diff options
author | Daiki Ueno <ueno@gnu.org> | 2022-12-18 08:00:59 +0900 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2022-12-20 19:15:40 +0900 |
commit | 6e5e74eb138f679ddf518e884a84dd18d9d10a12 (patch) | |
tree | ece09ff645a8ddcd0e570f9b32adf84af7200ba8 | |
parent | a21e89edacfe4ec3c501b030fff59c11fd20dcf0 (diff) | |
download | gnutls-6e5e74eb138f679ddf518e884a84dd18d9d10a12.tar.gz |
tests: conditionalize SRP tests
Signed-off-by: Daiki Ueno <ueno@gnu.org>
-rw-r--r-- | fuzz/Makefile.am | 8 | ||||
-rw-r--r-- | tests/rehandshake-switch-srp-id.c | 15 | ||||
-rw-r--r-- | tests/server-kx-neg-common.c | 14 | ||||
-rw-r--r-- | tests/tls10-server-kx-neg.c | 2 | ||||
-rw-r--r-- | tests/tls11-server-kx-neg.c | 2 | ||||
-rw-r--r-- | tests/tls12-server-kx-neg.c | 2 | ||||
-rw-r--r-- | tests/tls13-server-kx-neg.c | 3 |
7 files changed, 37 insertions, 9 deletions
diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am index 34a8919994..a509d3cbc0 100644 --- a/fuzz/Makefile.am +++ b/fuzz/Makefile.am @@ -27,8 +27,6 @@ FUZZERS = \ gnutls_reverse_idna_parser_fuzzer$(EXEEXT) \ gnutls_server_fuzzer$(EXEEXT) \ gnutls_server_rawpk_fuzzer$(EXEEXT) \ - gnutls_srp_client_fuzzer$(EXEEXT) \ - gnutls_srp_server_fuzzer$(EXEEXT) \ gnutls_set_trust_file_fuzzer$(EXEEXT) \ gnutls_x509_crl_parser_fuzzer$(EXEEXT) \ gnutls_x509_crq_parser_fuzzer$(EXEEXT) \ @@ -37,6 +35,12 @@ FUZZERS = \ gnutls_handshake_client_fuzzer$(EXEEXT) \ gnutls_handshake_server_fuzzer$(EXEEXT) +if ENABLE_SRP +FUZZERS += \ + gnutls_srp_client_fuzzer$(EXEEXT) \ + gnutls_srp_server_fuzzer$(EXEEXT) +endif + check_PROGRAMS = $(FUZZERS) COMMON_SOURCES = main.c fuzzer.h diff --git a/tests/rehandshake-switch-srp-id.c b/tests/rehandshake-switch-srp-id.c index 0b5608505a..d3b23a7d51 100644 --- a/tests/rehandshake-switch-srp-id.c +++ b/tests/rehandshake-switch-srp-id.c @@ -24,23 +24,24 @@ #include <config.h> #endif -#include <stdio.h> #include <stdlib.h> -#include <string.h> -#include <errno.h> -#include <gnutls/gnutls.h> -#include "utils.h" -#include "eagain-common.h" #ifndef ENABLE_SRP -void doit(void) +int main(void) { exit(77); } #else +#include <stdio.h> +#include <string.h> +#include <errno.h> +#include <gnutls/gnutls.h> +#include "utils.h" +#include "eagain-common.h" + /* This test checks whether the server switching certificates is detected * by the client */ diff --git a/tests/server-kx-neg-common.c b/tests/server-kx-neg-common.c index 961d16074e..21476cdbb3 100644 --- a/tests/server-kx-neg-common.c +++ b/tests/server-kx-neg-common.c @@ -88,6 +88,7 @@ static void tls_log_func(int level, const char *str) fprintf(stderr, "%s|<%d>| %s", side, level, str); } +#ifdef ENABLE_SRP static int serv_srp_func(gnutls_session_t session, const char *username, gnutls_datum_t *salt, gnutls_datum_t *verifier, gnutls_datum_t *generator, @@ -120,6 +121,7 @@ serv_srp_func(gnutls_session_t session, const char *username, return 0; } +#endif static void try(test_case_st *test) { @@ -130,8 +132,10 @@ static void try(test_case_st *test) gnutls_psk_server_credentials_t s_psk_cred; gnutls_certificate_credentials_t s_cert_cred; gnutls_certificate_credentials_t c_cert_cred; +#ifdef ENABLE_SRP gnutls_srp_server_credentials_t s_srp_cred; gnutls_srp_client_credentials_t c_srp_cred; +#endif const gnutls_datum_t p3_2048 = { (void *)pkcs3_2048, strlen(pkcs3_2048) }; gnutls_dh_params_t dh_params = NULL; @@ -155,8 +159,10 @@ static void try(test_case_st *test) assert(gnutls_anon_allocate_server_credentials(&s_anon_cred) >= 0); assert(gnutls_psk_allocate_client_credentials(&c_psk_cred) >= 0); assert(gnutls_psk_allocate_server_credentials(&s_psk_cred) >= 0); +#ifdef ENABLE_SRP assert(gnutls_srp_allocate_client_credentials(&c_srp_cred) >= 0); assert(gnutls_srp_allocate_server_credentials(&s_srp_cred) >= 0); +#endif assert(gnutls_certificate_allocate_credentials(&s_cert_cred) >= 0); assert(gnutls_certificate_allocate_credentials(&c_cert_cred) >= 0); assert(gnutls_dh_params_init(&dh_params) >= 0); @@ -202,11 +208,13 @@ static void try(test_case_st *test) gnutls_psk_set_server_credentials_function(s_psk_cred, serv_psk_func); } +#ifdef ENABLE_SRP if (test->have_srp_cred) { gnutls_credentials_set(server, GNUTLS_CRD_SRP, s_srp_cred); gnutls_srp_set_server_credentials_function(s_srp_cred, serv_srp_func); } +#endif if (test->have_rsa_decrypt_cert) { assert(gnutls_certificate_set_x509_key_mem(s_cert_cred, &server_ca3_localhost_rsa_decrypt_cert, &server_ca3_key, GNUTLS_X509_FMT_PEM) >= 0); @@ -236,11 +244,15 @@ static void try(test_case_st *test) gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anon_cred); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, c_cert_cred); gnutls_credentials_set(client, GNUTLS_CRD_PSK, c_psk_cred); +#ifdef ENABLE_SRP gnutls_credentials_set(client, GNUTLS_CRD_SRP, c_srp_cred); +#endif assert(gnutls_psk_set_client_credentials(c_psk_cred, "psk", &pskkey, GNUTLS_PSK_KEY_HEX) >= 0); +#ifdef ENABLE_SRP assert(gnutls_srp_set_client_credentials(c_srp_cred, "test1", "test") >= 0); +#endif gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -267,8 +279,10 @@ static void try(test_case_st *test) gnutls_anon_free_server_credentials(s_anon_cred); gnutls_psk_free_client_credentials(c_psk_cred); gnutls_psk_free_server_credentials(s_psk_cred); +#ifdef ENABLE_SRP gnutls_srp_free_client_credentials(c_srp_cred); gnutls_srp_free_server_credentials(s_srp_cred); +#endif gnutls_certificate_free_credentials(s_cert_cred); gnutls_certificate_free_credentials(c_cert_cred); if (dh_params) diff --git a/tests/tls10-server-kx-neg.c b/tests/tls10-server-kx-neg.c index 8034b80617..e6d1c3e217 100644 --- a/tests/tls10-server-kx-neg.c +++ b/tests/tls10-server-kx-neg.c @@ -350,6 +350,7 @@ test_case_st tests[] = { .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.0", .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.0" }, +#ifdef ENABLE_SRP { .name = "TLS 1.0 SRP-RSA without cert cred", .client_ret = GNUTLS_E_AGAIN, @@ -417,6 +418,7 @@ test_case_st tests[] = { .server_prio = "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.0", .client_prio = "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.0" } +#endif }; void doit(void) diff --git a/tests/tls11-server-kx-neg.c b/tests/tls11-server-kx-neg.c index b3b635dd4e..67bfda91d5 100644 --- a/tests/tls11-server-kx-neg.c +++ b/tests/tls11-server-kx-neg.c @@ -350,6 +350,7 @@ test_case_st tests[] = { .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.1", .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.1" }, +#ifdef ENABLE_SRP { .name = "TLS 1.1 SRP-RSA without cert cred", .client_ret = GNUTLS_E_AGAIN, @@ -417,6 +418,7 @@ test_case_st tests[] = { .server_prio = "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.1", .client_prio = "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.1" } +#endif }; void doit(void) diff --git a/tests/tls12-server-kx-neg.c b/tests/tls12-server-kx-neg.c index e3a2de363a..00e28bb2bd 100644 --- a/tests/tls12-server-kx-neg.c +++ b/tests/tls12-server-kx-neg.c @@ -395,6 +395,7 @@ test_case_st tests[] = { .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.2", .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.2" }, +#ifdef ENABLE_SRP { .name = "TLS 1.2 SRP-RSA without cert cred", .client_ret = GNUTLS_E_AGAIN, @@ -462,6 +463,7 @@ test_case_st tests[] = { .server_prio = "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.2", .client_prio = "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.2" }, +#endif #ifdef ENABLE_GOST { diff --git a/tests/tls13-server-kx-neg.c b/tests/tls13-server-kx-neg.c index a4cca3faaf..4b68999a61 100644 --- a/tests/tls13-server-kx-neg.c +++ b/tests/tls13-server-kx-neg.c @@ -150,6 +150,7 @@ test_case_st tests[] = { .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:"PVERSION, .exp_version = GNUTLS_TLS1_2, }, +#ifdef ENABLE_SRP { .name = "TLS 1.3 SRP-RSA without cert cred", .client_ret = GNUTLS_E_AGAIN, @@ -224,6 +225,8 @@ test_case_st tests[] = { .client_prio = "NORMAL:-KX-ALL:+SRP:"PVERSION, .exp_version = GNUTLS_TLS1_2, }, +#endif + #ifdef ENABLE_GOST { .name = "TLS 1.3 server, TLS 1.2 client VKO-GOST-12 with cred and GOST-256 cert", |