Remove tests that depend on TLS or X.509
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index ab95e22..a653001 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -14,8 +14,6 @@
# The tests include:
# * Unit tests - executed using tests/scripts/run-test-suite.pl
# * Self-tests - executed using the test suites above
-# * System tests - executed using tests/ssl-opt.sh
-# * Interoperability tests - executed using tests/compat.sh
#
# The tests focus on functionality and do not consider performance.
#
@@ -36,30 +34,11 @@
exit 1
fi
-: ${OPENSSL:="openssl"}
-: ${OPENSSL_LEGACY:="$OPENSSL"}
-: ${GNUTLS_CLI:="gnutls-cli"}
-: ${GNUTLS_SERV:="gnutls-serv"}
-: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
-: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
-
-# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh
-# we just export the variables they require
-export OPENSSL_CMD="$OPENSSL"
-export GNUTLS_CLI="$GNUTLS_CLI"
-export GNUTLS_SERV="$GNUTLS_SERV"
-
CONFIG_H='include/mbedtls/config.h'
CONFIG_BAK="$CONFIG_H.bak"
# Step 0 - print build environment info
-OPENSSL="$OPENSSL" \
- OPENSSL_LEGACY="$OPENSSL_LEGACY" \
- GNUTLS_CLI="$GNUTLS_CLI" \
- GNUTLS_SERV="$GNUTLS_SERV" \
- GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \
- GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" \
- scripts/output_env.sh
+scripts/output_env.sh
echo
# Step 1 - Make and instrumented build for code coverage
@@ -79,25 +58,6 @@
perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT
echo
-# Step 2b - System Tests
-sh ssl-opt.sh |tee sys-test-$TEST_OUTPUT
-echo
-
-# Step 2c - Compatibility tests
-sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' | \
- tee compat-test-$TEST_OUTPUT
-OPENSSL_CMD="$OPENSSL_LEGACY" \
- sh compat.sh -m 'ssl3' |tee -a compat-test-$TEST_OUTPUT
-OPENSSL_CMD="$OPENSSL_LEGACY" \
- GNUTLS_CLI="$GNUTLS_LEGACY_CLI" \
- GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \
- sh compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' | \
- tee -a compat-test-$TEST_OUTPUT
-OPENSSL_CMD="$OPENSSL_NEXT" \
- sh compat.sh -e '^$' -f 'ARIA\|CHACHA' | \
- tee -a compat-test-$TEST_OUTPUT
-echo
-
# Step 3 - Process the coverage report
cd ..
make lcov |tee tests/cov-$TEST_OUTPUT
@@ -133,49 +93,6 @@
TOTAL_AVAIL=$(($PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS))
TOTAL_EXED=$(($PASSED_TESTS + $FAILED_TESTS))
-# Step 4b - TLS Options tests
-echo "TLS Options tests - tests/ssl-opt.sh"
-
-PASSED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p')
-SKIPPED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p')
-TOTAL_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p')
-FAILED_TESTS=$(($TOTAL_TESTS - $PASSED_TESTS))
-
-echo "Passed : $PASSED_TESTS"
-echo "Failed : $FAILED_TESTS"
-echo "Skipped : $SKIPPED_TESTS"
-echo "Total exec'd tests : $TOTAL_TESTS"
-echo "Total avail tests : $(($TOTAL_TESTS + $SKIPPED_TESTS))"
-echo
-
-TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS))
-TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS))
-TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS))
-TOTAL_AVAIL=$(($TOTAL_AVAIL + $TOTAL_TESTS + $SKIPPED_TESTS))
-TOTAL_EXED=$(($TOTAL_EXED + $TOTAL_TESTS))
-
-
-# Step 4c - System Compatibility tests
-echo "System/Compatibility tests - tests/compat.sh"
-
-PASSED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }')
-SKIPPED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }')
-EXED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }')
-FAILED_TESTS=$(($EXED_TESTS - $PASSED_TESTS))
-
-echo "Passed : $PASSED_TESTS"
-echo "Failed : $FAILED_TESTS"
-echo "Skipped : $SKIPPED_TESTS"
-echo "Total exec'd tests : $EXED_TESTS"
-echo "Total avail tests : $(($EXED_TESTS + $SKIPPED_TESTS))"
-echo
-
-TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS))
-TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS))
-TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS))
-TOTAL_AVAIL=$(($TOTAL_AVAIL + $EXED_TESTS + $SKIPPED_TESTS))
-TOTAL_EXED=$(($TOTAL_EXED + $EXED_TESTS))
-
# Step 4d - Grand totals
echo "-------------------------------------------------------------------------"
@@ -209,8 +126,6 @@
rm unit-test-$TEST_OUTPUT
-rm sys-test-$TEST_OUTPUT
-rm compat-test-$TEST_OUTPUT
rm cov-$TEST_OUTPUT
cd ..
diff --git a/tests/scripts/key-exchanges.pl b/tests/scripts/key-exchanges.pl
deleted file mode 100755
index 3bf7ae3..0000000
--- a/tests/scripts/key-exchanges.pl
+++ /dev/null
@@ -1,62 +0,0 @@
-#!/usr/bin/env perl
-
-# key-exchanges.pl
-#
-# Copyright (c) 2015-2017, ARM Limited, All Rights Reserved
-#
-# Purpose
-#
-# To test the code dependencies on individual key exchanges in the SSL module.
-# is a verification step to ensure we don't ship SSL code that do not work
-# for some build options.
-#
-# The process is:
-# for each possible key exchange
-# build the library with all but that key exchange disabled
-#
-# Usage: tests/scripts/key-exchanges.pl
-#
-# This script should be executed from the root of the project directory.
-#
-# For best effect, run either with cmake disabled, or cmake enabled in a mode
-# that includes -Werror.
-
-use warnings;
-use strict;
-
--d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
-
-my $sed_cmd = 's/^#define \(MBEDTLS_KEY_EXCHANGE_.*_ENABLED\)/\1/p';
-my $config_h = 'include/mbedtls/config.h';
-my @kexes = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` );
-
-system( "cp $config_h $config_h.bak" ) and die;
-sub abort {
- system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
- # use an exit code between 1 and 124 for git bisect (die returns 255)
- warn $_[0];
- exit 1;
-}
-
-for my $kex (@kexes) {
- system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n";
- system( "make clean" ) and die;
-
- print "\n******************************************\n";
- print "* Testing with key exchange: $kex\n";
- print "******************************************\n";
-
- # full config with all key exchanges disabled except one
- system( "scripts/config.pl full" ) and abort "Failed config full\n";
- for my $k (@kexes) {
- next if $k eq $kex;
- system( "scripts/config.pl unset $k" )
- and abort "Failed to disable $k\n";
- }
-
- system( "make lib CFLAGS='-Os -Werror'" ) and abort "Failed to build lib: $kex\n";
-}
-
-system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n";
-system( "make clean" ) and die;
-exit 0;
diff --git a/tests/scripts/tcp_client.pl b/tests/scripts/tcp_client.pl
deleted file mode 100755
index 11cbf1b..0000000
--- a/tests/scripts/tcp_client.pl
+++ /dev/null
@@ -1,86 +0,0 @@
-#!/usr/bin/env perl
-
-# A simple TCP client that sends some data and expects a response.
-# Usage: tcp_client.pl HOSTNAME PORT DATA1 RESPONSE1
-# DATA: hex-encoded data to send to the server
-# RESPONSE: regexp that must match the server's response
-
-use warnings;
-use strict;
-use IO::Socket::INET;
-
-# Pack hex digits into a binary string, ignoring whitespace.
-sub parse_hex {
- my ($hex) = @_;
- $hex =~ s/\s+//g;
- return pack('H*', $hex);
-}
-
-## Open a TCP connection to the specified host and port.
-sub open_connection {
- my ($host, $port) = @_;
- my $socket = IO::Socket::INET->new(PeerAddr => $host,
- PeerPort => $port,
- Proto => 'tcp',
- Timeout => 1);
- die "Cannot connect to $host:$port: $!" unless $socket;
- return $socket;
-}
-
-## Close the TCP connection.
-sub close_connection {
- my ($connection) = @_;
- $connection->shutdown(2);
- # Ignore shutdown failures (at least for now)
- return 1;
-}
-
-## Write the given data, expressed as hexadecimal
-sub write_data {
- my ($connection, $hexdata) = @_;
- my $data = parse_hex($hexdata);
- my $total_sent = 0;
- while ($total_sent < length($data)) {
- my $sent = $connection->send($data, 0);
- if (!defined $sent) {
- die "Unable to send data: $!";
- }
- $total_sent += $sent;
- }
- return 1;
-}
-
-## Read a response and check it against an expected prefix
-sub read_response {
- my ($connection, $expected_hex) = @_;
- my $expected_data = parse_hex($expected_hex);
- my $start_offset = 0;
- while ($start_offset < length($expected_data)) {
- my $actual_data;
- my $ok = $connection->recv($actual_data, length($expected_data));
- if (!defined $ok) {
- die "Unable to receive data: $!";
- }
- if (($actual_data ^ substr($expected_data, $start_offset)) =~ /[^\000]/) {
- printf STDERR ("Received \\x%02x instead of \\x%02x at offset %d\n",
- ord(substr($actual_data, $-[0], 1)),
- ord(substr($expected_data, $start_offset + $-[0], 1)),
- $start_offset + $-[0]);
- return 0;
- }
- $start_offset += length($actual_data);
- }
- return 1;
-}
-
-if (@ARGV != 4) {
- print STDERR "Usage: $0 HOSTNAME PORT DATA1 RESPONSE1\n";
- exit(3);
-}
-my ($host, $port, $data1, $response1) = @ARGV;
-my $connection = open_connection($host, $port);
-write_data($connection, $data1);
-if (!read_response($connection, $response1)) {
- exit(1);
-}
-close_connection($connection);
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index d12c4c2..56f2036 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -9,7 +9,7 @@
# Purpose
#
# For each reference configuration file in the configs directory, build the
-# configuration, run the test suites and compat.sh
+# configuration and run the test suites.
#
# Usage: tests/scripts/test-ref-configs.pl [config-name [...]]
@@ -18,20 +18,14 @@
my %configs = (
'config-default.h' => {
- 'opt' => '-f Default',
- 'compat' => '-m tls1_2 -V NO',
},
'config-mini-tls1_1.h' => {
- 'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'',
},
'config-suite-b.h' => {
- 'compat' => "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS",
},
'config-ccm-psk-tls1_2.h' => {
- 'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
},
'config-thread.h' => {
- 'opt' => '-f ECJPAKE.*nolog',
},
);
@@ -75,30 +69,6 @@
system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf\n";
system( "make test" ) and abort "Failed test suite: $conf\n";
-
- my $compat = $data->{'compat'};
- if( $compat )
- {
- print "\nrunning compat.sh $compat\n";
- system( "tests/compat.sh $compat" )
- and abort "Failed compat.sh: $conf\n";
- }
- else
- {
- print "\nskipping compat.sh\n";
- }
-
- my $opt = $data->{'opt'};
- if( $opt )
- {
- print "\nrunning ssl-opt.sh $opt\n";
- system( "tests/ssl-opt.sh $opt" )
- and abort "Failed ssl-opt.sh: $conf\n";
- }
- else
- {
- print "\nskipping ssl-opt.sh\n";
- }
}
system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
diff --git a/tests/scripts/travis-log-failure.sh b/tests/scripts/travis-log-failure.sh
deleted file mode 100755
index 9866ca7..0000000
--- a/tests/scripts/travis-log-failure.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/sh
-
-# travis-log-failure.sh
-#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
-# Copyright (c) 2016, ARM Limited, All Rights Reserved
-#
-# Purpose
-#
-# List the server and client logs on failed ssl-opt.sh and compat.sh tests.
-# This script is used to make the logs show up in the Travis test results.
-#
-# Some of the logs can be very long: this means usually a couple of megabytes
-# but it can be much more. For example, the client log of test 273 in ssl-opt.sh
-# is more than 630 Megabytes long.
-
-if [ -d include/mbedtls ]; then :; else
- echo "$0: must be run from root" >&2
- exit 1
-fi
-
-FILES="o-srv-*.log o-cli-*.log c-srv-*.log c-cli-*.log o-pxy-*.log"
-MAX_LOG_SIZE=1048576
-
-for PATTERN in $FILES; do
- for LOG in $( ls tests/$PATTERN 2>/dev/null ); do
- echo
- echo "****** BEGIN file: $LOG ******"
- echo
- tail -c $MAX_LOG_SIZE $LOG
- echo "****** END file: $LOG ******"
- echo
- rm $LOG
- done
-done