Skip some DTLS reordering tests in PSK-only builds

Some DTLS reordering tests rely on certificate authentication messages. It is probably possible to adapt them to rely on different messages, but for now, skip them in PSK-only builds. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-14 18:21:24 +01:00 · 2022-03-14 18:21:24 +01:00 · 6f160cab59
commit 6f160cab59
parent 309ca65846
1 changed files with 13 additions and 0 deletions
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -293,6 +293,12 @@ maybe_requires_ciphersuite_enabled() {
    unset ciphersuite
 }

+requires_certificate_authentication () {
+    if [ "$PSK_ONLY" = "YES" ]; then
+        SKIP_NEXT="YES"
+    fi
+}
+
 adapt_cmd_for_psk () {
    case "$2" in
        *openssl*) s='-psk abc123 -nocert';;
@ -9302,6 +9308,7 @@ run_test    "DTLS proxy: delay ChangeCipherSpec" \

 # Tests for reordering support with DTLS

+requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "DTLS reordering: Buffer out-of-order handshake message on client" \
            -p "$P_PXY delay_srv=ServerHello" \
@ -9319,6 +9326,7 @@ run_test    "DTLS reordering: Buffer out-of-order handshake message on client" \
            -S "Injecting buffered CCS message" \
            -S "Remember CCS message"

+requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "DTLS reordering: Buffer out-of-order handshake message fragment on client" \
            -p "$P_PXY delay_srv=ServerHello" \
@ -9342,6 +9350,7 @@ run_test    "DTLS reordering: Buffer out-of-order handshake message fragment on
 # Certificate message; at the time of writing, together these are aroudn 1200b
 # in size, so that the bound below ensures that the certificate can be reassembled
 # while keeping the ServerKeyExchange.
+requires_certificate_authentication
 requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \
@ -9364,6 +9373,7 @@ run_test    "DTLS reordering: Buffer out-of-order hs msg before reassembling nex
 # The size constraints ensure that the delayed certificate message can't
 # be reassembled while keeping the ServerKeyExchange message, but it can
 # when dropping it first.
+requires_certificate_authentication
 requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900
 requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
@ -9384,6 +9394,7 @@ run_test    "DTLS reordering: Buffer out-of-order hs msg before reassembling nex
            -S "Injecting buffered CCS message" \
            -S "Remember CCS message"

+requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "DTLS reordering: Buffer out-of-order handshake message on server" \
            -p "$P_PXY delay_cli=Certificate" \
@ -9401,6 +9412,7 @@ run_test    "DTLS reordering: Buffer out-of-order handshake message on server" \
            -S "Injecting buffered CCS message" \
            -S "Remember CCS message"

+requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "DTLS reordering: Buffer out-of-order CCS message on client"\
            -p "$P_PXY delay_srv=NewSessionTicket" \
@ -9418,6 +9430,7 @@ run_test    "DTLS reordering: Buffer out-of-order CCS message on client"\
            -S "Injecting buffered CCS message" \
            -S "Remember CCS message"

+requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "DTLS reordering: Buffer out-of-order CCS message on server"\
            -p "$P_PXY delay_cli=ClientKeyExchange" \