Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spurious dependency on RSA in ssl-opt.sh #8366

Closed
gilles-peskine-arm opened this issue Oct 16, 2023 · 1 comment · Fixed by #9067
Closed

Spurious dependency on RSA in ssl-opt.sh #8366

gilles-peskine-arm opened this issue Oct 16, 2023 · 1 comment · Fixed by #9067
Labels
bug component-tls

Comments

@gilles-peskine-arm
Copy link
Contributor

In ssl-opt.sh, we try to automatically infer dependencies of test cases involving certificates, including this code snippet:

    case "$CMD_LINE" in
        *server2*|\
        *server7*)
            # server2 and server7 certificates use RSA encryption
            requires_config_enabled "MBEDTLS_RSA_C"
    esac

But server2 matches ssl_server2! So we're skipping a lot of test cases in builds without RSA.

We should change the patterns to something like */server2[-._]* and so on.
@gilles-peskine-arm gilles-peskine-arm mentioned this issue Oct 16, 2023
Open
3 tasks
@gilles-peskine-arm gilles-peskine-arm mentioned this issue Apr 26, 2024
Open
gilles-peskine-arm added a commit to gilles-peskine-arm/mbedtls that referenced this issue Apr 26, 2024
@gilles-peskine-arm
Fix skipped tests in configurations without RSA
e855317 
Tighten the matching when detecting which certificates are in use to
determine algorithm requirements. This fixes a bug whereby all tests were
skipped in configurations without RSA except for an Mbed TLS client against
a GnuTLS or OpenSSL server, due to *server2* matching ssl_server2.
Fixes Mbed-TLS#8366.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm gilles-peskine-arm mentioned this issue Apr 26, 2024
Merged
4 tasks
@mpg
Copy link
Contributor

mpg commented Apr 29, 2024

But server2 matches ssl_server2! So we're skipping a lot of test cases in builds without RSA.

Ouch. Sorry for missing that in review, and thanks for noticing.

gilles-peskine-arm added a commit to gilles-peskine-arm/mbedtls that referenced this issue May 14, 2024
@gilles-peskine-arm
Fix skipped tests in configurations without RSA
1bc28fe 
Tighten the matching when detecting which certificates are in use to
determine algorithm requirements. This fixes a bug whereby all tests were
skipped in configurations without RSA except for an Mbed TLS client against
a GnuTLS or OpenSSL server, due to *server2* matching ssl_server2.
Fixes Mbed-TLS#8366.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug component-tls
Projects
Risks
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix skipped tests in configurations without RSA gilles-peskine-arm/mbedtls
2 participants
@mpg @gilles-peskine-arm