summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2018-09-29 03:41:39 +0000
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2018-09-29 03:41:39 +0000
commit487837aa5e89ceb56685ba975f5020505aaa34d5 (patch)
treeb7a07244a89de7513097eaebf1afa9c3a4bcfa1c /tests
parent175816376de22629f41e08c30644f09af18438aa (diff)
parentc6b5e2917bcf32c3568682dc5d9d1bc338a7d900 (diff)
downloadgnutls-487837aa5e89ceb56685ba975f5020505aaa34d5.tar.gz
Merge branch 'tlsfuzzer-ssl3' into 'master'
tlsfuzzer: add missing script See merge request gnutls/gnutls!759
Diffstat (limited to 'tests')
-rw-r--r--tests/suite/Makefile.am2
-rw-r--r--tests/suite/tls-fuzzer/gnutls-cert.json23
-rw-r--r--tests/suite/tls-fuzzer/gnutls-nocert.json222
-rwxr-xr-xtests/suite/tls-fuzzer/tls-fuzzer-alpn.sh40
-rwxr-xr-xtests/suite/tls-fuzzer/tls-fuzzer-cert.sh45
-rwxr-xr-xtests/suite/tls-fuzzer/tls-fuzzer-common.sh55
-rwxr-xr-xtests/suite/tls-fuzzer/tls-fuzzer-nocert-ssl3.sh29
-rwxr-xr-xtests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh40
-rwxr-xr-xtests/suite/tls-fuzzer/tls-fuzzer-nocert.sh45
-rwxr-xr-xtests/suite/tls-fuzzer/tls-fuzzer-psk.sh41
10 files changed, 272 insertions, 270 deletions
diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am
index 9778538000..f43fe90eee 100644
--- a/tests/suite/Makefile.am
+++ b/tests/suite/Makefile.am
@@ -86,7 +86,7 @@ nodist_libecore_la_SOURCES = ecore/src/lib/ecore_anim.c \
EXTRA_DIST += testcompat-main-polarssl testcompat-main-openssl \
- testcompat-common params.dh
+ testcompat-common params.dh tls-fuzzer/tls-fuzzer-common.sh
scripts_to_test = chain.sh \
testrng.sh testcompat-polarssl.sh testcompat-openssl.sh \
diff --git a/tests/suite/tls-fuzzer/gnutls-cert.json b/tests/suite/tls-fuzzer/gnutls-cert.json
index 781ac2db54..fe2b39f2c2 100644
--- a/tests/suite/tls-fuzzer/gnutls-cert.json
+++ b/tests/suite/tls-fuzzer/gnutls-cert.json
@@ -6,41 +6,50 @@
"--priority=@PRIORITY@",
"--port=@PORT@"],
"environment": {"PYTHONPATH" : "."},
+ "server_hostname": "localhost",
+ "server_port": @PORT@,
"tests" : [
{"name": "test-rsa-sigs-on-certificate-verify.py",
"arguments" : ["-k", "tests/clientX509Key.pem",
- "-c", "tests/clientX509Cert.pem"]
+ "-c", "tests/clientX509Cert.pem",
+ "-p", "@PORT@"]
},
{"name" : "test-certificate-verify.py",
"arguments" : ["-k", "tests/clientX509Key.pem",
- "-c", "tests/clientX509Cert.pem"]
+ "-c", "tests/clientX509Cert.pem",
+ "-p", "@PORT@"]
},
{"name" : "test-certificate-verify-malformed.py",
"arguments" : ["-k", "tests/clientX509Key.pem",
- "-c", "tests/clientX509Cert.pem"]
+ "-c", "tests/clientX509Cert.pem",
+ "-p", "@PORT@"]
},
{"name" : "test-certificate-verify-malformed-sig.py",
"arguments" : ["-k", "tests/clientX509Key.pem",
- "-c", "tests/clientX509Cert.pem"]
+ "-c", "tests/clientX509Cert.pem",
+ "-p", "@PORT@"]
},
{"name" : "test-certificate-request.py",
"comment" : "tlsfuzzer doesn't like our set of algorithms",
"arguments" : ["-k", "tests/clientX509Key.pem",
"-c", "tests/clientX509Cert.pem",
- "-e", "check sigalgs in cert request"]
+ "-e", "check sigalgs in cert request",
+ "-p", "@PORT@"]
},
{"name" : "test-rsa-pss-sigs-on-certificate-verify.py",
"arguments" : ["-k", "tests/clientX509Key.pem",
"-c", "tests/clientX509Cert.pem",
"-e", "check CertificateRequest sigalgs",
- "-n", "100"]
+ "-n", "100",
+ "-p", "@PORT@"]
},
{"name": "test-certificate-malformed.py",
"comment" : "tlsfuzzer doesn't like the alerts we send",
"arguments" : ["-k", "tests/clientX509Key.pem",
"-c", "tests/clientX509Cert.pem",
"-e", "fuzz empty certificate - overall 7, certs 4, cert 1",
- "-e", "fuzz empty certificate - overall 8, certs 5, cert 2"]
+ "-e", "fuzz empty certificate - overall 8, certs 5, cert 2",
+ "-p", "@PORT@"]
}
]
}
diff --git a/tests/suite/tls-fuzzer/gnutls-nocert.json b/tests/suite/tls-fuzzer/gnutls-nocert.json
index 2dc7673ad0..6ddb6ebbe0 100644
--- a/tests/suite/tls-fuzzer/gnutls-nocert.json
+++ b/tests/suite/tls-fuzzer/gnutls-nocert.json
@@ -8,10 +8,14 @@
"--noticket",
"--priority=@PRIORITY@",
"--disable-client-cert", "--port=@PORT@"],
+ "server_hostname": "localhost",
+ "server_port": @PORT@,
"tests" : [
- {"name" : "test-fuzzed-plaintext.py"},
+ {"name" : "test-fuzzed-plaintext.py",
+ "arguments" : ["-p", "@PORT@"] },
{"name" : "test-large-hello.py",
"arguments" : [
+ "-p", "@PORT@",
"two ext, #80 61384 bytes",
"two ext, #80 12276 bytes",
"ciphers even 8199",
@@ -25,15 +29,19 @@
"fragmented, padding ext 0 bytes",
"fragmented, padding ext 65354 bytes",
"fragmented, padding ext 16213 bytes"]},
- {"name" : "test-ecdsa-sig-flexibility.py"},
+ {"name" : "test-ecdsa-sig-flexibility.py",
+ "arguments" : ["-p", "@PORT@"] },
{"name" : "test-ocsp-stapling.py",
- "arguments" : ["--no-status"] },
+ "arguments" : ["-p", "@PORT@",
+ "--no-status"] },
{"name" : "test-encrypt-then-mac-renegotiation.py",
"comment" : "we are not strict in EtM required behavior in renegotiation",
- "arguments" : ["-e", "Encrypt-then-MAC renegotiation crash"]},
+ "arguments" : ["-p", "@PORT@",
+ "-e", "Encrypt-then-MAC renegotiation crash"]},
{"name" : "test-x25519.py",
"comment" : "x448 is not supported",
- "arguments" : ["-e", "all zero x448 key share",
+ "arguments" : ["-p", "@PORT@",
+ "-e", "all zero x448 key share",
"-e", "empty x448 key share",
"-e", "sanity - negotiate x448",
"-e", "too big x448 key share",
@@ -41,113 +49,193 @@
"-e", "x448 key share of \"1\""
]},
{"name" : "test-cve-2016-7054.py",
- "arguments" : ["-e", "sanity"]},
- {"name" : "test-cve-2016-6309.py"},
+ "arguments" : ["-p", "@PORT@",
+ "-e", "sanity"]},
+ {"name" : "test-cve-2016-6309.py",
+ "arguments" : ["-p", "@PORT@"] },
{"name" : "test-invalid-server-name-extension.py",
"comment" : "we don't parse past the first valid name, and we don't validate input received",
- "arguments" : ["-e", "SNI name with UTF-8",
+ "arguments" : ["-p", "@PORT@",
+ "-e", "SNI name with UTF-8",
"-e", "multiple host_names in SNI, RFC 6066 compliance",
"-e", "incorrect SNI"]},
{"name" : "test-invalid-server-name-extension-resumption.py",
"comment" : "we don't follow the RFC precisely on SNI resumption, we cache the SNI and ignore the extensions",
- "arguments" : ["-e", "Sanity check, bad SNI",
+ "arguments" : ["-p", "@PORT@",
+ "-e", "Sanity check, bad SNI",
"-e", "session resume with different SNI",
"-e", "session resume with malformed SNI"]},
- {"name" : "test-chacha20.py"},
- {"name" : "test-aes-gcm-nonces.py" },
- {"name" : "test-atypical-padding.py" },
+ {"name" : "test-chacha20.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-aes-gcm-nonces.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-atypical-padding.py",
+ "arguments" : ["-p", "@PORT@"] },
{"name" : "test-bleichenbacher-workaround.py",
- "arguments" : ["-n", "20"]
+ "arguments" : ["-p", "@PORT@",
+ "-n", "20"]
},
- {"name" : "test-clienthello-md5.py"},
+ {"name" : "test-clienthello-md5.py",
+ "arguments" : ["-p", "@PORT@"] },
{"name" : "test-client-compatibility.py",
- "arguments" : ["-e", "18: IE 6 on XP",
+ "arguments" : ["-p", "@PORT@",
+ "-e", "18: IE 6 on XP",
"-e", "52: YandexBot 3.0 on unknown",
"-e", "100: IE 6 on XP"]},
- {"name" : "test-conversation.py"},
+ {"name" : "test-conversation.py",
+ "arguments" : ["-p", "@PORT@"] },
{"name" : "test-client-hello-max-size.py",
"comment" : "FIXME: we fail with: Handshake buffer length is 131400 (max: 131072)",
- "arguments" : ["-e", "max client hello"]},
- {"name" : "test-atypical-padding.py" },
+ "arguments" : ["-p", "@PORT@",
+ "-e", "max client hello"]},
+ {"name" : "test-atypical-padding.py",
+ "arguments" : ["-p", "@PORT@"] },
{"name" : "test-ffdhe-negotiation.py" ,
"comment" : ["we don't prefer DHE over RSA if RSA is preferred by peer"],
- "arguments" : ["-e", "Check if DHE preferred"]},
- {"name" : "test-cve-2016-2107.py"},
- {"name" : "test-dhe-rsa-key-exchange.py"},
+ "arguments" : ["-p", "@PORT@",
+ "-e", "Check if DHE preferred"]},
+ {"name" : "test-cve-2016-2107.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-dhe-rsa-key-exchange.py",
+ "arguments" : ["-p", "@PORT@"] },
{"name" : "test-dhe-rsa-key-exchange-signatures.py",
"comment" : "gnutls no longer allows sha224",
- "arguments" : ["-e", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha224 signature",
+ "arguments" : ["-p", "@PORT@",
+ "-e", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha224 signature",
"-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 sha224 signature",
"-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA sha224 signature",
"-e", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 sha224 signature",
"-e", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA sha224 signature"]
},
- {"name" : "test-dhe-rsa-key-exchange-with-bad-messages.py"},
- {"name" : "test-early-application-data.py"},
- {"name" : "test-ecdhe-rsa-key-exchange.py"},
- {"name" : "test-ecdhe-rsa-key-exchange-with-bad-messages.py"},
- {"name" : "test-empty-extensions.py"},
- {"name" : "test-export-ciphers-rejected.py"},
- {"name" : "test-extensions.py"},
+ {"name" : "test-dhe-rsa-key-exchange-with-bad-messages.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-early-application-data.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-ecdhe-rsa-key-exchange.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-ecdhe-rsa-key-exchange-with-bad-messages.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-empty-extensions.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-export-ciphers-rejected.py",
+ "comment" : "disable SSL3.0 here, will be tested separately",
+ "arguments" : ["-p", "@PORT@",
+ "-e", "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA with AES_128 in SSLv3",
+ "-e", "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 with AES_128 in SSLv3",
+ "-e", "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA with AES_128 in SSLv3",
+ "-e", "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA with AES_128 in SSLv3",
+ "-e", "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA with AES_128 in SSLv3",
+ "-e", "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA with AES_128 in SSLv3",
+ "-e", "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA with AES_128 in SSLv3",
+ "-e", "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA with AES_128 in SSLv3",
+ "-e", "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 with AES_128 in SSLv3",
+ "-e", "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA with AES_128 in SSLv3",
+ "-e", "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 with AES_128 in SSLv3",
+ "-e", "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA with AES_128 in SSLv3",
+ "-e", "TLS_KRB5_EXPORT_WITH_RC4_40_MD5 with AES_128 in SSLv3",
+ "-e", "TLS_KRB5_EXPORT_WITH_RC4_40_SHA with AES_128 in SSLv3",
+ "-e", "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA with AES_128 in SSLv3",
+ "-e", "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA with AES_128 in SSLv3",
+ "-e", "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA with AES_128 in SSLv3",
+ "-e", "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 with AES_128 in SSLv3",
+ "-e", "TLS_RSA_EXPORT_WITH_RC4_40_MD5 with AES_128 in SSLv3"] },
+ {"name" : "test-extensions.py",
+ "arguments" : ["-p", "@PORT@"] },
{"name" : "test-extended-master-secret-extension.py",
"comment" : "gnutls does not allow switching from EMS to no EMS, and w/ECDHE test is incomplete",
- "arguments" : ["-e", "renegotiate without EMS in session with EMS",
+ "arguments" : ["-p", "@PORT@",
+ "-e", "renegotiate without EMS in session with EMS",
"-e", "EMS with session resume without extension"]},
{"name" : "test-fallback-scsv.py",
- "arguments" : ["--tls-1.3"]},
- {"name" : "test-fuzzed-ciphertext.py"},
- {"name" : "test-fuzzed-finished.py"},
- {"name" : "test-fuzzed-MAC.py"},
- {"name" : "test-fuzzed-padding.py"},
- {"name" : "test-hello-request-by-client.py"},
+ "arguments" : ["-p", "@PORT@",
+ "--tls-1.3"]},
+ {"name" : "test-fuzzed-ciphertext.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-fuzzed-finished.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-fuzzed-MAC.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-fuzzed-padding.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-hello-request-by-client.py",
+ "arguments" : ["-p", "@PORT@"] },
{"name" : "test-interleaved-application-data-and-fragmented-handshakes-in-renegotiation.py",
"comment" : "gnutls doesn't support interleaved data with handshake",
"exp_pass" : false},
{"name" : "test-interleaved-application-data-in-renegotiation.py",
"comment" : "gnutls doesn't support interleaved data with handshake",
"exp_pass" : false},
- {"name" : "test-invalid-cipher-suites.py"},
- {"name" : "test-invalid-client-hello.py"},
- {"name" : "test-invalid-client-hello-w-record-overflow.py"},
- {"name" : "test-invalid-compression-methods.py"},
- {"name" : "test-invalid-content-type.py"},
- {"name" : "test-invalid-rsa-key-exchange-messages.py"},
- {"name" : "test-invalid-session-id.py"},
- {"name" : "test-invalid-version.py"},
- {"name" : "test-large-number-of-extensions.py"},
- {"name" : "test-message-duplication.py"},
- {"name" : "test-message-skipping.py"},
+ {"name" : "test-invalid-cipher-suites.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-invalid-client-hello.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-invalid-client-hello-w-record-overflow.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-invalid-compression-methods.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-invalid-content-type.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-invalid-rsa-key-exchange-messages.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-invalid-session-id.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-invalid-version.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-large-number-of-extensions.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-message-duplication.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-message-skipping.py",
+ "arguments" : ["-p", "@PORT@"] },
{"name" : "test-ocsp-stapling.py",
"comment" : "test requires OCSP setup",
- "exp_pass" : false},
+ "exp_pass" : false,
+ "arguments" : ["-p", "@PORT@"] },
{"name" : "test-openssl-3712.py",
"comment" : "gnutls doesn't support interleaved data with handshake",
- "exp_pass" : false},
+ "exp_pass" : false,
+ "arguments" : ["-p", "@PORT@"] },
{"name" : "test-record-layer-fragmentation.py",
"comment" : "These tests rely on fragmenting the first bytes of the handshake header. Gnutls is limited on that, and doesn't accept handshake header fragmentation.",
- "arguments" : ["-e", "non fragmented, over fragmentation limit: 65535 fragment - 16332B extension",
+ "arguments" : ["-p", "@PORT@",
+ "-e", "non fragmented, over fragmentation limit: 65535 fragment - 16332B extension",
"-e", "small, maximum fragmentation: 1 fragment - 20B extension",
"-e", "medium, maximum fragmentation: 1 fragment - 1024B extension"]},
- {"name" : "test-sessionID-resumption.py"},
- {"name" : "test-sig-algs.py"
- },
+ {"name" : "test-sessionID-resumption.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-sig-algs.py",
+ "arguments" : ["-p", "@PORT@"] },
{"name" : "test-signature-algorithms.py",
"comment" : "gnutls doesn't tolerate that much",
- "arguments" : ["-e", "tolerance max (32764) number of methods"]
+ "arguments" : ["-p", "@PORT@",
+ "-e", "tolerance max (32764) number of methods"]
},
- {"name" : "test-sslv2-connection.py"},
- {"name" : "test-sslv2-force-cipher-3des.py"},
- {"name" : "test-sslv2-force-cipher-non3des.py"},
- {"name" : "test-sslv2-force-cipher.py"},
- {"name" : "test-sslv2-force-export-cipher.py"},
- {"name" : "test-sslv2hello-protocol.py"},
- {"name" : "test-TLSv1_2-rejected-without-TLSv1_2.py"},
- {"name" : "test-truncating-of-client-hello.py" },
- {"name" : "test-truncating-of-finished.py"},
- {"name" : "test-truncating-of-kRSA-client-key-exchange.py"},
- {"name" : "test-unsupported-curve-fallback.py"},
- {"name" : "test-version-numbers.py"},
- {"name" : "test-zero-length-data.py"}
+ {"name" : "test-sslv2-connection.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-sslv2-force-cipher-3des.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-sslv2-force-cipher-non3des.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-sslv2-force-cipher.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-sslv2-force-export-cipher.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-sslv2hello-protocol.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-TLSv1_2-rejected-without-TLSv1_2.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-truncating-of-client-hello.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-truncating-of-finished.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-truncating-of-kRSA-client-key-exchange.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-unsupported-curve-fallback.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-version-numbers.py",
+ "arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-zero-length-data.py",
+ "arguments" : ["-p", "@PORT@"] }
]
}
]
diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh b/tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh
index 80ebfc57b1..07ab0fa7f0 100755
--- a/tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh
+++ b/tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh
@@ -19,49 +19,15 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
srcdir="${srcdir:-.}"
-SERV="../../../../src/gnutls-serv${EXEEXT}"
-CLI="../../../../src/gnutls-cli${EXEEXT}"
-
-OUTFILE=tls-fuzzer.debug.log
-TMPFILE=tls-fuzzer.$$.tmp
-
-. "${srcdir}/../scripts/common.sh"
-
-eval "${GETPORT}"
-
-pushd tls-fuzzer
-
-if ! test -d tlsfuzzer;then
- exit 77
-fi
-
-rm -f "$OUTFILE"
-
-pushd tlsfuzzer
-test -L ecdsa || ln -s ../python-ecdsa/src/ecdsa ecdsa
-test -L tlslite || ln -s ../tlslite-ng/tlslite tlslite 2>/dev/null
-
-wait_for_free_port $PORT
-
-retval=0
+tls_fuzzer_prepare() {
PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:+VERS-SSL3.0"
${CLI} --list --priority "${PRIORITY}" >/dev/null 2>&1
if test $? != 0;then
PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:+VERS-SSL3.0"
fi
-TLS_PY=./tlslite-ng/scripts/tls.py
-#TLS_PY=$(which tls.py)
-
sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-alpn.json >${TMPFILE}
+}
-PYTHONPATH=. python tests/scripts_retention.py ${TMPFILE} ${SERV}
-retval=$?
-
-rm -f ${TMPFILE}
-
-popd
-popd
-
-exit $retval
+. "${srcdir}/tls-fuzzer/tls-fuzzer-common.sh"
diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-cert.sh b/tests/suite/tls-fuzzer/tls-fuzzer-cert.sh
index 30cfe25c38..054343fc28 100755
--- a/tests/suite/tls-fuzzer/tls-fuzzer-cert.sh
+++ b/tests/suite/tls-fuzzer/tls-fuzzer-cert.sh
@@ -19,54 +19,15 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
srcdir="${srcdir:-.}"
-SERV="../../../../src/gnutls-serv${EXEEXT}"
-CLI="../../../../src/gnutls-cli${EXEEXT}"
-
-OUTFILE=tls-fuzzer-cert.debug.log
-TMPFILE=tls-fuzzer-cert.$$.tmp
-
-. "${srcdir}/../scripts/common.sh"
-
-# We hard-code the port because of limitations in tlsfuzzer
-#eval "${GETPORT}"
-PORT=4433
-
-$LOCKFILE
-
-pushd tls-fuzzer
-
-if ! test -d tlsfuzzer;then
- exit 77
-fi
-
-rm -f "$OUTFILE"
-
-pushd tlsfuzzer
-test -L ecdsa || ln -s ../python-ecdsa/src/ecdsa ecdsa
-test -L tlslite || ln -s ../tlslite-ng/tlslite tlslite 2>/dev/null
-
-wait_for_free_port $PORT
-
-retval=0
+tls_fuzzer_prepare() {
PRIORITY="NORMAL:+ARCFOUR-128:%VERIFY_ALLOW_SIGN_WITH_SHA1:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:+VERS-SSL3.0"
${CLI} --list --priority "${PRIORITY}" >/dev/null 2>&1
if test $? != 0;then
PRIORITY="NORMAL:+ARCFOUR-128:%VERIFY_ALLOW_SIGN_WITH_SHA1:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:+VERS-SSL3.0"
fi
-TLS_PY=./tlslite-ng/scripts/tls.py
-#TLS_PY=$(which tls.py)
-
sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-cert.json >${TMPFILE}
+}
-PYTHONPATH=. python tests/scripts_retention.py ${TMPFILE} ${SERV}
-retval=$?
-
-rm -f ${TMPFILE}
-
-popd
-popd
-
-$UNLOCKFILE
-exit $retval
+. "${srcdir}/tls-fuzzer/tls-fuzzer-common.sh"
diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-common.sh b/tests/suite/tls-fuzzer/tls-fuzzer-common.sh
new file mode 100755
index 0000000000..111fd44970
--- /dev/null
+++ b/tests/suite/tls-fuzzer/tls-fuzzer-common.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+# Copyright (C) 2016-2018 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+builddir=`pwd`
+CLI="${builddir}/../../src/gnutls-cli${EXEEXT}"
+SERV="${builddir}/../../src/gnutls-serv${EXEEXT}"
+
+TMPFILE="${builddir}/tls-fuzzer.$$.tmp"
+PSKFILE="${builddir}/tls-fuzzer.psk.$$.tmp"
+
+. "${srcdir}/../scripts/common.sh"
+
+eval "${GETPORT}"
+
+if ! test -d "${srcdir}/tls-fuzzer/tlsfuzzer" ; then
+ exit 77
+fi
+
+pushd "${srcdir}/tls-fuzzer/tlsfuzzer"
+
+test -L ecdsa || ln -s ../python-ecdsa/src/ecdsa ecdsa
+test -L tlslite || ln -s ../tlslite-ng/tlslite tlslite 2>/dev/null
+
+wait_for_free_port $PORT
+
+retval=0
+
+tls_fuzzer_prepare
+
+PYTHONPATH=. python tests/scripts_retention.py ${TMPFILE} ${SERV}
+retval=$?
+
+rm -f ${TMPFILE}
+[ -f "${PSKFILE}" ] && rm -f ${PSKFILE}
+
+popd
+
+exit $retval
diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-nocert-ssl3.sh b/tests/suite/tls-fuzzer/tls-fuzzer-nocert-ssl3.sh
new file mode 100755
index 0000000000..37efc16241
--- /dev/null
+++ b/tests/suite/tls-fuzzer/tls-fuzzer-nocert-ssl3.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# Copyright (C) 2016-2017 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+srcdir="${srcdir:-.}"
+
+tls_fuzzer_prepare() {
+PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:-VERS-ALL:+VERS-SSL3.0"
+
+sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-nocert-ssl3.json >${TMPFILE}
+}
+
+. "${srcdir}/tls-fuzzer/tls-fuzzer-common.sh"
diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh b/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh
index f5d94dd692..aab37db5e2 100755
--- a/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh
+++ b/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh
@@ -19,47 +19,13 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
srcdir="${srcdir:-.}"
-SERV="../../../../src/gnutls-serv${EXEEXT}"
-CLI="../../../../src/gnutls-cli${EXEEXT}"
-
-OUTFILE=tls-fuzzer.debug.log
-TMPFILE=tls-fuzzer.$$.tmp
-
-. "${srcdir}/../scripts/common.sh"
-
-eval "${GETPORT}"
-
-pushd tls-fuzzer
-
-if ! test -d tlsfuzzer;then
- exit 77
-fi
-
-rm -f "$OUTFILE"
-
-pushd tlsfuzzer
-test -L ecdsa || ln -s ../python-ecdsa/src/ecdsa ecdsa
-test -L tlslite || ln -s ../tlslite-ng/tlslite tlslite 2>/dev/null
-
-wait_for_free_port $PORT
-
-retval=0
+tls_fuzzer_prepare() {
PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1"
-TLS_PY=./tlslite-ng/scripts/tls.py
-#TLS_PY=$(which tls.py)
-
sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-nocert-tls13.json >${TMPFILE}
sed -i 's/(127, 28)/(3, 4)/g' ./tlslite/constants.py
+}
-PYTHONPATH=. python tests/scripts_retention.py ${TMPFILE} ${SERV}
-retval=$?
-
-rm -f ${TMPFILE}
-
-popd
-popd
-
-exit $retval
+. "${srcdir}/tls-fuzzer/tls-fuzzer-common.sh"
diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh b/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh
index f577f71249..77a1d050cd 100755
--- a/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh
+++ b/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh
@@ -19,36 +19,8 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
srcdir="${srcdir:-.}"
-SERV="../../../../src/gnutls-serv${EXEEXT}"
-CLI="../../../../src/gnutls-cli${EXEEXT}"
-
-OUTFILE=tls-fuzzer.debug.log
-TMPFILE=tls-fuzzer.$$.tmp
-
-. "${srcdir}/../scripts/common.sh"
-
-# We hard-code the port because of limitations in tlsfuzzer
-#eval "${GETPORT}"
-PORT=4433
-
-$LOCKFILE
-
-pushd tls-fuzzer
-
-if ! test -d tlsfuzzer;then
- exit 77
-fi
-
-rm -f "$OUTFILE"
-
-pushd tlsfuzzer
-test -L ecdsa || ln -s ../python-ecdsa/src/ecdsa ecdsa
-test -L tlslite || ln -s ../tlslite-ng/tlslite tlslite 2>/dev/null
-
-wait_for_free_port $PORT
-
-retval=0
+tls_fuzzer_prepare() {
VERSIONS="-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0"
PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:${VERSIONS}:+SHA256"
${CLI} --list --priority "${PRIORITY}" >/dev/null 2>&1
@@ -56,18 +28,7 @@ if test $? != 0;then
PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:${VERSIONS}:+SHA256"
fi
-TLS_PY=./tlslite-ng/scripts/tls.py
-#TLS_PY=$(which tls.py)
-
sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-nocert.json >${TMPFILE}
+}
-PYTHONPATH=. python tests/scripts_retention.py ${TMPFILE} ${SERV}
-retval=$?
-
-rm -f ${TMPFILE}
-
-popd
-popd
-
-$UNLOCKFILE
-exit $retval
+. "${srcdir}/tls-fuzzer/tls-fuzzer-common.sh"
diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-psk.sh b/tests/suite/tls-fuzzer/tls-fuzzer-psk.sh
index 096e5ed1f2..aeefae9a5e 100755
--- a/tests/suite/tls-fuzzer/tls-fuzzer-psk.sh
+++ b/tests/suite/tls-fuzzer/tls-fuzzer-psk.sh
@@ -19,51 +19,18 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
srcdir="${srcdir:-.}"
-SERV="../../../../src/gnutls-serv${EXEEXT}"
-CLI="../../../../src/gnutls-cli${EXEEXT}"
-
-OUTFILE=tls-fuzzer.debug.log
-TMPFILE=tls-fuzzer.$$.tmp
-PSKFILE=tls-fuzzer.psk.$$.tmp
-
-. "${srcdir}/../scripts/common.sh"
-
-eval "${GETPORT}"
-
-pushd tls-fuzzer
-
-if ! test -d tlsfuzzer;then
- exit 77
-fi
-
-rm -f "$OUTFILE"
-
-pushd tlsfuzzer
-test -L ecdsa || ln -s ../python-ecdsa/src/ecdsa ecdsa
-test -L tlslite || ln -s ../tlslite-ng/tlslite tlslite 2>/dev/null
-
-wait_for_free_port $PORT
-
-retval=0
+tls_fuzzer_prepare() {
PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:-KX-ALL:+DHE-PSK:+ECDHE-PSK:+PSK"
PSKKEY=8a7759b3f26983c453e448060bde8981
PSKID=test
-sed -e "s|@SERVER@|$SERV|g" -e "s/@PSKKEY@/$PSKKEY/g" -e "s/@PSKID@/$PSKID/g" -e "s/@PSKFILE@/$PSKFILE/g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-psk.json >${TMPFILE}
+sed -e "s|@SERVER@|$SERV|g" -e "s/@PSKKEY@/$PSKKEY/g" -e "s/@PSKID@/$PSKID/g" -e "s^@PSKFILE@^$PSKFILE^g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-psk.json >${TMPFILE}
cat >${PSKFILE} <<_EOF_
${PSKID}:${PSKKEY}
_EOF_
+}
-PYTHONPATH=. python tests/scripts_retention.py ${TMPFILE} ${SERV}
-retval=$?
-
-rm -f ${TMPFILE}
-rm -f ${PSKFILE}
-
-popd
-popd
-
-exit $retval
+. "${srcdir}/tls-fuzzer/tls-fuzzer-common.sh"