From 7ae74b74cc8001cb83f61885893b05685966b933 Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Tue, 9 Jan 2024 21:51:05 +0000
Subject: [PATCH] Make sure record size limit is not configured without TLS 1.3
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
---
tests/scripts/all.sh | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 1ab7e5833..cf8d920c5 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1335,6 +1335,7 @@ component_test_no_ctr_drbg_classic () {
scripts/config.py unset MBEDTLS_CTR_DRBG_C
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@@ -1381,6 +1382,7 @@ component_test_no_hmac_drbg_classic () {
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@@ -1434,6 +1436,7 @@ component_test_psa_external_rng_no_drbg_classic () {
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
scripts/config.py unset MBEDTLS_ENTROPY_C
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
@@ -2436,6 +2439,7 @@ component_test_no_use_psa_crypto_full_cmake_asan() {
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
@@ -3360,6 +3364,7 @@ build_and_test_psa_want_key_pair_partial() {
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
# All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in
# crypto_config.h so we just disable the one we don't want.
@@ -3958,6 +3963,7 @@ component_build_psa_accel_alg_ecdh() {
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
scripts/config.py unset MBEDTLS_ECDH_C
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
@@ -3974,6 +3980,7 @@ component_build_psa_accel_alg_hmac() {
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
}
@@ -3984,9 +3991,11 @@ component_build_psa_accel_alg_hkdf() {
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
scripts/config.py unset MBEDTLS_HKDF_C
# Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it.
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
}
@@ -3997,6 +4006,7 @@ component_build_psa_accel_alg_md5() {
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
@@ -4016,6 +4026,7 @@ component_build_psa_accel_alg_ripemd160() {
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
@@ -4035,6 +4046,7 @@ component_build_psa_accel_alg_sha1() {
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
@@ -4054,6 +4066,7 @@ component_build_psa_accel_alg_sha224() {
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
@@ -4070,6 +4083,7 @@ component_build_psa_accel_alg_sha256() {
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
@@ -4086,6 +4100,7 @@ component_build_psa_accel_alg_sha384() {
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
@@ -4104,6 +4119,7 @@ component_build_psa_accel_alg_sha512() {
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
@@ -4123,6 +4139,7 @@ component_build_psa_accel_alg_rsa_pkcs1v15_crypt() {
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
@@ -4137,6 +4154,7 @@ component_build_psa_accel_alg_rsa_pkcs1v15_sign() {
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
@@ -4151,6 +4169,7 @@ component_build_psa_accel_alg_rsa_oaep() {
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_OAEP 1
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
@@ -4165,6 +4184,7 @@ component_build_psa_accel_alg_rsa_pss() {
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
@@ -4179,6 +4199,7 @@ component_build_psa_accel_key_type_rsa_key_pair() {
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
@@ -4194,6 +4215,7 @@ component_build_psa_accel_key_type_rsa_public_key() {
scripts/config.py full
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_RECORD_SIZE_LIMIT
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
# Need to define the correct symbol and include the test driver header path in order to build with the test driver