summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@redhat.com>2018-10-12 16:36:12 +0200
committerNikos Mavrogiannopoulos <nmav@redhat.com>2018-10-16 15:01:55 +0200
commit44dff56fe3b64b362edc6bb8c046823745e50bd3 (patch)
tree59f81e94fbdcef2f1bcfedfa88a34605c3fdae3a /tests
parent50d5f65d0ba312fb304108ee4fa6b37c41008bb4 (diff)
downloadgnutls-44dff56fe3b64b362edc6bb8c046823745e50bd3.tar.gz
tlsfuzzer: updated to latest upstream and enabled new teststmp-update-tlsfuzzer
Resolves: #591 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests')
-rw-r--r--tests/suite/tls-fuzzer/gnutls-nocert-tls13.json31
-rw-r--r--tests/suite/tls-fuzzer/gnutls-nocert.json43
-rwxr-xr-xtests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh2
m---------tests/suite/tls-fuzzer/tlsfuzzer0
m---------tests/suite/tls-fuzzer/tlslite-ng0
5 files changed, 72 insertions, 4 deletions
diff --git a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
index 7b01c25ae8..d0d142e7a2 100644
--- a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
+++ b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
@@ -14,10 +14,26 @@
"tests" : [
{"name" : "test-tls13-0rtt-garbage.py",
"arguments": ["-p", "@PORT@"]},
+ {"name" : "test-tls13-crfg-curves.py",
+ "comment": "We do not support x448",
+ "arguments": ["-p", "@PORT@",
+ "-e", "empty x448 key share",
+ "-e", "sanity x448 with compression ansiX962_compressed_char2",
+ "-e", "sanity x448 with compression ansiX962_compressed_prime",
+ "-e", "sanity x448 with compression uncompressed",
+ "-e", "too big x448 key share",
+ "-e", "too small x448 key share",
+ "-e", "x448 key share of \"1\"",
+ "-e", "all zero x448 key share"]},
{"name" : "test-tls13-conversation.py",
"arguments": ["-p", "@PORT@"]},
{"name" : "test-tls13-count-tickets.py",
"arguments": ["-p", "@PORT@", "-t", "1"]},
+ {"name" : "test-tls13-dhe-shared-secret-padding.py",
+ "comment": "We do not support x448",
+ "arguments": ["-p", "@PORT@",
+ "-e", "TLS 1.3 with x448",
+ "-n", "5"]},
{"name" : "test-tls13-empty-alert.py",
"arguments": ["-p", "@PORT@"]},
{"name" : "test-tls13-ffdhe-sanity.py",
@@ -29,6 +45,10 @@
"-e", "padding - cipher TLS_AES_256_GCM_SHA384, pad_byte 0, pad_left 0, pad_right 16777167"]},
{"name" : "test-tls13-hrr.py",
"arguments": ["-p", "@PORT@"]},
+ {"name" : "test-tls13-invalid-ciphers.py",
+ "arguments": ["-p", "@PORT@"]},
+ {"name" : "test-tls13-keyshare-omitted.py",
+ "arguments": ["-p", "@PORT@"]},
{"name" : "test-tls13-legacy-version.py",
"arguments": ["-p", "@PORT@"]},
{"name" : "test-tls13-nociphers.py",
@@ -43,8 +63,17 @@
"arguments": ["-p", "@PORT@", "-b"]},
{"name" : "test-tls13-session-resumption.py",
"arguments": ["-p", "@PORT@"]},
+ {"name" : "test-tls13-serverhello-random.py",
+ "arguments": ["-p", "@PORT@",
+ "-e", "TLS 1.3 with x448"]},
{"name" : "test-tls13-signature-algorithms.py",
- "arguments": ["-p", "@PORT@"]},
+ "comment" : "gnutls doesn't handle well duplicated signature algorithms; this is not an issue in practice",
+ "arguments": ["-p", "@PORT@",
+ "-e", "213 invalid schemes",
+ "-e", "2353 invalid schemes",
+ "-e", "8130 invalid schemes",
+ "-e", "23752 invalid schemes",
+ "-e", "32715 invalid schemes"]},
{"name" : "test-tls13-unrecognised-groups.py",
"arguments": ["-p", "@PORT@"]},
{"name" : "test-tls13-version-negotiation.py",
diff --git a/tests/suite/tls-fuzzer/gnutls-nocert.json b/tests/suite/tls-fuzzer/gnutls-nocert.json
index 6ddb6ebbe0..6e2a2ea47c 100644
--- a/tests/suite/tls-fuzzer/gnutls-nocert.json
+++ b/tests/suite/tls-fuzzer/gnutls-nocert.json
@@ -96,6 +96,21 @@
"-e", "Check if DHE preferred"]},
{"name" : "test-cve-2016-2107.py",
"arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-dhe-key-share-random.py",
+ "comment": "This test assumes that record splitting is performed under SSLv3 and TLS1.0",
+ "arguments" : ["-p", "@PORT@",
+ "-e", "Protocol (3, 1)",
+ "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello",
+ "-e", "Protocol (3, 0)",
+ "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello"]},
+ {"name" : "test-dhe-no-shared-secret-padding.py",
+ "comment": "This test assumes that record splitting is performed under SSLv3 and TLS1.0",
+ "arguments" : ["-p", "@PORT@",
+ "-e", "Protocol (3, 1)",
+ "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello",
+ "-e", "Protocol (3, 0)",
+ "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello",
+ "-n", "4"]},
{"name" : "test-dhe-rsa-key-exchange.py",
"arguments" : ["-p", "@PORT@"] },
{"name" : "test-dhe-rsa-key-exchange-signatures.py",
@@ -111,10 +126,24 @@
"arguments" : ["-p", "@PORT@"] },
{"name" : "test-early-application-data.py",
"arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-ecdhe-padded-shared-secret.py",
+ "comment": "This test assumes that record splitting is performed under SSLv3 and TLS1.0; we don't support x448",
+ "arguments" : ["-p", "@PORT@",
+ "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello",
+ "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello",
+ "-e", "Protocol (3, 2) with x448 group",
+ "-n", "4"]},
{"name" : "test-ecdhe-rsa-key-exchange.py",
"arguments" : ["-p", "@PORT@"] },
{"name" : "test-ecdhe-rsa-key-exchange-with-bad-messages.py",
"arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-ecdhe-rsa-key-share-random.py",
+ "comment": "This test assumes that record splitting is performed under SSLv3 and TLS1.0; we don't support x448",
+ "arguments" : ["-p", "@PORT@",
+ "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello",
+ "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello",
+ "-e", "Protocol (3, 2) with x448 group",
+ "-n", "4"]},
{"name" : "test-empty-extensions.py",
"arguments" : ["-p", "@PORT@"] },
{"name" : "test-export-ciphers-rejected.py",
@@ -203,11 +232,23 @@
"-e", "medium, maximum fragmentation: 1 fragment - 1024B extension"]},
{"name" : "test-sessionID-resumption.py",
"arguments" : ["-p", "@PORT@"] },
+ {"name" : "test-serverhello-random.py",
+ "comment": "This test assumes that record splitting is performed under SSLv3 and TLS1.0; we don't support x448",
+ "arguments" : ["-p", "@PORT@",
+ "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello",
+ "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello",
+ "-e", "Protocol (3, 2) with x448 group",
+ "-n", "4"]},
{"name" : "test-sig-algs.py",
"arguments" : ["-p", "@PORT@"] },
{"name" : "test-signature-algorithms.py",
- "comment" : "gnutls doesn't tolerate that much",
+ "comment" : "gnutls doesn't handle well duplicated sign algorithms; this is not an issue in practice",
"arguments" : ["-p", "@PORT@",
+ "-e", "duplicated 202 non-rsa schemes",
+ "-e", "duplicated 2342 non-rsa schemes",
+ "-e", "duplicated 8119 non-rsa schemes",
+ "-e", "duplicated 23741 non-rsa schemes",
+ "-e", "duplicated 32748 non-rsa schemes",
"-e", "tolerance max (32764) number of methods"]
},
{"name" : "test-sslv2-connection.py",
diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh b/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh
index aab37db5e2..1b9b0f1765 100755
--- a/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh
+++ b/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh
@@ -24,8 +24,6 @@ tls_fuzzer_prepare() {
PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1"
sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-nocert-tls13.json >${TMPFILE}
-
-sed -i 's/(127, 28)/(3, 4)/g' ./tlslite/constants.py
}
. "${srcdir}/tls-fuzzer/tls-fuzzer-common.sh"
diff --git a/tests/suite/tls-fuzzer/tlsfuzzer b/tests/suite/tls-fuzzer/tlsfuzzer
-Subproject 01f44ce66c54193176dac7c9e87afd248c58c08
+Subproject 64f4a6e94c6cc1357fdb9fb36b8467456509df6
diff --git a/tests/suite/tls-fuzzer/tlslite-ng b/tests/suite/tls-fuzzer/tlslite-ng
-Subproject bad2b98b2c382674f71aff617a9274e2a095951
+Subproject af466651a7795ac5a6cf54932d496ca8e79b49b