Use requires_max_content_len, add check in Renegotiation

- Abstract out repetitive checks for IN and OUT content lens
- Remove unclear comment and redundant echo
- Add content length constraints in Renegotiation with fragment length test

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
This commit is contained in:
Yuto Takano 2021-07-02 10:10:49 +01:00
parent ab9e433376
commit bec7cf762d

View file

@ -296,6 +296,12 @@ requires_openssl_with_fallback_scsv() {
fi fi
} }
# skip next test if either IN_CONTENT_LEN or MAX_CONTENT_LEN are below a value
requires_max_content_len() {
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" $1
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" $1
}
# skip next test if GnuTLS isn't available # skip next test if GnuTLS isn't available
requires_gnutls() { requires_gnutls() {
if [ -z "${GNUTLS_AVAILABLE:-}" ]; then if [ -z "${GNUTLS_AVAILABLE:-}" ]; then
@ -3152,10 +3158,6 @@ run_test "Session resume using cache, DTLS: openssl server" \
# Tests for Max Fragment Length extension # Tests for Max Fragment Length extension
if [ $MAX_CONTENT_LEN -ne 16384 ]; then
echo "Using non-default maximum content length $MAX_CONTENT_LEN instead of 16384 "
fi
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: enabled, default" \ run_test "Max fragment length: enabled, default" \
"$P_SRV debug_level=3" \ "$P_SRV debug_level=3" \
@ -3230,9 +3232,7 @@ run_test "Max fragment length, DTLS: disabled, larger message" \
-S "Maximum output fragment length is 16384" \ -S "Maximum output fragment length is 16384" \
-c "fragment larger than.*maximum " -c "fragment larger than.*maximum "
# Make sure it was compiled with lengths over 4096 requires_max_content_len 4096
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: used by client" \ run_test "Max fragment length: used by client" \
"$P_SRV debug_level=3" \ "$P_SRV debug_level=3" \
@ -3247,8 +3247,7 @@ run_test "Max fragment length: used by client" \
-s "server hello, max_fragment_length extension" \ -s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension" -c "found max_fragment_length extension"
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 1024 requires_max_content_len 1024
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 1024
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 512, server 1024" \ run_test "Max fragment length: client 512, server 1024" \
"$P_SRV debug_level=3 max_frag_len=1024" \ "$P_SRV debug_level=3 max_frag_len=1024" \
@ -3263,8 +3262,7 @@ run_test "Max fragment length: client 512, server 1024" \
-s "server hello, max_fragment_length extension" \ -s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension" -c "found max_fragment_length extension"
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048 requires_max_content_len 2048
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 512, server 2048" \ run_test "Max fragment length: client 512, server 2048" \
"$P_SRV debug_level=3 max_frag_len=2048" \ "$P_SRV debug_level=3 max_frag_len=2048" \
@ -3279,8 +3277,7 @@ run_test "Max fragment length: client 512, server 2048" \
-s "server hello, max_fragment_length extension" \ -s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension" -c "found max_fragment_length extension"
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096 requires_max_content_len 4096
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 512, server 4096" \ run_test "Max fragment length: client 512, server 4096" \
"$P_SRV debug_level=3 max_frag_len=4096" \ "$P_SRV debug_level=3 max_frag_len=4096" \
@ -3295,8 +3292,7 @@ run_test "Max fragment length: client 512, server 4096" \
-s "server hello, max_fragment_length extension" \ -s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension" -c "found max_fragment_length extension"
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 1024 requires_max_content_len 1024
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 1024
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 1024, server 512" \ run_test "Max fragment length: client 1024, server 512" \
"$P_SRV debug_level=3 max_frag_len=512" \ "$P_SRV debug_level=3 max_frag_len=512" \
@ -3311,8 +3307,7 @@ run_test "Max fragment length: client 1024, server 512" \
-s "server hello, max_fragment_length extension" \ -s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension" -c "found max_fragment_length extension"
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048 requires_max_content_len 2048
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 1024, server 2048" \ run_test "Max fragment length: client 1024, server 2048" \
"$P_SRV debug_level=3 max_frag_len=2048" \ "$P_SRV debug_level=3 max_frag_len=2048" \
@ -3327,8 +3322,7 @@ run_test "Max fragment length: client 1024, server 2048" \
-s "server hello, max_fragment_length extension" \ -s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension" -c "found max_fragment_length extension"
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096 requires_max_content_len 4096
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 1024, server 4096" \ run_test "Max fragment length: client 1024, server 4096" \
"$P_SRV debug_level=3 max_frag_len=4096" \ "$P_SRV debug_level=3 max_frag_len=4096" \
@ -3343,8 +3337,7 @@ run_test "Max fragment length: client 1024, server 4096" \
-s "server hello, max_fragment_length extension" \ -s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension" -c "found max_fragment_length extension"
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048 requires_max_content_len 2048
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 2048, server 512" \ run_test "Max fragment length: client 2048, server 512" \
"$P_SRV debug_level=3 max_frag_len=512" \ "$P_SRV debug_level=3 max_frag_len=512" \
@ -3359,8 +3352,7 @@ run_test "Max fragment length: client 2048, server 512" \
-s "server hello, max_fragment_length extension" \ -s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension" -c "found max_fragment_length extension"
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048 requires_max_content_len 2048
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 2048, server 1024" \ run_test "Max fragment length: client 2048, server 1024" \
"$P_SRV debug_level=3 max_frag_len=1024" \ "$P_SRV debug_level=3 max_frag_len=1024" \
@ -3375,8 +3367,7 @@ run_test "Max fragment length: client 2048, server 1024" \
-s "server hello, max_fragment_length extension" \ -s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension" -c "found max_fragment_length extension"
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096 requires_max_content_len 4096
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 2048, server 4096" \ run_test "Max fragment length: client 2048, server 4096" \
"$P_SRV debug_level=3 max_frag_len=4096" \ "$P_SRV debug_level=3 max_frag_len=4096" \
@ -3391,8 +3382,7 @@ run_test "Max fragment length: client 2048, server 4096" \
-s "server hello, max_fragment_length extension" \ -s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension" -c "found max_fragment_length extension"
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096 requires_max_content_len 4096
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 4096, server 512" \ run_test "Max fragment length: client 4096, server 512" \
"$P_SRV debug_level=3 max_frag_len=512" \ "$P_SRV debug_level=3 max_frag_len=512" \
@ -3407,8 +3397,7 @@ run_test "Max fragment length: client 4096, server 512" \
-s "server hello, max_fragment_length extension" \ -s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension" -c "found max_fragment_length extension"
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096 requires_max_content_len 4096
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 4096, server 1024" \ run_test "Max fragment length: client 4096, server 1024" \
"$P_SRV debug_level=3 max_frag_len=1024" \ "$P_SRV debug_level=3 max_frag_len=1024" \
@ -3423,8 +3412,7 @@ run_test "Max fragment length: client 4096, server 1024" \
-s "server hello, max_fragment_length extension" \ -s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension" -c "found max_fragment_length extension"
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096 requires_max_content_len 4096
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 4096, server 2048" \ run_test "Max fragment length: client 4096, server 2048" \
"$P_SRV debug_level=3 max_frag_len=2048" \ "$P_SRV debug_level=3 max_frag_len=2048" \
@ -3439,8 +3427,7 @@ run_test "Max fragment length: client 4096, server 2048" \
-s "server hello, max_fragment_length extension" \ -s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension" -c "found max_fragment_length extension"
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096 requires_max_content_len 4096
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: used by server" \ run_test "Max fragment length: used by server" \
"$P_SRV debug_level=3 max_frag_len=4096" \ "$P_SRV debug_level=3 max_frag_len=4096" \
@ -3455,8 +3442,7 @@ run_test "Max fragment length: used by server" \
-S "server hello, max_fragment_length extension" \ -S "server hello, max_fragment_length extension" \
-C "found max_fragment_length extension" -C "found max_fragment_length extension"
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096 requires_max_content_len 4096
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_gnutls requires_gnutls
run_test "Max fragment length: gnutls server" \ run_test "Max fragment length: gnutls server" \
@ -3468,8 +3454,7 @@ run_test "Max fragment length: gnutls server" \
-c "client hello, adding max_fragment_length extension" \ -c "client hello, adding max_fragment_length extension" \
-c "found max_fragment_length extension" -c "found max_fragment_length extension"
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048 requires_max_content_len 2048
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client, message just fits" \ run_test "Max fragment length: client, message just fits" \
"$P_SRV debug_level=3" \ "$P_SRV debug_level=3" \
@ -3486,8 +3471,7 @@ run_test "Max fragment length: client, message just fits" \
-c "2048 bytes written in 1 fragments" \ -c "2048 bytes written in 1 fragments" \
-s "2048 bytes read" -s "2048 bytes read"
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048 requires_max_content_len 2048
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client, larger message" \ run_test "Max fragment length: client, larger message" \
"$P_SRV debug_level=3" \ "$P_SRV debug_level=3" \
@ -3505,8 +3489,7 @@ run_test "Max fragment length: client, larger message" \
-s "2048 bytes read" \ -s "2048 bytes read" \
-s "297 bytes read" -s "297 bytes read"
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048 requires_max_content_len 2048
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: DTLS client, larger message" \ run_test "Max fragment length: DTLS client, larger message" \
"$P_SRV debug_level=3 dtls=1" \ "$P_SRV debug_level=3 dtls=1" \
@ -3618,6 +3601,7 @@ run_test "Renegotiation: double" \
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
run_test "Renegotiation with max fragment length: client 2048, server 512" \ run_test "Renegotiation with max fragment length: client 2048, server 512" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \