lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity

Merge branch 'iotssl-165-dtls-hs-fragmentation-new' into datagram_packing

Browse Source
This commit is contained in:
Hanno Becker
2018-08-22 09:40:43 +01:00
parent 175cb8fc69 68ae351dbe
commit 170e2d89da
4 changed files with 69 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
tests/ssl-opt.sh
View File

@ -5144,6 +5144,8 @@ run_test "DTLS fragmenting: both (MTU)" \
-C "error"
# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend
# OTOH the client might resend if the server is to slow to reset after sending
# a HelloVerifyRequest, so only check for no retransmission server-side
not_with_valgrind # spurious resend due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
@ -5160,7 +5162,26 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake" \
mtu=512" \
0 \
-S "resend" \
-C "resend" \
-s "found fragmented DTLS handshake message" \
-c "found fragmented DTLS handshake message" \
-C "error"
not_with_valgrind # spurious resend due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
key_file=data_files/server7.key \
mtu=512 nbio=2" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=data_files/server8_int-ca2.crt \
key_file=data_files/server8.key \
mtu=512 nbio=2" \
0 \
-S "resend" \
-s "found fragmented DTLS handshake message" \
-c "found fragmented DTLS handshake message" \
-C "error"
@ -5171,9 +5192,10 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake" \
# Since we don't support reading fragmented ClientHello yet,
# up the MTU to 1450 (larger than ClientHello with session ticket,
# but still smaller than client's Certificate to ensure fragmentation).
#
# A resend on the client-side might happen if the server is
# slow to reset, therefore omitting '-C "resend"' below.
# reco_delay avoids races where the client reconnects before the server has
# resumed listening, which would result in a spurious resend.
not_with_valgrind # spurious resend due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
@ -5187,7 +5209,7 @@ run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=data_files/server8_int-ca2.crt \
key_file=data_files/server8.key \
mtu=1450 reconnect=1" \
mtu=1450 reconnect=1 reco_delay=1" \
0 \
-S "resend" \
-s "found fragmented DTLS handshake message" \
@ -5363,6 +5385,25 @@ run_test "DTLS fragmenting: proxy MTU + 3d" \
-c "found fragmented DTLS handshake message" \
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
client_needs_more_time 2
run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
key_file=data_files/server7.key \
hs_timeout=250-10000 mtu=512 nbio=2" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=data_files/server8_int-ca2.crt \
key_file=data_files/server8.key \
hs_timeout=250-10000 mtu=512 nbio=2" \
0 \
-s "found fragmented DTLS handshake message" \
-c "found fragmented DTLS handshake message" \
-C "error"
# interop tests for DTLS fragmentating with reliable connection
#
# here and below we just want to test that the we fragment in a way that
@ -5372,6 +5413,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_gnutls
run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
"$G_SRV -u" \
"$P_CLI dtls=1 debug_level=2 \
@ -5387,6 +5429,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
requires_gnutls
run_test "DTLS fragmenting: gnutls server, DTLS 1.0" \
"$G_SRV -u" \
"$P_CLI dtls=1 debug_level=2 \
@ -5403,6 +5446,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_gnutls
run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 server_addr=::1 \
crt_file=data_files/server7_int-ca.crt \
@ -5418,6 +5462,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
requires_gnutls
run_test "DTLS fragmenting: gnutls client, DTLS 1.0" \
"$P_SRV dtls=1 debug_level=2 server_addr=::1 \
crt_file=data_files/server7_int-ca.crt \
@ -5527,6 +5572,7 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
##
## # gnutls-cli always tries IPv6 first, and doesn't fall back to IPv4 with DTLS
## requires_ipv6
## requires_gnutls
## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
## requires_config_enabled MBEDTLS_RSA_C
## requires_config_enabled MBEDTLS_ECDSA_C
@ -5544,6 +5590,7 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
##
## # gnutls-cli always tries IPv6 first, and doesn't fall back to IPv4 with DTLS
## requires_ipv6
## requires_gnutls
## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
## requires_config_enabled MBEDTLS_RSA_C
## requires_config_enabled MBEDTLS_ECDSA_C