lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Merge pull request #5262 from xffbai/code-align-backport2.x

Browse Source 
Backport 2.x: Fix (d)tls1_2 into (d)tls12 in version options
This commit is contained in:
Ronald Cron
2021-12-09 16:26:24 +01:00
committed by GitHub
parent c3319e73db f40545d919
commit 620cbb9bf5
6 changed files with 132 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
programs/ssl/ssl_client2.c
View File

@ -426,9 +426,9 @@ int main( void )
" arc4=%%d default: (library default: 0)\n" \ " arc4=%%d default: (library default: 0)\n" \
" allow_sha1=%%d default: 0\n" \ " allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1)\n" \ " min_version=%%s default: (library default: tls1)\n" \
" max_version=%%s default: (library default: tls1_2)\n" \ " max_version=%%s default: (library default: tls12)\n" \
" force_version=%%s default: \"\" (none)\n" \ " force_version=%%s default: \"\" (none)\n" \
" options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \ " options: ssl3, tls1, tls1_1, tls12, dtls1, dtls12\n" \
"\n" \ "\n" \
" force_ciphersuite=<name> default: all enabled\n"\ " force_ciphersuite=<name> default: all enabled\n"\
" query_config=<name> return 0 if the specified\n" \ " query_config=<name> return 0 if the specified\n" \
@ -1107,8 +1107,8 @@ int main( int argc, char *argv[] )
else if( strcmp( q, "tls1_1" ) == 0 || else if( strcmp( q, "tls1_1" ) == 0 ||
strcmp( q, "dtls1" ) == 0 ) strcmp( q, "dtls1" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2; opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
else if( strcmp( q, "tls1_2" ) == 0 || else if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls1_2" ) == 0 ) strcmp( q, "dtls12" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
else else
goto usage; goto usage;
@ -1122,8 +1122,8 @@ int main( int argc, char *argv[] )
else if( strcmp( q, "tls1_1" ) == 0 || else if( strcmp( q, "tls1_1" ) == 0 ||
strcmp( q, "dtls1" ) == 0 ) strcmp( q, "dtls1" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
else if( strcmp( q, "tls1_2" ) == 0 || else if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls1_2" ) == 0 ) strcmp( q, "dtls12" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
else else
goto usage; goto usage;
@ -1163,7 +1163,7 @@ int main( int argc, char *argv[] )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2; opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
} }
else if( strcmp( q, "tls1_2" ) == 0 ) else if( strcmp( q, "tls12" ) == 0 )
{ {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
@ -1174,7 +1174,7 @@ int main( int argc, char *argv[] )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
} }
else if( strcmp( q, "dtls1_2" ) == 0 ) else if( strcmp( q, "dtls12" ) == 0 )
{ {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;

18
programs/ssl/ssl_server2.c
View File

@ -507,12 +507,12 @@ int main( void )
" arc4=%%d default: (library default: 0)\n" \ " arc4=%%d default: (library default: 0)\n" \
" allow_sha1=%%d default: 0\n" \ " allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1)\n" \ " min_version=%%s default: (library default: tls1)\n" \
" max_version=%%s default: (library default: tls1_2)\n" \ " max_version=%%s default: (library default: tls12)\n" \
" force_version=%%s default: \"\" (none)\n" \ " force_version=%%s default: \"\" (none)\n" \
" options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \ " options: ssl3, tls1, tls1_1, tls12, dtls1, dtls12\n" \
"\n" \ "\n" \
" version_suites=a,b,c,d per-version ciphersuites\n" \ " version_suites=a,b,c,d per-version ciphersuites\n" \
" in order from ssl3 to tls1_2\n" \ " in order from ssl3 to tls12\n" \
" default: all enabled\n" \ " default: all enabled\n" \
" force_ciphersuite=<name> default: all enabled\n" \ " force_ciphersuite=<name> default: all enabled\n" \
" query_config=<name> return 0 if the specified\n" \ " query_config=<name> return 0 if the specified\n" \
@ -1741,8 +1741,8 @@ int main( int argc, char *argv[] )
else if( strcmp( q, "tls1_1" ) == 0 || else if( strcmp( q, "tls1_1" ) == 0 ||
strcmp( q, "dtls1" ) == 0 ) strcmp( q, "dtls1" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2; opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
else if( strcmp( q, "tls1_2" ) == 0 || else if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls1_2" ) == 0 ) strcmp( q, "dtls12" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
else else
goto usage; goto usage;
@ -1756,8 +1756,8 @@ int main( int argc, char *argv[] )
else if( strcmp( q, "tls1_1" ) == 0 || else if( strcmp( q, "tls1_1" ) == 0 ||
strcmp( q, "dtls1" ) == 0 ) strcmp( q, "dtls1" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
else if( strcmp( q, "tls1_2" ) == 0 || else if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls1_2" ) == 0 ) strcmp( q, "dtls12" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
else else
goto usage; goto usage;
@ -1797,7 +1797,7 @@ int main( int argc, char *argv[] )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2; opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
} }
else if( strcmp( q, "tls1_2" ) == 0 ) else if( strcmp( q, "tls12" ) == 0 )
{ {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
@ -1808,7 +1808,7 @@ int main( int argc, char *argv[] )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
} }
else if( strcmp( q, "dtls1_2" ) == 0 ) else if( strcmp( q, "dtls12" ) == 0 )
{ {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;

10
tests/compat.sh
View File

@ -67,7 +67,7 @@ else
fi fi
# default values for options # default values for options
MODES="tls1 tls1_1 tls1_2 dtls1 dtls1_2" MODES="tls1 tls1_1 tls12 dtls1 dtls12"
VERIFIES="NO YES" VERIFIES="NO YES"
TYPES="ECDSA RSA PSK" TYPES="ECDSA RSA PSK"
FILTER="" FILTER=""
@ -156,7 +156,7 @@ log() {
# is_dtls <mode> # is_dtls <mode>
is_dtls() is_dtls()
{ {
test "$1" = "dtls1" -o "$1" = "dtls1_2" test "$1" = "dtls1" -o "$1" = "dtls12"
} }
# minor_ver <mode> # minor_ver <mode>
@ -172,7 +172,7 @@ minor_ver()
tls1_1|dtls1) tls1_1|dtls1)
echo 2 echo 2
;; ;;
tls1_2|dtls1_2) tls12|dtls12)
echo 3 echo 3
;; ;;
*) *)
@ -881,14 +881,14 @@ setup_arguments()
"tls1_1") "tls1_1")
G_PRIO_MODE="+VERS-TLS1.1" G_PRIO_MODE="+VERS-TLS1.1"
;; ;;
"tls1_2") "tls12")
G_PRIO_MODE="+VERS-TLS1.2" G_PRIO_MODE="+VERS-TLS1.2"
;; ;;
"dtls1") "dtls1")
G_PRIO_MODE="+VERS-DTLS1.0" G_PRIO_MODE="+VERS-DTLS1.0"
G_MODE="-u" G_MODE="-u"
;; ;;
"dtls1_2") "dtls12")
G_PRIO_MODE="+VERS-DTLS1.2" G_PRIO_MODE="+VERS-DTLS1.2"
G_MODE="-u" G_MODE="-u"
;; ;;

10
tests/scripts/all.sh
View File

@ -1015,7 +1015,7 @@ component_test_sslv3 () {
make test make test
msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min
tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' tests/compat.sh -m 'tls1 tls1_1 tls12 dtls1 dtls12'
env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min
@ -1092,7 +1092,7 @@ component_test_no_ctr_drbg_classic () {
tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)" msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)"
tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
} }
component_test_no_ctr_drbg_use_psa () { component_test_no_ctr_drbg_use_psa () {
@ -1114,7 +1114,7 @@ component_test_no_ctr_drbg_use_psa () {
tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)" msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)"
tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
} }
component_test_no_hmac_drbg_classic () { component_test_no_hmac_drbg_classic () {
@ -1141,7 +1141,7 @@ component_test_no_hmac_drbg_classic () {
# To save time, only test one protocol version, since this part of # To save time, only test one protocol version, since this part of
# the protocol is identical in (D)TLS up to 1.2. # the protocol is identical in (D)TLS up to 1.2.
msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)" msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)"
tests/compat.sh -m tls1_2 -t 'ECDSA' tests/compat.sh -m tls12 -t 'ECDSA'
} }
component_test_no_hmac_drbg_use_psa () { component_test_no_hmac_drbg_use_psa () {
@ -1168,7 +1168,7 @@ component_test_no_hmac_drbg_use_psa () {
# To save time, only test one protocol version, since this part of # To save time, only test one protocol version, since this part of
# the protocol is identical in (D)TLS up to 1.2. # the protocol is identical in (D)TLS up to 1.2.
msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)" msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)"
tests/compat.sh -m tls1_2 -t 'ECDSA' tests/compat.sh -m tls12 -t 'ECDSA'
} }
component_test_psa_external_rng_no_drbg_classic () { component_test_psa_external_rng_no_drbg_classic () {

4
tests/scripts/test-ref-configs.pl
View File

@ -29,7 +29,7 @@ use strict;
my %configs = ( my %configs = (
'config-ccm-psk-tls1_2.h' => { 'config-ccm-psk-tls1_2.h' => {
'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'', 'compat' => '-m tls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
}, },
'config-mini-tls1_1.h' => { 'config-mini-tls1_1.h' => {
'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'', #' 'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'', #'
@ -37,7 +37,7 @@ my %configs = (
'config-no-entropy.h' => { 'config-no-entropy.h' => {
}, },
'config-suite-b.h' => { 'config-suite-b.h' => {
'compat' => "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS", 'compat' => "-m tls12 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS",
}, },
'config-symmetric-only.h' => { 'config-symmetric-only.h' => {
}, },

206
tests/ssl-opt.sh
View File

@ -1114,8 +1114,8 @@ run_test() {
run_test_psa() { run_test_psa() {
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSA-supported ciphersuite: $1" \ run_test "PSA-supported ciphersuite: $1" \
"$P_SRV debug_level=3 force_version=tls1_2" \ "$P_SRV debug_level=3 force_version=tls12" \
"$P_CLI debug_level=3 force_version=tls1_2 force_ciphersuite=$1" \ "$P_CLI debug_level=3 force_version=tls12 force_ciphersuite=$1" \
0 \ 0 \
-c "Successfully setup PSA-based decryption cipher context" \ -c "Successfully setup PSA-based decryption cipher context" \
-c "Successfully setup PSA-based encryption cipher context" \ -c "Successfully setup PSA-based encryption cipher context" \
@ -1137,8 +1137,8 @@ run_test_psa() {
run_test_psa_force_curve() { run_test_psa_force_curve() {
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSA - ECDH with $1" \ run_test "PSA - ECDH with $1" \
"$P_SRV debug_level=4 force_version=tls1_2" \ "$P_SRV debug_level=4 force_version=tls12" \
"$P_CLI debug_level=4 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \ "$P_CLI debug_level=4 force_version=tls12 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \
0 \ 0 \
-c "Successfully setup PSA-based decryption cipher context" \ -c "Successfully setup PSA-based decryption cipher context" \
-c "Successfully setup PSA-based encryption cipher context" \ -c "Successfully setup PSA-based encryption cipher context" \
@ -1170,8 +1170,8 @@ run_test_memory_after_hanshake_with_mfl()
MEMORY_USAGE_LIMIT="$(( ( MEMORY_USAGE_LIMIT * 110 ) / 100 ))" MEMORY_USAGE_LIMIT="$(( ( MEMORY_USAGE_LIMIT * 110 ) / 100 ))"
run_test "Handshake memory usage (MFL $1)" \ run_test "Handshake memory usage (MFL $1)" \
"$P_SRV debug_level=3 auth_mode=required force_version=tls1_2" \ "$P_SRV debug_level=3 auth_mode=required force_version=tls12" \
"$P_CLI debug_level=3 force_version=tls1_2 \ "$P_CLI debug_level=3 force_version=tls12 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \ crt_file=data_files/server5.crt key_file=data_files/server5.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM max_frag_len=$1" \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM max_frag_len=$1" \
0 \ 0 \
@ -1189,8 +1189,8 @@ run_tests_memory_after_hanshake()
# first test with default MFU is to get reference memory usage # first test with default MFU is to get reference memory usage
MEMORY_USAGE_MFL_16K=0 MEMORY_USAGE_MFL_16K=0
run_test "Handshake memory usage initial (MFL 16384 - default)" \ run_test "Handshake memory usage initial (MFL 16384 - default)" \
"$P_SRV debug_level=3 auth_mode=required force_version=tls1_2" \ "$P_SRV debug_level=3 auth_mode=required force_version=tls12" \
"$P_CLI debug_level=3 force_version=tls1_2 \ "$P_CLI debug_level=3 force_version=tls12 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \ crt_file=data_files/server5.crt key_file=data_files/server5.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM" \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM" \
0 \ 0 \
@ -2849,7 +2849,7 @@ run_test "Fallback SCSV: not in list" \
run_test "CBC Record splitting: TLS 1.2, no splitting" \ run_test "CBC Record splitting: TLS 1.2, no splitting" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
request_size=123 force_version=tls1_2" \ request_size=123 force_version=tls12" \
0 \ 0 \
-s "Read from client: 123 bytes read" \ -s "Read from client: 123 bytes read" \
-S "Read from client: 1 bytes read" \ -S "Read from client: 1 bytes read" \
@ -4774,7 +4774,7 @@ run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
key_file=data_files/server5.key \ key_file=data_files/server5.key \
crt_file2=data_files/server5-sha1.crt \ crt_file2=data_files/server5-sha1.crt \
key_file2=data_files/server5.key" \ key_file2=data_files/server5.key" \
"$P_CLI force_version=tls1_2" \ "$P_CLI force_version=tls12" \
0 \ 0 \
-c "signed using.*ECDSA with SHA256" \ -c "signed using.*ECDSA with SHA256" \
-C "signed using.*ECDSA with SHA1" -C "signed using.*ECDSA with SHA1"
@ -5321,14 +5321,14 @@ run_test "Version check: cli min 1.1, srv max 1.1 -> 1.1" \
run_test "Version check: cli min 1.2, srv max 1.1 -> fail" \ run_test "Version check: cli min 1.2, srv max 1.1 -> fail" \
"$P_SRV max_version=tls1_1" \ "$P_SRV max_version=tls1_1" \
"$P_CLI min_version=tls1_2" \ "$P_CLI min_version=tls12" \
1 \ 1 \
-s "mbedtls_ssl_handshake returned" \ -s "mbedtls_ssl_handshake returned" \
-c "mbedtls_ssl_handshake returned" \ -c "mbedtls_ssl_handshake returned" \
-c "SSL - Handshake protocol not within min/max boundaries" -c "SSL - Handshake protocol not within min/max boundaries"
run_test "Version check: srv min 1.2, cli max 1.1 -> fail" \ run_test "Version check: srv min 1.2, cli max 1.1 -> fail" \
"$P_SRV min_version=tls1_2" \ "$P_SRV min_version=tls12" \
"$P_CLI max_version=tls1_1" \ "$P_CLI max_version=tls1_1" \
1 \ 1 \
-s "mbedtls_ssl_handshake returned" \ -s "mbedtls_ssl_handshake returned" \
@ -5807,7 +5807,7 @@ run_test "PSK callback: psk, no callback" \
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque psk on client, no callback" \ run_test "PSK callback: opaque psk on client, no callback" \
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 psk_opaque=1" \ psk_identity=foo psk=abc123 psk_opaque=1" \
0 \ 0 \
-c "skip PMS generation for opaque PSK"\ -c "skip PMS generation for opaque PSK"\
@ -5821,7 +5821,7 @@ run_test "PSK callback: opaque psk on client, no callback" \
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque psk on client, no callback, SHA-384" \ run_test "PSK callback: opaque psk on client, no callback, SHA-384" \
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \ psk_identity=foo psk=abc123 psk_opaque=1" \
0 \ 0 \
-c "skip PMS generation for opaque PSK"\ -c "skip PMS generation for opaque PSK"\
@ -5835,7 +5835,7 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384" \
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque psk on client, no callback, EMS" \ run_test "PSK callback: opaque psk on client, no callback, EMS" \
"$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 psk_opaque=1" \ psk_identity=foo psk=abc123 psk_opaque=1" \
0 \ 0 \
-c "skip PMS generation for opaque PSK"\ -c "skip PMS generation for opaque PSK"\
@ -5849,7 +5849,7 @@ run_test "PSK callback: opaque psk on client, no callback, EMS" \
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \ run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \
"$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \ psk_identity=foo psk=abc123 psk_opaque=1" \
0 \ 0 \
-c "skip PMS generation for opaque PSK"\ -c "skip PMS generation for opaque PSK"\
@ -5862,8 +5862,8 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, static opaque on server, no callback" \ run_test "PSK callback: raw psk on client, static opaque on server, no callback" \
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \ psk_identity=foo psk=abc123" \
0 \ 0 \
-C "skip PMS generation for opaque PSK"\ -C "skip PMS generation for opaque PSK"\
@ -5876,8 +5876,8 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \ run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \ "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123" \ psk_identity=foo psk=abc123" \
0 \ 0 \
-C "skip PMS generation for opaque PSK"\ -C "skip PMS generation for opaque PSK"\
@ -5890,9 +5890,9 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \ run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 \ "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
"$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 extended_ms=1" \ psk_identity=foo psk=abc123 extended_ms=1" \
0 \ 0 \
-c "session hash for extended master secret"\ -c "session hash for extended master secret"\
@ -5905,9 +5905,9 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \ run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 \ "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
"$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 extended_ms=1" \ psk_identity=foo psk=abc123 extended_ms=1" \
0 \ 0 \
-c "session hash for extended master secret"\ -c "session hash for extended master secret"\
@ -5920,8 +5920,8 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \
"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \ psk_identity=def psk=beef" \
0 \ 0 \
-C "skip PMS generation for opaque PSK"\ -C "skip PMS generation for opaque PSK"\
@ -5934,8 +5934,8 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, SHA-384" \ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, SHA-384" \
"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \ "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=def psk=beef" \ psk_identity=def psk=beef" \
0 \ 0 \
-C "skip PMS generation for opaque PSK"\ -C "skip PMS generation for opaque PSK"\
@ -5948,9 +5948,9 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS" \ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS" \
"$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 \ "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
"$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=abc psk=dead extended_ms=1" \ psk_identity=abc psk=dead extended_ms=1" \
0 \ 0 \
-c "session hash for extended master secret"\ -c "session hash for extended master secret"\
@ -5963,9 +5963,9 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS, SHA384" \ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS, SHA384" \
"$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 \ "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
"$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=abc psk=dead extended_ms=1" \ psk_identity=abc psk=dead extended_ms=1" \
0 \ 0 \
-c "session hash for extended master secret"\ -c "session hash for extended master secret"\
@ -5978,8 +5978,8 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \ run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \
"$P_SRV extended_ms=0 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_SRV extended_ms=0 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \ psk_identity=def psk=beef" \
0 \ 0 \
-C "skip PMS generation for opaque PSK"\ -C "skip PMS generation for opaque PSK"\
@ -5992,8 +5992,8 @@ run_test "PSK callback: raw psk on client, mismatching static raw PSK on serv
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \ run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \ psk_identity=def psk=beef" \
0 \ 0 \
-C "skip PMS generation for opaque PSK"\ -C "skip PMS generation for opaque PSK"\
@ -6006,8 +6006,8 @@ run_test "PSK callback: raw psk on client, mismatching static opaque PSK on s
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \ run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \ psk_identity=def psk=beef" \
0 \ 0 \
-C "skip PMS generation for opaque PSK"\ -C "skip PMS generation for opaque PSK"\
@ -6019,8 +6019,8 @@ run_test "PSK callback: raw psk on client, mismatching static opaque PSK on s
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \ run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \ psk_identity=def psk=beef" \
0 \ 0 \
-C "skip PMS generation for opaque PSK"\ -C "skip PMS generation for opaque PSK"\
@ -6032,8 +6032,8 @@ run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on s
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \ run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,abc123 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,abc123 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \ psk_identity=def psk=beef" \
1 \ 1 \
-s "SSL - Verification of the message MAC failed" -s "SSL - Verification of the message MAC failed"
@ -6220,7 +6220,7 @@ requires_config_enabled MBEDTLS_CAMELLIA_C
requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_AES_C
run_test "Per-version suites: TLS 1.2" \ run_test "Per-version suites: TLS 1.2" \
"$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=tls1_2" \ "$P_CLI force_version=tls12" \
0 \ 0 \
-c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256" -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256"
@ -6387,21 +6387,21 @@ run_test "Small client packet TLS 1.1 StreamCipher, without EtM, truncated MA
run_test "Small client packet TLS 1.2 BlockCipher" \ run_test "Small client packet TLS 1.2 BlockCipher" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \ run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls12 \
force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
@ -6409,7 +6409,7 @@ run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small client packet TLS 1.2 BlockCipher, truncated MAC" \ run_test "Small client packet TLS 1.2 BlockCipher, truncated MAC" \
"$P_SRV trunc_hmac=1" \ "$P_SRV trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
@ -6417,21 +6417,21 @@ run_test "Small client packet TLS 1.2 BlockCipher, truncated MAC" \
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ run_test "Small client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
"$P_SRV trunc_hmac=1" \ "$P_SRV trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small client packet TLS 1.2 StreamCipher" \ run_test "Small client packet TLS 1.2 StreamCipher" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small client packet TLS 1.2 StreamCipher, without EtM" \ run_test "Small client packet TLS 1.2 StreamCipher, without EtM" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
@ -6439,7 +6439,7 @@ run_test "Small client packet TLS 1.2 StreamCipher, without EtM" \
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small client packet TLS 1.2 StreamCipher, truncated MAC" \ run_test "Small client packet TLS 1.2 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
@ -6447,21 +6447,21 @@ run_test "Small client packet TLS 1.2 StreamCipher, truncated MAC" \
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ run_test "Small client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small client packet TLS 1.2 AEAD" \ run_test "Small client packet TLS 1.2 AEAD" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small client packet TLS 1.2 AEAD shorter tag" \ run_test "Small client packet TLS 1.2 AEAD shorter tag" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
@ -6504,7 +6504,7 @@ run_test "Small client packet DTLS 1.0, without EtM, truncated MAC" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
run_test "Small client packet DTLS 1.2" \ run_test "Small client packet DTLS 1.2" \
"$P_SRV dtls=1 force_version=dtls1_2" \ "$P_SRV dtls=1 force_version=dtls12" \
"$P_CLI dtls=1 request_size=1 \ "$P_CLI dtls=1 request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \ 0 \
@ -6512,7 +6512,7 @@ run_test "Small client packet DTLS 1.2" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
run_test "Small client packet DTLS 1.2, without EtM" \ run_test "Small client packet DTLS 1.2, without EtM" \
"$P_SRV dtls=1 force_version=dtls1_2 etm=0" \ "$P_SRV dtls=1 force_version=dtls12 etm=0" \
"$P_CLI dtls=1 request_size=1 \ "$P_CLI dtls=1 request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \ 0 \
@ -6521,7 +6521,7 @@ run_test "Small client packet DTLS 1.2, without EtM" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small client packet DTLS 1.2, truncated hmac" \ run_test "Small client packet DTLS 1.2, truncated hmac" \
"$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1" \ "$P_SRV dtls=1 force_version=dtls12 trunc_hmac=1" \
"$P_CLI dtls=1 request_size=1 \ "$P_CLI dtls=1 request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
0 \ 0 \
@ -6530,7 +6530,7 @@ run_test "Small client packet DTLS 1.2, truncated hmac" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small client packet DTLS 1.2, without EtM, truncated MAC" \ run_test "Small client packet DTLS 1.2, without EtM, truncated MAC" \
"$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \ "$P_SRV dtls=1 force_version=dtls12 trunc_hmac=1 etm=0" \
"$P_CLI dtls=1 request_size=1 \ "$P_CLI dtls=1 request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
0 \ 0 \
@ -6676,21 +6676,21 @@ run_test "Small server packet TLS 1.1 StreamCipher, without EtM, truncated MA
run_test "Small server packet TLS 1.2 BlockCipher" \ run_test "Small server packet TLS 1.2 BlockCipher" \
"$P_SRV response_size=1" \ "$P_SRV response_size=1" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \ 0 \
-c "Read from server: 1 bytes read" -c "Read from server: 1 bytes read"
run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \ run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \
"$P_SRV response_size=1" \ "$P_SRV response_size=1" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
0 \ 0 \
-c "Read from server: 1 bytes read" -c "Read from server: 1 bytes read"
run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \
"$P_SRV response_size=1" \ "$P_SRV response_size=1" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
0 \ 0 \
-c "Read from server: 1 bytes read" -c "Read from server: 1 bytes read"
@ -6698,7 +6698,7 @@ run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small server packet TLS 1.2 BlockCipher, truncated MAC" \ run_test "Small server packet TLS 1.2 BlockCipher, truncated MAC" \
"$P_SRV response_size=1 trunc_hmac=1" \ "$P_SRV response_size=1 trunc_hmac=1" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
0 \ 0 \
-c "Read from server: 1 bytes read" -c "Read from server: 1 bytes read"
@ -6706,21 +6706,21 @@ run_test "Small server packet TLS 1.2 BlockCipher, truncated MAC" \
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ run_test "Small server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
"$P_SRV response_size=1 trunc_hmac=1" \ "$P_SRV response_size=1 trunc_hmac=1" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
0 \ 0 \
-c "Read from server: 1 bytes read" -c "Read from server: 1 bytes read"
run_test "Small server packet TLS 1.2 StreamCipher" \ run_test "Small server packet TLS 1.2 StreamCipher" \
"$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \ 0 \
-c "Read from server: 1 bytes read" -c "Read from server: 1 bytes read"
run_test "Small server packet TLS 1.2 StreamCipher, without EtM" \ run_test "Small server packet TLS 1.2 StreamCipher, without EtM" \
"$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
0 \ 0 \
-c "Read from server: 1 bytes read" -c "Read from server: 1 bytes read"
@ -6728,7 +6728,7 @@ run_test "Small server packet TLS 1.2 StreamCipher, without EtM" \
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small server packet TLS 1.2 StreamCipher, truncated MAC" \ run_test "Small server packet TLS 1.2 StreamCipher, truncated MAC" \
"$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
0 \ 0 \
-c "Read from server: 1 bytes read" -c "Read from server: 1 bytes read"
@ -6736,21 +6736,21 @@ run_test "Small server packet TLS 1.2 StreamCipher, truncated MAC" \
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ run_test "Small server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
"$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
0 \ 0 \
-c "Read from server: 1 bytes read" -c "Read from server: 1 bytes read"
run_test "Small server packet TLS 1.2 AEAD" \ run_test "Small server packet TLS 1.2 AEAD" \
"$P_SRV response_size=1" \ "$P_SRV response_size=1" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
0 \ 0 \
-c "Read from server: 1 bytes read" -c "Read from server: 1 bytes read"
run_test "Small server packet TLS 1.2 AEAD shorter tag" \ run_test "Small server packet TLS 1.2 AEAD shorter tag" \
"$P_SRV response_size=1" \ "$P_SRV response_size=1" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
0 \ 0 \
-c "Read from server: 1 bytes read" -c "Read from server: 1 bytes read"
@ -6793,7 +6793,7 @@ run_test "Small server packet DTLS 1.0, without EtM, truncated MAC" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
run_test "Small server packet DTLS 1.2" \ run_test "Small server packet DTLS 1.2" \
"$P_SRV dtls=1 response_size=1 force_version=dtls1_2" \ "$P_SRV dtls=1 response_size=1 force_version=dtls12" \
"$P_CLI dtls=1 \ "$P_CLI dtls=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \ 0 \
@ -6801,7 +6801,7 @@ run_test "Small server packet DTLS 1.2" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
run_test "Small server packet DTLS 1.2, without EtM" \ run_test "Small server packet DTLS 1.2, without EtM" \
"$P_SRV dtls=1 response_size=1 force_version=dtls1_2 etm=0" \ "$P_SRV dtls=1 response_size=1 force_version=dtls12 etm=0" \
"$P_CLI dtls=1 \ "$P_CLI dtls=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \ 0 \
@ -6810,7 +6810,7 @@ run_test "Small server packet DTLS 1.2, without EtM" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small server packet DTLS 1.2, truncated hmac" \ run_test "Small server packet DTLS 1.2, truncated hmac" \
"$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1" \ "$P_SRV dtls=1 response_size=1 force_version=dtls12 trunc_hmac=1" \
"$P_CLI dtls=1 \ "$P_CLI dtls=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
0 \ 0 \
@ -6819,7 +6819,7 @@ run_test "Small server packet DTLS 1.2, truncated hmac" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small server packet DTLS 1.2, without EtM, truncated MAC" \ run_test "Small server packet DTLS 1.2, without EtM, truncated MAC" \
"$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \ "$P_SRV dtls=1 response_size=1 force_version=dtls12 trunc_hmac=1 etm=0" \
"$P_CLI dtls=1 \ "$P_CLI dtls=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
0 \ 0 \
@ -6989,7 +6989,7 @@ run_test "Large client packet TLS 1.1 StreamCipher, without EtM, truncated MA
run_test "Large client packet TLS 1.2 BlockCipher" \ run_test "Large client packet TLS 1.2 BlockCipher" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 \ "$P_CLI request_size=16384 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \ 0 \
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
@ -6997,14 +6997,14 @@ run_test "Large client packet TLS 1.2 BlockCipher" \
run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \ run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 etm=0 \ "$P_CLI request_size=16384 force_version=tls12 etm=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \ 0 \
-s "Read from client: $MAX_CONTENT_LEN bytes read" -s "Read from client: $MAX_CONTENT_LEN bytes read"
run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 \ "$P_CLI request_size=16384 force_version=tls12 \
force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
0 \ 0 \
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
@ -7013,7 +7013,7 @@ run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large client packet TLS 1.2 BlockCipher, truncated MAC" \ run_test "Large client packet TLS 1.2 BlockCipher, truncated MAC" \
"$P_SRV trunc_hmac=1" \ "$P_SRV trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_2 \ "$P_CLI request_size=16384 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
0 \ 0 \
-s "Read from client: $MAX_CONTENT_LEN bytes read" -s "Read from client: $MAX_CONTENT_LEN bytes read"
@ -7021,7 +7021,7 @@ run_test "Large client packet TLS 1.2 BlockCipher, truncated MAC" \
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ run_test "Large client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
"$P_SRV trunc_hmac=1" \ "$P_SRV trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_2 \ "$P_CLI request_size=16384 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
0 \ 0 \
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
@ -7029,7 +7029,7 @@ run_test "Large client packet TLS 1.2 BlockCipher, without EtM, truncated MAC
run_test "Large client packet TLS 1.2 StreamCipher" \ run_test "Large client packet TLS 1.2 StreamCipher" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1_2 \ "$P_CLI request_size=16384 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \ 0 \
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
@ -7037,7 +7037,7 @@ run_test "Large client packet TLS 1.2 StreamCipher" \
run_test "Large client packet TLS 1.2 StreamCipher, without EtM" \ run_test "Large client packet TLS 1.2 StreamCipher, without EtM" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1_2 \ "$P_CLI request_size=16384 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
0 \ 0 \
-s "Read from client: $MAX_CONTENT_LEN bytes read" -s "Read from client: $MAX_CONTENT_LEN bytes read"
@ -7045,7 +7045,7 @@ run_test "Large client packet TLS 1.2 StreamCipher, without EtM" \
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large client packet TLS 1.2 StreamCipher, truncated MAC" \ run_test "Large client packet TLS 1.2 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_2 \ "$P_CLI request_size=16384 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
0 \ 0 \
-s "Read from client: $MAX_CONTENT_LEN bytes read" -s "Read from client: $MAX_CONTENT_LEN bytes read"
@ -7053,7 +7053,7 @@ run_test "Large client packet TLS 1.2 StreamCipher, truncated MAC" \
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ run_test "Large client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_2 \ "$P_CLI request_size=16384 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
0 \ 0 \
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
@ -7061,7 +7061,7 @@ run_test "Large client packet TLS 1.2 StreamCipher, without EtM, truncated MA
run_test "Large client packet TLS 1.2 AEAD" \ run_test "Large client packet TLS 1.2 AEAD" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 \ "$P_CLI request_size=16384 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
0 \ 0 \
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
@ -7069,7 +7069,7 @@ run_test "Large client packet TLS 1.2 AEAD" \
run_test "Large client packet TLS 1.2 AEAD shorter tag" \ run_test "Large client packet TLS 1.2 AEAD shorter tag" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 \ "$P_CLI request_size=16384 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
0 \ 0 \
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
@ -7236,14 +7236,14 @@ run_test "Large server packet TLS 1.1 StreamCipher, without EtM, truncated MA
run_test "Large server packet TLS 1.2 BlockCipher" \ run_test "Large server packet TLS 1.2 BlockCipher" \
"$P_SRV response_size=16384" \ "$P_SRV response_size=16384" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \ 0 \
-c "Read from server: 16384 bytes read" -c "Read from server: 16384 bytes read"
run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \ run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \
"$P_SRV response_size=16384" \ "$P_SRV response_size=16384" \
"$P_CLI force_version=tls1_2 etm=0 \ "$P_CLI force_version=tls12 etm=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \ 0 \
-s "16384 bytes written in 1 fragments" \ -s "16384 bytes written in 1 fragments" \
@ -7251,7 +7251,7 @@ run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \
run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \
"$P_SRV response_size=16384" \ "$P_SRV response_size=16384" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
0 \ 0 \
-c "Read from server: 16384 bytes read" -c "Read from server: 16384 bytes read"
@ -7259,7 +7259,7 @@ run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large server packet TLS 1.2 BlockCipher truncated MAC" \ run_test "Large server packet TLS 1.2 BlockCipher truncated MAC" \
"$P_SRV response_size=16384" \ "$P_SRV response_size=16384" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
trunc_hmac=1" \ trunc_hmac=1" \
0 \ 0 \
@ -7267,7 +7267,7 @@ run_test "Large server packet TLS 1.2 BlockCipher truncated MAC" \
run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
"$P_SRV response_size=16384 trunc_hmac=1" \ "$P_SRV response_size=16384 trunc_hmac=1" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
0 \ 0 \
-s "16384 bytes written in 1 fragments" \ -s "16384 bytes written in 1 fragments" \
@ -7275,7 +7275,7 @@ run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC
run_test "Large server packet TLS 1.2 StreamCipher" \ run_test "Large server packet TLS 1.2 StreamCipher" \
"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \ 0 \
-s "16384 bytes written in 1 fragments" \ -s "16384 bytes written in 1 fragments" \
@ -7283,7 +7283,7 @@ run_test "Large server packet TLS 1.2 StreamCipher" \
run_test "Large server packet TLS 1.2 StreamCipher, without EtM" \ run_test "Large server packet TLS 1.2 StreamCipher, without EtM" \
"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
0 \ 0 \
-s "16384 bytes written in 1 fragments" \ -s "16384 bytes written in 1 fragments" \
@ -7292,7 +7292,7 @@ run_test "Large server packet TLS 1.2 StreamCipher, without EtM" \
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large server packet TLS 1.2 StreamCipher truncated MAC" \ run_test "Large server packet TLS 1.2 StreamCipher truncated MAC" \
"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \ trunc_hmac=1" \
0 \ 0 \
@ -7301,7 +7301,7 @@ run_test "Large server packet TLS 1.2 StreamCipher truncated MAC" \
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ run_test "Large server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
0 \ 0 \
-s "16384 bytes written in 1 fragments" \ -s "16384 bytes written in 1 fragments" \
@ -7309,14 +7309,14 @@ run_test "Large server packet TLS 1.2 StreamCipher, without EtM, truncated MA
run_test "Large server packet TLS 1.2 AEAD" \ run_test "Large server packet TLS 1.2 AEAD" \
"$P_SRV response_size=16384" \ "$P_SRV response_size=16384" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
0 \ 0 \
-c "Read from server: 16384 bytes read" -c "Read from server: 16384 bytes read"
run_test "Large server packet TLS 1.2 AEAD shorter tag" \ run_test "Large server packet TLS 1.2 AEAD shorter tag" \
"$P_SRV response_size=16384" \ "$P_SRV response_size=16384" \
"$P_CLI force_version=tls1_2 \ "$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
0 \ 0 \
-c "Read from server: 16384 bytes read" -c "Read from server: 16384 bytes read"
@ -8799,7 +8799,7 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
"$P_CLI dtls=1 debug_level=2 \ "$P_CLI dtls=1 debug_level=2 \
crt_file=data_files/server8_int-ca2.crt \ crt_file=data_files/server8_int-ca2.crt \
key_file=data_files/server8.key \ key_file=data_files/server8.key \
mtu=512 force_version=dtls1_2" \ mtu=512 force_version=dtls12" \
0 \ 0 \
-c "fragmenting handshake message" \ -c "fragmenting handshake message" \
-C "error" -C "error"
@ -8838,7 +8838,7 @@ run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \ "$P_SRV dtls=1 debug_level=2 \
crt_file=data_files/server7_int-ca.crt \ crt_file=data_files/server7_int-ca.crt \
key_file=data_files/server7.key \ key_file=data_files/server7.key \
mtu=512 force_version=dtls1_2" \ mtu=512 force_version=dtls12" \
"$G_CLI -u --insecure 127.0.0.1" \ "$G_CLI -u --insecure 127.0.0.1" \
0 \ 0 \
-s "fragmenting handshake message" -s "fragmenting handshake message"
@ -8870,7 +8870,7 @@ run_test "DTLS fragmenting: openssl server, DTLS 1.2" \
"$P_CLI dtls=1 debug_level=2 \ "$P_CLI dtls=1 debug_level=2 \
crt_file=data_files/server8_int-ca2.crt \ crt_file=data_files/server8_int-ca2.crt \
key_file=data_files/server8.key \ key_file=data_files/server8.key \
mtu=512 force_version=dtls1_2" \ mtu=512 force_version=dtls12" \
0 \ 0 \
-c "fragmenting handshake message" \ -c "fragmenting handshake message" \
-C "error" -C "error"
@ -8899,7 +8899,7 @@ run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \ "$P_SRV dtls=1 debug_level=2 \
crt_file=data_files/server7_int-ca.crt \ crt_file=data_files/server7_int-ca.crt \
key_file=data_files/server7.key \ key_file=data_files/server7.key \
mtu=512 force_version=dtls1_2" \ mtu=512 force_version=dtls12" \
"$O_CLI -dtls1_2" \ "$O_CLI -dtls1_2" \
0 \ 0 \
-s "fragmenting handshake message" -s "fragmenting handshake message"
@ -8935,7 +8935,7 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
crt_file=data_files/server8_int-ca2.crt \ crt_file=data_files/server8_int-ca2.crt \
key_file=data_files/server8.key \ key_file=data_files/server8.key \
hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ hs_timeout=250-60000 mtu=512 force_version=dtls12" \
0 \ 0 \
-c "fragmenting handshake message" \ -c "fragmenting handshake message" \
-C "error" -C "error"
@ -8970,7 +8970,7 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \ "$P_SRV dtls=1 debug_level=2 \
crt_file=data_files/server7_int-ca.crt \ crt_file=data_files/server7_int-ca.crt \
key_file=data_files/server7.key \ key_file=data_files/server7.key \
hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ hs_timeout=250-60000 mtu=512 force_version=dtls12" \
"$G_NEXT_CLI -u --insecure 127.0.0.1" \ "$G_NEXT_CLI -u --insecure 127.0.0.1" \
0 \ 0 \
-s "fragmenting handshake message" -s "fragmenting handshake message"
@ -9010,7 +9010,7 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
"$P_CLI dtls=1 debug_level=2 \ "$P_CLI dtls=1 debug_level=2 \
crt_file=data_files/server8_int-ca2.crt \ crt_file=data_files/server8_int-ca2.crt \
key_file=data_files/server8.key \ key_file=data_files/server8.key \
hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ hs_timeout=250-60000 mtu=512 force_version=dtls12" \
0 \ 0 \
-c "fragmenting handshake message" \ -c "fragmenting handshake message" \
-C "error" -C "error"
@ -9045,7 +9045,7 @@ run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \ "$P_SRV dtls=1 debug_level=2 \
crt_file=data_files/server7_int-ca.crt \ crt_file=data_files/server7_int-ca.crt \
key_file=data_files/server7.key \ key_file=data_files/server7.key \
hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ hs_timeout=250-60000 mtu=512 force_version=dtls12" \
"$O_CLI -dtls1_2" \ "$O_CLI -dtls1_2" \
0 \ 0 \
-s "fragmenting handshake message" -s "fragmenting handshake message"