diff options
author | Daiki Ueno <dueno@redhat.com> | 2019-06-07 15:10:36 +0200 |
---|---|---|
committer | Daiki Ueno <dueno@redhat.com> | 2019-06-19 15:11:48 +0200 |
commit | 100d9bcf183f64a61894c728fd32492f46a53c8c (patch) | |
tree | a5fce28dbfd68e1548adf08109b69907741b5098 /tests/suite | |
parent | 5f8a670e134bb3642d717b1bffcdc49b03e5f744 (diff) | |
download | gnutls-100d9bcf183f64a61894c728fd32492f46a53c8c.tar.gz |
tlsfuzzer: use fixed HTTP response for record_size_limit tests
Previously those tests assumed varying sizes of connection information
gnutls-serv sends. This is too brittle and if the default algorithm
has changed the tests need to be updated.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'tests/suite')
-rw-r--r-- | tests/suite/tls-fuzzer/gnutls-nocert-tls13.json | 9 | ||||
-rw-r--r-- | tests/suite/tls-fuzzer/gnutls-nocert.json | 15 | ||||
-rw-r--r-- | tests/suite/tls-fuzzer/http.dat | 23 |
3 files changed, 27 insertions, 20 deletions
diff --git a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json index 806cc17b16..30bbf11e46 100644 --- a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json +++ b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json @@ -7,6 +7,7 @@ "--x509keyfile", "../../../certs/ecc256.pem", "--x509certfile", "../../../certs/cert-ecc256.pem", "--debug=3", + "--httpdata=../http.dat", "--priority=@PRIORITY@", "--disable-client-cert", "--port=@PORT@"], "server_hostname": "localhost", @@ -14,9 +15,8 @@ "tests" : [ {"name" : "test-record-size-limit.py", "comment" : "changed extension after HRR is not supported #617", - "arguments" : ["-p", "@PORT@", "--reply-AD-size", "685", + "arguments" : ["-p", "@PORT@", "--reply-AD-size", "1024", "-e", "change size in TLS 1.2 resumption", - "-e", "change size in TLS 1.3 session resumption", "-e", "check if server accepts maximum size in TLS 1.0", "-e", "check if server accepts maximum size in TLS 1.1", "-e", "check if server accepts maximum size in TLS 1.2", @@ -29,7 +29,6 @@ "-e", "check server sent size in TLS 1.1", "-e", "check server sent size in TLS 1.2", "-e", "drop extension in TLS 1.2 resumption", - "-e", "drop extension in TLS 1.3 session resumption", "-e", "modified extension in 2nd CH in HRR handshake", "-e", "renegotiation with changed limit", "-e", "renegotiation with dropped extension", @@ -38,10 +37,6 @@ "-e", "check server sent size in TLS 1.1 with max_fragment_length", "-e", "check server sent size in TLS 1.2 with max_fragment_length", "-e", "removed extension in 2nd CH in HRR handshake"] }, - {"name" : "test-record-size-limit.py", - "arguments" : ["-p", "@PORT@", "--reply-AD-size", "672", - "change size in TLS 1.3 session resumption", - "drop extension in TLS 1.3 session resumption"] }, {"name" : "test-tls13-0rtt-garbage.py", "arguments": ["-p", "@PORT@"]}, {"name" : "test-tls13-ccs.py", diff --git a/tests/suite/tls-fuzzer/gnutls-nocert.json b/tests/suite/tls-fuzzer/gnutls-nocert.json index e610108715..dc3ffd8e85 100644 --- a/tests/suite/tls-fuzzer/gnutls-nocert.json +++ b/tests/suite/tls-fuzzer/gnutls-nocert.json @@ -6,6 +6,7 @@ "--x509certfile", "../../../certs/cert-ecc256.pem", "--debug=3", "--noticket", + "--httpdata=../http.dat", "--priority=@PRIORITY@", "--disable-client-cert", "--port=@PORT@"], "server_hostname": "localhost", @@ -233,15 +234,13 @@ "-e", "medium, maximum fragmentation: 1 fragment - 1024B extension"]}, {"name" : "test-record-size-limit.py", "comment" : "TLS 1.3 tests are done separately; 1/n-1 splitting is not supported in TLS 1.0", - "arguments" : ["-p", "@PORT@", "--reply-AD-size", "821", + "arguments" : ["-p", "@PORT@", "--reply-AD-size", "1024", "-e", "check if server accepts maximum size in TLS 1.0", "-e", "check if server accepts maximum size in TLS 1.3", "-e", "check if server accepts minimal size in TLS 1.0", "-e", "check if server accepts minimal size in TLS 1.3", "-e", "check if server omits extension for unrecognized size 64 in TLS 1.3", "-e", "check if server omits extension for unrecognized size 511 in TLS 1.3", - "-e", "check interaction with sha256 prf", - "-e", "check interaction with sha384 prf", "-e", "check server sent size in TLS 1.0", "-e", "check server sent size in TLS 1.3", "-e", "HRR sanity", @@ -253,16 +252,6 @@ "-e", "check server sent size in TLS 1.0 with max_fragment_length", "-e", "check server sent size in TLS 1.3 with max_fragment_length", "-e", "removed extension in 2nd CH in HRR handshake"] }, - {"name" : "test-record-size-limit.py", - "comment" : "The reply includes PRF algorithm and affects the AD size", - "arguments" : ["-p", "@PORT@", "--reply-AD-size", "827", - "--minimal-size", "512", - "check interaction with sha256 prf"] }, - {"name" : "test-record-size-limit.py", - "comment" : "The reply includes PRF algorithm and affects the AD size", - "arguments" : ["-p", "@PORT@", "--reply-AD-size", "816", - "--minimal-size", "512", - "check interaction with sha384 prf"] }, {"name" : "test-sessionID-resumption.py", "arguments" : ["-p", "@PORT@"] }, {"name" : "test-serverhello-random.py", diff --git a/tests/suite/tls-fuzzer/http.dat b/tests/suite/tls-fuzzer/http.dat new file mode 100644 index 0000000000..12dda9467f --- /dev/null +++ b/tests/suite/tls-fuzzer/http.dat @@ -0,0 +1,23 @@ +7 bottles of beer on the wall, 7 bottles of beer. +Take one down and pass it around, 6 bottles of beer on the wall. + +6 bottles of beer on the wall, 6 bottles of beer. +Take one down and pass it around, 5 bottles of beer on the wall. + +5 bottles of beer on the wall, 5 bottles of beer. +Take one down and pass it around, 4 bottles of beer on the wall. + +4 bottles of beer on the wall, 4 bottles of beer. +Take one down and pass it around, 3 bottles of beer on the wall. + +3 bottles of beer on the wall, 3 bottles of beer. +Take one down and pass it around, 2 bottles of beer on the wall. + +2 bottles of beer on the wall, 2 bottles of beer. +Take one down and pass it around, 1 bottle of beer on the wall. + +1 bottle of beer on the wall, 1 bottle of beer. +Take one down and pass it around, no more bottles of beer on the wall. + +No more bottles of beer on the wall, no more bottles of beer. +Go to the store and buy some more, 99 bottles of beer on the wall. |