diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-09-12 15:21:55 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-09-13 08:30:29 +0200 |
| commit | 5fac5af99b418171c285ae49d3cd8381a852dfd7 (patch) | |
| tree | 38b059fb6c3a607141a12b62311d44f125fc7aa0 /tests/suite | |
| parent | ee19d733c05ea4bdff9e11aacdca227682fa6abe (diff) | |
| download | gnutls-5fac5af99b418171c285ae49d3cd8381a852dfd7.tar.gz | |
tlsfuzzer: enable atypical padding check
The atypical padding check is complementary to the existing
GnuTLS 2.12.x interop test.
This commit also upgrades to the latest version, and adds new TLS1.3
tests as well.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests/suite')
| -rw-r--r-- | tests/suite/tls-fuzzer/gnutls-nocert-tls13.json | 7 | ||||
| -rw-r--r-- | tests/suite/tls-fuzzer/gnutls-nocert.json | 39 | ||||
| -rwxr-xr-x | tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh | 4 | ||||
| m--------- | tests/suite/tls-fuzzer/tlsfuzzer | 0 |
4 files changed, 32 insertions, 18 deletions
diff --git a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json index 073c143833..31f63e5398 100644 --- a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json +++ b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json @@ -81,6 +81,11 @@ "arguments": ["-p", "@PORT@"]}, {"name" : "test-tls13-nociphers.py", "arguments": ["-p", "@PORT@"]}, + {"name" : "test-tls13-non-support.py", + "arguments": ["-p", "@PORT@"], + "exp_pass" : false}, + {"name" : "test-tls13-obsolete-curves.py", + "arguments": ["-p", "@PORT@"]}, {"name" : "test-tls13-pkcs-signature.py", "arguments": ["-p", "@PORT@"]}, {"name" : "test-tls13-record-padding.py", @@ -102,6 +107,8 @@ "-e", "8130 invalid schemes", "-e", "23752 invalid schemes", "-e", "32715 invalid schemes"]}, + {"name" : "test-tls13-symetric-ciphers.py", + "arguments": ["-p", "@PORT@"]}, {"name" : "test-tls13-unrecognised-groups.py", "arguments": ["-p", "@PORT@"]}, {"name" : "test-tls13-version-negotiation.py", diff --git a/tests/suite/tls-fuzzer/gnutls-nocert.json b/tests/suite/tls-fuzzer/gnutls-nocert.json index b56ea40163..bc3c7a88b2 100644 --- a/tests/suite/tls-fuzzer/gnutls-nocert.json +++ b/tests/suite/tls-fuzzer/gnutls-nocert.json @@ -32,6 +32,8 @@ "fragmented, padding ext 16213 bytes"]}, {"name" : "test-ecdsa-sig-flexibility.py", "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-encrypt-then-mac.py", + "arguments" : ["-p", "@PORT@"] }, {"name" : "test-ocsp-stapling.py", "arguments" : ["-p", "@PORT@", "--no-status"] }, @@ -99,20 +101,16 @@ {"name" : "test-cve-2016-2107.py", "arguments" : ["-p", "@PORT@"] }, {"name" : "test-dhe-key-share-random.py", - "comment": "This test assumes that record splitting is performed under SSLv3 and TLS1.0", "arguments" : ["-p", "@PORT@", - "-e", "Protocol (3, 1)", - "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello", "-e", "Protocol (3, 0)", - "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello"]}, + "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello", + "-z"]}, {"name" : "test-dhe-no-shared-secret-padding.py", - "comment": "This test assumes that record splitting is performed under SSLv3 and TLS1.0", "arguments" : ["-p", "@PORT@", - "-e", "Protocol (3, 1)", - "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello", "-e", "Protocol (3, 0)", "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello", - "-n", "4"]}, + "-n", "6", + "-z"]}, {"name" : "test-dhe-rsa-key-exchange.py", "arguments" : ["-p", "@PORT@"] }, {"name" : "test-dhe-rsa-key-exchange-signatures.py", @@ -129,23 +127,29 @@ {"name" : "test-early-application-data.py", "arguments" : ["-p", "@PORT@"] }, {"name" : "test-ecdhe-padded-shared-secret.py", - "comment": "This test assumes that record splitting is performed under SSLv3 and TLS1.0; we don't support x448", "arguments" : ["-p", "@PORT@", "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello", "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello", + "-e", "Protocol (3, 1) with x448 group", "-e", "Protocol (3, 2) with x448 group", - "-n", "4"]}, + "-e", "Protocol (3, 3) with x448 group", + "-e", "Protocol (3, 0)", + "-z", + "-n", "6"]}, {"name" : "test-ecdhe-rsa-key-exchange.py", "arguments" : ["-p", "@PORT@"] }, {"name" : "test-ecdhe-rsa-key-exchange-with-bad-messages.py", "arguments" : ["-p", "@PORT@"] }, {"name" : "test-ecdhe-rsa-key-share-random.py", - "comment": "This test assumes that record splitting is performed under SSLv3 and TLS1.0; we don't support x448", "arguments" : ["-p", "@PORT@", "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello", "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello", + "-e", "Protocol (3, 1) with x448 group", "-e", "Protocol (3, 2) with x448 group", - "-n", "4"]}, + "-e", "Protocol (3, 3) with x448 group", + "-e", "Protocol (3, 0)", + "-z", + "-n", "6"]}, {"name" : "test-empty-extensions.py", "arguments" : ["-p", "@PORT@"] }, {"name" : "test-export-ciphers-rejected.py", @@ -201,7 +205,8 @@ {"name" : "test-invalid-client-hello.py", "arguments" : ["-p", "@PORT@"] }, {"name" : "test-invalid-client-hello-w-record-overflow.py", - "arguments" : ["-p", "@PORT@"] }, + "arguments" : ["-p", "@PORT@", + "-n", "10"] }, {"name" : "test-invalid-compression-methods.py", "arguments" : ["-p", "@PORT@"] }, {"name" : "test-invalid-content-type.py", @@ -256,12 +261,14 @@ {"name" : "test-sessionID-resumption.py", "arguments" : ["-p", "@PORT@"] }, {"name" : "test-serverhello-random.py", - "comment": "This test assumes that record splitting is performed under SSLv3 and TLS1.0; we don't support x448", "arguments" : ["-p", "@PORT@", "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello", - "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello", + "-e", "Protocol (3, 1) with x448 group", "-e", "Protocol (3, 2) with x448 group", - "-n", "4"]}, + "-e", "Protocol (3, 3) with x448 group", + "-e", "Protocol (3, 0)", + "-z", + "-n", "6"]}, {"name" : "test-sig-algs.py", "arguments" : ["-p", "@PORT@", "-e", "rsa_pss_pss_sha256 only", diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh b/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh index 77a1d050cd..6e6b809c57 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh @@ -22,10 +22,10 @@ srcdir="${srcdir:-.}" tls_fuzzer_prepare() { VERSIONS="-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0" -PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:${VERSIONS}:+SHA256" +PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:${VERSIONS}:+SHA256:+SHA384" ${CLI} --list --priority "${PRIORITY}" >/dev/null 2>&1 if test $? != 0;then - PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:${VERSIONS}:+SHA256" + PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:${VERSIONS}:+SHA256:+SHA384" fi sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-nocert.json >${TMPFILE} diff --git a/tests/suite/tls-fuzzer/tlsfuzzer b/tests/suite/tls-fuzzer/tlsfuzzer -Subproject 79936b86187ca48ced7c40b9b1a3872386c3f56 +Subproject 3d57169c83e960597d7f90f4b837858d9530d7f |