Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA
Remove MD2, MD4, RC4, Blowfish and XTEA
This commit is contained in:
Manuel Pégourié-Gonnard
GitHub
commit
a805d57261
102 changed files with 79 additions and 7003 deletions
|
|
@ -1060,7 +1060,7 @@ component_test_everest () {
|
|||
|
||||
msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
|
||||
# Exclude some symmetric ciphers that are redundant here to gain time.
|
||||
if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4'
|
||||
if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES'
|
||||
}
|
||||
|
||||
component_test_everest_curve25519_only () {
|
||||
|
|
@ -1148,8 +1148,8 @@ component_test_full_cmake_clang () {
|
|||
msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
|
||||
if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
|
||||
|
||||
msg "test: compat.sh RC4, DES, 3DES & NULL (full config)" # ~ 2 min
|
||||
if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR'
|
||||
msg "test: compat.sh DES, 3DES & NULL (full config)" # ~ 2 min
|
||||
if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES'
|
||||
|
||||
msg "test: compat.sh ARIA + ChachaPoly"
|
||||
if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
|
||||
|
|
@ -1379,8 +1379,8 @@ component_test_no_use_psa_crypto_full_cmake_asan() {
|
|||
msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
||||
if_build_succeeded tests/compat.sh
|
||||
|
||||
msg "test: compat.sh RC4, DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
||||
if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
|
||||
msg "test: compat.sh DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
||||
if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES'
|
||||
|
||||
msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
||||
if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
|
||||
|
|
@ -1427,8 +1427,6 @@ component_test_psa_crypto_config_basic() {
|
|||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CFB"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD2"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD4"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD5"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_OFB"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160"
|
||||
|
|
@ -1557,46 +1555,6 @@ component_build_psa_accel_alg_hkdf() {
|
|||
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
||||
}
|
||||
|
||||
# This should be renamed to test and updated once the accelerator MD2 code is in place and ready to test.
|
||||
component_build_psa_accel_alg_md2() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD2 without other hashes
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD2 - other hashes"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512
|
||||
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
||||
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD2 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
||||
}
|
||||
|
||||
# This should be renamed to test and updated once the accelerator MD4 code is in place and ready to test.
|
||||
component_build_psa_accel_alg_md4() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD4 without other hashes
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD4 - other hashes"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512
|
||||
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
||||
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD4 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
||||
}
|
||||
|
||||
# This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test.
|
||||
component_build_psa_accel_alg_md5() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD5 without other hashes
|
||||
|
|
@ -1605,8 +1563,6 @@ component_build_psa_accel_alg_md5() {
|
|||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
|
||||
|
|
@ -1625,8 +1581,6 @@ component_build_psa_accel_alg_ripemd160() {
|
|||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
|
||||
|
|
@ -1645,8 +1599,6 @@ component_build_psa_accel_alg_sha1() {
|
|||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
|
||||
|
|
@ -1665,8 +1617,6 @@ component_build_psa_accel_alg_sha224() {
|
|||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
|
||||
|
|
@ -1684,8 +1634,6 @@ component_build_psa_accel_alg_sha256() {
|
|||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
|
||||
|
|
@ -1704,8 +1652,6 @@ component_build_psa_accel_alg_sha384() {
|
|||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
|
||||
|
|
@ -1723,8 +1669,6 @@ component_build_psa_accel_alg_sha512() {
|
|||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
|
||||
|
|
@ -2014,7 +1958,6 @@ component_test_ssl_alloc_buffer_and_mfl () {
|
|||
component_test_when_no_ciphersuites_have_mac () {
|
||||
msg "build: when no ciphersuites have MAC"
|
||||
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
|
||||
scripts/config.py unset MBEDTLS_ARC4_C
|
||||
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
|
||||
scripts/config.py unset MBEDTLS_CMAC_C
|
||||
make
|
||||
|
|
@ -2161,8 +2104,6 @@ component_test_psa_crypto_drivers () {
|
|||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CFB"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD2"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD4"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD5"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_OFB"
|
||||
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160"
|
||||
|
|
@ -2279,7 +2220,7 @@ component_test_m32_everest () {
|
|||
|
||||
msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
|
||||
# Exclude some symmetric ciphers that are redundant here to gain time.
|
||||
if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4'
|
||||
if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES'
|
||||
}
|
||||
support_test_m32_everest () {
|
||||
support_test_m32_o0 "$@"
|
||||
|
|
|
|||
|
|
@ -118,10 +118,10 @@ echo '################ compat.sh ################'
|
|||
sh compat.sh -m 'tls1_2 dtls1_2'
|
||||
echo
|
||||
|
||||
echo '#### compat.sh: legacy (null, DES, RC4)'
|
||||
echo '#### compat.sh: legacy (null, DES)'
|
||||
OPENSSL_CMD="$OPENSSL_LEGACY" \
|
||||
GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \
|
||||
sh compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR'
|
||||
sh compat.sh -e '^$' -f 'NULL\|DES'
|
||||
echo
|
||||
|
||||
echo '#### compat.sh: next (ARIA, ChaCha)'
|
||||
|
|
|
|||
|
|
@ -54,8 +54,6 @@ my @ssl = split( /\s+/, `sed -n -e '$ssl_sed_cmd' $config_h` );
|
|||
# should be tested together. Certain options depend on eachother and
|
||||
# separating them would generate invalid configurations.
|
||||
my @hash_configs = (
|
||||
['unset MBEDTLS_MD2_C'],
|
||||
['unset MBEDTLS_MD4_C'],
|
||||
['unset MBEDTLS_MD5_C'],
|
||||
['unset MBEDTLS_SHA512_C', 'unset MBEDTLS_SHA384_C '],
|
||||
['unset MBEDTLS_SHA384_C'],
|
||||
|
|
|
|||
|
|
@ -61,9 +61,7 @@ CLASSIC_DEPENDENCIES = frozenset([
|
|||
# Only modules that provide cryptographic mechanisms are listed here.
|
||||
# Platform, data formatting, X.509 or TLS modules are omitted.
|
||||
'MBEDTLS_AES_C',
|
||||
'MBEDTLS_ARC4_C',
|
||||
'MBEDTLS_BIGNUM_C',
|
||||
#cipher#'MBEDTLS_BLOWFISH_C',
|
||||
'MBEDTLS_CAMELLIA_C',
|
||||
'MBEDTLS_ARIA_C',
|
||||
'MBEDTLS_CCM_C',
|
||||
|
|
@ -82,8 +80,6 @@ CLASSIC_DEPENDENCIES = frozenset([
|
|||
'MBEDTLS_HKDF_C',
|
||||
'MBEDTLS_HMAC_DRBG_C',
|
||||
'MBEDTLS_NIST_KW_C',
|
||||
'MBEDTLS_MD2_C',
|
||||
'MBEDTLS_MD4_C',
|
||||
'MBEDTLS_MD5_C',
|
||||
'MBEDTLS_PKCS5_C',
|
||||
'MBEDTLS_PKCS12_C',
|
||||
|
|
@ -93,7 +89,6 @@ CLASSIC_DEPENDENCIES = frozenset([
|
|||
'MBEDTLS_SHA1_C',
|
||||
'MBEDTLS_SHA256_C',
|
||||
'MBEDTLS_SHA512_C',
|
||||
'MBEDTLS_XTEA_C',
|
||||
])
|
||||
|
||||
def is_classic_dependency(dep):
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue