mirror of
https://github.com/cuberite/polarssl.git
synced 2025-11-03 20:22:59 -05:00
Use requires_max_content_len, add check in Renegotiation
- Abstract out repetitive checks for IN and OUT content lens - Remove unclear comment and redundant echo - Add content length constraints in Renegotiation with fragment length test Signed-off-by: Yuto Takano <yuto.takano@arm.com>
This commit is contained in:
Yuto Takano
parent
2be6f1ac5b
commit
b0a1c5b021
@ -287,6 +287,12 @@ requires_openssl_with_fallback_scsv() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# skip next test if either IN_CONTENT_LEN or MAX_CONTENT_LEN are below a value
|
||||||
|
requires_max_content_len() {
|
||||||
|
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" $1
|
||||||
|
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" $1
|
||||||
|
}
|
||||||
|
|
||||||
# skip next test if GnuTLS isn't available
|
# skip next test if GnuTLS isn't available
|
||||||
requires_gnutls() {
|
requires_gnutls() {
|
||||||
if [ -z "${GNUTLS_AVAILABLE:-}" ]; then
|
if [ -z "${GNUTLS_AVAILABLE:-}" ]; then
|
||||||
@ -2749,10 +2755,6 @@ run_test "Session resume using cache, DTLS: openssl server" \
|
|||||||
|
|
||||||
# Tests for Max Fragment Length extension
|
# Tests for Max Fragment Length extension
|
||||||
|
|
||||||
if [ $MAX_CONTENT_LEN -ne 16384 ]; then
|
|
||||||
echo "Using non-default maximum content length $MAX_CONTENT_LEN instead of 16384 "
|
|
||||||
fi
|
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: enabled, default" \
|
run_test "Max fragment length: enabled, default" \
|
||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
@ -2827,9 +2829,7 @@ run_test "Max fragment length, DTLS: disabled, larger message" \
|
|||||||
-S "Maximum outgoing record payload length is 16384" \
|
-S "Maximum outgoing record payload length is 16384" \
|
||||||
-c "fragment larger than.*maximum "
|
-c "fragment larger than.*maximum "
|
||||||
|
|
||||||
# Make sure it was compiled with lengths over 4096
|
requires_max_content_len 4096
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096
|
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: used by client" \
|
run_test "Max fragment length: used by client" \
|
||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
@ -2844,8 +2844,7 @@ run_test "Max fragment length: used by client" \
|
|||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 1024
|
requires_max_content_len 1024
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 1024
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 512, server 1024" \
|
run_test "Max fragment length: client 512, server 1024" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=1024" \
|
"$P_SRV debug_level=3 max_frag_len=1024" \
|
||||||
@ -2860,8 +2859,7 @@ run_test "Max fragment length: client 512, server 1024" \
|
|||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048
|
requires_max_content_len 2048
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 512, server 2048" \
|
run_test "Max fragment length: client 512, server 2048" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=2048" \
|
"$P_SRV debug_level=3 max_frag_len=2048" \
|
||||||
@ -2876,8 +2874,7 @@ run_test "Max fragment length: client 512, server 2048" \
|
|||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096
|
requires_max_content_len 4096
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 512, server 4096" \
|
run_test "Max fragment length: client 512, server 4096" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||||
@ -2892,8 +2889,7 @@ run_test "Max fragment length: client 512, server 4096" \
|
|||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 1024
|
requires_max_content_len 1024
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 1024
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 1024, server 512" \
|
run_test "Max fragment length: client 1024, server 512" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=512" \
|
"$P_SRV debug_level=3 max_frag_len=512" \
|
||||||
@ -2908,8 +2904,7 @@ run_test "Max fragment length: client 1024, server 512" \
|
|||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048
|
requires_max_content_len 2048
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 1024, server 2048" \
|
run_test "Max fragment length: client 1024, server 2048" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=2048" \
|
"$P_SRV debug_level=3 max_frag_len=2048" \
|
||||||
@ -2924,8 +2919,7 @@ run_test "Max fragment length: client 1024, server 2048" \
|
|||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096
|
requires_max_content_len 4096
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 1024, server 4096" \
|
run_test "Max fragment length: client 1024, server 4096" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||||
@ -2940,8 +2934,7 @@ run_test "Max fragment length: client 1024, server 4096" \
|
|||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048
|
requires_max_content_len 2048
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 2048, server 512" \
|
run_test "Max fragment length: client 2048, server 512" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=512" \
|
"$P_SRV debug_level=3 max_frag_len=512" \
|
||||||
@ -2956,8 +2949,7 @@ run_test "Max fragment length: client 2048, server 512" \
|
|||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048
|
requires_max_content_len 2048
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 2048, server 1024" \
|
run_test "Max fragment length: client 2048, server 1024" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=1024" \
|
"$P_SRV debug_level=3 max_frag_len=1024" \
|
||||||
@ -2972,8 +2964,7 @@ run_test "Max fragment length: client 2048, server 1024" \
|
|||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096
|
requires_max_content_len 4096
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 2048, server 4096" \
|
run_test "Max fragment length: client 2048, server 4096" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||||
@ -2988,8 +2979,7 @@ run_test "Max fragment length: client 2048, server 4096" \
|
|||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096
|
requires_max_content_len 4096
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 4096, server 512" \
|
run_test "Max fragment length: client 4096, server 512" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=512" \
|
"$P_SRV debug_level=3 max_frag_len=512" \
|
||||||
@ -3004,8 +2994,7 @@ run_test "Max fragment length: client 4096, server 512" \
|
|||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096
|
requires_max_content_len 4096
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 4096, server 1024" \
|
run_test "Max fragment length: client 4096, server 1024" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=1024" \
|
"$P_SRV debug_level=3 max_frag_len=1024" \
|
||||||
@ -3020,8 +3009,7 @@ run_test "Max fragment length: client 4096, server 1024" \
|
|||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096
|
requires_max_content_len 4096
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 4096, server 2048" \
|
run_test "Max fragment length: client 4096, server 2048" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=2048" \
|
"$P_SRV debug_level=3 max_frag_len=2048" \
|
||||||
@ -3036,8 +3024,7 @@ run_test "Max fragment length: client 4096, server 2048" \
|
|||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096
|
requires_max_content_len 4096
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: used by server" \
|
run_test "Max fragment length: used by server" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||||
@ -3052,8 +3039,7 @@ run_test "Max fragment length: used by server" \
|
|||||||
-S "server hello, max_fragment_length extension" \
|
-S "server hello, max_fragment_length extension" \
|
||||||
-C "found max_fragment_length extension"
|
-C "found max_fragment_length extension"
|
||||||
|
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096
|
requires_max_content_len 4096
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
requires_gnutls
|
requires_gnutls
|
||||||
run_test "Max fragment length: gnutls server" \
|
run_test "Max fragment length: gnutls server" \
|
||||||
@ -3065,8 +3051,7 @@ run_test "Max fragment length: gnutls server" \
|
|||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048
|
requires_max_content_len 2048
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client, message just fits" \
|
run_test "Max fragment length: client, message just fits" \
|
||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
@ -3083,8 +3068,7 @@ run_test "Max fragment length: client, message just fits" \
|
|||||||
-c "2048 bytes written in 1 fragments" \
|
-c "2048 bytes written in 1 fragments" \
|
||||||
-s "2048 bytes read"
|
-s "2048 bytes read"
|
||||||
|
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048
|
requires_max_content_len 2048
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client, larger message" \
|
run_test "Max fragment length: client, larger message" \
|
||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
@ -3102,8 +3086,7 @@ run_test "Max fragment length: client, larger message" \
|
|||||||
-s "2048 bytes read" \
|
-s "2048 bytes read" \
|
||||||
-s "297 bytes read"
|
-s "297 bytes read"
|
||||||
|
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048
|
requires_max_content_len 2048
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: DTLS client, larger message" \
|
run_test "Max fragment length: DTLS client, larger message" \
|
||||||
"$P_SRV debug_level=3 dtls=1" \
|
"$P_SRV debug_level=3 dtls=1" \
|
||||||
@ -3215,6 +3198,7 @@ run_test "Renegotiation: double" \
|
|||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "Renegotiation with max fragment length: client 2048, server 512" \
|
run_test "Renegotiation with max fragment length: client 2048, server 512" \
|
||||||
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \
|
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \
|
||||||
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
|
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user