From ea0920f0799272ca9c5cc7e76fe525d78d55d170 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 24 Mar 2015 09:50:15 +0100 Subject: [PATCH] Adjust test scripts to new RC4 defaults --- scripts/config.pl | 7 ++++++- tests/compat.sh | 2 +- tests/scripts/all.sh | 4 ++-- tests/ssl-opt.sh | 48 +++++++++++++++++++++++++------------------- 4 files changed, 36 insertions(+), 25 deletions(-) diff --git a/scripts/config.pl b/scripts/config.pl index ace5459e6..9cc50342e 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -18,6 +18,7 @@ EOU # POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION could be enabled if the # respective tests were adapted my @excluded = qw( +POLARSSL_DEPRECATED_REMOVED POLARSSL_HAVE_INT8 POLARSSL_HAVE_INT16 POLARSSL_HAVE_SSE2 @@ -27,6 +28,7 @@ POLARSSL_ECP_DP_M383_ENABLED POLARSSL_ECP_DP_M511_ENABLED POLARSSL_NO_DEFAULT_ENTROPY_SOURCES POLARSSL_NO_PLATFORM_ENTROPY +POLARSSL_REMOVE_ARC4_CIPHERSUITES POLARSSL_SSL_HW_RECORD_ACCEL POLARSSL_SSL_DISABLE_RENEGOTIATION POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 @@ -87,7 +89,10 @@ for my $line (@config_lines) { } if (!$done && $line =~ m!^//\s?#define! && $line !~ /$exclude_re/) { - $line =~ s!^//!!; + $line =~ s!^//\s?!!; + } + if (!$done && $line =~ m!^\s?#define! && $line =~ /$exclude_re/) { + $line =~ s!^!//!; } } elsif ($action eq "unset") { if (!$done && $line =~ /^\s*#define\s*$name/) { diff --git a/tests/compat.sh b/tests/compat.sh index 61866628d..f7ddb98a5 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -49,7 +49,7 @@ MODES="ssl3 tls1 tls1_1 tls1_2 dtls1 dtls1_2" VERIFIES="NO YES" TYPES="ECDSA RSA PSK" FILTER="" -EXCLUDE='NULL\|DES-CBC-' # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL) +EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR' # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL) VERBOSE="" MEMCHECK=0 PEERS="OpenSSL$PEER_GNUTLS mbedTLS" diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 578119b56..37a302065 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -119,9 +119,9 @@ cd tests ./ssl-opt.sh -f Default cd .. -msg "test: compat.sh DES & NULL (full config)" # ~ 2 min +msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min cd tests -./compat.sh -e '^$' -f 'NULL\|3DES-EDE-CBC\|DES-CBC3' +./compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' cd .. msg "test/build: curves.pl (gcc)" # ~ 5 min (?) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2c0c9ffd3..244c6c034 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -555,7 +555,13 @@ run_test "RC4: server disabled, client enabled" \ "$P_SRV" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1 \ - -s "SSL - None of the common ciphersuites is usable" + -s "SSL - The server has no ciphersuites in common" + +run_test "RC4: server half, client enabled" \ + "$P_SRV arc4=1" \ + "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 1 \ + -s "SSL - The server has no ciphersuites in common" run_test "RC4: server enabled, client disabled" \ "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ @@ -564,7 +570,7 @@ run_test "RC4: server enabled, client disabled" \ -s "SSL - The server has no ciphersuites in common" run_test "RC4: both enabled" \ - "$P_SRV arc4=1" \ + "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ -S "SSL - None of the common ciphersuites is usable" \ @@ -671,7 +677,7 @@ run_test "Encrypt then MAC: client enabled, aead cipher" \ run_test "Encrypt then MAC: client enabled, stream cipher" \ "$P_SRV debug_level=3 etm=1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ - "$P_CLI debug_level=3 etm=1 arc4=1" \ + "$P_CLI debug_level=3 etm=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ -c "client hello, adding encrypt_then_mac extension" \ -s "found encrypt then mac extension" \ @@ -890,7 +896,7 @@ run_test "CBC Record splitting: SSLv3, splitting" \ -s "122 bytes read" run_test "CBC Record splitting: TLS 1.0 RC4, no splitting" \ - "$P_SRV arc4=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ request_size=123 force_version=tls1" \ 0 \ @@ -2338,25 +2344,25 @@ run_test "PSK callback: wrong key" \ # Tests for ciphersuites per version run_test "Per-version suites: SSL3" \ - "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ + "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI force_version=ssl3" \ 0 \ -c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA" run_test "Per-version suites: TLS 1.0" \ - "$P_SRV arc4=1 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ + "$P_SRV arc4=1 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI force_version=tls1 arc4=1" \ 0 \ - -c "Ciphersuite is TLS-RSA-WITH-RC4-128-SHA" + -c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA" run_test "Per-version suites: TLS 1.1" \ - "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ + "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI force_version=tls1_1" \ 0 \ -c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA" run_test "Per-version suites: TLS 1.2" \ - "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ + "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI force_version=tls1_2" \ 0 \ -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256" @@ -2385,7 +2391,7 @@ run_test "Small packet SSLv3 BlockCipher" \ -s "Read from client: 1 bytes read" run_test "Small packet SSLv3 StreamCipher" \ - "$P_SRV min_version=ssl3 arc4=1" \ + "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ @@ -2414,7 +2420,7 @@ run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \ -s "Read from client: 1 bytes read" run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \ - "$P_SRV arc4=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ @@ -2436,7 +2442,7 @@ run_test "Small packet TLS 1.1 BlockCipher without EtM" \ -s "Read from client: 1 bytes read" run_test "Small packet TLS 1.1 StreamCipher" \ - "$P_SRV arc4=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ @@ -2451,7 +2457,7 @@ run_test "Small packet TLS 1.1 BlockCipher truncated MAC" \ -s "Read from client: 1 bytes read" run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \ - "$P_SRV arc4=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ @@ -2488,14 +2494,14 @@ run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \ -s "Read from client: 1 bytes read" run_test "Small packet TLS 1.2 StreamCipher" \ - "$P_SRV arc4=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ -s "Read from client: 1 bytes read" run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \ - "$P_SRV arc4=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ @@ -2526,7 +2532,7 @@ run_test "Large packet SSLv3 BlockCipher" \ -s "Read from client: 16384 bytes read" run_test "Large packet SSLv3 StreamCipher" \ - "$P_SRV min_version=ssl3 arc4=1" \ + "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ @@ -2548,7 +2554,7 @@ run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \ - "$P_SRV arc4=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ @@ -2563,7 +2569,7 @@ run_test "Large packet TLS 1.1 BlockCipher" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.1 StreamCipher" \ - "$P_SRV arc4=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ @@ -2578,7 +2584,7 @@ run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \ - "$P_SRV arc4=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ @@ -2608,14 +2614,14 @@ run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.2 StreamCipher" \ - "$P_SRV arc4=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \ - "$P_SRV arc4=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \