ssl-opt.sh: TLS 1.3: Run tests with middlebox compatibility enabled

Run tests with middlebox compatibility enabled but tests dedicated to middlebox compatibility disabled. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2026-04-04 14:08:39 +00:00 · 2021-12-09 10:39:19 +01:00 · 2021-12-09 10:39:19 +01:00 · fdb0e3f381
commit fdb0e3f381
parent 7e38cba993
4 changed files with 463 additions and 215 deletions
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@ -2725,8 +2725,22 @@ component_build_armcc () {

 component_test_tls13_experimental () {
    msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding"
-    scripts/config.pl set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
-    scripts/config.pl set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
+    scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+    scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+    scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
+    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+    make
+    msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding"
+    make test
+    msg "ssl-opt.sh (TLS 1.3 experimental)"
+    if_build_succeeded tests/ssl-opt.sh
+}
+
+component_test_tls13_experimental_no_compatibility_mode () {
+    msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding"
+    scripts/config.py set   MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+    scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+    scripts/config.py set   MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
    make
    msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding"
@ -2737,8 +2751,9 @@ component_test_tls13_experimental () {

 component_test_tls13_experimental_with_padding () {
    msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with padding"
-    scripts/config.pl set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
-    scripts/config.pl set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
+    scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+    scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+    scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
    make
    msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with padding"
@ -2750,6 +2765,7 @@ component_test_tls13_experimental_with_padding () {
 component_test_tls13_experimental_with_ecp_restartable () {
    msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with ecp_restartable"
    scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+    scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
    scripts/config.py set MBEDTLS_ECP_RESTARTABLE
    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
    make
@ -2762,6 +2778,7 @@ component_test_tls13_experimental_with_ecp_restartable () {
 component_test_tls13_experimental_with_everest () {
    msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with Everest"
    scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+    scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
    scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
    scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
--- a/tests/scripts/generate_tls13_compat_tests.py
+++ b/tests/scripts/generate_tls13_compat_tests.py
@ -138,7 +138,7 @@ class OpenSSLServ(TLSProgram):
                "-sigalgs {signature_algorithms}".format(
                    signature_algorithms=signature_algorithms),
                "-groups {named_groups}".format(named_groups=named_groups)]
-        ret += ['-msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache']
+        ret += ['-msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache']
        return ' '.join(ret)

    def pre_checks(self):
@ -221,7 +221,7 @@ class GnuTLSServ(TLSProgram):
        priority_string_list = ['NONE'] + sorted(priority_string_list) + ['VERS-TLS1.3']

        priority_string = ':+'.join(priority_string_list)
-        priority_string += ':%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE'
+        priority_string += ':%NO_TICKETS'
        ret += ['--priority={priority_string}'.format(
            priority_string=priority_string)]
        ret = ' '.join(ret)
@ -272,6 +272,7 @@ class MbedTLSCli(TLSProgram):
        ret = ['requires_config_enabled MBEDTLS_DEBUG_C',
               'requires_config_enabled MBEDTLS_SSL_CLI_C',
               'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL',
+               'requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE',
               'requires_config_disabled MBEDTLS_USE_PSA_CRYPTO']
        if 'rsa_pss_rsae_sha256' in self._sig_algs:
            ret.append(