Skip some DTLS reordering tests in PSK-only builds
Some DTLS reordering tests rely on certificate authentication messages. It
is probably possible to adapt them to rely on different messages, but for
now, skip them in PSK-only builds.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 77f529c..82e2023 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -298,6 +298,12 @@
unset ciphersuite
}
+requires_certificate_authentication () {
+ if [ "$PSK_ONLY" = "YES" ]; then
+ SKIP_NEXT="YES"
+ fi
+}
+
adapt_cmd_for_psk () {
case "$2" in
*openssl*) s='-psk abc123 -nocert';;
@@ -9887,6 +9893,7 @@
# Tests for reordering support with DTLS
+requires_certificate_authentication
run_test "DTLS reordering: Buffer out-of-order handshake message on client" \
-p "$P_PXY delay_srv=ServerHello" \
"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@@ -9903,6 +9910,7 @@
-S "Injecting buffered CCS message" \
-S "Remember CCS message"
+requires_certificate_authentication
run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \
-p "$P_PXY delay_srv=ServerHello" \
"$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@@ -9925,6 +9933,7 @@
# Certificate message; at the time of writing, together these are aroudn 1200b
# in size, so that the bound below ensures that the certificate can be reassembled
# while keeping the ServerKeyExchange.
+requires_certificate_authentication
requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300
run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \
-p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
@@ -9946,6 +9955,7 @@
# The size constraints ensure that the delayed certificate message can't
# be reassembled while keeping the ServerKeyExchange message, but it can
# when dropping it first.
+requires_certificate_authentication
requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900
requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299
run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \
@@ -9965,6 +9975,7 @@
-S "Injecting buffered CCS message" \
-S "Remember CCS message"
+requires_certificate_authentication
run_test "DTLS reordering: Buffer out-of-order handshake message on server" \
-p "$P_PXY delay_cli=Certificate" \
"$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \
@@ -9981,6 +9992,7 @@
-S "Injecting buffered CCS message" \
-S "Remember CCS message"
+requires_certificate_authentication
run_test "DTLS reordering: Buffer out-of-order CCS message on client"\
-p "$P_PXY delay_srv=NewSessionTicket" \
"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@@ -9997,6 +10009,7 @@
-S "Injecting buffered CCS message" \
-S "Remember CCS message"
+requires_certificate_authentication
run_test "DTLS reordering: Buffer out-of-order CCS message on server"\
-p "$P_PXY delay_cli=ClientKeyExchange" \
"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \