From c3d1a1dbc923f129b1f670cd77e977e9307e0762 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Sep 2024 00:03:18 +0200 Subject: [PATCH] Test SSL sample programs against each other and ssl_client2, ssl_server2 Signed-off-by: Gilles Peskine --- tests/opt-testcases/sample.sh | 135 +++++++++++++++++++++++++++++++++- 1 file changed, 134 insertions(+), 1 deletion(-) diff --git a/tests/opt-testcases/sample.sh b/tests/opt-testcases/sample.sh index c85cd5b5d9..bd800054fd 100644 --- a/tests/opt-testcases/sample.sh +++ b/tests/opt-testcases/sample.sh @@ -1,10 +1,23 @@ -# Test that SSL sample programs can interoperate with OpenSSL and GnuTLS. +# Test that SSL sample programs can interoperate with each other +# and with OpenSSL and GnuTLS. # Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later : ${PROGRAMS_DIR:=../programs/ssl} +run_test "Sample: ssl_client1, ssl_server2" \ + -P 4433 \ + "$PROGRAMS_DIR/ssl_server2" \ + "$PROGRAMS_DIR/ssl_client1" \ + 0 \ + -s "[1-9][0-9]* bytes read" \ + -s "[1-9][0-9]* bytes written" \ + -c "[1-9][0-9]* bytes read" \ + -c "[1-9][0-9]* bytes written" \ + -S "error" \ + -C "error" + requires_protocol_version tls12 run_test "Sample: ssl_client1, openssl server, TLS 1.2" \ -P 4433 \ @@ -49,6 +62,22 @@ run_test "Sample: ssl_client1, gnutls server, TLS 1.3" \ -S "Error" \ -C "error" +# The server complains of extra data after it closes the connection +# because the client keeps sending data, so the server receives +# more application data when it expects a new handshake. We consider +# the test a success if both sides have sent and received application +# data, no matter what happens afterwards. +run_test "Sample: dtls_client, ssl_server2" \ + -P 4433 \ + "$PROGRAMS_DIR/ssl_server2 dtls=1 server_addr=localhost" \ + "$PROGRAMS_DIR/dtls_client" \ + 0 \ + -s "[1-9][0-9]* bytes read" \ + -s "[1-9][0-9]* bytes written" \ + -c "[1-9][0-9]* bytes read" \ + -c "[1-9][0-9]* bytes written" \ + -C "error" + requires_protocol_version dtls12 run_test "Sample: dtls_client, openssl server, DTLS 1.2" \ -P 4433 \ @@ -76,6 +105,30 @@ run_test "Sample: dtls_client, gnutls server, DTLS 1.2" \ -S "Error" \ -C "error" +run_test "Sample: ssl_server, ssl_client2" \ + -P 4433 \ + "$PROGRAMS_DIR/ssl_server" \ + "$PROGRAMS_DIR/ssl_client2" \ + 0 \ + -s "[1-9][0-9]* bytes read" \ + -s "[1-9][0-9]* bytes written" \ + -c "[1-9][0-9]* bytes read" \ + -c "[1-9][0-9]* bytes written" \ + -S "error" \ + -C "error" + +run_test "Sample: ssl_client1 with ssl_server" \ + -P 4433 \ + "$PROGRAMS_DIR/ssl_server" \ + "$PROGRAMS_DIR/ssl_client1" \ + 0 \ + -s "[1-9][0-9]* bytes read" \ + -s "[1-9][0-9]* bytes written" \ + -c "[1-9][0-9]* bytes read" \ + -c "[1-9][0-9]* bytes written" \ + -S "error" \ + -C "error" + requires_protocol_version tls12 run_test "Sample: ssl_server, openssl client, TLS 1.2" \ -P 4433 \ @@ -122,6 +175,30 @@ run_test "Sample: ssl_server, gnutls client, TLS 1.3" \ -S "error" \ -C "ERROR" +run_test "Sample: ssl_fork_server, ssl_client2" \ + -P 4433 \ + "$PROGRAMS_DIR/ssl_fork_server" \ + "$PROGRAMS_DIR/ssl_client2" \ + 0 \ + -s "[1-9][0-9]* bytes read" \ + -s "[1-9][0-9]* bytes written" \ + -c "[1-9][0-9]* bytes read" \ + -c "[1-9][0-9]* bytes written" \ + -S "error" \ + -C "error" + +run_test "Sample: ssl_client1 with ssl_fork_server" \ + -P 4433 \ + "$PROGRAMS_DIR/ssl_fork_server" \ + "$PROGRAMS_DIR/ssl_client1" \ + 0 \ + -s "[1-9][0-9]* bytes read" \ + -s "[1-9][0-9]* bytes written" \ + -c "[1-9][0-9]* bytes read" \ + -c "[1-9][0-9]* bytes written" \ + -S "error" \ + -C "error" + requires_protocol_version tls12 run_test "Sample: ssl_fork_server, openssl client, TLS 1.2" \ -P 4433 \ @@ -168,6 +245,30 @@ run_test "Sample: ssl_fork_server, gnutls client, TLS 1.3" \ -S "error" \ -C "ERROR" +run_test "Sample: ssl_pthread_server, ssl_client2" \ + -P 4433 \ + "$PROGRAMS_DIR/ssl_pthread_server" \ + "$PROGRAMS_DIR/ssl_client2" \ + 0 \ + -s "[1-9][0-9]* bytes read" \ + -s "[1-9][0-9]* bytes written" \ + -c "[1-9][0-9]* bytes read" \ + -c "[1-9][0-9]* bytes written" \ + -S "error" \ + -C "error" + +run_test "Sample: ssl_client1 with ssl_pthread_server" \ + -P 4433 \ + "$PROGRAMS_DIR/ssl_pthread_server" \ + "$PROGRAMS_DIR/ssl_client1" \ + 0 \ + -s "[1-9][0-9]* bytes read" \ + -s "[1-9][0-9]* bytes written" \ + -c "[1-9][0-9]* bytes read" \ + -c "[1-9][0-9]* bytes written" \ + -S "error" \ + -C "error" + requires_protocol_version tls12 run_test "Sample: ssl_pthread_server, openssl client, TLS 1.2" \ -P 4433 \ @@ -214,6 +315,38 @@ run_test "Sample: ssl_pthread_server, gnutls client, TLS 1.3" \ -S "error" \ -C "ERROR" +# The server complains of extra data after it closes the connection +# because the client keeps sending data, so the server receives +# more application data when it expects a new handshake. We consider +# the test a success if both sides have sent and received application +# data, no matter what happens afterwards. +run_test "Sample: dtls_client with dtls_server" \ + -P 4433 \ + "$PROGRAMS_DIR/dtls_server" \ + "$PROGRAMS_DIR/dtls_client" \ + 0 \ + -s "[1-9][0-9]* bytes read" \ + -s "[1-9][0-9]* bytes written" \ + -c "[1-9][0-9]* bytes read" \ + -c "[1-9][0-9]* bytes written" \ + -C "error" + +# The server complains of extra data after it closes the connection +# because the client keeps sending data, so the server receives +# more application data when it expects a new handshake. We consider +# the test a success if both sides have sent and received application +# data, no matter what happens afterwards. +run_test "Sample: ssl_client2, dtls_server" \ + -P 4433 \ + "$PROGRAMS_DIR/dtls_server" \ + "$PROGRAMS_DIR/ssl_client2 dtls=1" \ + 0 \ + -s "[1-9][0-9]* bytes read" \ + -s "[1-9][0-9]* bytes written" \ + -c "[1-9][0-9]* bytes read" \ + -c "[1-9][0-9]* bytes written" \ + -C "error" + requires_protocol_version dtls12 run_test "Sample: dtls_server, openssl client, DTLS 1.2" \ -P 4433 \