diff options
| -rw-r--r-- | regress/lib/libssl/tlsfuzzer/tlsfuzzer.py | 53 |
1 files changed, 26 insertions, 27 deletions
diff --git a/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py b/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py index 4e8f2c60a3a..374c8002418 100644 --- a/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py +++ b/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py @@ -1,4 +1,4 @@ -# $OpenBSD: tlsfuzzer.py,v 1.19 2020/09/25 08:38:25 tb Exp $ +# $OpenBSD: tlsfuzzer.py,v 1.20 2020/09/25 19:50:45 tb Exp $ # # Copyright (c) 2020 Theo Buehler <tb@openbsd.org> # @@ -68,30 +68,6 @@ tls13_unsupported_ciphers = [ "-e", "TLS 1.3 with x448", ] -tls13_tests = TestGroup("TLSv1.3 tests", [ - Test("test-tls13-ccs.py"), - Test("test-tls13-conversation.py"), - Test("test-tls13-count-tickets.py"), - Test("test-tls13-empty-alert.py"), - Test("test-tls13-finished-plaintext.py"), - Test("test-tls13-hrr.py"), - Test("test-tls13-keyshare-omitted.py"), - Test("test-tls13-legacy-version.py"), - Test("test-tls13-nociphers.py"), - Test("test-tls13-record-padding.py"), - Test("test-tls13-shuffled-extentions.py"), - Test("test-tls13-zero-content-type.py"), - - # The skipped tests fail due to a bug in BIO_gets() which masks the retry - # signalled from an SSL_read() failure. Testing with httpd(8) shows we're - # handling these corner cases correctly since tls13_record_layer.c -r1.47. - Test("test-tls13-zero-length-data.py", [ - "-e", "zero-length app data", - "-e", "zero-length app data with large padding", - "-e", "zero-length app data with padding", - ]), -]) - # test-tls13-finished.py has 70 failing tests that expect a "decode_error" # instead of the "decrypt_error" sent by tls13_server_finished_recv(). # Both alerts appear to be reasonable in this context, so work around this @@ -183,6 +159,31 @@ def generate_test_tls13_finished_args(): args += ["-x", truncation_fmt % truncation, "-X", assertion] return args +tls13_tests = TestGroup("TLSv1.3 tests", [ + Test("test-tls13-ccs.py"), + Test("test-tls13-conversation.py"), + Test("test-tls13-count-tickets.py"), + Test("test-tls13-empty-alert.py"), + Test("test-tls13-finished.py", generate_test_tls13_finished_args()), + Test("test-tls13-finished-plaintext.py"), + Test("test-tls13-hrr.py"), + Test("test-tls13-keyshare-omitted.py"), + Test("test-tls13-legacy-version.py"), + Test("test-tls13-nociphers.py"), + Test("test-tls13-record-padding.py"), + Test("test-tls13-shuffled-extentions.py"), + Test("test-tls13-zero-content-type.py"), + + # The skipped tests fail due to a bug in BIO_gets() which masks the retry + # signalled from an SSL_read() failure. Testing with httpd(8) shows we're + # handling these corner cases correctly since tls13_record_layer.c -r1.47. + Test("test-tls13-zero-length-data.py", [ + "-e", "zero-length app data", + "-e", "zero-length app data with large padding", + "-e", "zero-length app data with padding", + ]), +]) + # Tests that take a lot of time (> ~30s on an x280) tls13_slow_tests = TestGroup("slow TLSv1.3 tests", [ # XXX: Investigate the occasional message @@ -192,8 +193,6 @@ tls13_slow_tests = TestGroup("slow TLSv1.3 tests", [ Test("test-tls13-invalid-ciphers.py"), Test("test-tls13-serverhello-random.py", tls13_unsupported_ciphers), - Test("test-tls13-finished.py", generate_test_tls13_finished_args()), - # Mark two tests cases as xfail for now. The tests expect an arguably # correct decode_error while we send a decrypt_error (like fizz/boring). Test("test-tls13-record-layer-limits.py", [ |