
component_test_null_entropy () {
msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY
@@ -1192,15 +967,6 @@
armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a"
}
-component_test_allow_sha1 () {
- msg "build: allow SHA1 in certificates by default"
- scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
- make CFLAGS='-Werror -Wall -Wextra'
- msg "test: allow SHA1 in certificates by default"
- make test
- if_build_succeeded tests/ssl-opt.sh -f SHA-1
-}
-
component_build_mingw () {
msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs
@@ -1223,16 +989,6 @@
msg "test: main suites (MSan)" # ~ 10s
make test
-
- msg "test: ssl-opt.sh (MSan)" # ~ 1 min
- if_build_succeeded tests/ssl-opt.sh
-
- # Optional part(s)
-
- if [ "$MEMORY" -gt 0 ]; then
- msg "test: compat.sh (MSan)" # ~ 6 min 20s
- if_build_succeeded tests/compat.sh
- fi
}
component_test_valgrind () {
@@ -1242,20 +998,6 @@
msg "test: main suites valgrind (Release)"
make memcheck
-
- # Optional part(s)
- # Currently broken, programs don't seem to receive signals
- # under valgrind on OS X
-
- if [ "$MEMORY" -gt 0 ]; then
- msg "test: ssl-opt.sh --memcheck (Release)"
- if_build_succeeded tests/ssl-opt.sh --memcheck
- fi
-
- if [ "$MEMORY" -gt 1 ]; then
- msg "test: compat.sh --memcheck (Release)"
- if_build_succeeded tests/compat.sh --memcheck
- fi
}
component_test_cmake_out_of_source () {
@@ -1268,17 +1010,7 @@
msg "test: cmake 'out-of-source' build"
make test
- # Test an SSL option that requires an auxiliary script in test/scripts/.
- # Also ensure that there are no error messages such as
- # "No such file or directory", which would indicate that some required
- # file is missing (ssl-opt.sh tolerates the absence of some files so
- # may exit with status 0 but emit errors).
- if_build_succeeded ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err
- if [ -s ssl-opt.err ]; then
- cat ssl-opt.err >&2
- record_status [ ! -s ssl-opt.err ]
- rm ssl-opt.err
- fi
+
cd "$MBEDTLS_ROOT_DIR"
rm -rf "$OUT_OF_SOURCE_DIR"
unset MBEDTLS_ROOT_DIR