lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-27 12:15:33 +03:00
Code Activity

Merge pull request #10029 from gilles-peskine-arm/tls-defragment-generate-tests-3.6

Browse Source 
Backport 3.6: Generate TLS handshake defragmentation tests
This commit is contained in:
Gilles Peskine
2025-03-05 16:49:21 +01:00
committed by GitHub
parent abb08f1088 2e7def5748
commit 134677d44c
8 changed files with 37 additions and 516 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
framework

Submodule framework updated: 523a12d05b...4a009d4b3c

1
scripts/make_generated_files.bat
View File

@@ -28,4 +28,5 @@ python framework\scripts\generate_ecp_tests.py || exit /b 1
python framework\scripts\generate_psa_tests.py || exit /b 1 python framework\scripts\generate_psa_tests.py || exit /b 1
python framework\scripts\generate_test_keys.py --output framework\tests\include\test\test_keys.h || exit /b 1 python framework\scripts\generate_test_keys.py --output framework\tests\include\test\test_keys.h || exit /b 1
python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1 python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1
python framework\scripts\generate_tls_handshake_tests.py || exit /b 1
python framework\scripts\generate_tls13_compat_tests.py || exit /b 1 python framework\scripts\generate_tls13_compat_tests.py || exit /b 1

1
tests/.gitignore vendored
View File

@@ -18,6 +18,7 @@
###START_GENERATED_FILES### ###START_GENERATED_FILES###
# Generated source files # Generated source files
/opt-testcases/handshake-generated.sh
/opt-testcases/tls13-compat.sh /opt-testcases/tls13-compat.sh
/suites/*.generated.data /suites/*.generated.data
/suites/test_suite_config.mbedtls_boolean.data /suites/test_suite_config.mbedtls_boolean.data

18
tests/CMakeLists.txt
View File

@@ -124,6 +124,24 @@ if(GEN_FILES)
# change too often in ways that don't affect the result # change too often in ways that don't affect the result
# ((un)commenting some options). # ((un)commenting some options).
) )
add_custom_command(
OUTPUT
${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
COMMAND
"${MBEDTLS_PYTHON_EXECUTABLE}"
"${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py"
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/tls_test_case.py
${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py
)
add_custom_target(handshake-generated.sh
DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh)
set_target_properties(handshake-generated.sh PROPERTIES EXCLUDE_FROM_ALL NO)
add_dependencies(${ssl_opt_target} handshake-generated.sh)
add_custom_command( add_custom_command(
OUTPUT OUTPUT
${ecp_generated_data_files} ${ecp_generated_data_files}

7
tests/Makefile
View File

@@ -58,6 +58,13 @@ GENERATED_FILES += ../framework/tests/include/test/test_keys.h src/test_certs.h
# Generated files needed to (fully) run ssl-opt.sh # Generated files needed to (fully) run ssl-opt.sh
.PHONY: ssl-opt .PHONY: ssl-opt
opt-testcases/handshake-generated.sh: ../framework/scripts/mbedtls_framework/tls_test_case.py
opt-testcases/handshake-generated.sh: ../framework/scripts/generate_tls_handshake_tests.py
echo " Gen $@"
$(PYTHON) ../framework/scripts/generate_tls_handshake_tests.py -o $@
GENERATED_FILES += opt-testcases/handshake-generated.sh
ssl-opt: opt-testcases/handshake-generated.sh
opt-testcases/tls13-compat.sh: ../framework/scripts/generate_tls13_compat_tests.py opt-testcases/tls13-compat.sh: ../framework/scripts/generate_tls13_compat_tests.py
echo " Gen $@" echo " Gen $@"
$(PYTHON) ../framework/scripts/generate_tls13_compat_tests.py -o $@ $(PYTHON) ../framework/scripts/generate_tls13_compat_tests.py -o $@

12
tests/scripts/analyze_outcomes.py
View File

@@ -34,6 +34,13 @@ class CoverageTask(outcome_analysis.CoverageTask):
re.DOTALL) re.DOTALL)
IGNORED_TESTS = { IGNORED_TESTS = {
'handshake-generated': [
# Temporary disable Handshake defragmentation tests until mbedtls
# pr #10011 has been merged.
'Handshake defragmentation on client: len=4, TLS 1.2',
'Handshake defragmentation on client: len=5, TLS 1.2',
'Handshake defragmentation on client: len=13, TLS 1.2'
],
'ssl-opt': [ 'ssl-opt': [
# We don't run ssl-opt.sh with Valgrind on the CI because # We don't run ssl-opt.sh with Valgrind on the CI because
# it's extremely slow. We don't intend to change this. # it's extremely slow. We don't intend to change this.
@@ -53,11 +60,6 @@ class CoverageTask(outcome_analysis.CoverageTask):
# https://github.com/Mbed-TLS/mbedtls/issues/9581 # https://github.com/Mbed-TLS/mbedtls/issues/9581
'Opaque key for server authentication: invalid key: decrypt with ECC key, no async', 'Opaque key for server authentication: invalid key: decrypt with ECC key, no async',
'Opaque key for server authentication: invalid key: ecdh with RSA key, no async', 'Opaque key for server authentication: invalid key: ecdh with RSA key, no async',
# Temporary disable Handshake defragmentation tests until mbedtls
# pr #10011 has been merged.
'Handshake defragmentation on client: len=4, TLS 1.2',
'Handshake defragmentation on client: len=5, TLS 1.2',
'Handshake defragmentation on client: len=13, TLS 1.2'
], ],
'test_suite_config.mbedtls_boolean': [ 'test_suite_config.mbedtls_boolean': [
# We never test with CBC/PKCS5/PKCS12 enabled but # We never test with CBC/PKCS5/PKCS12 enabled but

1
tests/scripts/check-generated-files.sh
View File

@@ -135,6 +135,7 @@ if in_mbedtls_repo; then
check scripts/generate_query_config.pl programs/test/query_config.c check scripts/generate_query_config.pl programs/test/query_config.c
check scripts/generate_features.pl library/version_features.c check scripts/generate_features.pl library/version_features.c
check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
check framework/scripts/generate_tls_handshake_tests.py tests/opt-testcases/handshake-generated.sh
check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh
check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h
# generate_visualc_files enumerates source files (library/*.c). It doesn't # generate_visualc_files enumerates source files (library/*.c). It doesn't

511
tests/ssl-opt.sh
View File

@@ -14459,516 +14459,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth
# Handshake defragmentation testing # Handshake defragmentation testing
# To guarantee that the handhake messages are large enough and need to be split # Most test cases are in opt-testcases/handshake-generated.sh
# into fragments, the tests require certificate authentication. The party in control
# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes).
requires_certificate_authentication
run_test "Handshake defragmentation on client (no fragmentation, for reference)" \
"$O_NEXT_SRV" \
"$P_CLI debug_level=4 " \
0 \
-C "reassembled record" \
-C "waiting for more fragments"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=512, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-c "waiting for more fragments (512 of [0-9]\\+"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=512, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-c "waiting for more fragments (512 of [0-9]\\+"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=513, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-c "waiting for more fragments (513 of [0-9]\\+"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=513, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-c "waiting for more fragments (513 of [0-9]\\+"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=256, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-c "waiting for more fragments (256 of [0-9]\\+"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=256, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-c "waiting for more fragments (256 of [0-9]\\+"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=128, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-c "waiting for more fragments (128"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=128, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-c "waiting for more fragments (128"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=64, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-c "waiting for more fragments (64"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=64, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-c "waiting for more fragments (64"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=36, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-c "waiting for more fragments (36"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=36, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-c "waiting for more fragments (36"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=32, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-c "waiting for more fragments (32"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=32, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-c "waiting for more fragments (32"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=16, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-c "waiting for more fragments (16"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=16, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-c "waiting for more fragments (16"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=13, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-c "waiting for more fragments (13"
skip_next_test
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=13, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-c "waiting for more fragments (13"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=5, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-c "waiting for more fragments (5"
skip_next_test
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=5, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-c "waiting for more fragments (5"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=4, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-c "waiting for more fragments (4"
skip_next_test
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=4, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-c "waiting for more fragments (4"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=3, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \
"$P_CLI debug_level=4 " \
1 \
-c "=> ssl_tls13_process_server_hello" \
-c "handshake message too short: 3" \
-c "SSL - An invalid SSL record was received"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Handshake defragmentation on client: len=3, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \
"$P_CLI debug_level=4 " \
1 \
-c "handshake message too short: 3" \
-c "SSL - An invalid SSL record was received"
requires_certificate_authentication
run_test "Handshake defragmentation on server (no fragmentation, for reference)." \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-S "reassembled record" \
-S "waiting for more fragments"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=512, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-s "waiting for more fragments (512"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=512, TLS 1.2" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-s "waiting for more fragments (512"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=513, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-s "waiting for more fragments (513"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=513, TLS 1.2" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-s "waiting for more fragments (513"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=256, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-s "waiting for more fragments (256"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=256, TLS 1.2" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-s "waiting for more fragments (256"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=128, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-s "waiting for more fragments (128"
# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing
# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello.
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-s "waiting for more fragments (128"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=64, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-s "waiting for more fragments (64"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-s "waiting for more fragments (64"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=36, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-s "waiting for more fragments (36"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-s "waiting for more fragments (36"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=32, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-s "waiting for more fragments (32"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-s "waiting for more fragments (32"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=16, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-s "waiting for more fragments (16"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-s "waiting for more fragments (16"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=13, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-s "waiting for more fragments (13"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-s "waiting for more fragments (13"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=5, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-s "waiting for more fragments (5"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-s "waiting for more fragments (5"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=4, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-s "waiting for more fragments (4"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-s "waiting for more fragments (4"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=3, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
1 \
-s "<= parse client hello" \
-s "handshake message too short: 3" \
-s "SSL - An invalid SSL record was received"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
1 \
-s "<= parse client hello" \
-s "handshake message too short: 3" \
-s "SSL - An invalid SSL record was received"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication requires_certificate_authentication