Merge pull request #5006 from JoeSubbiani/CleanCompat.sh2_dev
clean up compat.sh
This commit is contained in:
Gilles Peskine
GitHub
commit
473d585abf
447
tests/compat.sh
447
tests/compat.sh
@ -67,17 +67,18 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# default values for options
|
# default values for options
|
||||||
|
# /!\ keep this synchronised with:
|
||||||
|
# - basic-build-test.sh
|
||||||
|
# - all.sh (multiple components)
|
||||||
MODES="tls12 dtls12"
|
MODES="tls12 dtls12"
|
||||||
VERIFIES="NO YES"
|
VERIFIES="NO YES"
|
||||||
TYPES="ECDSA RSA PSK"
|
TYPES="ECDSA RSA PSK"
|
||||||
FILTER=""
|
FILTER=""
|
||||||
# exclude:
|
# By default, exclude:
|
||||||
# - NULL: excluded from our default config
|
# - NULL: excluded from our default config + requires OpenSSL legacy
|
||||||
# avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL)
|
# - ARIA: requires OpenSSL >= 1.1.1
|
||||||
# - ARIA: not in default mbedtls_config.h + requires OpenSSL >= 1.1.1
|
|
||||||
# - ChachaPoly: requires OpenSSL >= 1.1.0
|
# - ChachaPoly: requires OpenSSL >= 1.1.0
|
||||||
# - 3DES: not in default config
|
EXCLUDE='NULL\|ARIA\|CHACHA20-POLY1305'
|
||||||
EXCLUDE='NULL\|DES\|ARIA\|CHACHA20-POLY1305'
|
|
||||||
VERBOSE=""
|
VERBOSE=""
|
||||||
MEMCHECK=0
|
MEMCHECK=0
|
||||||
PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
|
PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
|
||||||
@ -245,73 +246,50 @@ add_common_ciphersuites()
|
|||||||
case $TYPE in
|
case $TYPE in
|
||||||
|
|
||||||
"ECDSA")
|
"ECDSA")
|
||||||
if [ `minor_ver "$MODE"` -gt 0 ]
|
CIPHERS="$CIPHERS \
|
||||||
then
|
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
|
||||||
CIPHERS="$CIPHERS \
|
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
|
||||||
TLS-ECDHE-ECDSA-WITH-NULL-SHA \
|
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||||
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
|
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
|
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
|
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
|
||||||
"
|
TLS-ECDHE-ECDSA-WITH-NULL-SHA \
|
||||||
fi
|
"
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ]
|
|
||||||
then
|
|
||||||
CIPHERS="$CIPHERS \
|
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
|
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
|
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
|
|
||||||
"
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"RSA")
|
"RSA")
|
||||||
CIPHERS="$CIPHERS \
|
CIPHERS="$CIPHERS \
|
||||||
TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
|
TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
|
||||||
|
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
|
||||||
|
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
|
||||||
TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
|
TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
|
||||||
|
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
|
||||||
|
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
|
||||||
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
|
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
|
||||||
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
|
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
|
||||||
TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
|
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
|
||||||
TLS-RSA-WITH-AES-256-CBC-SHA \
|
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
|
||||||
TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
|
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
|
||||||
|
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
|
||||||
|
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
|
||||||
|
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
|
||||||
|
TLS-ECDHE-RSA-WITH-NULL-SHA \
|
||||||
TLS-RSA-WITH-AES-128-CBC-SHA \
|
TLS-RSA-WITH-AES-128-CBC-SHA \
|
||||||
|
TLS-RSA-WITH-AES-128-CBC-SHA256 \
|
||||||
|
TLS-RSA-WITH-AES-128-GCM-SHA256 \
|
||||||
|
TLS-RSA-WITH-AES-256-CBC-SHA \
|
||||||
|
TLS-RSA-WITH-AES-256-CBC-SHA256 \
|
||||||
|
TLS-RSA-WITH-AES-256-GCM-SHA384 \
|
||||||
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
|
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
|
||||||
TLS-RSA-WITH-3DES-EDE-CBC-SHA \
|
TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
|
||||||
TLS-RSA-WITH-NULL-MD5 \
|
TLS-RSA-WITH-NULL-MD5 \
|
||||||
TLS-RSA-WITH-NULL-SHA \
|
TLS-RSA-WITH-NULL-SHA \
|
||||||
|
TLS-RSA-WITH-NULL-SHA256 \
|
||||||
"
|
"
|
||||||
if [ `minor_ver "$MODE"` -gt 0 ]
|
|
||||||
then
|
|
||||||
CIPHERS="$CIPHERS \
|
|
||||||
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
|
|
||||||
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
|
|
||||||
TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
|
|
||||||
TLS-ECDHE-RSA-WITH-NULL-SHA \
|
|
||||||
"
|
|
||||||
fi
|
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ]
|
|
||||||
then
|
|
||||||
CIPHERS="$CIPHERS \
|
|
||||||
TLS-RSA-WITH-AES-128-CBC-SHA256 \
|
|
||||||
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
|
|
||||||
TLS-RSA-WITH-AES-256-CBC-SHA256 \
|
|
||||||
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
|
|
||||||
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
|
|
||||||
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
|
|
||||||
TLS-RSA-WITH-AES-128-GCM-SHA256 \
|
|
||||||
TLS-RSA-WITH-AES-256-GCM-SHA384 \
|
|
||||||
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
|
|
||||||
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
|
|
||||||
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
|
|
||||||
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
|
|
||||||
TLS-RSA-WITH-NULL-SHA256 \
|
|
||||||
"
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"PSK")
|
"PSK")
|
||||||
CIPHERS="$CIPHERS \
|
CIPHERS="$CIPHERS \
|
||||||
TLS-PSK-WITH-3DES-EDE-CBC-SHA \
|
|
||||||
TLS-PSK-WITH-AES-128-CBC-SHA \
|
TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||||
TLS-PSK-WITH-AES-256-CBC-SHA \
|
TLS-PSK-WITH-AES-256-CBC-SHA \
|
||||||
"
|
"
|
||||||
@ -347,62 +325,43 @@ add_openssl_ciphersuites()
|
|||||||
case $TYPE in
|
case $TYPE in
|
||||||
|
|
||||||
"ECDSA")
|
"ECDSA")
|
||||||
if [ `minor_ver "$MODE"` -gt 0 ]
|
CIPHERS="$CIPHERS \
|
||||||
then
|
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
|
||||||
CIPHERS="$CIPHERS \
|
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
|
||||||
TLS-ECDH-ECDSA-WITH-NULL-SHA \
|
TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||||
TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
|
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
|
||||||
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
|
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
|
||||||
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
|
TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
|
||||||
"
|
TLS-ECDH-ECDSA-WITH-NULL-SHA \
|
||||||
fi
|
TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ]
|
TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \
|
||||||
then
|
TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
|
||||||
CIPHERS="$CIPHERS \
|
"
|
||||||
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
|
|
||||||
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
|
|
||||||
TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
|
|
||||||
TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
|
|
||||||
TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \
|
|
||||||
TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \
|
|
||||||
TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
|
|
||||||
"
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"RSA")
|
"RSA")
|
||||||
CIPHERS="$CIPHERS \
|
CIPHERS="$CIPHERS \
|
||||||
TLS-RSA-WITH-DES-CBC-SHA \
|
TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \
|
||||||
TLS-DHE-RSA-WITH-DES-CBC-SHA \
|
TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \
|
||||||
|
TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
|
||||||
|
TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \
|
||||||
|
TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \
|
||||||
|
TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
|
||||||
|
TLS-RSA-WITH-ARIA-128-GCM-SHA256 \
|
||||||
|
TLS-RSA-WITH-ARIA-256-GCM-SHA384 \
|
||||||
"
|
"
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ]
|
|
||||||
then
|
|
||||||
CIPHERS="$CIPHERS \
|
|
||||||
TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \
|
|
||||||
TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \
|
|
||||||
TLS-RSA-WITH-ARIA-256-GCM-SHA384 \
|
|
||||||
TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \
|
|
||||||
TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \
|
|
||||||
TLS-RSA-WITH-ARIA-128-GCM-SHA256 \
|
|
||||||
TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
|
|
||||||
TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
|
|
||||||
"
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"PSK")
|
"PSK")
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ]
|
CIPHERS="$CIPHERS \
|
||||||
then
|
TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \
|
||||||
CIPHERS="$CIPHERS \
|
TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \
|
||||||
TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \
|
TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
|
||||||
TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \
|
TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
|
||||||
TLS-PSK-WITH-ARIA-256-GCM-SHA384 \
|
TLS-PSK-WITH-ARIA-128-GCM-SHA256 \
|
||||||
TLS-PSK-WITH-ARIA-128-GCM-SHA256 \
|
TLS-PSK-WITH-ARIA-256-GCM-SHA384 \
|
||||||
TLS-PSK-WITH-CHACHA20-POLY1305-SHA256 \
|
TLS-PSK-WITH-CHACHA20-POLY1305-SHA256 \
|
||||||
TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
|
"
|
||||||
TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
|
|
||||||
"
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
@ -424,115 +383,96 @@ add_gnutls_ciphersuites()
|
|||||||
case $TYPE in
|
case $TYPE in
|
||||||
|
|
||||||
"ECDSA")
|
"ECDSA")
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ]
|
CIPHERS="$CIPHERS \
|
||||||
then
|
TLS-ECDHE-ECDSA-WITH-AES-128-CCM \
|
||||||
CIPHERS="$CIPHERS \
|
TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
|
||||||
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
TLS-ECDHE-ECDSA-WITH-AES-256-CCM \
|
||||||
TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \
|
||||||
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
|
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||||
TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
|
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-128-CCM \
|
TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-256-CCM \
|
TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
|
"
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \
|
|
||||||
"
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"RSA")
|
"RSA")
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ]
|
CIPHERS="$CIPHERS \
|
||||||
then
|
TLS-DHE-RSA-WITH-AES-128-CCM \
|
||||||
CIPHERS="$CIPHERS \
|
TLS-DHE-RSA-WITH-AES-128-CCM-8 \
|
||||||
TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
TLS-DHE-RSA-WITH-AES-256-CCM \
|
||||||
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
TLS-DHE-RSA-WITH-AES-256-CCM-8 \
|
||||||
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||||
TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
|
TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
|
||||||
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
|
||||||
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
|
TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
|
||||||
TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
|
TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||||
TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
|
TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
|
||||||
TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
|
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||||
TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
|
TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
|
||||||
TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
|
TLS-RSA-WITH-AES-128-CCM \
|
||||||
TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
|
TLS-RSA-WITH-AES-128-CCM-8 \
|
||||||
TLS-RSA-WITH-AES-128-CCM \
|
TLS-RSA-WITH-AES-256-CCM \
|
||||||
TLS-RSA-WITH-AES-256-CCM \
|
TLS-RSA-WITH-AES-256-CCM-8 \
|
||||||
TLS-DHE-RSA-WITH-AES-128-CCM \
|
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||||
TLS-DHE-RSA-WITH-AES-256-CCM \
|
TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
|
||||||
TLS-RSA-WITH-AES-128-CCM-8 \
|
TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
|
||||||
TLS-RSA-WITH-AES-256-CCM-8 \
|
TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
|
||||||
TLS-DHE-RSA-WITH-AES-128-CCM-8 \
|
"
|
||||||
TLS-DHE-RSA-WITH-AES-256-CCM-8 \
|
|
||||||
"
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"PSK")
|
"PSK")
|
||||||
CIPHERS="$CIPHERS \
|
CIPHERS="$CIPHERS \
|
||||||
TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
|
TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
|
||||||
TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
|
TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
|
||||||
TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
|
TLS-DHE-PSK-WITH-AES-128-CCM \
|
||||||
|
TLS-DHE-PSK-WITH-AES-128-CCM-8 \
|
||||||
|
TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
|
||||||
|
TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
|
||||||
|
TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
|
||||||
|
TLS-DHE-PSK-WITH-AES-256-CCM \
|
||||||
|
TLS-DHE-PSK-WITH-AES-256-CCM-8 \
|
||||||
|
TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
|
||||||
|
TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||||
|
TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
|
||||||
|
TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||||
|
TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
|
||||||
|
TLS-DHE-PSK-WITH-NULL-SHA256 \
|
||||||
|
TLS-DHE-PSK-WITH-NULL-SHA384 \
|
||||||
|
TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
|
||||||
|
TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
|
||||||
|
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
|
||||||
|
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
|
||||||
|
TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||||
|
TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||||
|
TLS-ECDHE-PSK-WITH-NULL-SHA256 \
|
||||||
|
TLS-ECDHE-PSK-WITH-NULL-SHA384 \
|
||||||
|
TLS-PSK-WITH-AES-128-CBC-SHA256 \
|
||||||
|
TLS-PSK-WITH-AES-128-CCM \
|
||||||
|
TLS-PSK-WITH-AES-128-CCM-8 \
|
||||||
|
TLS-PSK-WITH-AES-128-GCM-SHA256 \
|
||||||
|
TLS-PSK-WITH-AES-256-CBC-SHA384 \
|
||||||
|
TLS-PSK-WITH-AES-256-CCM \
|
||||||
|
TLS-PSK-WITH-AES-256-CCM-8 \
|
||||||
|
TLS-PSK-WITH-AES-256-GCM-SHA384 \
|
||||||
|
TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||||
|
TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
|
||||||
|
TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||||
|
TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
|
||||||
|
TLS-PSK-WITH-NULL-SHA256 \
|
||||||
|
TLS-PSK-WITH-NULL-SHA384 \
|
||||||
|
TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
|
||||||
|
TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
|
||||||
|
TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
|
||||||
|
TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
|
||||||
|
TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
|
||||||
|
TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
|
||||||
|
TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||||
|
TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
|
||||||
|
TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||||
|
TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
|
||||||
|
TLS-RSA-PSK-WITH-NULL-SHA256 \
|
||||||
|
TLS-RSA-PSK-WITH-NULL-SHA384 \
|
||||||
"
|
"
|
||||||
if [ `minor_ver "$MODE"` -gt 0 ]
|
|
||||||
then
|
|
||||||
CIPHERS="$CIPHERS \
|
|
||||||
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
|
|
||||||
TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
|
|
||||||
TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
|
|
||||||
TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
|
|
||||||
TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
|
|
||||||
TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
|
|
||||||
"
|
|
||||||
fi
|
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ]
|
|
||||||
then
|
|
||||||
CIPHERS="$CIPHERS \
|
|
||||||
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
|
|
||||||
TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
|
|
||||||
TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
|
|
||||||
TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
|
|
||||||
TLS-ECDHE-PSK-WITH-NULL-SHA384 \
|
|
||||||
TLS-ECDHE-PSK-WITH-NULL-SHA256 \
|
|
||||||
TLS-PSK-WITH-AES-128-CBC-SHA256 \
|
|
||||||
TLS-PSK-WITH-AES-256-CBC-SHA384 \
|
|
||||||
TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
|
|
||||||
TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
|
|
||||||
TLS-PSK-WITH-NULL-SHA256 \
|
|
||||||
TLS-PSK-WITH-NULL-SHA384 \
|
|
||||||
TLS-DHE-PSK-WITH-NULL-SHA256 \
|
|
||||||
TLS-DHE-PSK-WITH-NULL-SHA384 \
|
|
||||||
TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
|
|
||||||
TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
|
|
||||||
TLS-RSA-PSK-WITH-NULL-SHA256 \
|
|
||||||
TLS-RSA-PSK-WITH-NULL-SHA384 \
|
|
||||||
TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
|
|
||||||
TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
|
|
||||||
TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
|
|
||||||
TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
|
|
||||||
TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
|
|
||||||
TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
|
|
||||||
TLS-PSK-WITH-AES-128-GCM-SHA256 \
|
|
||||||
TLS-PSK-WITH-AES-256-GCM-SHA384 \
|
|
||||||
TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
|
|
||||||
TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
|
|
||||||
TLS-PSK-WITH-AES-128-CCM \
|
|
||||||
TLS-PSK-WITH-AES-256-CCM \
|
|
||||||
TLS-DHE-PSK-WITH-AES-128-CCM \
|
|
||||||
TLS-DHE-PSK-WITH-AES-256-CCM \
|
|
||||||
TLS-PSK-WITH-AES-128-CCM-8 \
|
|
||||||
TLS-PSK-WITH-AES-256-CCM-8 \
|
|
||||||
TLS-DHE-PSK-WITH-AES-128-CCM-8 \
|
|
||||||
TLS-DHE-PSK-WITH-AES-256-CCM-8 \
|
|
||||||
TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
|
|
||||||
TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
|
|
||||||
TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
|
|
||||||
TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
|
|
||||||
TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
|
|
||||||
TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
|
|
||||||
TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
|
|
||||||
TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
|
|
||||||
"
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
@ -551,71 +491,50 @@ add_mbedtls_ciphersuites()
|
|||||||
case $TYPE in
|
case $TYPE in
|
||||||
|
|
||||||
"ECDSA")
|
"ECDSA")
|
||||||
if [ `minor_ver "$MODE"` -gt 0 ]
|
M_CIPHERS="$M_CIPHERS \
|
||||||
then
|
TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 \
|
||||||
M_CIPHERS="$M_CIPHERS \
|
TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 \
|
||||||
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 \
|
||||||
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 \
|
||||||
"
|
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||||
fi
|
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ]
|
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||||
then
|
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
|
||||||
M_CIPHERS="$M_CIPHERS \
|
TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \
|
||||||
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
|
TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \
|
||||||
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
|
"
|
||||||
TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \
|
|
||||||
TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \
|
|
||||||
TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 \
|
|
||||||
TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 \
|
|
||||||
TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 \
|
|
||||||
TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 \
|
|
||||||
"
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"RSA")
|
"RSA")
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ]
|
M_CIPHERS="$M_CIPHERS \
|
||||||
then
|
TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \
|
||||||
M_CIPHERS="$M_CIPHERS \
|
TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \
|
||||||
TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \
|
TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \
|
||||||
TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \
|
TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \
|
||||||
TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \
|
TLS-RSA-WITH-ARIA-128-CBC-SHA256 \
|
||||||
TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \
|
TLS-RSA-WITH-ARIA-256-CBC-SHA384 \
|
||||||
TLS-RSA-WITH-ARIA-256-CBC-SHA384 \
|
"
|
||||||
TLS-RSA-WITH-ARIA-128-CBC-SHA256 \
|
|
||||||
"
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"PSK")
|
"PSK")
|
||||||
# *PSK-NULL-SHA suites supported by GnuTLS 3.3.5 but not 3.2.15
|
# *PSK-NULL-SHA suites supported by GnuTLS 3.3.5 but not 3.2.15
|
||||||
M_CIPHERS="$M_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-PSK-WITH-NULL-SHA \
|
TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 \
|
||||||
TLS-DHE-PSK-WITH-NULL-SHA \
|
TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 \
|
||||||
|
TLS-DHE-PSK-WITH-NULL-SHA \
|
||||||
|
TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256 \
|
||||||
|
TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384 \
|
||||||
|
TLS-ECDHE-PSK-WITH-NULL-SHA \
|
||||||
|
TLS-PSK-WITH-ARIA-128-CBC-SHA256 \
|
||||||
|
TLS-PSK-WITH-ARIA-256-CBC-SHA384 \
|
||||||
|
TLS-PSK-WITH-NULL-SHA \
|
||||||
|
TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 \
|
||||||
|
TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 \
|
||||||
|
TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 \
|
||||||
|
TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 \
|
||||||
|
TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 \
|
||||||
|
TLS-RSA-PSK-WITH-NULL-SHA \
|
||||||
"
|
"
|
||||||
if [ `minor_ver "$MODE"` -gt 0 ]
|
|
||||||
then
|
|
||||||
M_CIPHERS="$M_CIPHERS \
|
|
||||||
TLS-ECDHE-PSK-WITH-NULL-SHA \
|
|
||||||
TLS-RSA-PSK-WITH-NULL-SHA \
|
|
||||||
"
|
|
||||||
fi
|
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ]
|
|
||||||
then
|
|
||||||
M_CIPHERS="$M_CIPHERS \
|
|
||||||
TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 \
|
|
||||||
TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 \
|
|
||||||
TLS-PSK-WITH-ARIA-256-CBC-SHA384 \
|
|
||||||
TLS-PSK-WITH-ARIA-128-CBC-SHA256 \
|
|
||||||
TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 \
|
|
||||||
TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 \
|
|
||||||
TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384 \
|
|
||||||
TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256 \
|
|
||||||
TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 \
|
|
||||||
TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 \
|
|
||||||
TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 \
|
|
||||||
"
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1226,7 +1226,7 @@ component_test_everest () {
|
|||||||
|
|
||||||
msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
|
msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
|
||||||
# Exclude some symmetric ciphers that are redundant here to gain time.
|
# Exclude some symmetric ciphers that are redundant here to gain time.
|
||||||
tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES'
|
tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
|
||||||
}
|
}
|
||||||
|
|
||||||
component_test_everest_curve25519_only () {
|
component_test_everest_curve25519_only () {
|
||||||
@ -1314,8 +1314,8 @@ component_test_full_cmake_clang () {
|
|||||||
msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
|
msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
|
||||||
tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
|
tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
|
||||||
|
|
||||||
msg "test: compat.sh DES, 3DES & NULL (full config)" # ~ 2 min
|
msg "test: compat.sh NULL (full config)" # ~ 2 min
|
||||||
env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES'
|
env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL'
|
||||||
|
|
||||||
msg "test: compat.sh ARIA + ChachaPoly"
|
msg "test: compat.sh ARIA + ChachaPoly"
|
||||||
env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
|
env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
|
||||||
@ -1607,8 +1607,8 @@ component_test_no_use_psa_crypto_full_cmake_asan() {
|
|||||||
msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
||||||
tests/compat.sh
|
tests/compat.sh
|
||||||
|
|
||||||
msg "test: compat.sh DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
msg "test: compat.sh NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
||||||
env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES'
|
env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -f 'NULL'
|
||||||
|
|
||||||
msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
||||||
env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
|
env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
|
||||||
@ -2600,7 +2600,7 @@ component_test_m32_everest () {
|
|||||||
|
|
||||||
msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
|
msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
|
||||||
# Exclude some symmetric ciphers that are redundant here to gain time.
|
# Exclude some symmetric ciphers that are redundant here to gain time.
|
||||||
tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES'
|
tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
|
||||||
}
|
}
|
||||||
support_test_m32_everest () {
|
support_test_m32_everest () {
|
||||||
support_test_m32_o0 "$@"
|
support_test_m32_o0 "$@"
|
||||||
|
|||||||
@ -121,13 +121,13 @@ echo
|
|||||||
echo '################ compat.sh ################'
|
echo '################ compat.sh ################'
|
||||||
{
|
{
|
||||||
echo '#### compat.sh: Default versions'
|
echo '#### compat.sh: Default versions'
|
||||||
sh compat.sh -m 'tls1_2 dtls1_2'
|
sh compat.sh
|
||||||
echo
|
echo
|
||||||
|
|
||||||
echo '#### compat.sh: legacy (null, DES)'
|
echo '#### compat.sh: legacy (null)'
|
||||||
OPENSSL_CMD="$OPENSSL_LEGACY" \
|
OPENSSL_CMD="$OPENSSL_LEGACY" \
|
||||||
GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \
|
GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \
|
||||||
sh compat.sh -e '^$' -f 'NULL\|DES'
|
sh compat.sh -e '^$' -f 'NULL'
|
||||||
echo
|
echo
|
||||||
|
|
||||||
echo '#### compat.sh: next (ARIA, ChaCha)'
|
echo '#### compat.sh: next (ARIA, ChaCha)'
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user