diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-10-12 16:36:12 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-10-16 15:01:55 +0200 |
| commit | 44dff56fe3b64b362edc6bb8c046823745e50bd3 (patch) | |
| tree | 59f81e94fbdcef2f1bcfedfa88a34605c3fdae3a | |
| parent | 50d5f65d0ba312fb304108ee4fa6b37c41008bb4 (diff) | |
| download | gnutls-tmp-update-tlsfuzzer.tar.gz | |
tlsfuzzer: updated to latest upstream and enabled new teststmp-update-tlsfuzzer
Resolves: #591
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | tests/suite/tls-fuzzer/gnutls-nocert-tls13.json | 31 | ||||
| -rw-r--r-- | tests/suite/tls-fuzzer/gnutls-nocert.json | 43 | ||||
| -rwxr-xr-x | tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh | 2 | ||||
| m--------- | tests/suite/tls-fuzzer/tlsfuzzer | 0 | ||||
| m--------- | tests/suite/tls-fuzzer/tlslite-ng | 0 |
5 files changed, 72 insertions, 4 deletions
diff --git a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json index 7b01c25ae8..d0d142e7a2 100644 --- a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json +++ b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json @@ -14,10 +14,26 @@ "tests" : [ {"name" : "test-tls13-0rtt-garbage.py", "arguments": ["-p", "@PORT@"]}, + {"name" : "test-tls13-crfg-curves.py", + "comment": "We do not support x448", + "arguments": ["-p", "@PORT@", + "-e", "empty x448 key share", + "-e", "sanity x448 with compression ansiX962_compressed_char2", + "-e", "sanity x448 with compression ansiX962_compressed_prime", + "-e", "sanity x448 with compression uncompressed", + "-e", "too big x448 key share", + "-e", "too small x448 key share", + "-e", "x448 key share of \"1\"", + "-e", "all zero x448 key share"]}, {"name" : "test-tls13-conversation.py", "arguments": ["-p", "@PORT@"]}, {"name" : "test-tls13-count-tickets.py", "arguments": ["-p", "@PORT@", "-t", "1"]}, + {"name" : "test-tls13-dhe-shared-secret-padding.py", + "comment": "We do not support x448", + "arguments": ["-p", "@PORT@", + "-e", "TLS 1.3 with x448", + "-n", "5"]}, {"name" : "test-tls13-empty-alert.py", "arguments": ["-p", "@PORT@"]}, {"name" : "test-tls13-ffdhe-sanity.py", @@ -29,6 +45,10 @@ "-e", "padding - cipher TLS_AES_256_GCM_SHA384, pad_byte 0, pad_left 0, pad_right 16777167"]}, {"name" : "test-tls13-hrr.py", "arguments": ["-p", "@PORT@"]}, + {"name" : "test-tls13-invalid-ciphers.py", + "arguments": ["-p", "@PORT@"]}, + {"name" : "test-tls13-keyshare-omitted.py", + "arguments": ["-p", "@PORT@"]}, {"name" : "test-tls13-legacy-version.py", "arguments": ["-p", "@PORT@"]}, {"name" : "test-tls13-nociphers.py", @@ -43,8 +63,17 @@ "arguments": ["-p", "@PORT@", "-b"]}, {"name" : "test-tls13-session-resumption.py", "arguments": ["-p", "@PORT@"]}, + {"name" : "test-tls13-serverhello-random.py", + "arguments": ["-p", "@PORT@", + "-e", "TLS 1.3 with x448"]}, {"name" : "test-tls13-signature-algorithms.py", - "arguments": ["-p", "@PORT@"]}, + "comment" : "gnutls doesn't handle well duplicated signature algorithms; this is not an issue in practice", + "arguments": ["-p", "@PORT@", + "-e", "213 invalid schemes", + "-e", "2353 invalid schemes", + "-e", "8130 invalid schemes", + "-e", "23752 invalid schemes", + "-e", "32715 invalid schemes"]}, {"name" : "test-tls13-unrecognised-groups.py", "arguments": ["-p", "@PORT@"]}, {"name" : "test-tls13-version-negotiation.py", diff --git a/tests/suite/tls-fuzzer/gnutls-nocert.json b/tests/suite/tls-fuzzer/gnutls-nocert.json index 6ddb6ebbe0..6e2a2ea47c 100644 --- a/tests/suite/tls-fuzzer/gnutls-nocert.json +++ b/tests/suite/tls-fuzzer/gnutls-nocert.json @@ -96,6 +96,21 @@ "-e", "Check if DHE preferred"]}, {"name" : "test-cve-2016-2107.py", "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-dhe-key-share-random.py", + "comment": "This test assumes that record splitting is performed under SSLv3 and TLS1.0", + "arguments" : ["-p", "@PORT@", + "-e", "Protocol (3, 1)", + "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello", + "-e", "Protocol (3, 0)", + "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello"]}, + {"name" : "test-dhe-no-shared-secret-padding.py", + "comment": "This test assumes that record splitting is performed under SSLv3 and TLS1.0", + "arguments" : ["-p", "@PORT@", + "-e", "Protocol (3, 1)", + "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello", + "-e", "Protocol (3, 0)", + "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello", + "-n", "4"]}, {"name" : "test-dhe-rsa-key-exchange.py", "arguments" : ["-p", "@PORT@"] }, {"name" : "test-dhe-rsa-key-exchange-signatures.py", @@ -111,10 +126,24 @@ "arguments" : ["-p", "@PORT@"] }, {"name" : "test-early-application-data.py", "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-ecdhe-padded-shared-secret.py", + "comment": "This test assumes that record splitting is performed under SSLv3 and TLS1.0; we don't support x448", + "arguments" : ["-p", "@PORT@", + "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello", + "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello", + "-e", "Protocol (3, 2) with x448 group", + "-n", "4"]}, {"name" : "test-ecdhe-rsa-key-exchange.py", "arguments" : ["-p", "@PORT@"] }, {"name" : "test-ecdhe-rsa-key-exchange-with-bad-messages.py", "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-ecdhe-rsa-key-share-random.py", + "comment": "This test assumes that record splitting is performed under SSLv3 and TLS1.0; we don't support x448", + "arguments" : ["-p", "@PORT@", + "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello", + "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello", + "-e", "Protocol (3, 2) with x448 group", + "-n", "4"]}, {"name" : "test-empty-extensions.py", "arguments" : ["-p", "@PORT@"] }, {"name" : "test-export-ciphers-rejected.py", @@ -203,11 +232,23 @@ "-e", "medium, maximum fragmentation: 1 fragment - 1024B extension"]}, {"name" : "test-sessionID-resumption.py", "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-serverhello-random.py", + "comment": "This test assumes that record splitting is performed under SSLv3 and TLS1.0; we don't support x448", + "arguments" : ["-p", "@PORT@", + "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello", + "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello", + "-e", "Protocol (3, 2) with x448 group", + "-n", "4"]}, {"name" : "test-sig-algs.py", "arguments" : ["-p", "@PORT@"] }, {"name" : "test-signature-algorithms.py", - "comment" : "gnutls doesn't tolerate that much", + "comment" : "gnutls doesn't handle well duplicated sign algorithms; this is not an issue in practice", "arguments" : ["-p", "@PORT@", + "-e", "duplicated 202 non-rsa schemes", + "-e", "duplicated 2342 non-rsa schemes", + "-e", "duplicated 8119 non-rsa schemes", + "-e", "duplicated 23741 non-rsa schemes", + "-e", "duplicated 32748 non-rsa schemes", "-e", "tolerance max (32764) number of methods"] }, {"name" : "test-sslv2-connection.py", diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh b/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh index aab37db5e2..1b9b0f1765 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh @@ -24,8 +24,6 @@ tls_fuzzer_prepare() { PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1" sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-nocert-tls13.json >${TMPFILE} - -sed -i 's/(127, 28)/(3, 4)/g' ./tlslite/constants.py } . "${srcdir}/tls-fuzzer/tls-fuzzer-common.sh" diff --git a/tests/suite/tls-fuzzer/tlsfuzzer b/tests/suite/tls-fuzzer/tlsfuzzer -Subproject 01f44ce66c54193176dac7c9e87afd248c58c08 +Subproject 64f4a6e94c6cc1357fdb9fb36b8467456509df6 diff --git a/tests/suite/tls-fuzzer/tlslite-ng b/tests/suite/tls-fuzzer/tlslite-ng -Subproject bad2b98b2c382674f71aff617a9274e2a095951 +Subproject af466651a7795ac5a6cf54932d496ca8e79b49b |