test: Add test cases for separately reduced inward/outward buffer sizes
This commit is contained in:
parent
d8213d00db
commit
c4dd07369f
2 changed files with 142 additions and 77 deletions
|
@ -520,6 +520,28 @@ tests/ssl-opt.sh -f RSA
|
|||
msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
|
||||
tests/compat.sh -t RSA
|
||||
|
||||
msg "build: small SSL_OUT_CONTENT_LEN (ASan build)"
|
||||
cleanup
|
||||
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||
scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384
|
||||
scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests"
|
||||
if_build_succeeded tests/ssl-opt.sh -f "Max fragment\|Large packet"
|
||||
|
||||
msg "build: small SSL_IN_CONTENT_LEN (ASan build)"
|
||||
cleanup
|
||||
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||
scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 4096
|
||||
scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 16384
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
|
||||
if_build_succeeded tests/ssl-opt.sh -f "Max fragment"
|
||||
|
||||
msg "build: cmake, full config, clang" # ~ 50s
|
||||
cleanup
|
||||
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||
|
@ -616,6 +638,7 @@ scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc.
|
|||
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
|
||||
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' lib
|
||||
|
||||
# Run max fragment length tests with MFL disabled
|
||||
msg "build: default config except MFL extension (ASan build)" # ~ 30s
|
||||
cleanup
|
||||
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||
|
@ -626,6 +649,18 @@ make
|
|||
msg "test: ssl-opt.sh, MFL-related tests"
|
||||
if_build_succeeded tests/ssl-opt.sh -f "Max fragment length"
|
||||
|
||||
msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)"
|
||||
cleanup
|
||||
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||
scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384
|
||||
scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: MFL tests (disabled MFL extension case) & large packet tests"
|
||||
if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
|
||||
|
||||
msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
|
||||
cleanup
|
||||
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||
|
|
184
tests/ssl-opt.sh
184
tests/ssl-opt.sh
|
@ -21,6 +21,11 @@
|
|||
|
||||
set -u
|
||||
|
||||
if cd $( dirname $0 ); then :; else
|
||||
echo "cd $( dirname $0 ) failed" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# default values, can be overriden by the environment
|
||||
: ${P_SRV:=../programs/ssl/ssl_server2}
|
||||
: ${P_CLI:=../programs/ssl/ssl_client2}
|
||||
|
@ -178,6 +183,25 @@ requires_ipv6() {
|
|||
fi
|
||||
}
|
||||
|
||||
# Calculate the input & output maximum content lengths set in the config
|
||||
MAX_CONTENT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN || echo "16384")
|
||||
MAX_IN_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_IN_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
|
||||
MAX_OUT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_OUT_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
|
||||
|
||||
if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then
|
||||
MAX_CONTENT_LEN="$MAX_IN_LEN"
|
||||
fi
|
||||
if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then
|
||||
MAX_CONTENT_LEN="$MAX_OUT_LEN"
|
||||
fi
|
||||
|
||||
# skip the next test if the SSL output buffer is less than 16KB
|
||||
requires_full_size_output_buffer() {
|
||||
if [ "$MAX_OUT_LEN" -ne 16384 ]; then
|
||||
SKIP_NEXT="YES"
|
||||
fi
|
||||
}
|
||||
|
||||
# skip the next test if valgrind is in use
|
||||
not_with_valgrind() {
|
||||
if [ "$MEMCHECK" -gt 0 ]; then
|
||||
|
@ -626,11 +650,6 @@ cleanup() {
|
|||
# MAIN
|
||||
#
|
||||
|
||||
if cd $( dirname $0 ); then :; else
|
||||
echo "cd $( dirname $0 ) failed" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
get_options "$@"
|
||||
|
||||
# sanity checks, avoid an avalanche of errors
|
||||
|
@ -1416,28 +1435,22 @@ run_test "Session resume using cache: openssl server" \
|
|||
|
||||
# Tests for Max Fragment Length extension
|
||||
|
||||
MAX_CONTENT_LEN_EXPECT='16384'
|
||||
MAX_CONTENT_LEN_CONFIG=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN)
|
||||
|
||||
if [ -n "$MAX_CONTENT_LEN_CONFIG" ] && [ "$MAX_CONTENT_LEN_CONFIG" -ne "$MAX_CONTENT_LEN_EXPECT" ]; then
|
||||
printf "The ${CONFIG_H} file contains a value for the configuration of\n"
|
||||
printf "MBEDTLS_SSL_MAX_CONTENT_LEN that is different from the script’s\n"
|
||||
printf "test value of ${MAX_CONTENT_LEN_EXPECT}. \n"
|
||||
printf "\n"
|
||||
printf "The tests assume this value and if it changes, the tests in this\n"
|
||||
printf "script should also be adjusted.\n"
|
||||
printf "\n"
|
||||
|
||||
if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then
|
||||
printf "${CONFIG_H} defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ $MAX_CONTENT_LEN -ne 16384 ]; then
|
||||
printf "Using non-default maximum content length $MAX_CONTENT_LEN\n"
|
||||
fi
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: enabled, default" \
|
||||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3" \
|
||||
0 \
|
||||
-c "Maximum fragment length is 16384" \
|
||||
-s "Maximum fragment length is 16384" \
|
||||
-c "Maximum fragment length is $MAX_CONTENT_LEN" \
|
||||
-s "Maximum fragment length is $MAX_CONTENT_LEN" \
|
||||
-C "client hello, adding max_fragment_length extension" \
|
||||
-S "found max fragment length extension" \
|
||||
-S "server hello, max_fragment_length extension" \
|
||||
|
@ -1446,46 +1459,50 @@ run_test "Max fragment length: enabled, default" \
|
|||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: enabled, default, larger message" \
|
||||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3 request_size=16385" \
|
||||
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
||||
0 \
|
||||
-c "Maximum fragment length is 16384" \
|
||||
-s "Maximum fragment length is 16384" \
|
||||
-c "Maximum fragment length is $MAX_CONTENT_LEN" \
|
||||
-s "Maximum fragment length is $MAX_CONTENT_LEN" \
|
||||
-C "client hello, adding max_fragment_length extension" \
|
||||
-S "found max fragment length extension" \
|
||||
-S "server hello, max_fragment_length extension" \
|
||||
-C "found max_fragment_length extension" \
|
||||
-c "16385 bytes written in 2 fragments" \
|
||||
-s "16384 bytes read" \
|
||||
-c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
|
||||
-s "$MAX_CONTENT_LEN bytes read" \
|
||||
-s "1 bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length, DTLS: enabled, default, larger message" \
|
||||
"$P_SRV debug_level=3 dtls=1" \
|
||||
"$P_CLI debug_level=3 dtls=1 request_size=16385" \
|
||||
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
||||
1 \
|
||||
-c "Maximum fragment length is 16384" \
|
||||
-s "Maximum fragment length is 16384" \
|
||||
-c "Maximum fragment length is $MAX_CONTENT_LEN" \
|
||||
-s "Maximum fragment length is $MAX_CONTENT_LEN" \
|
||||
-C "client hello, adding max_fragment_length extension" \
|
||||
-S "found max fragment length extension" \
|
||||
-S "server hello, max_fragment_length extension" \
|
||||
-C "found max_fragment_length extension" \
|
||||
-c "fragment larger than.*maximum "
|
||||
|
||||
# Run some tests with MBEDTLS_SSL_MAX_FRAGMENT_LENGTH disabled
|
||||
# (session fragment length will be 16384 regardless of mbedtls
|
||||
# content length configuration.)
|
||||
|
||||
requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: disabled, larger message" \
|
||||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3 request_size=16385" \
|
||||
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
||||
0 \
|
||||
-C "Maximum fragment length is 16384" \
|
||||
-S "Maximum fragment length is 16384" \
|
||||
-c "16385 bytes written in 2 fragments" \
|
||||
-s "16384 bytes read" \
|
||||
-c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
|
||||
-s "$MAX_CONTENT_LEN bytes read" \
|
||||
-s "1 bytes read"
|
||||
|
||||
requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length DTLS: disabled, larger message" \
|
||||
"$P_SRV debug_level=3 dtls=1" \
|
||||
"$P_CLI debug_level=3 dtls=1 request_size=16385" \
|
||||
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
||||
1 \
|
||||
-C "Maximum fragment length is 16384" \
|
||||
-S "Maximum fragment length is 16384" \
|
||||
|
@ -1508,7 +1525,7 @@ run_test "Max fragment length: used by server" \
|
|||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||
"$P_CLI debug_level=3" \
|
||||
0 \
|
||||
-c "Maximum fragment length is 16384" \
|
||||
-c "Maximum fragment length is $MAX_CONTENT_LEN" \
|
||||
-s "Maximum fragment length is 4096" \
|
||||
-C "client hello, adding max_fragment_length extension" \
|
||||
-S "found max fragment length extension" \
|
||||
|
@ -2376,6 +2393,7 @@ if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
requires_full_size_output_buffer
|
||||
run_test "Authentication: server max_int chain, client default" \
|
||||
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
|
||||
key_file=data_files/dir-maxpath/09.key" \
|
||||
|
@ -2383,6 +2401,7 @@ run_test "Authentication: server max_int chain, client default" \
|
|||
0 \
|
||||
-C "X509 - A fatal error occured"
|
||||
|
||||
requires_full_size_output_buffer
|
||||
run_test "Authentication: server max_int+1 chain, client default" \
|
||||
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
|
||||
key_file=data_files/dir-maxpath/10.key" \
|
||||
|
@ -2390,6 +2409,7 @@ run_test "Authentication: server max_int+1 chain, client default" \
|
|||
1 \
|
||||
-c "X509 - A fatal error occured"
|
||||
|
||||
requires_full_size_output_buffer
|
||||
run_test "Authentication: server max_int+1 chain, client optional" \
|
||||
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
|
||||
key_file=data_files/dir-maxpath/10.key" \
|
||||
|
@ -2398,6 +2418,7 @@ run_test "Authentication: server max_int+1 chain, client optional" \
|
|||
1 \
|
||||
-c "X509 - A fatal error occured"
|
||||
|
||||
requires_full_size_output_buffer
|
||||
run_test "Authentication: server max_int+1 chain, client none" \
|
||||
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
|
||||
key_file=data_files/dir-maxpath/10.key" \
|
||||
|
@ -2406,6 +2427,7 @@ run_test "Authentication: server max_int+1 chain, client none" \
|
|||
0 \
|
||||
-C "X509 - A fatal error occured"
|
||||
|
||||
requires_full_size_output_buffer
|
||||
run_test "Authentication: client max_int+1 chain, server default" \
|
||||
"$P_SRV ca_file=data_files/dir-maxpath/00.crt" \
|
||||
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
|
||||
|
@ -2413,6 +2435,7 @@ run_test "Authentication: client max_int+1 chain, server default" \
|
|||
0 \
|
||||
-S "X509 - A fatal error occured"
|
||||
|
||||
requires_full_size_output_buffer
|
||||
run_test "Authentication: client max_int+1 chain, server optional" \
|
||||
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
|
||||
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
|
||||
|
@ -2420,6 +2443,7 @@ run_test "Authentication: client max_int+1 chain, server optional" \
|
|||
1 \
|
||||
-s "X509 - A fatal error occured"
|
||||
|
||||
requires_full_size_output_buffer
|
||||
run_test "Authentication: client max_int+1 chain, server required" \
|
||||
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
|
||||
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
|
||||
|
@ -2427,6 +2451,7 @@ run_test "Authentication: client max_int+1 chain, server required" \
|
|||
1 \
|
||||
-s "X509 - A fatal error occured"
|
||||
|
||||
requires_full_size_output_buffer
|
||||
run_test "Authentication: client max_int chain, server required" \
|
||||
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
|
||||
"$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
|
||||
|
@ -3970,14 +3995,19 @@ run_test "SSLv3 with extensions, server side" \
|
|||
|
||||
# Test for large packets
|
||||
|
||||
# How many fragments do we expect to write $1 bytes?
|
||||
fragments_for_write() {
|
||||
echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))"
|
||||
}
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
||||
run_test "Large packet SSLv3 BlockCipher" \
|
||||
"$P_SRV min_version=ssl3" \
|
||||
"$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-c "16384 bytes written in 1 fragments" \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
||||
run_test "Large packet SSLv3 StreamCipher" \
|
||||
|
@ -3985,23 +4015,23 @@ run_test "Large packet SSLv3 StreamCipher" \
|
|||
"$P_CLI request_size=16384 force_version=ssl3 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
0 \
|
||||
-c "16384 bytes written in 1 fragments" \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.0 BlockCipher" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-c "16384 bytes written in 1 fragments" \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.0 BlockCipher, without EtM" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Large packet TLS 1.0 BlockCipher, truncated MAC" \
|
||||
|
@ -4009,8 +4039,8 @@ run_test "Large packet TLS 1.0 BlockCipher, truncated MAC" \
|
|||
"$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
|
||||
0 \
|
||||
-c "16384 bytes written in 1 fragments" \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Large packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
|
||||
|
@ -4018,21 +4048,21 @@ run_test "Large packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
|
|||
"$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
|
||||
0 \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.0 StreamCipher" \
|
||||
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI request_size=16384 force_version=tls1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
0 \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.0 StreamCipher, without EtM" \
|
||||
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI request_size=16384 force_version=tls1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
|
||||
0 \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Large packet TLS 1.0 StreamCipher, truncated MAC" \
|
||||
|
@ -4040,7 +4070,7 @@ run_test "Large packet TLS 1.0 StreamCipher, truncated MAC" \
|
|||
"$P_CLI request_size=16384 force_version=tls1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
|
||||
0 \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Large packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
|
||||
|
@ -4048,23 +4078,23 @@ run_test "Large packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
|
|||
"$P_CLI request_size=16384 force_version=tls1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
|
||||
0 \
|
||||
-c "16384 bytes written in 1 fragments" \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.1 BlockCipher" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-c "16384 bytes written in 1 fragments" \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.1 BlockCipher, without EtM" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_1 etm=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Large packet TLS 1.1 BlockCipher, truncated MAC" \
|
||||
|
@ -4072,7 +4102,7 @@ run_test "Large packet TLS 1.1 BlockCipher, truncated MAC" \
|
|||
"$P_CLI request_size=16384 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
|
||||
0 \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Large packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
|
||||
|
@ -4080,23 +4110,23 @@ run_test "Large packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
|
|||
"$P_CLI request_size=16384 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
|
||||
0 \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.1 StreamCipher" \
|
||||
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
0 \
|
||||
-c "16384 bytes written in 1 fragments" \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.1 StreamCipher, without EtM" \
|
||||
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
|
||||
0 \
|
||||
-c "16384 bytes written in 1 fragments" \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Large packet TLS 1.1 StreamCipher, truncated MAC" \
|
||||
|
@ -4104,7 +4134,7 @@ run_test "Large packet TLS 1.1 StreamCipher, truncated MAC" \
|
|||
"$P_CLI request_size=16384 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
|
||||
0 \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Large packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
|
||||
|
@ -4112,31 +4142,31 @@ run_test "Large packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
|
|||
"$P_CLI request_size=16384 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
|
||||
0 \
|
||||
-c "16384 bytes written in 1 fragments" \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.2 BlockCipher" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_2 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-c "16384 bytes written in 1 fragments" \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.2 BlockCipher, without EtM" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_2 etm=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.2 BlockCipher larger MAC" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_2 \
|
||||
force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
|
||||
0 \
|
||||
-c "16384 bytes written in 1 fragments" \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Large packet TLS 1.2 BlockCipher, truncated MAC" \
|
||||
|
@ -4144,7 +4174,7 @@ run_test "Large packet TLS 1.2 BlockCipher, truncated MAC" \
|
|||
"$P_CLI request_size=16384 force_version=tls1_2 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
|
||||
0 \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Large packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
|
||||
|
@ -4152,23 +4182,23 @@ run_test "Large packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
|
|||
"$P_CLI request_size=16384 force_version=tls1_2 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
|
||||
0 \
|
||||
-c "16384 bytes written in 1 fragments" \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.2 StreamCipher" \
|
||||
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_2 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
0 \
|
||||
-c "16384 bytes written in 1 fragments" \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.2 StreamCipher, without EtM" \
|
||||
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_2 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
|
||||
0 \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Large packet TLS 1.2 StreamCipher, truncated MAC" \
|
||||
|
@ -4176,7 +4206,7 @@ run_test "Large packet TLS 1.2 StreamCipher, truncated MAC" \
|
|||
"$P_CLI request_size=16384 force_version=tls1_2 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
|
||||
0 \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Large packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
|
||||
|
@ -4184,24 +4214,24 @@ run_test "Large packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
|
|||
"$P_CLI request_size=16384 force_version=tls1_2 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
|
||||
0 \
|
||||
-c "16384 bytes written in 1 fragments" \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.2 AEAD" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_2 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
|
||||
0 \
|
||||
-c "16384 bytes written in 1 fragments" \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.2 AEAD shorter tag" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_2 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
|
||||
0 \
|
||||
-c "16384 bytes written in 1 fragments" \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
# Tests of asynchronous private key support in SSL
|
||||
|
||||
|
|
Loading…
Reference in a new issue