yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-05-31 06:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Skip some DTLS reordering tests in PSK-only builds

Browse source 
Some DTLS reordering tests rely on certificate authentication messages. It
is probably possible to adapt them to rely on different messages, but for
now, skip them in PSK-only builds.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2022-03-14 18:21:24 +01:00
parent 64c683fd18
commit 22cc649769
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
tests/ssl-opt.sh
View file

@ -298,6 +298,12 @@ maybe_requires_ciphersuite_enabled() {
unset ciphersuite
}
requires_certificate_authentication () {
if [ "$PSK_ONLY" = "YES" ]; then
SKIP_NEXT="YES"
fi
}
adapt_cmd_for_psk () {
case "$2" in
*openssl*) s='-psk abc123 -nocert';;
@ -9887,6 +9893,7 @@ run_test "DTLS proxy: delay ChangeCipherSpec" \
# Tests for reordering support with DTLS
requires_certificate_authentication
run_test "DTLS reordering: Buffer out-of-order handshake message on client" \
-p "$P_PXY delay_srv=ServerHello" \
"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@ -9903,6 +9910,7 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on client" \
-S "Injecting buffered CCS message" \
-S "Remember CCS message"
requires_certificate_authentication
run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \
-p "$P_PXY delay_srv=ServerHello" \
"$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@ -9925,6 +9933,7 @@ run_test "DTLS reordering: Buffer out-of-order handshake message fragment on
# Certificate message; at the time of writing, together these are aroudn 1200b
# in size, so that the bound below ensures that the certificate can be reassembled
# while keeping the ServerKeyExchange.
requires_certificate_authentication
requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300
run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \
-p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
@ -9946,6 +9955,7 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex
# The size constraints ensure that the delayed certificate message can't
# be reassembled while keeping the ServerKeyExchange message, but it can
# when dropping it first.
requires_certificate_authentication
requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900
requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299
run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \
@ -9965,6 +9975,7 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex
-S "Injecting buffered CCS message" \
-S "Remember CCS message"
requires_certificate_authentication
run_test "DTLS reordering: Buffer out-of-order handshake message on server" \
-p "$P_PXY delay_cli=Certificate" \
"$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \
@ -9981,6 +9992,7 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on server" \
-S "Injecting buffered CCS message" \
-S "Remember CCS message"
requires_certificate_authentication
run_test "DTLS reordering: Buffer out-of-order CCS message on client"\
-p "$P_PXY delay_srv=NewSessionTicket" \
"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@ -9997,6 +10009,7 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on client"\
-S "Injecting buffered CCS message" \
-S "Remember CCS message"
requires_certificate_authentication
run_test "DTLS reordering: Buffer out-of-order CCS message on server"\
-p "$P_PXY delay_cli=ClientKeyExchange" \
"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \