yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-02 11:01:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'iotssl-165-dtls-hs-fragmentation-new' into datagram_packing

Browse source
This commit is contained in:
Hanno Becker 2018-08-24 11:55:03 +01:00
parent c92b5c8a0d 081bd81865
commit 6b6f602174
1 changed files with 22 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
tests/ssl-opt.sh
View file

@ -768,7 +768,7 @@ P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1
O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
O_CLI="$O_CLI -connect localhost:+SRV_PORT"
G_SRV="$G_SRV -p $SRV_PORT"
G_CLI="$G_CLI -p +SRV_PORT localhost"
G_CLI="$G_CLI -p +SRV_PORT"
if [ -n "${OPENSSL_LEGACY:-}" ]; then
O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
@ -780,7 +780,7 @@ if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
fi
if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT localhost"
G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT"
fi
# Allow SHA-1, because many of our test certificates use it
@ -2150,7 +2150,7 @@ run_test "Renego ext: gnutls server unsafe, client break legacy" \
requires_gnutls
run_test "Renego ext: gnutls client strict, server default" \
"$P_SRV debug_level=3" \
"$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION" \
"$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \
0 \
-s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
-s "server hello, secure renegotiation extension"
@ -2158,7 +2158,7 @@ run_test "Renego ext: gnutls client strict, server default" \
requires_gnutls
run_test "Renego ext: gnutls client unsafe, server default" \
"$P_SRV debug_level=3" \
"$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
"$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
0 \
-S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
-S "server hello, secure renegotiation extension"
@ -2166,7 +2166,7 @@ run_test "Renego ext: gnutls client unsafe, server default" \
requires_gnutls
run_test "Renego ext: gnutls client unsafe, server break legacy" \
"$P_SRV debug_level=3 allow_legacy=-1" \
"$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
"$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
1 \
-S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
-S "server hello, secure renegotiation extension"
@ -2177,7 +2177,7 @@ requires_gnutls
run_test "DER format: no trailing bytes" \
"$P_SRV crt_file=data_files/server5-der0.crt \
key_file=data_files/server5.key" \
"$G_CLI " \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@ -2185,7 +2185,7 @@ requires_gnutls
run_test "DER format: with a trailing zero byte" \
"$P_SRV crt_file=data_files/server5-der1a.crt \
key_file=data_files/server5.key" \
"$G_CLI " \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@ -2193,7 +2193,7 @@ requires_gnutls
run_test "DER format: with a trailing random byte" \
"$P_SRV crt_file=data_files/server5-der1b.crt \
key_file=data_files/server5.key" \
"$G_CLI " \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@ -2201,7 +2201,7 @@ requires_gnutls
run_test "DER format: with 2 trailing random bytes" \
"$P_SRV crt_file=data_files/server5-der2.crt \
key_file=data_files/server5.key" \
"$G_CLI " \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@ -2209,7 +2209,7 @@ requires_gnutls
run_test "DER format: with 4 trailing random bytes" \
"$P_SRV crt_file=data_files/server5-der4.crt \
key_file=data_files/server5.key" \
"$G_CLI " \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@ -2217,7 +2217,7 @@ requires_gnutls
run_test "DER format: with 8 trailing random bytes" \
"$P_SRV crt_file=data_files/server5-der8.crt \
key_file=data_files/server5.key" \
"$G_CLI " \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@ -2225,7 +2225,7 @@ requires_gnutls
run_test "DER format: with 9 trailing random bytes" \
"$P_SRV crt_file=data_files/server5-der9.crt \
key_file=data_files/server5.key" \
"$G_CLI " \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@ -3790,14 +3790,14 @@ run_test "Per-version suites: TLS 1.2" \
requires_gnutls
run_test "ClientHello without extensions, SHA-1 allowed" \
"$P_SRV debug_level=3" \
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION" \
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
0 \
-s "dumping 'client hello extensions' (0 bytes)"
requires_gnutls
run_test "ClientHello without extensions, SHA-1 forbidden in certificates on server" \
"$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt allow_sha1=0" \
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION" \
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
0 \
-s "dumping 'client hello extensions' (0 bytes)"
@ -5537,35 +5537,31 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.0" \
-c "fragmenting handshake message" \
-C "error"
# gnutls-cli always tries IPv6 first, and doesn't fall back to IPv4 with DTLS
requires_ipv6
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_gnutls
run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 server_addr=::1 \
"$P_SRV dtls=1 debug_level=2 \
crt_file=data_files/server7_int-ca.crt \
key_file=data_files/server7.key \
mtu=512 force_version=dtls1_2" \
"$G_CLI -u" \
"$G_CLI -u --insecure 127.0.0.1" \
0 \
-s "fragmenting handshake message"
# gnutls-cli always tries IPv6 first, and doesn't fall back to IPv4 with DTLS
requires_ipv6
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
requires_gnutls
run_test "DTLS fragmenting: gnutls client, DTLS 1.0" \
"$P_SRV dtls=1 debug_level=2 server_addr=::1 \
"$P_SRV dtls=1 debug_level=2 \
crt_file=data_files/server7_int-ca.crt \
key_file=data_files/server7.key \
mtu=512 force_version=dtls1" \
"$G_CLI -u" \
"$G_CLI -u --insecure 127.0.0.1" \
0 \
-s "fragmenting handshake message"
@ -5667,8 +5663,6 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
## We can re-enable them when a fixed version fo GnuTLS is available
## and installed in our CI system.
##
## # gnutls-cli always tries IPv6 first, and doesn't fall back to IPv4 with DTLS
## requires_ipv6
## requires_gnutls
## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
## requires_config_enabled MBEDTLS_RSA_C
@ -5677,16 +5671,14 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
## client_needs_more_time 4
## run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
## -p "$P_PXY drop=8 delay=8 duplicate=8" \
## "$P_SRV dtls=1 debug_level=2 server_addr=::1 \
## "$P_SRV dtls=1 debug_level=2 \
## crt_file=data_files/server7_int-ca.crt \
## key_file=data_files/server7.key \
## hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
## "$G_CLI -u" \
## "$G_CLI -u --insecure 127.0.0.1" \
## 0 \
## -s "fragmenting handshake message"
##
## # gnutls-cli always tries IPv6 first, and doesn't fall back to IPv4 with DTLS
## requires_ipv6
## requires_gnutls
## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
## requires_config_enabled MBEDTLS_RSA_C
@ -5695,11 +5687,11 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
## client_needs_more_time 4
## run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
## -p "$P_PXY drop=8 delay=8 duplicate=8" \
## "$P_SRV dtls=1 debug_level=2 server_addr=::1 \
## "$P_SRV dtls=1 debug_level=2 \
## crt_file=data_files/server7_int-ca.crt \
## key_file=data_files/server7.key \
## hs_timeout=250-60000 mtu=512 force_version=dtls1" \
## "$G_CLI -u" \
## "$G_CLI -u --insecure 127.0.0.1" \
## 0 \
## -s "fragmenting handshake message"