tlsfuzzer: use fixed HTTP response for record_size_limit tests

Previously those tests assumed varying sizes of connection information
gnutls-serv sends.  This is too brittle and if the default algorithm
has changed the tests need to be updated.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

diff --git a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
index 806cc17b1669cedf46179e023b55437ea122e3bf..30bbf11e46026dc6dcee337dfd7b21d8c3f011b4 100644 (file)
--- a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
+++ b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
@@ -7,6 +7,7 @@
                  "--x509keyfile", "../../../certs/ecc256.pem",
                  "--x509certfile", "../../../certs/cert-ecc256.pem",
                  "--debug=3",
+                 "--httpdata=../http.dat",
                  "--priority=@PRIORITY@",
                  "--disable-client-cert", "--port=@PORT@"],
      "server_hostname": "localhost",
@@ -14,9 +15,8 @@
      "tests" : [
          {"name" : "test-record-size-limit.py",
           "comment" : "changed extension after HRR is not supported #617",
-          "arguments" : ["-p", "@PORT@", "--reply-AD-size", "685",
+          "arguments" : ["-p", "@PORT@", "--reply-AD-size", "1024",
                          "-e", "change size in TLS 1.2 resumption",
-                         "-e", "change size in TLS 1.3 session resumption",
                          "-e", "check if server accepts maximum size in TLS 1.0",
                          "-e", "check if server accepts maximum size in TLS 1.1",
                          "-e", "check if server accepts maximum size in TLS 1.2",
@@ -29,7 +29,6 @@
                          "-e", "check server sent size in TLS 1.1",
                          "-e", "check server sent size in TLS 1.2",
                          "-e", "drop extension in TLS 1.2 resumption",
-                         "-e", "drop extension in TLS 1.3 session resumption",
                          "-e", "modified extension in 2nd CH in HRR handshake",
                          "-e", "renegotiation with changed limit",
                          "-e", "renegotiation with dropped extension",
@@ -38,10 +37,6 @@
                          "-e", "check server sent size in TLS 1.1 with max_fragment_length",
                          "-e", "check server sent size in TLS 1.2 with max_fragment_length",
                          "-e", "removed extension in 2nd CH in HRR handshake"] },
-         {"name" : "test-record-size-limit.py",
-          "arguments" : ["-p", "@PORT@", "--reply-AD-size", "672",
-                         "change size in TLS 1.3 session resumption",
-                         "drop extension in TLS 1.3 session resumption"] },
         {"name" : "test-tls13-0rtt-garbage.py",
          "arguments": ["-p", "@PORT@"]},
         {"name" : "test-tls13-ccs.py",

diff --git a/tests/suite/tls-fuzzer/gnutls-nocert.json b/tests/suite/tls-fuzzer/gnutls-nocert.json
index e6101087154e350d4801e779eefe97a6af009ebc..dc3ffd8e85d1faa326909f917f70501c4e6f0c87 100644 (file)
--- a/tests/suite/tls-fuzzer/gnutls-nocert.json
+++ b/tests/suite/tls-fuzzer/gnutls-nocert.json
@@ -6,6 +6,7 @@
                  "--x509certfile", "../../../certs/cert-ecc256.pem",
                  "--debug=3",
                  "--noticket",
+                 "--httpdata=../http.dat",
                  "--priority=@PRIORITY@",
                  "--disable-client-cert", "--port=@PORT@"],
      "server_hostname": "localhost",
@@ -233,15 +234,13 @@
                          "-e", "medium, maximum fragmentation: 1 fragment - 1024B extension"]},
          {"name" : "test-record-size-limit.py",
          "comment" : "TLS 1.3 tests are done separately; 1/n-1 splitting is not supported in TLS 1.0",
-          "arguments" : ["-p", "@PORT@", "--reply-AD-size", "821",
+          "arguments" : ["-p", "@PORT@", "--reply-AD-size", "1024",
                          "-e", "check if server accepts maximum size in TLS 1.0",
                          "-e", "check if server accepts maximum size in TLS 1.3",
                          "-e", "check if server accepts minimal size in TLS 1.0",
                          "-e", "check if server accepts minimal size in TLS 1.3",
                          "-e", "check if server omits extension for unrecognized size 64 in TLS 1.3",
                          "-e", "check if server omits extension for unrecognized size 511 in TLS 1.3",
-                         "-e", "check interaction with sha256 prf",
-                         "-e", "check interaction with sha384 prf",
                          "-e", "check server sent size in TLS 1.0",
                          "-e", "check server sent size in TLS 1.3",
                          "-e", "HRR sanity",
@@ -253,16 +252,6 @@
                          "-e", "check server sent size in TLS 1.0 with max_fragment_length",
                          "-e", "check server sent size in TLS 1.3 with max_fragment_length",
                          "-e", "removed extension in 2nd CH in HRR handshake"] },
-         {"name" : "test-record-size-limit.py",
-          "comment" : "The reply includes PRF algorithm and affects the AD size",
-          "arguments" : ["-p", "@PORT@", "--reply-AD-size", "827",
-                         "--minimal-size", "512",
-                         "check interaction with sha256 prf"] },
-         {"name" : "test-record-size-limit.py",
-          "comment" : "The reply includes PRF algorithm and affects the AD size",
-          "arguments" : ["-p", "@PORT@", "--reply-AD-size", "816",
-                         "--minimal-size", "512",
-                         "check interaction with sha384 prf"] },
          {"name" : "test-sessionID-resumption.py",
           "arguments" : ["-p", "@PORT@"] },
          {"name" : "test-serverhello-random.py",

diff --git a/tests/suite/tls-fuzzer/http.dat b/tests/suite/tls-fuzzer/http.dat
new file mode 100644 (file)
index 0000000..12dda94
--- /dev/null
+++ b/tests/suite/tls-fuzzer/http.dat
@@ -0,0 +1,23 @@
+7 bottles of beer on the wall, 7 bottles of beer.
+Take one down and pass it around, 6 bottles of beer on the wall.
+
+6 bottles of beer on the wall, 6 bottles of beer.
+Take one down and pass it around, 5 bottles of beer on the wall.
+
+5 bottles of beer on the wall, 5 bottles of beer.
+Take one down and pass it around, 4 bottles of beer on the wall.
+
+4 bottles of beer on the wall, 4 bottles of beer.
+Take one down and pass it around, 3 bottles of beer on the wall.
+
+3 bottles of beer on the wall, 3 bottles of beer.
+Take one down and pass it around, 2 bottles of beer on the wall.
+
+2 bottles of beer on the wall, 2 bottles of beer.
+Take one down and pass it around, 1 bottle of beer on the wall.
+
+1 bottle of beer on the wall, 1 bottle of beer.
+Take one down and pass it around, no more bottles of beer on the wall.
+
+No more bottles of beer on the wall, no more bottles of beer.
+Go to the store and buy some more, 99 bottles of beer on the wall.