testrandom.sh tls-fuzzer/tls-fuzzer-nocert.sh \
tls-fuzzer/tls-fuzzer-cert.sh tls-fuzzer/tls-fuzzer-alpn.sh \
tls-fuzzer/tls-fuzzer-nocert-tls13.sh tls-fuzzer/tls-fuzzer-psk.sh \
+ tls-fuzzer/tls-fuzzer-nolimit.sh tls-fuzzer/tls-fuzzer-nolimit-tls13.sh \
multi-ticket-reception.sh
TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \
{"name" : "test-record-size-limit.py",
"comment" : "changed extension after HRR is not supported #617",
"arguments" : ["-p", "@PORT@", "--reply-AD-size", "1024",
+ "--minimal-size", "512",
"-e", "change size in TLS 1.2 resumption",
"-e", "check if server accepts maximum size in TLS 1.0",
"-e", "check if server accepts maximum size in TLS 1.1",
{"name" : "test-record-size-limit.py",
"comment" : "TLS 1.3 tests are done separately; 1/n-1 splitting is not supported in TLS 1.0",
"arguments" : ["-p", "@PORT@", "--reply-AD-size", "1024",
+ "--minimal-size", "512",
"-e", "check if server accepts maximum size in TLS 1.0",
"-e", "check if server accepts maximum size in TLS 1.3",
"-e", "check if server accepts minimal size in TLS 1.0",
--- /dev/null
+[
+ {"server_command": ["@SERVER@", "--http",
+ "--x509keyfile", "tests/serverX509Key.pem",
+ "--x509certfile", "tests/serverX509Cert.pem",
+ "--x509keyfile", "tests/serverRSAPSSKey.pem",
+ "--x509certfile", "tests/serverRSAPSSCert.pem",
+ "--x509keyfile", "../../../certs/ecc256.pem",
+ "--x509certfile", "../../../certs/cert-ecc256.pem",
+ "--debug=3",
+ "--httpdata=../http.dat",
+ "--priority=@PRIORITY@",
+ "--disable-client-cert", "--port=@PORT@"],
+ "server_hostname": "localhost",
+ "server_port": @PORT@,
+ "tests" : [
+ {"name" : "test-record-size-limit.py",
+ "comment" : "changed extension after HRR is not supported #617",
+ "arguments" : ["-p", "@PORT@", "--reply-AD-size", "1024",
+ "-e", "change size in TLS 1.2 resumption",
+ "-e", "check if server accepts maximum size in TLS 1.0",
+ "-e", "check if server accepts maximum size in TLS 1.1",
+ "-e", "check if server accepts maximum size in TLS 1.2",
+ "-e", "check if server accepts minimal size in TLS 1.0",
+ "-e", "check if server accepts minimal size in TLS 1.1",
+ "-e", "check if server accepts minimal size in TLS 1.2",
+ "-e", "check interaction with sha256 prf",
+ "-e", "check interaction with sha384 prf",
+ "-e", "check server sent size in TLS 1.0",
+ "-e", "check server sent size in TLS 1.1",
+ "-e", "check server sent size in TLS 1.2",
+ "-e", "drop extension in TLS 1.2 resumption",
+ "-e", "modified extension in 2nd CH in HRR handshake",
+ "-e", "renegotiation with changed limit",
+ "-e", "renegotiation with dropped extension",
+ "-e", "added extension in 2nd CH in HRR handshake",
+ "-e", "check server sent size in TLS 1.0 with max_fragment_length",
+ "-e", "check server sent size in TLS 1.1 with max_fragment_length",
+ "-e", "check server sent size in TLS 1.2 with max_fragment_length",
+ "-e", "removed extension in 2nd CH in HRR handshake"] }
+ ]
+ }
+]
--- /dev/null
+[
+ {"server_command": ["@SERVER@", "--http",
+ "--x509keyfile", "tests/serverX509Key.pem",
+ "--x509certfile", "tests/serverX509Cert.pem",
+ "--x509keyfile", "../../../certs/ecc256.pem",
+ "--x509certfile", "../../../certs/cert-ecc256.pem",
+ "--debug=3",
+ "--httpdata=../http.dat",
+ "--noticket",
+ "--priority=@PRIORITY@",
+ "--disable-client-cert", "--port=@PORT@"],
+ "server_hostname": "localhost",
+ "server_port": @PORT@,
+ "tests" : [
+ {"name" : "test-record-size-limit.py",
+ "comment" : "TLS 1.3 tests are done separately; 1/n-1 splitting is not supported in TLS 1.0",
+ "arguments" : ["-p", "@PORT@", "--reply-AD-size", "1024",
+ "-e", "check if server accepts maximum size in TLS 1.0",
+ "-e", "check if server accepts maximum size in TLS 1.3",
+ "-e", "check if server accepts minimal size in TLS 1.0",
+ "-e", "check if server accepts minimal size in TLS 1.3",
+ "-e", "check if server omits extension for unrecognized size 64 in TLS 1.3",
+ "-e", "check if server omits extension for unrecognized size 511 in TLS 1.3",
+ "-e", "check server sent size in TLS 1.0",
+ "-e", "check server sent size in TLS 1.3",
+ "-e", "HRR sanity",
+ "-e", "too large record payload in TLS 1.3",
+ "-e", "change size in TLS 1.3 session resumption",
+ "-e", "drop extension in TLS 1.3 session resumption",
+ "-e", "modified extension in 2nd CH in HRR handshake",
+ "-e", "added extension in 2nd CH in HRR handshake",
+ "-e", "check server sent size in TLS 1.0 with max_fragment_length",
+ "-e", "check server sent size in TLS 1.3 with max_fragment_length",
+ "-e", "removed extension in 2nd CH in HRR handshake"] }
+ ]
+ }
+]
srcdir="${srcdir:-.}"
tls_fuzzer_prepare() {
-PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:%ALLOW_SMALL_RECORDS"
+PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1"
sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-nocert-tls13.json >${TMPFILE}
}
tls_fuzzer_prepare() {
VERSIONS="-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0"
-PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:${VERSIONS}:+SHA256:%ALLOW_SMALL_RECORDS"
+PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:${VERSIONS}:+SHA256"
${CLI} --list --priority "${PRIORITY}" >/dev/null 2>&1
if test $? != 0;then
- PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:${VERSIONS}:+SHA256:%ALLOW_SMALL_RECORDS"
+ PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:${VERSIONS}:+SHA256"
fi
sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-nocert.json >${TMPFILE}
--- /dev/null
+#!/bin/bash
+
+# Copyright (C) 2016-2017 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+srcdir="${srcdir:-.}"
+
+tls_fuzzer_prepare() {
+PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:%ALLOW_SMALL_RECORDS"
+
+sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-nolimit-tls13.json >${TMPFILE}
+}
+
+. "${srcdir}/tls-fuzzer/tls-fuzzer-common.sh"
--- /dev/null
+#!/bin/bash
+
+# Copyright (C) 2016-2017 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+srcdir="${srcdir:-.}"
+
+tls_fuzzer_prepare() {
+VERSIONS="-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0"
+PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:${VERSIONS}:+SHA256:%ALLOW_SMALL_RECORDS"
+${CLI} --list --priority "${PRIORITY}" >/dev/null 2>&1
+if test $? != 0;then
+ PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:${VERSIONS}:+SHA256:%ALLOW_SMALL_RECORDS"
+fi
+
+sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-nolimit.json >${TMPFILE}
+}
+
+. "${srcdir}/tls-fuzzer/tls-fuzzer-common.sh"