From 8bf5dc683c60725a7cc8109d00f3c95e429af695 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 22 Jan 2025 14:27:22 +0000 Subject: [PATCH 001/126] Add X.509 formatting validation to SECURITY.md Clarify that strict formatting of X.509 certificates is not checked by Mbed TLS and that it therefore should not be used to construct a CA. Signed-off-by: David Horstmann --- SECURITY.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 7ed72de921..3fab611e5c 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -144,3 +144,17 @@ Policy](https://github.com/hacl-star/hacl-star/blob/main/SECURITY.md).) The Everest variant is only used when `MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED` configuration option is defined. This option is off by default. + +#### Formatting of X.509 certificates and certificate signing requests + +When parsing X.509 certificates and certificate signing requests (CSRs), +Mbed TLS does not check that they are strictly compliant with X.509 and other +relevant standards. In the case of signed certificates, the signing party is +assumed to have performed this validation (and the certificate is trusted to +be correctly formatted as long as the signature is correct). +Similarly, CSRs are implicitly trusted by Mbed TLS to be standards-compliant. + +**Warning!** Mbed TLS must not be used to sign untrusted CSRs unless extra +validation is performed separately to ensure that they are compliant to the +relevant specifications. This makes Mbed TLS on its own unsuitable use in a +Certificate Authority (CA). From fe2d3e01294ee33daaaf6879fa3f8bf10af147f9 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 22 Jan 2025 14:48:58 +0000 Subject: [PATCH 002/126] Add paragraph on undefined behaviour Add a note that we do aim to protect against undefined behaviour and undefined behaviour in certificate parsing is in scope. Signed-off-by: David Horstmann --- SECURITY.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 3fab611e5c..6b2ff94e7b 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -158,3 +158,8 @@ Similarly, CSRs are implicitly trusted by Mbed TLS to be standards-compliant. validation is performed separately to ensure that they are compliant to the relevant specifications. This makes Mbed TLS on its own unsuitable use in a Certificate Authority (CA). + +However, Mbed TLS aims to protect against memory corruption and other +undefined behavior when parsing certificates and CSRs. If a CSR or signed +certificate causes undefined behavior when it is parsed by Mbed TLS, that +is considered a security vulnerability. From 910273c56353655a39342ea2fbd45230f867d5a7 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 23 Jan 2025 10:28:06 +0000 Subject: [PATCH 003/126] Fix missing-word typo Signed-off-by: David Horstmann --- SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 6b2ff94e7b..0af1903355 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -156,8 +156,8 @@ Similarly, CSRs are implicitly trusted by Mbed TLS to be standards-compliant. **Warning!** Mbed TLS must not be used to sign untrusted CSRs unless extra validation is performed separately to ensure that they are compliant to the -relevant specifications. This makes Mbed TLS on its own unsuitable use in a -Certificate Authority (CA). +relevant specifications. This makes Mbed TLS on its own unsuitable for use in +a Certificate Authority (CA). However, Mbed TLS aims to protect against memory corruption and other undefined behavior when parsing certificates and CSRs. If a CSR or signed From 0c6eb5d6e950889dd11cba9d241921994023858e Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 11:43:55 +0000 Subject: [PATCH 004/126] Move programs out of Mbed TLS This commit moves demo_common.sh, dlopen_demo.sh, metatest.c query_compile_time_config.c, query_config.h, query_included_headers.c, zeroize.c and test_zeroize.gdb from MbedTLS into the MbedTLS framework. Signed-off-by: Harry Ramsey --- programs/demo_common.sh | 137 ------ programs/test/dlopen_demo.sh | 42 -- programs/test/metatest.c | 484 ---------------------- programs/test/query_compile_time_config.c | 66 --- programs/test/query_config.h | 34 -- programs/test/query_included_headers.c | 29 -- programs/test/zeroize.c | 72 ---- tests/scripts/test_zeroize.gdb | 64 --- 8 files changed, 928 deletions(-) delete mode 100644 programs/demo_common.sh delete mode 100755 programs/test/dlopen_demo.sh delete mode 100644 programs/test/metatest.c delete mode 100644 programs/test/query_compile_time_config.c delete mode 100644 programs/test/query_config.h delete mode 100644 programs/test/query_included_headers.c delete mode 100644 programs/test/zeroize.c delete mode 100644 tests/scripts/test_zeroize.gdb diff --git a/programs/demo_common.sh b/programs/demo_common.sh deleted file mode 100644 index d8fcda5544..0000000000 --- a/programs/demo_common.sh +++ /dev/null @@ -1,137 +0,0 @@ -## Common shell functions used by demo scripts programs/*/*.sh. - -## How to write a demo script -## ========================== -## -## Include this file near the top of each demo script: -## . "${0%/*}/../demo_common.sh" -## -## Start with a "msg" call that explains the purpose of the script. -## Then call the "depends_on" function to ensure that all config -## dependencies are met. -## -## As the last thing in the script, call the cleanup function. -## -## You can use the functions and variables described below. - -set -e -u - -## $root_dir is the root directory of the Mbed TLS source tree. -root_dir="${0%/*}" -# Find a nice path to the root directory, avoiding unnecessary "../". -# The code supports demo scripts nested up to 4 levels deep. -# The code works no matter where the demo script is relative to the current -# directory, even if it is called with a relative path. -n=4 # limit the search depth -while ! [ -d "$root_dir/programs" ] || ! [ -d "$root_dir/library" ]; do - if [ $n -eq 0 ]; then - echo >&2 "This doesn't seem to be an Mbed TLS source tree." - exit 125 - fi - n=$((n - 1)) - case $root_dir in - .) root_dir="..";; - ..|?*/..) root_dir="$root_dir/..";; - ?*/*) root_dir="${root_dir%/*}";; - /*) root_dir="/";; - *) root_dir=".";; - esac -done - -## $programs_dir is the directory containing the sample programs. -# Assume an in-tree build. -programs_dir="$root_dir/programs" - -## msg LINE... -## msg &2 < -#include -#include -#include "test/helpers.h" -#include "test/threading_helpers.h" -#include "test/macros.h" -#include "test/memory.h" -#include "common.h" - -#include -#include - -#if defined(MBEDTLS_THREADING_C) -#include -#endif - - -/* This is an external variable, so the compiler doesn't know that we're never - * changing its value. - */ -volatile int false_but_the_compiler_does_not_know = 0; - -/* Hide calls to calloc/free from static checkers such as - * `gcc-12 -Wuse-after-free`, to avoid compile-time complaints about - * code where we do mean to cause a runtime error. */ -void * (* volatile calloc_but_the_compiler_does_not_know)(size_t, size_t) = mbedtls_calloc; -void(*volatile free_but_the_compiler_does_not_know)(void *) = mbedtls_free; - -/* Set n bytes at the address p to all-bits-zero, in such a way that - * the compiler should not know that p is all-bits-zero. */ -static void set_to_zero_but_the_compiler_does_not_know(volatile void *p, size_t n) -{ - memset((void *) p, false_but_the_compiler_does_not_know, n); -} - -/* Simulate an access to the given object, to avoid compiler optimizations - * in code that prepares or consumes the object. */ -static void do_nothing_with_object(void *p) -{ - (void) p; -} -void(*volatile do_nothing_with_object_but_the_compiler_does_not_know)(void *) = - do_nothing_with_object; - - -/****************************************************************/ -/* Test framework features */ -/****************************************************************/ - -static void meta_test_fail(const char *name) -{ - (void) name; - mbedtls_test_fail("Forced test failure", __LINE__, __FILE__); -} - -static void meta_test_not_equal(const char *name) -{ - int left = 20; - int right = 10; - - (void) name; - - TEST_EQUAL(left, right); -exit: - ; -} - -static void meta_test_not_le_s(const char *name) -{ - int left = 20; - int right = 10; - - (void) name; - - TEST_LE_S(left, right); -exit: - ; -} - -static void meta_test_not_le_u(const char *name) -{ - size_t left = 20; - size_t right = 10; - - (void) name; - - TEST_LE_U(left, right); -exit: - ; -} - -/****************************************************************/ -/* Platform features */ -/****************************************************************/ - -static void null_pointer_dereference(const char *name) -{ - (void) name; - volatile char *volatile p; - set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p)); - /* Undefined behavior (read from null data pointer) */ - mbedtls_printf("%p -> %u\n", (void *) p, (unsigned) *p); -} - -static void null_pointer_call(const char *name) -{ - (void) name; - unsigned(*volatile p)(void); - set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p)); - /* Undefined behavior (execute null function pointer) */ - /* The pointer representation may be truncated, but we don't care: - * the only point of printing it is to have some use of the pointer - * to dissuade the compiler from optimizing it away. */ - mbedtls_printf("%lx() -> %u\n", (unsigned long) (uintptr_t) p, p()); -} - - -/****************************************************************/ -/* Memory */ -/****************************************************************/ - -static void read_after_free(const char *name) -{ - (void) name; - volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); - *p = 'a'; - free_but_the_compiler_does_not_know((void *) p); - /* Undefined behavior (read after free) */ - mbedtls_printf("%u\n", (unsigned) *p); -} - -static void double_free(const char *name) -{ - (void) name; - volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); - *p = 'a'; - free_but_the_compiler_does_not_know((void *) p); - /* Undefined behavior (double free) */ - free_but_the_compiler_does_not_know((void *) p); -} - -static void read_uninitialized_stack(const char *name) -{ - (void) name; - char buf[1]; - if (false_but_the_compiler_does_not_know) { - buf[0] = '!'; - } - char *volatile p = buf; - if (*p != 0) { - /* Unspecified result (read from uninitialized memory) */ - mbedtls_printf("%u\n", (unsigned) *p); - } -} - -static void memory_leak(const char *name) -{ - (void) name; - volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); - mbedtls_printf("%u\n", (unsigned) *p); - /* Leak of a heap object */ -} - -/* name = "test_memory_poison_%(start)_%(offset)_%(count)_%(direction)" - * Poison a region starting at start from an 8-byte aligned origin, - * encompassing count bytes. Access the region at offset from the start. - * %(start), %(offset) and %(count) are decimal integers. - * %(direction) is either the character 'r' for read or 'w' for write. - */ -static void test_memory_poison(const char *name) -{ - size_t start = 0, offset = 0, count = 0; - char direction = 'r'; - if (sscanf(name, - "%*[^0-9]%" MBEDTLS_PRINTF_SIZET - "%*[^0-9]%" MBEDTLS_PRINTF_SIZET - "%*[^0-9]%" MBEDTLS_PRINTF_SIZET - "_%c", - &start, &offset, &count, &direction) != 4) { - mbedtls_fprintf(stderr, "%s: Bad name format: %s\n", __func__, name); - return; - } - - union { - long long ll; - unsigned char buf[32]; - } aligned; - memset(aligned.buf, 'a', sizeof(aligned.buf)); - - if (start > sizeof(aligned.buf)) { - mbedtls_fprintf(stderr, - "%s: start=%" MBEDTLS_PRINTF_SIZET - " > size=%" MBEDTLS_PRINTF_SIZET, - __func__, start, sizeof(aligned.buf)); - return; - } - if (start + count > sizeof(aligned.buf)) { - mbedtls_fprintf(stderr, - "%s: start+count=%" MBEDTLS_PRINTF_SIZET - " > size=%" MBEDTLS_PRINTF_SIZET, - __func__, start + count, sizeof(aligned.buf)); - return; - } - if (offset >= count) { - mbedtls_fprintf(stderr, - "%s: offset=%" MBEDTLS_PRINTF_SIZET - " >= count=%" MBEDTLS_PRINTF_SIZET, - __func__, offset, count); - return; - } - - MBEDTLS_TEST_MEMORY_POISON(aligned.buf + start, count); - - if (direction == 'w') { - aligned.buf[start + offset] = 'b'; - do_nothing_with_object_but_the_compiler_does_not_know(aligned.buf); - } else { - do_nothing_with_object_but_the_compiler_does_not_know(aligned.buf); - mbedtls_printf("%u\n", (unsigned) aligned.buf[start + offset]); - } -} - - -/****************************************************************/ -/* Threading */ -/****************************************************************/ - -static void mutex_lock_not_initialized(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - memset(&mutex, 0, sizeof(mutex)); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - TEST_ASSERT(mbedtls_mutex_lock(&mutex) == 0); -exit: - ; -#endif -} - -static void mutex_unlock_not_initialized(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - memset(&mutex, 0, sizeof(mutex)); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - TEST_ASSERT(mbedtls_mutex_unlock(&mutex) == 0); -exit: - ; -#endif -} - -static void mutex_free_not_initialized(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - memset(&mutex, 0, sizeof(mutex)); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - mbedtls_mutex_free(&mutex); -#endif -} - -static void mutex_double_init(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - mbedtls_mutex_init(&mutex); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - mbedtls_mutex_init(&mutex); - mbedtls_mutex_free(&mutex); -#endif -} - -static void mutex_double_free(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - mbedtls_mutex_init(&mutex); - mbedtls_mutex_free(&mutex); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - mbedtls_mutex_free(&mutex); -#endif -} - -static void mutex_leak(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - mbedtls_mutex_init(&mutex); -#endif - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ -} - - -/****************************************************************/ -/* Command line entry point */ -/****************************************************************/ - -typedef struct { - /** Command line argument that will trigger that metatest. - * - * Conventionally matches "[a-z0-9_]+". */ - const char *name; - - /** Platform under which that metatest is valid. - * - * - "any": should work anywhere. - * - "asan": triggers ASan (Address Sanitizer). - * - "msan": triggers MSan (Memory Sanitizer). - * - "pthread": requires MBEDTLS_THREADING_PTHREAD and MBEDTLS_TEST_HOOKS, - * which enables MBEDTLS_TEST_MUTEX_USAGE internally in the test - * framework (see framework/tests/src/threading_helpers.c). - */ - const char *platform; - - /** Function that performs the metatest. - * - * The function receives the name as an argument. This allows using the - * same function to perform multiple variants of a test based on the name. - * - * When executed on a conforming platform, the function is expected to - * either cause a test failure (mbedtls_test_fail()), or cause the - * program to abort in some way (e.g. by causing a segfault or by - * triggering a sanitizer). - * - * When executed on a non-conforming platform, the function may return - * normally or may have unpredictable behavior. - */ - void (*entry_point)(const char *name); -} metatest_t; - -/* The list of available meta-tests. Remember to register new functions here! - * - * Note that we always compile all the functions, so that `metatest --list` - * will always list all the available meta-tests. - * - * See the documentation of metatest_t::platform for the meaning of - * platform values. - */ -metatest_t metatests[] = { - { "test_fail", "any", meta_test_fail }, - { "test_not_equal", "any", meta_test_not_equal }, - { "test_not_le_s", "any", meta_test_not_le_s }, - { "test_not_le_u", "any", meta_test_not_le_u }, - { "null_dereference", "any", null_pointer_dereference }, - { "null_call", "any", null_pointer_call }, - { "read_after_free", "asan", read_after_free }, - { "double_free", "asan", double_free }, - { "read_uninitialized_stack", "msan", read_uninitialized_stack }, - { "memory_leak", "asan", memory_leak }, - { "test_memory_poison_0_0_8_r", "poison", test_memory_poison }, - { "test_memory_poison_0_0_8_w", "poison", test_memory_poison }, - { "test_memory_poison_0_7_8_r", "poison", test_memory_poison }, - { "test_memory_poison_0_7_8_w", "poison", test_memory_poison }, - { "test_memory_poison_0_0_1_r", "poison", test_memory_poison }, - { "test_memory_poison_0_0_1_w", "poison", test_memory_poison }, - { "test_memory_poison_0_1_2_r", "poison", test_memory_poison }, - { "test_memory_poison_0_1_2_w", "poison", test_memory_poison }, - { "test_memory_poison_7_0_8_r", "poison", test_memory_poison }, - { "test_memory_poison_7_0_8_w", "poison", test_memory_poison }, - { "test_memory_poison_7_7_8_r", "poison", test_memory_poison }, - { "test_memory_poison_7_7_8_w", "poison", test_memory_poison }, - { "test_memory_poison_7_0_1_r", "poison", test_memory_poison }, - { "test_memory_poison_7_0_1_w", "poison", test_memory_poison }, - { "test_memory_poison_7_1_2_r", "poison", test_memory_poison }, - { "test_memory_poison_7_1_2_w", "poison", test_memory_poison }, - { "mutex_lock_not_initialized", "pthread", mutex_lock_not_initialized }, - { "mutex_unlock_not_initialized", "pthread", mutex_unlock_not_initialized }, - { "mutex_free_not_initialized", "pthread", mutex_free_not_initialized }, - { "mutex_double_init", "pthread", mutex_double_init }, - { "mutex_double_free", "pthread", mutex_double_free }, - { "mutex_leak", "pthread", mutex_leak }, - { NULL, NULL, NULL } -}; - -static void help(FILE *out, const char *argv0) -{ - mbedtls_fprintf(out, "Usage: %s list|TEST\n", argv0); - mbedtls_fprintf(out, "Run a meta-test that should cause a test failure.\n"); - mbedtls_fprintf(out, "With 'list', list the available tests and their platform requirement.\n"); -} - -int main(int argc, char *argv[]) -{ - const char *argv0 = argc > 0 ? argv[0] : "metatest"; - if (argc != 2) { - help(stderr, argv0); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - /* Support "-help", "--help", "--list", etc. */ - const char *command = argv[1]; - while (*command == '-') { - ++command; - } - - if (strcmp(argv[1], "help") == 0) { - help(stdout, argv0); - mbedtls_exit(MBEDTLS_EXIT_SUCCESS); - } - if (strcmp(argv[1], "list") == 0) { - for (const metatest_t *p = metatests; p->name != NULL; p++) { - mbedtls_printf("%s %s\n", p->name, p->platform); - } - mbedtls_exit(MBEDTLS_EXIT_SUCCESS); - } - -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - mbedtls_test_mutex_usage_init(); -#endif - - for (const metatest_t *p = metatests; p->name != NULL; p++) { - if (strcmp(argv[1], p->name) == 0) { - mbedtls_printf("Running metatest %s...\n", argv[1]); - p->entry_point(argv[1]); -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - mbedtls_test_mutex_usage_check(); -#endif - int result = (int) mbedtls_test_get_result(); - - mbedtls_printf("Running metatest %s... done, result=%d\n", - argv[1], result); - mbedtls_exit(result == MBEDTLS_TEST_RESULT_SUCCESS ? - MBEDTLS_EXIT_SUCCESS : - MBEDTLS_EXIT_FAILURE); - } - } - - mbedtls_fprintf(stderr, "%s: FATAL: No such metatest: %s\n", - argv0, command); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); -} diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c deleted file mode 100644 index a70e6daef3..0000000000 --- a/programs/test/query_compile_time_config.c +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Query the Mbed TLS compile time configuration - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#define USAGE \ - "usage: %s [ -all | -any | -l ] ...\n\n" \ - "This program takes command line arguments which correspond to\n" \ - "the string representation of Mbed TLS compile time configurations.\n\n" \ - "If \"--all\" and \"--any\" are not used, then, if all given arguments\n" \ - "are defined in the Mbed TLS build, 0 is returned; otherwise 1 is\n" \ - "returned. Macro expansions of configurations will be printed (if any).\n" \ - "-l\tPrint all available configuration.\n" \ - "-all\tReturn 0 if all configurations are defined. Otherwise, return 1\n" \ - "-any\tReturn 0 if any configuration is defined. Otherwise, return 1\n" \ - "-h\tPrint this usage\n" - -#include -#include "query_config.h" - -int main(int argc, char *argv[]) -{ - int i; - - if (argc < 2 || strcmp(argv[1], "-h") == 0) { - mbedtls_printf(USAGE, argv[0]); - return MBEDTLS_EXIT_FAILURE; - } - - if (strcmp(argv[1], "-l") == 0) { - list_config(); - return 0; - } - - if (strcmp(argv[1], "-all") == 0) { - for (i = 2; i < argc; i++) { - if (query_config(argv[i]) != 0) { - return 1; - } - } - return 0; - } - - if (strcmp(argv[1], "-any") == 0) { - for (i = 2; i < argc; i++) { - if (query_config(argv[i]) == 0) { - return 0; - } - } - return 1; - } - - for (i = 1; i < argc; i++) { - if (query_config(argv[i]) != 0) { - return 1; - } - } - - return 0; -} diff --git a/programs/test/query_config.h b/programs/test/query_config.h deleted file mode 100644 index 43f120bf01..0000000000 --- a/programs/test/query_config.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Query Mbed TLS compile time configurations from mbedtls_config.h - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H -#define MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H - -#include "mbedtls/build_info.h" - -/** Check whether a given configuration symbol is enabled. - * - * \param config The symbol to query (e.g. "MBEDTLS_RSA_C"). - * \return \c 0 if the symbol was defined at compile time - * (in MBEDTLS_CONFIG_FILE or mbedtls_config.h), - * \c 1 otherwise. - * - * \note This function is defined in `programs/test/query_config.c` - * which is automatically generated by - * `scripts/generate_query_config.pl`. - */ -int query_config(const char *config); - -/** List all enabled configuration symbols - * - * \note This function is defined in `programs/test/query_config.c` - * which is automatically generated by - * `scripts/generate_query_config.pl`. - */ -void list_config(void); - -#endif /* MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H */ diff --git a/programs/test/query_included_headers.c b/programs/test/query_included_headers.c deleted file mode 100644 index cdafa16204..0000000000 --- a/programs/test/query_included_headers.c +++ /dev/null @@ -1,29 +0,0 @@ -/* Ad hoc report on included headers. */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -int main(void) -{ - - /* Which PSA platform header? */ -#if defined(PSA_CRYPTO_PLATFORM_H) - mbedtls_printf("PSA_CRYPTO_PLATFORM_H\n"); -#endif -#if defined(PSA_CRYPTO_PLATFORM_ALT_H) - mbedtls_printf("PSA_CRYPTO_PLATFORM_ALT_H\n"); -#endif - - /* Which PSA struct header? */ -#if defined(PSA_CRYPTO_STRUCT_H) - mbedtls_printf("PSA_CRYPTO_STRUCT_H\n"); -#endif -#if defined(PSA_CRYPTO_STRUCT_ALT_H) - mbedtls_printf("PSA_CRYPTO_STRUCT_ALT_H\n"); -#endif - -} diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c deleted file mode 100644 index c1cee0d840..0000000000 --- a/programs/test/zeroize.c +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Zeroize application for debugger-driven testing - * - * This is a simple test application used for debugger-driven testing to check - * whether calls to mbedtls_platform_zeroize() are being eliminated by compiler - * optimizations. This application is used by the GDB script at - * tests/scripts/test_zeroize.gdb: the script sets a breakpoint at the last - * return statement in the main() function of this program. The debugger - * facilities are then used to manually inspect the memory and verify that the - * call to mbedtls_platform_zeroize() was not eliminated. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include - -#include "mbedtls/platform.h" - -#include "mbedtls/platform_util.h" - -#define BUFFER_LEN 1024 - -static void usage(void) -{ - mbedtls_printf("Zeroize is a simple program to assist with testing\n"); - mbedtls_printf("the mbedtls_platform_zeroize() function by using the\n"); - mbedtls_printf("debugger. This program takes a file as input and\n"); - mbedtls_printf("prints the first %d characters. Usage:\n\n", BUFFER_LEN); - mbedtls_printf(" zeroize \n"); -} - -int main(int argc, char **argv) -{ - int exit_code = MBEDTLS_EXIT_FAILURE; - FILE *fp; - char buf[BUFFER_LEN]; - char *p = buf; - char *end = p + BUFFER_LEN; - int c; - - if (argc != 2) { - mbedtls_printf("This program takes exactly 1 argument\n"); - usage(); - mbedtls_exit(exit_code); - } - - fp = fopen(argv[1], "r"); - if (fp == NULL) { - mbedtls_printf("Could not open file '%s'\n", argv[1]); - mbedtls_exit(exit_code); - } - - while ((c = fgetc(fp)) != EOF && p < end - 1) { - *p++ = (char) c; - } - *p = '\0'; - - if (p - buf != 0) { - mbedtls_printf("%s\n", buf); - exit_code = MBEDTLS_EXIT_SUCCESS; - } else { - mbedtls_printf("The file is empty!\n"); - } - - fclose(fp); - mbedtls_platform_zeroize(buf, sizeof(buf)); - - mbedtls_exit(exit_code); // GDB_BREAK_HERE -- don't remove this comment! -} diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb deleted file mode 100644 index 57f771f56a..0000000000 --- a/tests/scripts/test_zeroize.gdb +++ /dev/null @@ -1,64 +0,0 @@ -# test_zeroize.gdb -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Run a test using the debugger to check that the mbedtls_platform_zeroize() -# function in platform_util.h is not being optimized out by the compiler. To do -# so, the script loads the test program at programs/test/zeroize.c and sets a -# breakpoint at the last return statement in main(). When the breakpoint is -# hit, the debugger manually checks the contents to be zeroized and checks that -# it is actually cleared. -# -# The mbedtls_platform_zeroize() test is debugger driven because there does not -# seem to be a mechanism to reliably check whether the zeroize calls are being -# eliminated by compiler optimizations from within the compiled program. The -# problem is that a compiler would typically remove what it considers to be -# "unnecessary" assignments as part of redundant code elimination. To identify -# such code, the compilar will create some form dependency graph between -# reads and writes to variables (among other situations). It will then use this -# data structure to remove redundant code that does not have an impact on the -# program's observable behavior. In the case of mbedtls_platform_zeroize(), an -# intelligent compiler could determine that this function clears a block of -# memory that is not accessed later in the program, so removing the call to -# mbedtls_platform_zeroize() does not have an observable behavior. However, -# inserting a test after a call to mbedtls_platform_zeroize() to check whether -# the block of memory was correctly zeroed would force the compiler to not -# eliminate the mbedtls_platform_zeroize() call. If this does not occur, then -# the compiler potentially has a bug. -# -# Note: This test requires that the test program is compiled with -g3. - -set confirm off - -file ./programs/test/zeroize - -search GDB_BREAK_HERE -break $_ - -set args ./programs/test/zeroize.c -run - -set $i = 0 -set $len = sizeof(buf) -set $buf = buf - -while $i < $len - if $buf[$i++] != 0 - echo The buffer at was not zeroized\n - quit 1 - end -end - -echo The buffer was correctly zeroized\n - -continue - -if $_exitcode != 0 - echo The program did not terminate correctly\n - quit 1 -end - -quit 0 From 3fc5a4dc86cfd43278d1891cb3d178e14c6254d2 Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Sun, 10 Mar 2024 02:11:03 +0000 Subject: [PATCH 005/126] Defragment incoming TLS handshake messages Signed-off-by: Deomid rojer Ryabkov --- ChangeLog.d/tls-hs-defrag-in.txt | 2 + include/mbedtls/ssl.h | 2 + library/ssl_misc.h | 8 ++- library/ssl_msg.c | 99 ++++++++++++++++++++++++++++---- library/ssl_tls.c | 17 +++++- 5 files changed, 113 insertions(+), 15 deletions(-) create mode 100644 ChangeLog.d/tls-hs-defrag-in.txt diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt new file mode 100644 index 0000000000..8c57200119 --- /dev/null +++ b/ChangeLog.d/tls-hs-defrag-in.txt @@ -0,0 +1,2 @@ +Change + * Defragment incoming TLS handshake messages. diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 42fffbf860..26ea791208 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1817,6 +1817,8 @@ struct mbedtls_ssl_context { size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length, including the handshake header */ + unsigned char *MBEDTLS_PRIVATE(in_hshdr); /*!< original handshake header start */ + size_t MBEDTLS_PRIVATE(in_hsfraglen); /*!< accumulated hs fragments length */ int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */ int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 7495ae3bec..89947e9575 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1830,7 +1830,13 @@ void mbedtls_ssl_set_timer(mbedtls_ssl_context *ssl, uint32_t millisecs); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl); -void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl); +void mbedtls_ssl_reset_in_pointers(mbedtls_ssl_context *ssl); +void mbedtls_ssl_reset_out_pointers(mbedtls_ssl_context *ssl); +static inline void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl) +{ + mbedtls_ssl_reset_in_pointers(ssl); + mbedtls_ssl_reset_out_pointers(ssl); +} void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform); void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl); diff --git a/library/ssl_msg.c b/library/ssl_msg.c index dcda1d3f21..99b60f382e 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3226,7 +3226,11 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INVALID_RECORD; } - ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl); + if (ssl->in_hslen == 0) { + ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl); + ssl->in_hsfraglen = 0; + ssl->in_hshdr = ssl->in_hdr; + } MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen =" " %" MBEDTLS_PRINTF_SIZET ", type = %u, hslen = %" @@ -3292,10 +3296,59 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) } } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - /* With TLS we don't handle fragmentation (for now) */ - if (ssl->in_msglen < ssl->in_hslen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("TLS handshake fragmentation not supported")); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + { + int ret; + const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; + const size_t msg_hslen = (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen); + + MBEDTLS_SSL_DEBUG_MSG(3, + ("handshake fragment: %" MBEDTLS_PRINTF_SIZET " .. %" + MBEDTLS_PRINTF_SIZET " of %" + MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET, + ssl->in_hsfraglen, ssl->in_hsfraglen + msg_hslen, + ssl->in_hslen, ssl->in_msglen)); + (void) msg_hslen; + if (ssl->in_msglen < hs_remain) { + ssl->in_hsfraglen += ssl->in_msglen; + ssl->in_hdr = ssl->in_msg + ssl->in_msglen; + ssl->in_msglen = 0; + mbedtls_ssl_update_in_pointers(ssl); + return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; + } + if (ssl->in_hshdr != ssl->in_hdr) { + /* + * At ssl->in_hshdr we have a sequence of records that cover the next handshake + * record, each with its own record header that we need to remove. + * Note that the reassembled record size may not equal the size of the message, + * there maybe bytes from the next message following it. + */ + size_t merged_rec_len = 0; + unsigned char *p = ssl->in_hshdr, *q = NULL; + do { + mbedtls_record rec; + ret = ssl_parse_record_header(ssl, p, mbedtls_ssl_in_hdr_len(ssl), &rec); + if (ret != 0) { + return ret; + } + merged_rec_len += rec.data_len; + p = rec.buf + rec.buf_len; + if (q != NULL) { + memmove(q, rec.buf + rec.data_offset, rec.data_len); + q += rec.data_len; + } else { + q = p; + } + } while (merged_rec_len < ssl->in_hslen); + ssl->in_hdr = ssl->in_hshdr; + mbedtls_ssl_update_in_pointers(ssl); + ssl->in_msglen = merged_rec_len; + /* Adjust message length. */ + MBEDTLS_PUT_UINT16_BE(merged_rec_len, ssl->in_len, 0); + ssl->in_hsfraglen = 0; + ssl->in_hshdr = NULL; + MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record", + ssl->in_hdr, mbedtls_ssl_in_hdr_len(ssl) + merged_rec_len); + } } return 0; @@ -4640,6 +4693,16 @@ static int ssl_consume_current_message(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } + if (ssl->in_hsfraglen != 0) { + /* Not all handshake fragments have arrived, do not consume. */ + MBEDTLS_SSL_DEBUG_MSG(3, + ("waiting for more fragments (%" MBEDTLS_PRINTF_SIZET " of %" + MBEDTLS_PRINTF_SIZET ", %" MBEDTLS_PRINTF_SIZET " left)", + ssl->in_hsfraglen, ssl->in_hslen, + ssl->in_hslen - ssl->in_hsfraglen)); + return 0; + } + /* * Get next Handshake message in the current record */ @@ -4665,6 +4728,7 @@ static int ssl_consume_current_message(mbedtls_ssl_context *ssl) ssl->in_msglen -= ssl->in_hslen; memmove(ssl->in_msg, ssl->in_msg + ssl->in_hslen, ssl->in_msglen); + MBEDTLS_PUT_UINT16_BE(ssl->in_msglen, ssl->in_len, 0); MBEDTLS_SSL_DEBUG_BUF(4, "remaining content in record", ssl->in_msg, ssl->in_msglen); @@ -5339,7 +5403,7 @@ void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl) } else #endif { - ssl->in_ctr = ssl->in_hdr - MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; + ssl->in_ctr = ssl->in_buf; ssl->in_len = ssl->in_hdr + 3; #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ssl->in_cid = ssl->in_len; @@ -5355,24 +5419,35 @@ void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl) * Setup an SSL context */ -void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl) +void mbedtls_ssl_reset_in_pointers(mbedtls_ssl_context *ssl) +{ +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + ssl->in_hdr = ssl->in_buf; + } else +#endif + { + ssl->in_hdr = ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; + } + + /* Derive other internal pointers. */ + mbedtls_ssl_update_in_pointers(ssl); +} + +void mbedtls_ssl_reset_out_pointers(mbedtls_ssl_context *ssl) { /* Set the incoming and outgoing record pointers. */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ssl->out_hdr = ssl->out_buf; - ssl->in_hdr = ssl->in_buf; } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ { ssl->out_ctr = ssl->out_buf; - ssl->out_hdr = ssl->out_buf + 8; - ssl->in_hdr = ssl->in_buf + 8; + ssl->out_hdr = ssl->out_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; } - /* Derive other internal pointers. */ mbedtls_ssl_update_out_pointers(ssl, NULL /* no transform enabled */); - mbedtls_ssl_update_in_pointers(ssl); } /* diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c773365bf6..4bb170b15e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -344,12 +344,17 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing, size_t out_buf_new_len) { int modified = 0; - size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0; + size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0, hdr_in = 0; size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0; + size_t hshdr_in = 0; if (ssl->in_buf != NULL) { written_in = ssl->in_msg - ssl->in_buf; iv_offset_in = ssl->in_iv - ssl->in_buf; len_offset_in = ssl->in_len - ssl->in_buf; + hdr_in = ssl->in_hdr - ssl->in_buf; + if (ssl->in_hshdr != NULL) { + hshdr_in = ssl->in_hshdr - ssl->in_buf; + } if (downsizing ? ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len : ssl->in_buf_len < in_buf_new_len) { @@ -381,7 +386,10 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing, } if (modified) { /* Update pointers here to avoid doing it twice. */ - mbedtls_ssl_reset_in_out_pointers(ssl); + ssl->in_hdr = ssl->in_buf + hdr_in; + mbedtls_ssl_update_in_pointers(ssl); + mbedtls_ssl_reset_out_pointers(ssl); + /* Fields below might not be properly updated with record * splitting or with CID, so they are manually updated here. */ ssl->out_msg = ssl->out_buf + written_out; @@ -391,6 +399,9 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing, ssl->in_msg = ssl->in_buf + written_in; ssl->in_len = ssl->in_buf + len_offset_in; ssl->in_iv = ssl->in_buf + iv_offset_in; + if (ssl->in_hshdr != NULL) { + ssl->in_hshdr = ssl->in_buf + hshdr_in; + } } } #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ @@ -1484,6 +1495,8 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl, ssl->in_hslen = 0; ssl->keep_current_message = 0; ssl->transform_in = NULL; + ssl->in_hshdr = NULL; + ssl->in_hsfraglen = 0; #if defined(MBEDTLS_SSL_PROTO_DTLS) ssl->next_record_offset = 0; From db2da526ff6ae3e05619d975e6b8af78f5b12336 Mon Sep 17 00:00:00 2001 From: Deomid Ryabkov Date: Wed, 15 Jan 2025 19:26:47 +0000 Subject: [PATCH 006/126] Update ChangeLog.d/tls-hs-defrag-in.txt Co-authored-by: minosgalanakis <30719586+minosgalanakis@users.noreply.github.com> Signed-off-by: Deomid Ryabkov --- ChangeLog.d/tls-hs-defrag-in.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt index 8c57200119..3555a789d8 100644 --- a/ChangeLog.d/tls-hs-defrag-in.txt +++ b/ChangeLog.d/tls-hs-defrag-in.txt @@ -1,2 +1,2 @@ -Change +Changes * Defragment incoming TLS handshake messages. From 1f4088ceda88bcf411b04982efeeb2df634dc848 Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Sat, 18 Jan 2025 15:58:57 +0200 Subject: [PATCH 007/126] Review comments Signed-off-by: Deomid rojer Ryabkov --- library/ssl_msg.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 99b60f382e..50dda51cad 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3299,15 +3299,14 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) { int ret; const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; - const size_t msg_hslen = (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen); - MBEDTLS_SSL_DEBUG_MSG(3, ("handshake fragment: %" MBEDTLS_PRINTF_SIZET " .. %" MBEDTLS_PRINTF_SIZET " of %" MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET, - ssl->in_hsfraglen, ssl->in_hsfraglen + msg_hslen, + ssl->in_hsfraglen, + ssl->in_hsfraglen + + (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen), ssl->in_hslen, ssl->in_msglen)); - (void) msg_hslen; if (ssl->in_msglen < hs_remain) { ssl->in_hsfraglen += ssl->in_msglen; ssl->in_hdr = ssl->in_msg + ssl->in_msglen; @@ -5425,7 +5424,7 @@ void mbedtls_ssl_reset_in_pointers(mbedtls_ssl_context *ssl) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ssl->in_hdr = ssl->in_buf; } else -#endif +#endif /* MBEDTLS_SSL_PROTO_DTLS */ { ssl->in_hdr = ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; } From 96e2290e3d7e1a8a502163fed190971021570780 Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Sun, 26 Jan 2025 10:43:42 +0200 Subject: [PATCH 008/126] Remove mbedtls_ssl_reset_in_out_pointers Signed-off-by: Deomid rojer Ryabkov --- library/ssl_misc.h | 7 +------ library/ssl_tls.c | 6 ++++-- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 89947e9575..348c3197dd 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1831,15 +1831,10 @@ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl); void mbedtls_ssl_reset_in_pointers(mbedtls_ssl_context *ssl); +void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl); void mbedtls_ssl_reset_out_pointers(mbedtls_ssl_context *ssl); -static inline void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_reset_in_pointers(ssl); - mbedtls_ssl_reset_out_pointers(ssl); -} void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform); -void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4bb170b15e..f7554d202d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1420,7 +1420,8 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, goto error; } - mbedtls_ssl_reset_in_out_pointers(ssl); + mbedtls_ssl_reset_in_pointers(ssl); + mbedtls_ssl_reset_out_pointers(ssl); #if defined(MBEDTLS_SSL_DTLS_SRTP) memset(&ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info)); @@ -1485,7 +1486,8 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl, /* Cancel any possibly running timer */ mbedtls_ssl_set_timer(ssl, 0); - mbedtls_ssl_reset_in_out_pointers(ssl); + mbedtls_ssl_reset_in_pointers(ssl); + mbedtls_ssl_reset_out_pointers(ssl); /* Reset incoming message parsing */ ssl->in_offt = NULL; From 5c853ea2c557c8b68c8ae75ea068ff8073b1185e Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Sun, 26 Jan 2025 11:10:54 +0200 Subject: [PATCH 009/126] Allow fragments less HS msg header size (4 bytes) Except the first Signed-off-by: Deomid rojer Ryabkov --- library/ssl_msg.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 50dda51cad..83920f6327 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3220,7 +3220,8 @@ static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl) int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) { - if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl)) { + /* First handshake fragment must at least include the header. */ + if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl) && ssl->in_hslen == 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET, ssl->in_msglen)); return MBEDTLS_ERR_SSL_INVALID_RECORD; From 85ec2b36326cdefdbc11bd57c002c70fd9fe1d70 Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Mon, 27 Jan 2025 22:37:37 +0400 Subject: [PATCH 010/126] Add a safety check for in_hsfraglen Signed-off-by: Deomid rojer Ryabkov --- library/ssl_msg.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 83920f6327..fcab63eef5 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3298,6 +3298,9 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ { + if (ssl->in_hsfraglen > ssl->in_hslen) { + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + } int ret; const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; MBEDTLS_SSL_DEBUG_MSG(3, From bbe8745d193e2daa60d0c350e335f7ea7d289050 Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Thu, 13 Feb 2025 13:41:51 +0300 Subject: [PATCH 011/126] Remove in_hshdr The first fragment of a fragmented handshake message always starts at the beginning of the buffer so there's no need to store it. Signed-off-by: Deomid rojer Ryabkov --- include/mbedtls/ssl.h | 4 ++-- library/ssl_msg.c | 20 +++++++++----------- library/ssl_tls.c | 10 +--------- 3 files changed, 12 insertions(+), 22 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 26ea791208..8f7bb1feb9 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1817,8 +1817,8 @@ struct mbedtls_ssl_context { size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length, including the handshake header */ - unsigned char *MBEDTLS_PRIVATE(in_hshdr); /*!< original handshake header start */ - size_t MBEDTLS_PRIVATE(in_hsfraglen); /*!< accumulated hs fragments length */ + size_t MBEDTLS_PRIVATE(in_hsfraglen); /*!< accumulated length of hs fragments + (up to in_hslen) */ int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */ int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message diff --git a/library/ssl_msg.c b/library/ssl_msg.c index fcab63eef5..8b1aa23415 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3230,7 +3230,6 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) if (ssl->in_hslen == 0) { ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl); ssl->in_hsfraglen = 0; - ssl->in_hshdr = ssl->in_hdr; } MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen =" @@ -3297,10 +3296,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) } } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - { - if (ssl->in_hsfraglen > ssl->in_hslen) { - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } + if (ssl->in_hsfraglen <= ssl->in_hslen) { int ret; const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; MBEDTLS_SSL_DEBUG_MSG(3, @@ -3318,15 +3314,16 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) mbedtls_ssl_update_in_pointers(ssl); return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; } - if (ssl->in_hshdr != ssl->in_hdr) { + if (ssl->in_hsfraglen > 0) { /* - * At ssl->in_hshdr we have a sequence of records that cover the next handshake + * At in_first_hdr we have a sequence of records that cover the next handshake * record, each with its own record header that we need to remove. * Note that the reassembled record size may not equal the size of the message, - * there maybe bytes from the next message following it. + * there may be more messages after it, complete or partial. */ + unsigned char *in_first_hdr = ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; + unsigned char *p = in_first_hdr, *q = NULL; size_t merged_rec_len = 0; - unsigned char *p = ssl->in_hshdr, *q = NULL; do { mbedtls_record rec; ret = ssl_parse_record_header(ssl, p, mbedtls_ssl_in_hdr_len(ssl), &rec); @@ -3342,16 +3339,17 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) q = p; } } while (merged_rec_len < ssl->in_hslen); - ssl->in_hdr = ssl->in_hshdr; + ssl->in_hdr = in_first_hdr; mbedtls_ssl_update_in_pointers(ssl); ssl->in_msglen = merged_rec_len; /* Adjust message length. */ MBEDTLS_PUT_UINT16_BE(merged_rec_len, ssl->in_len, 0); ssl->in_hsfraglen = 0; - ssl->in_hshdr = NULL; MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record", ssl->in_hdr, mbedtls_ssl_in_hdr_len(ssl) + merged_rec_len); } + } else { + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } return 0; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f7554d202d..0c394946a5 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -346,15 +346,11 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing, int modified = 0; size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0, hdr_in = 0; size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0; - size_t hshdr_in = 0; if (ssl->in_buf != NULL) { written_in = ssl->in_msg - ssl->in_buf; iv_offset_in = ssl->in_iv - ssl->in_buf; len_offset_in = ssl->in_len - ssl->in_buf; hdr_in = ssl->in_hdr - ssl->in_buf; - if (ssl->in_hshdr != NULL) { - hshdr_in = ssl->in_hshdr - ssl->in_buf; - } if (downsizing ? ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len : ssl->in_buf_len < in_buf_new_len) { @@ -399,9 +395,6 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing, ssl->in_msg = ssl->in_buf + written_in; ssl->in_len = ssl->in_buf + len_offset_in; ssl->in_iv = ssl->in_buf + iv_offset_in; - if (ssl->in_hshdr != NULL) { - ssl->in_hshdr = ssl->in_buf + hshdr_in; - } } } #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ @@ -1495,10 +1488,9 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl, ssl->in_msgtype = 0; ssl->in_msglen = 0; ssl->in_hslen = 0; + ssl->in_hsfraglen = 0; ssl->keep_current_message = 0; ssl->transform_in = NULL; - ssl->in_hshdr = NULL; - ssl->in_hsfraglen = 0; #if defined(MBEDTLS_SSL_PROTO_DTLS) ssl->next_record_offset = 0; From 69f8f45e6f561651c1000af78a81ecb374af11bd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 17 Feb 2025 16:08:59 +0100 Subject: [PATCH 012/126] Minor readability improvement No behavior change. Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 8b1aa23415..fb91b948d7 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5032,10 +5032,12 @@ static int ssl_get_next_record(mbedtls_ssl_context *ssl) return ret; } - if (ssl->conf->badmac_limit != 0 && - ++ssl->badmac_seen >= ssl->conf->badmac_limit) { - MBEDTLS_SSL_DEBUG_MSG(1, ("too many records with bad MAC")); - return MBEDTLS_ERR_SSL_INVALID_MAC; + if (ssl->conf->badmac_limit != 0) { + ++ssl->badmac_seen; + if (ssl->badmac_seen >= ssl->conf->badmac_limit) { + MBEDTLS_SSL_DEBUG_MSG(1, ("too many records with bad MAC")); + return MBEDTLS_ERR_SSL_INVALID_MAC; + } } /* As above, invalid records cause From f6a676d93f47ba4f3cc78ec9b4adc02397ce4df4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 17 Feb 2025 16:10:14 +0100 Subject: [PATCH 013/126] Rename badmac_seen to badmac_seen_or_in_hsfraglen Prepare to unify two fields of the `mbedtls_ssl_context` structure: `badmac_seen` (always present but only used in DTLS) and `in_hsfraglen` (always present but only used in non-DTLS TLS). Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 11 ++++++++++- library/ssl_msg.c | 4 ++-- library/ssl_tls.c | 6 +++--- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8f7bb1feb9..0cad449011 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1724,7 +1724,16 @@ struct mbedtls_ssl_context { int MBEDTLS_PRIVATE(early_data_state); #endif - unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */ + /** Multipurpose field. + * + * - DTLS: records with a bad MAC received. + * - TLS: accumulated length of handshake fragments (up to ::in_hslen). + * + * This field is multipurpose in order to preserve the ABI in the + * Mbed TLS 3.6 LTS branch. Until 3.6.2, it was only used in DTLS + * and called `badmac_seen`. + */ + unsigned MBEDTLS_PRIVATE(badmac_seen_or_in_hsfraglen); #if defined(MBEDTLS_X509_CRT_PARSE_C) /** Callback to customize X.509 certificate chain verification */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index fb91b948d7..1ad8f5ab91 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5033,8 +5033,8 @@ static int ssl_get_next_record(mbedtls_ssl_context *ssl) } if (ssl->conf->badmac_limit != 0) { - ++ssl->badmac_seen; - if (ssl->badmac_seen >= ssl->conf->badmac_limit) { + ++ssl->badmac_seen_or_in_hsfraglen; + if (ssl->badmac_seen_or_in_hsfraglen >= ssl->conf->badmac_limit) { MBEDTLS_SSL_DEBUG_MSG(1, ("too many records with bad MAC")); return MBEDTLS_ERR_SSL_INVALID_MAC; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0c394946a5..f8cd74b91e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5021,7 +5021,7 @@ static const unsigned char ssl_serialized_context_header[] = { * uint8 in_cid<0..2^8-1> // Connection ID: expected incoming value * uint8 out_cid<0..2^8-1> // Connection ID: outgoing value to use * // fields from ssl_context - * uint32 badmac_seen; // DTLS: number of records with failing MAC + * uint32 badmac_seen_or_in_hsfraglen; // DTLS: number of records with failing MAC * uint64 in_window_top; // DTLS: last validated record seq_num * uint64 in_window; // DTLS: bitmask for replay protection * uint8 disable_datagram_packing; // DTLS: only one record per datagram @@ -5163,7 +5163,7 @@ int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl, */ used += 4; if (used <= buf_len) { - MBEDTLS_PUT_UINT32_BE(ssl->badmac_seen, p, 0); + MBEDTLS_PUT_UINT32_BE(ssl->badmac_seen_or_in_hsfraglen, p, 0); p += 4; } @@ -5393,7 +5393,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - ssl->badmac_seen = MBEDTLS_GET_UINT32_BE(p, 0); + ssl->badmac_seen_or_in_hsfraglen = MBEDTLS_GET_UINT32_BE(p, 0); p += 4; #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) From ebdd405f6821b16a627fc723f2ed9a0e7d5c702e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 17 Feb 2025 16:25:24 +0100 Subject: [PATCH 014/126] Change the type of in_hsfraglen to unsigned In the `mbedtls_ssl_context` structure, change the type of `in_hsfraglen` from `size_t` to `unsigned`. This is in preparation for merging `in_hsfraglen` into `badmac_seen_or_in_hsfraglen`, which has the type `unsigned` and cannot change since we do not want to change the ABI. Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 2 +- library/ssl_msg.c | 16 ++++++++++++---- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 0cad449011..161eb7e74e 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1826,7 +1826,7 @@ struct mbedtls_ssl_context { size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length, including the handshake header */ - size_t MBEDTLS_PRIVATE(in_hsfraglen); /*!< accumulated length of hs fragments + unsigned MBEDTLS_PRIVATE(in_hsfraglen); /*!< accumulated length of hs fragments (up to in_hslen) */ int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 1ad8f5ab91..5940abafea 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -25,6 +25,7 @@ #include "constant_time_internal.h" #include "mbedtls/constant_time.h" +#include #include #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -3300,15 +3301,22 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) int ret; const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; MBEDTLS_SSL_DEBUG_MSG(3, - ("handshake fragment: %" MBEDTLS_PRINTF_SIZET " .. %" + ("handshake fragment: %u .. %" MBEDTLS_PRINTF_SIZET " of %" MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET, ssl->in_hsfraglen, - ssl->in_hsfraglen + + (size_t) ssl->in_hsfraglen + (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen), ssl->in_hslen, ssl->in_msglen)); if (ssl->in_msglen < hs_remain) { - ssl->in_hsfraglen += ssl->in_msglen; + /* ssl->in_msglen is a 25-bit value since it is the sum of the + * header length plus the payload length, the header length is 4 + * and the payload length was received on the wire encoded as + * 3 octets. We don't support 16-bit platforms; more specifically, + * we assume that both unsigned and size_t are at least 32 bits. + * Therefore there is no possible integer overflow here. + */ + ssl->in_hsfraglen += (unsigned) ssl->in_msglen; ssl->in_hdr = ssl->in_msg + ssl->in_msglen; ssl->in_msglen = 0; mbedtls_ssl_update_in_pointers(ssl); @@ -4697,7 +4705,7 @@ static int ssl_consume_current_message(mbedtls_ssl_context *ssl) if (ssl->in_hsfraglen != 0) { /* Not all handshake fragments have arrived, do not consume. */ MBEDTLS_SSL_DEBUG_MSG(3, - ("waiting for more fragments (%" MBEDTLS_PRINTF_SIZET " of %" + ("waiting for more fragments (%u of %" MBEDTLS_PRINTF_SIZET ", %" MBEDTLS_PRINTF_SIZET " left)", ssl->in_hsfraglen, ssl->in_hslen, ssl->in_hslen - ssl->in_hsfraglen)); From b710599e4ac1138a67fb87a8c08a2690c0ea2fed Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 17 Feb 2025 16:28:51 +0100 Subject: [PATCH 015/126] Merge in_hsfraglen with badmac_seen_or_in_hsfraglen In the `mbedtls_ssl_context` structure, merge the field `in_hsfraglen` into `badmac_seen_or_in_hsfraglen`. This restores the ABI of `libmbedtls` as it was in Mbed TLS 3.6.0 through 3.6.2. The field `badmac_seen_or_in_hsfraglen` (formerly `badmac_seen`) was only used for DTLS (despite being present in non-DTLS builds), and the field `in_hsfraglen` was only used in non-DTLS TLS. Therefore the two values can be stored in the same field. Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 2 -- library/ssl_msg.c | 22 +++++++++++----------- library/ssl_tls.c | 2 +- 3 files changed, 12 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 161eb7e74e..09a58a25ae 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1826,8 +1826,6 @@ struct mbedtls_ssl_context { size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length, including the handshake header */ - unsigned MBEDTLS_PRIVATE(in_hsfraglen); /*!< accumulated length of hs fragments - (up to in_hslen) */ int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */ int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 5940abafea..7b11e4d06a 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3230,7 +3230,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) if (ssl->in_hslen == 0) { ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl); - ssl->in_hsfraglen = 0; + ssl->badmac_seen_or_in_hsfraglen = 0; } MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen =" @@ -3297,15 +3297,15 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) } } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - if (ssl->in_hsfraglen <= ssl->in_hslen) { + if (ssl->badmac_seen_or_in_hsfraglen <= ssl->in_hslen) { int ret; - const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; + const size_t hs_remain = ssl->in_hslen - ssl->badmac_seen_or_in_hsfraglen; MBEDTLS_SSL_DEBUG_MSG(3, ("handshake fragment: %u .. %" MBEDTLS_PRINTF_SIZET " of %" MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET, - ssl->in_hsfraglen, - (size_t) ssl->in_hsfraglen + + ssl->badmac_seen_or_in_hsfraglen, + (size_t) ssl->badmac_seen_or_in_hsfraglen + (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen), ssl->in_hslen, ssl->in_msglen)); if (ssl->in_msglen < hs_remain) { @@ -3316,13 +3316,13 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) * we assume that both unsigned and size_t are at least 32 bits. * Therefore there is no possible integer overflow here. */ - ssl->in_hsfraglen += (unsigned) ssl->in_msglen; + ssl->badmac_seen_or_in_hsfraglen += (unsigned) ssl->in_msglen; ssl->in_hdr = ssl->in_msg + ssl->in_msglen; ssl->in_msglen = 0; mbedtls_ssl_update_in_pointers(ssl); return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; } - if (ssl->in_hsfraglen > 0) { + if (ssl->badmac_seen_or_in_hsfraglen > 0) { /* * At in_first_hdr we have a sequence of records that cover the next handshake * record, each with its own record header that we need to remove. @@ -3352,7 +3352,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) ssl->in_msglen = merged_rec_len; /* Adjust message length. */ MBEDTLS_PUT_UINT16_BE(merged_rec_len, ssl->in_len, 0); - ssl->in_hsfraglen = 0; + ssl->badmac_seen_or_in_hsfraglen = 0; MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record", ssl->in_hdr, mbedtls_ssl_in_hdr_len(ssl) + merged_rec_len); } @@ -4702,13 +4702,13 @@ static int ssl_consume_current_message(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - if (ssl->in_hsfraglen != 0) { + if (ssl->badmac_seen_or_in_hsfraglen != 0) { /* Not all handshake fragments have arrived, do not consume. */ MBEDTLS_SSL_DEBUG_MSG(3, ("waiting for more fragments (%u of %" MBEDTLS_PRINTF_SIZET ", %" MBEDTLS_PRINTF_SIZET " left)", - ssl->in_hsfraglen, ssl->in_hslen, - ssl->in_hslen - ssl->in_hsfraglen)); + ssl->badmac_seen_or_in_hsfraglen, ssl->in_hslen, + ssl->in_hslen - ssl->badmac_seen_or_in_hsfraglen)); return 0; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f8cd74b91e..8428b38725 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1488,7 +1488,7 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl, ssl->in_msgtype = 0; ssl->in_msglen = 0; ssl->in_hslen = 0; - ssl->in_hsfraglen = 0; + ssl->badmac_seen_or_in_hsfraglen = 0; ssl->keep_current_message = 0; ssl->transform_in = NULL; From cb72cd2ec3e82458e0fcc5dbfe89dae1edd4ee99 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 17 Feb 2025 16:36:36 +0100 Subject: [PATCH 016/126] Don't reset badmac_seen on a DTLS client reconnect Signed-off-by: Gilles Peskine --- library/ssl_tls.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8428b38725..7f74248252 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1488,10 +1488,15 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl, ssl->in_msgtype = 0; ssl->in_msglen = 0; ssl->in_hslen = 0; - ssl->badmac_seen_or_in_hsfraglen = 0; ssl->keep_current_message = 0; ssl->transform_in = NULL; + /* TLS: reset in_hsfraglen, which is part of message parsing. + * DTLS: on a client reconnect, don't reset badmac_seen. */ + if (!partial) { + ssl->badmac_seen_or_in_hsfraglen = 0; + } + #if defined(MBEDTLS_SSL_PROTO_DTLS) ssl->next_record_offset = 0; ssl->in_epoch = 0; From d358d6e6cd344335321bcc41d5837fe278034ee5 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 17:22:54 +0000 Subject: [PATCH 017/126] Add MBEDTLS_FRAMEWORK_DIR variable to CMake This commit adds a MBEDTLS_FRAMEWORK_DIR variable to CMake to create an absolute path. Signed-off-by: Harry Ramsey --- CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 99e216945b..b63b7c318f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -61,6 +61,7 @@ endif() # Set the project root directory. set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR}) +set(MBEDTLS_FRAMEWORK_DIR ${CMAKE_CURRENT_SOURCE_DIR}/framework) option(ENABLE_PROGRAMS "Build Mbed TLS programs." ON) From 55151d3da67936fda6f7d6b7aae392194abd0aac Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 17 Feb 2025 23:09:00 +0100 Subject: [PATCH 018/126] Fix Doxygen misuse Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 09a58a25ae..597da2571f 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1727,7 +1727,7 @@ struct mbedtls_ssl_context { /** Multipurpose field. * * - DTLS: records with a bad MAC received. - * - TLS: accumulated length of handshake fragments (up to ::in_hslen). + * - TLS: accumulated length of handshake fragments (up to \c in_hslen). * * This field is multipurpose in order to preserve the ABI in the * Mbed TLS 3.6 LTS branch. Until 3.6.2, it was only used in DTLS From c52273d017fc185638b8e7da878695fa090b4105 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 18 Feb 2025 14:11:25 +0100 Subject: [PATCH 019/126] Add a note about badmac_seen's new name in ssl_context_info Signed-off-by: Gilles Peskine --- programs/ssl/ssl_context_info.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 51e87817ad..b9a0fe8751 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -743,6 +743,13 @@ static void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len, * uint8 alpn_chosen_len; * uint8 alpn_chosen<0..2^8-1> // ALPN: negotiated application protocol * + * Note: In the mbedtls_ssl_context structure, badmac_seen is called + * badmac_seen_or_in_hsfraglen since Mbed TLS 3.6.2. The field contains + * the badmac_seen value in DTLS, and a handshake parsing intermediate + * value in non-DTLS TLS. The value is only meaningful for DTLS and should + * not be saved in non-DTLS TLS, so in this program, the context info file + * filed remains badmac_seen. + * * /p ssl pointer to serialized session * /p len number of bytes in the buffer */ From 2878a0559eb302652a3b3c9ffc8439f79008e631 Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Sat, 1 Feb 2025 15:33:37 +0200 Subject: [PATCH 020/126] Remove obselete checks due to the introduction of handhsake defragmen... tation. h/t @waleed-elmelegy-arm https://github.com/Mbed-TLS/mbedtls/pull/9928/commits/909e71672f6a11219e12347c2d7d2429b98e6500 Signed-off-by: Waleed Elmelegy Signed-off-by: Deomid rojer Ryabkov --- library/ssl_tls12_server.c | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 03722ac33c..3db1f44e34 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1061,23 +1061,6 @@ read_record_header: size_t handshake_len = MBEDTLS_GET_UINT24_BE(buf, 1); MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake len.: %u", (unsigned) handshake_len)); - - /* The record layer has a record size limit of 2^14 - 1 and - * fragmentation is not supported, so buf[1] should be zero. */ - if (buf[1] != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message: %u != 0", - (unsigned) buf[1])); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* We don't support fragmentation of ClientHello (yet?) */ - if (msg_len != mbedtls_ssl_hs_hdr_len(ssl) + handshake_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message: %u != %u + %u", - (unsigned) msg_len, - (unsigned) mbedtls_ssl_hs_hdr_len(ssl), - (unsigned) handshake_len)); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } } #if defined(MBEDTLS_SSL_PROTO_DTLS) From 716aead3b95353510e4c7c38a337935e74e182c5 Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Tue, 4 Feb 2025 12:08:15 +0200 Subject: [PATCH 021/126] Update the changelog message Signed-off-by: Deomid rojer Ryabkov --- ChangeLog.d/tls-hs-defrag-in.txt | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt index 3555a789d8..55103c9a42 100644 --- a/ChangeLog.d/tls-hs-defrag-in.txt +++ b/ChangeLog.d/tls-hs-defrag-in.txt @@ -1,2 +1,5 @@ -Changes - * Defragment incoming TLS handshake messages. +Bugfix + * Support re-assembly of fragmented handshake messages in TLS, as mandated + by the spec. Lack of support was causing handshake failures with some + servers, especially with TLS 1.3 in practice (though both protocol + version could be affected in principle, and both are fixed now). From 4726d20320e640c77acb9431ab098e865ab10adb Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 31 Jan 2025 11:11:06 +0000 Subject: [PATCH 022/126] Remove unused variable in ssl_server.c Signed-off-by: Waleed Elmelegy Signed-off-by: Deomid rojer Ryabkov --- library/ssl_tls12_server.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 3db1f44e34..67df4284a4 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1057,11 +1057,6 @@ read_record_header: MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } - { - size_t handshake_len = MBEDTLS_GET_UINT24_BE(buf, 1); - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake len.: %u", - (unsigned) handshake_len)); - } #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { From a67f1338b6c9bf7e78debdf5c54b9b882c1fdcdc Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 11:51:52 +0000 Subject: [PATCH 023/126] Update paths for moved program files in makefiles This commit updates the file paths necessary for dlopen_demo.sh, metatest.c query_compile_time_config.c, query_config.h, query_included_headers.c and zeroize.c. This commit also adds a CFLAG to find header files now contained in the framework. Signed-off-by: Harry Ramsey --- programs/Makefile | 35 +++++++++++++++++++---------------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index 0604a68a3c..e765886030 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -1,4 +1,5 @@ MBEDTLS_TEST_PATH = ../tests +FRAMEWORK = ${MBEDTLS_PATH}/framework include ../scripts/common.make ifeq ($(shell uname -s),Linux) @@ -24,6 +25,8 @@ else BUILD_DLOPEN = endif +LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs + ## The following assignment is the list of base names of applications that ## will be built on Windows. Extra Linux/Unix/POSIX-only applications can ## be declared by appending with `APPS += ...` afterwards. @@ -298,7 +301,7 @@ ssl/ssl_client1$(EXEXT): ssl/ssl_client1.c $(DEP) SSL_TEST_OBJECTS = test/query_config.o ssl/ssl_test_lib.o SSL_TEST_DEPS = $(SSL_TEST_OBJECTS) \ - test/query_config.h \ + $(FRAMEWORK)/tests/programs/query_config.h \ ssl/ssl_test_lib.h \ ssl/ssl_test_common_source.c \ $(DEP) @@ -319,7 +322,7 @@ ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c $(SSL_TEST_DEPS) echo " CC ssl/ssl_server2.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c $(SSL_TEST_OBJECTS) $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -ssl/ssl_context_info$(EXEXT): ssl/ssl_context_info.c test/query_config.o test/query_config.h $(DEP) +ssl/ssl_context_info$(EXEXT): ssl/ssl_context_info.c test/query_config.o $(FRAMEWORK)/tests/programs/query_config.h $(DEP) echo " CC ssl/ssl_context_info.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_context_info.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ @@ -360,17 +363,17 @@ test/dlopen$(EXEXT): test/dlopen.c $(DEP) $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/dlopen.c $(LDFLAGS) $(DLOPEN_LDFLAGS) -o $@ endif -test/metatest$(EXEXT): test/metatest.c $(DEP) - echo " CC test/metatest.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I ../library test/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test/metatest$(EXEXT): $(FRAMEWORK)/tests/programs/metatest.c $(DEP) + echo " CC $(FRAMEWORK)/tests/programs/metatest.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I ../library $(FRAMEWORK)/tests/programs/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -test/query_config.o: test/query_config.c test/query_config.h $(DEP) - echo " CC test/query_config.c" +test/query_config.o: test/query_config.c $(FRAMEWORK)/tests/programs/query_config.h $(DEP) + echo " CC $(FRAMEWORK)/tests/programs/query_config.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c test/query_config.c -o $@ -test/query_included_headers$(EXEXT): test/query_included_headers.c $(DEP) - echo " CC test/query_included_headers.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_included_headers.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test/query_included_headers$(EXEXT): $(FRAMEWORK)/tests/programs/query_included_headers.c $(DEP) + echo " CC $(FRAMEWORK)/tests/programs/query_included_headers.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $(FRAMEWORK)/tests/programs/query_included_headers.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ test/selftest$(EXEXT): test/selftest.c $(DEP) echo " CC test/selftest.c" @@ -380,13 +383,13 @@ test/udp_proxy$(EXEXT): test/udp_proxy.c $(DEP) echo " CC test/udp_proxy.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/udp_proxy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -test/zeroize$(EXEXT): test/zeroize.c $(DEP) - echo " CC test/zeroize.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test/zeroize$(EXEXT): $(FRAMEWORK)/tests/programs/zeroize.c $(DEP) + echo " CC $(FRAMEWORK)/tests/programs/zeroize.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $(FRAMEWORK)/tests/programs/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -test/query_compile_time_config$(EXEXT): test/query_compile_time_config.c test/query_config.o test/query_config.h $(DEP) - echo " CC test/query_compile_time_config.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_compile_time_config.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test/query_compile_time_config$(EXEXT): $(FRAMEWORK)/tests/programs/query_compile_time_config.c test/query_config.o $(FRAMEWORK)/tests/programs/query_config.h $(DEP) + echo " CC $(FRAMEWORK)/tests/programs/query_compile_time_config.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $(FRAMEWORK)/tests/programs/query_compile_time_config.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ util/pem2der$(EXEXT): util/pem2der.c $(DEP) echo " CC util/pem2der.c" From dab817a4c6eb72ff156b55ec8b4c08ed4866c0cc Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Tue, 11 Feb 2025 14:14:00 +0000 Subject: [PATCH 024/126] Update include paths in C files Signed-off-by: Harry Ramsey --- programs/ssl/ssl_test_lib.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 1da2dfb488..9614333571 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -66,7 +66,7 @@ #include -#include "../test/query_config.h" +#include "query_config.h" #define ALPN_LIST_SIZE 10 #define GROUP_LIST_SIZE 25 From 061e0f5466510f308a88eb61d337de2a3cbf10e9 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 11:59:45 +0000 Subject: [PATCH 025/126] Update paths for moved program files in CMakeLists This commit fixes the paths of program files which were moved to the MbedTLS Framework. Signed-off-by: Harry Ramsey --- programs/ssl/CMakeLists.txt | 7 +++---- programs/test/CMakeLists.txt | 13 ++++++++++--- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index 1a9e75ec6e..4e954f07ef 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -35,20 +35,19 @@ foreach(exe IN LISTS executables) if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2") list(APPEND extra_sources ssl_test_lib.c - ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.h + ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/query_config.h ${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c) endif() add_executable(${exe} ${exe}.c $ ${extra_sources}) target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include + target_include_directories(${exe} PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/programs + ${MBEDTLS_FRAMEWORK_DIR}/tests/include ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2") if(GEN_FILES) add_dependencies(${exe} generate_query_config_c) endif() - target_include_directories(${exe} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../test) endif() endforeach() diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 70d827b1b2..4511cdb3c6 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -68,15 +68,22 @@ else() endif() foreach(exe IN LISTS executables_libs executables_mbedcrypto) + set(source ${exe}.c) set(extra_sources "") + if(NOT EXISTS ${source} AND + EXISTS ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/${source}) + set(source ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/${source}) + endif() + if(exe STREQUAL "query_compile_time_config") list(APPEND extra_sources - ${CMAKE_CURRENT_SOURCE_DIR}/query_config.h + ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/query_config.h ${CMAKE_CURRENT_BINARY_DIR}/query_config.c) endif() - add_executable(${exe} ${exe}.c $ + add_executable(${exe} ${source} $ ${extra_sources}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) + target_include_directories(${exe} PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include) + target_include_directories(${exe} PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/programs) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library) if(exe STREQUAL "query_compile_time_config") target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}) From 151e0892a107cb5c937e8b356cda09488c7cc0f3 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 12:01:05 +0000 Subject: [PATCH 026/126] Update paths for moved dlopen_demo.sh This commit updates the paths for dlopen_demo.sh in components-build-system.sh as the file has been moved to the framework. Signed-off-by: Harry Ramsey --- tests/scripts/components-build-system.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh index a6da8e66a3..5dc296a81d 100644 --- a/tests/scripts/components-build-system.sh +++ b/tests/scripts/components-build-system.sh @@ -13,7 +13,7 @@ component_test_make_shared () { msg "build/test: make shared" # ~ 40s make SHARED=1 TEST_CPP=1 all check ldd programs/util/strerror | grep libmbedcrypto - programs/test/dlopen_demo.sh + $FRAMEWORK/tests/programs/dlopen_demo.sh } component_test_cmake_shared () { @@ -22,7 +22,7 @@ component_test_cmake_shared () { make ldd programs/util/strerror | grep libmbedcrypto make test - programs/test/dlopen_demo.sh + $FRAMEWORK/tests/programs/dlopen_demo.sh } support_test_cmake_out_of_source () { From 03f49578d29bd8b452fa4ff742af59b31a84c519 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 12:04:23 +0000 Subject: [PATCH 027/126] Update paths for moved programs in generate_visualc_files.pl This commit updates the paths for moved programs in generate_visualc_files.pl. Signed-off-by: Harry Ramsey --- scripts/generate_visualc_files.pl | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index bc1d5020c7..9f28cddffb 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -22,6 +22,7 @@ my $vsx_sln_tpl_file = "scripts/data_files/vs2017-sln-template.sln"; my $vsx_sln_file = "$vsx_dir/mbedTLS.sln"; my $programs_dir = 'programs'; +my $framework_programs_dir = 'framework/tests/programs'; my $mbedtls_header_dir = 'include/mbedtls'; my $psa_header_dir = 'include/psa'; my $source_dir = 'library'; @@ -52,6 +53,7 @@ my @include_directories = qw( 3rdparty/everest/include/everest/kremlib tests/include framework/tests/include + framework/tests/programs ); my $include_directories = join(';', map {"../../$_"} @include_directories); @@ -112,7 +114,8 @@ sub check_dirs { && -d $test_header_dir && -d $tls_test_header_dir && -d $test_drivers_header_dir - && -d $programs_dir; + && -d $programs_dir + && -d $framework_programs_dir; } sub slurp_file { @@ -151,7 +154,14 @@ sub gen_app { (my $appname = $path) =~ s/.*\\//; my $is_test_app = ($path =~ m/^test\\/); - my $srcs = ""; + my $srcs; + if( $appname eq "metatest" or $appname eq "query_compile_time_config" or + $appname eq "query_included_headers" or $appname eq "zeroize" ) { + $srcs = ""; + } else { + $srcs = ""; + } + if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or $appname eq "query_compile_time_config" ) { $srcs .= "\n "; @@ -267,6 +277,7 @@ sub main { $tls_test_header_dir, $test_drivers_header_dir, $source_dir, + $framework_programs_dir, @thirdparty_header_dirs, ); my @headers = (map { <$_/*.h> } @header_dirs); From d621d344c3db92e353a5fcbee128a90501347f43 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 12:05:26 +0000 Subject: [PATCH 028/126] Update path for moved test_zeroize.gdb script This commit updates the path for the moved test_zeroize.gdb script which has been moved to MbedTLS-Framework. Signed-off-by: Harry Ramsey --- tests/scripts/components-compiler.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index a4b23232b7..c0edd20649 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -135,7 +135,7 @@ component_test_zeroize () { for compiler in clang gcc; do msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" - gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log + gdb -ex "$gdb_disable_aslr" -x $FRAMEWORK/tests/programs/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log grep "The buffer was correctly zeroized" test_zeroize.log not grep -i "error" test_zeroize.log rm -f test_zeroize.log From 4e1a12e13a35eb40180f096f1342d12a83b46e63 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 20:56:22 +0000 Subject: [PATCH 029/126] Update path to demo_common.sh This commit updates the path to demo_common.sh as it has been moved into MbedTLS Framework. Signed-off-by: Harry Ramsey --- programs/psa/key_ladder_demo.sh | 2 +- programs/psa/psa_hash_demo.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/psa/key_ladder_demo.sh b/programs/psa/key_ladder_demo.sh index e55da7ead8..e3afb66303 100755 --- a/programs/psa/key_ladder_demo.sh +++ b/programs/psa/key_ladder_demo.sh @@ -3,7 +3,7 @@ # Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -. "${0%/*}/../demo_common.sh" +. "${0%/*}/../../framework/scripts/demo_common.sh" msg <<'EOF' This script demonstrates the use of the PSA cryptography interface to diff --git a/programs/psa/psa_hash_demo.sh b/programs/psa/psa_hash_demo.sh index a26697cfe6..c2cc87a6bd 100755 --- a/programs/psa/psa_hash_demo.sh +++ b/programs/psa/psa_hash_demo.sh @@ -3,7 +3,7 @@ # Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -. "${0%/*}/../demo_common.sh" +. "${0%/*}/../../framework/scripts/demo_common.sh" msg <<'EOF' This program demonstrates the use of the PSA cryptography interface to From 65e9bef19fb0008b90128e1919d832c4c3a13b55 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Tue, 18 Feb 2025 18:09:57 +0000 Subject: [PATCH 030/126] Update documentation regarding test_zeroize This commit updates the paths in documentation for test_zeroize since it has been moved to MbedTLS Framework. Signed-off-by: Harry Ramsey --- docs/architecture/testing/invasive-testing.md | 2 +- programs/README.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/architecture/testing/invasive-testing.md b/docs/architecture/testing/invasive-testing.md index 464f7611f2..bf8d631d79 100644 --- a/docs/architecture/testing/invasive-testing.md +++ b/docs/architecture/testing/invasive-testing.md @@ -275,7 +275,7 @@ This section lists some strategies that are currently used for invasive testing, Goal: test that `mbedtls_platform_zeroize` does wipe the memory buffer. -Solution ([debugger](#debugger-based-testing)): implemented in `tests/scripts/test_zeroize.gdb`. +Solution ([debugger](#debugger-based-testing)): implemented in `framework/tests/programs/test_zeroize.gdb`. Rationale: this cannot be tested by adding C code, because the danger is that the compiler optimizes the zeroization away, and any C code that observes the zeroization would cause the compiler not to optimize it away. diff --git a/programs/README.md b/programs/README.md index f53bde5611..a58037d097 100644 --- a/programs/README.md +++ b/programs/README.md @@ -53,7 +53,7 @@ This subdirectory mostly contains sample programs that illustrate specific featu ## Random number generator (RNG) examples -* [`random/gen_entropy.c`](random/gen_entropy.c): shows how to use the default entropy sources to generate random data. +* [`random/gen_entropy.c`](random/gen_entropy.c): shows how to use the default entropy sources to generate random data. Note: most applications should only use the entropy generator to seed a cryptographic pseudorandom generator, as illustrated by `random/gen_random_ctr_drbg.c`. * [`random/gen_random_ctr_drbg.c`](random/gen_random_ctr_drbg.c): shows how to use the default entropy sources to seed a pseudorandom generator, and how to use the resulting random generator to generate random data. @@ -96,7 +96,7 @@ In addition to providing options for testing client-side features, the `ssl_clie * [`test/udp_proxy.c`](test/udp_proxy.c): a UDP proxy that can inject certain failures (delay, duplicate, drop). Useful for testing DTLS. -* [`test/zeroize.c`](test/zeroize.c): a test program for `mbedtls_platform_zeroize`, used by [`tests/scripts/test_zeroize.gdb`](tests/scripts/test_zeroize.gdb). +* [`test/zeroize.c`](../framework/tests/programs/zeroize.c): a test program for `mbedtls_platform_zeroize`, used by [`test_zeroize.gdb`](../framework/tests/programs/test_zeroize.gdb). ## Development utilities From 4c1383a9f170b899096d969abf9e422345b7a57d Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Wed, 19 Feb 2025 14:47:10 +0000 Subject: [PATCH 031/126] Update documentation regarding metatest This commit updates the paths in the documentation for metatest.c as it has been moved to MbedTLS Framework. Signed-off-by: Harry Ramsey --- tests/suites/test_suite_test_helpers.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_test_helpers.function b/tests/suites/test_suite_test_helpers.function index 8c5d5adf65..0139faf14f 100644 --- a/tests/suites/test_suite_test_helpers.function +++ b/tests/suites/test_suite_test_helpers.function @@ -15,7 +15,7 @@ /* Test that poison+unpoison leaves the memory accessible. */ /* We can't test that poisoning makes the memory inaccessible: * there's no sane way to catch an Asan/Valgrind complaint. - * That negative testing is done in programs/test/metatest.c. */ + * That negative testing is done in framework/tests/programs/metatest.c. */ void memory_poison_unpoison(int align, int size) { unsigned char *buf = NULL; From 1da22a89468d6835a165a4137c7b949c2564eaab Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 12:06:07 +0000 Subject: [PATCH 032/126] Update framework pointer Signed-off-by: Harry Ramsey --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 2000db4295..523a12d05b 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 2000db429553aa38e5875c621daf32aa8b63c340 +Subproject commit 523a12d05b91301b020e2aa560d9774135e3a801 From 730be78ce51479a352c596718bf62fc37ee7349f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Feb 2025 20:20:19 +0100 Subject: [PATCH 033/126] Document PSA's need for threading Signed-off-by: Gilles Peskine --- include/mbedtls/mbedtls_config.h | 43 +++++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index ebc9276d20..3300f5f86c 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1807,6 +1807,11 @@ * running handshake hash) only use PSA crypto if * #MBEDTLS_USE_PSA_CRYPTO is enabled. * + * \note In multithreaded applications, you must also enable + * #MBEDTLS_THREADING_C, even if individual TLS contexts are not + * shared between threads, unless only one thread ever calls + * TLS functions. + * * Uncomment this macro to enable the support for TLS 1.3. */ #define MBEDTLS_SSL_PROTO_TLS1_3 @@ -2134,6 +2139,10 @@ * * \note See docs/use-psa-crypto.md for a complete description this option. * + * \note In multithreaded applications, you must also enable + * #MBEDTLS_THREADING_C, unless only one thread ever calls + * `psa_xxx()`, PK, X.509 or TLS functions. + * * Requires: MBEDTLS_PSA_CRYPTO_C. * * Uncomment this to enable internal use of PSA Crypto and new associated APIs. @@ -3211,7 +3220,10 @@ /** * \def MBEDTLS_PSA_CRYPTO_C * - * Enable the Platform Security Architecture cryptography API. + * Enable the Platform Security Architecture (PSA) cryptography API. + * + * \note In multithreaded applications, you must enable #MBEDTLS_THREADING_C, + * unless only one thread ever calls `psa_xxx()` functions. * * Module: library/psa_crypto.c * @@ -3631,10 +3643,33 @@ * \def MBEDTLS_THREADING_C * * Enable the threading abstraction layer. - * By default Mbed TLS assumes it is used in a non-threaded environment or that - * contexts are not shared between threads. If you do intend to use contexts + * + * Traditionally, Mbed TLS assumes it is used in a non-threaded environment or + * that contexts are not shared between threads. If you do intend to use contexts * between threads, you will need to enable this layer to prevent race - * conditions. See also our Knowledge Base article about threading: + * conditions. + * + * The PSA subsystem has an implicit shared context. Therefore, you must + * enable this option if more than one thread may use any part of + * Mbed TLS that is implemented on top of the PSA subsystem. + * + * You must enable this option in multithreaded applications where more than + * one thread performs any of the following operations: + * + * - Any call to a PSA function (`psa_xxx()`). + * - Any call to a TLS, X.509 or PK function (`mbedtls_ssl_xxx()`, + * `mbedtls_x509_xxx()`, `mbedtls_pkcs7_xxx()`, `mbedtls_pk_xxx()`) + * if `MBEDTLS_USE_PSA_CRYPTO` is enabled (regardless of whether individual + * TLS, X.509 or PK contexts are shared between threads). + * - A TLS 1.3 connection, regardless of the compile-time configuration. + * - Any library feature that calculates a hash, except for algorithm-specific + * low-level modules, if `MBEDTLS_MD_C` is disabled. + * - Any library feature that calculates a hash, except for algorithm-specific + * low-level modules, if `MBEDTLS_CIPHER_C` is disabled. + * - Any use of a cryptographic context if the same context is used in + * multiple threads. + * + * See also our Knowledge Base article about threading: * https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading * * Module: library/threading.c From 2c1de04e9d00080133ad6efdf01b4d3e86cfcf1e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 13 Sep 2024 16:45:07 +0200 Subject: [PATCH 034/126] adjust_legacy_crypto: move auto-enabling of CRYPTO_CLIENT when CRYPTO_C Move the auto-enabling of CRYPTO_CLIENT when CRYPTO_C at the beginning of the file so that all that becomes later is aware of this. Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_legacy_crypto.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 3ba987ebb2..fe05c1a4b9 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -48,6 +48,13 @@ #endif #endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */ +/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT + * is defined as well to include all PSA code. + */ +#if defined(MBEDTLS_PSA_CRYPTO_C) +#define MBEDTLS_PSA_CRYPTO_CLIENT +#endif /* MBEDTLS_PSA_CRYPTO_C */ + /* Auto-enable CIPHER_C when any of the unauthenticated ciphers is builtin * in PSA. */ #if defined(MBEDTLS_PSA_CRYPTO_C) && \ @@ -352,13 +359,6 @@ #define MBEDTLS_PK_CAN_ECDSA_SOME #endif -/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT - * is defined as well to include all PSA code. - */ -#if defined(MBEDTLS_PSA_CRYPTO_C) -#define MBEDTLS_PSA_CRYPTO_CLIENT -#endif /* MBEDTLS_PSA_CRYPTO_C */ - /* Helpers to state that each key is supported either on the builtin or PSA side. */ #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521) #define MBEDTLS_ECP_HAVE_SECP521R1 From c516307ad90d24de7f6f83e6b2fd825329ce5824 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 13 Sep 2024 10:55:22 +0200 Subject: [PATCH 035/126] md: allow dispatch to PSA whenever CRYPTO_CLIENT is enabled Instead of allowing PSA dispatching only when CRYPTO_C is set and some MBEDTLS_PSA_ACCEL_ALG_xxx is set, we enable dispatching when CRYPTO_CLIENT and PSA_WANT_ALG_xxx are set. This makes the feature more useful in cases where the PSA support is provided externally, like for example TF-M in Zephyr. This commit also add proper guards for tests trying to use MD+PSA dispatch. Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_legacy_crypto.h | 26 +++++++++---------- tests/suites/test_suite_md.function | 2 +- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index fe05c1a4b9..2777f7d05e 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -108,64 +108,64 @@ */ /* PSA accelerated implementations */ -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) -#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5) +#if defined(PSA_WANT_ALG_MD5) #define MBEDTLS_MD_CAN_MD5 #define MBEDTLS_MD_MD5_VIA_PSA #define MBEDTLS_MD_SOME_PSA #endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1) +#if defined(PSA_WANT_ALG_SHA_1) #define MBEDTLS_MD_CAN_SHA1 #define MBEDTLS_MD_SHA1_VIA_PSA #define MBEDTLS_MD_SOME_PSA #endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224) +#if defined(PSA_WANT_ALG_SHA_224) #define MBEDTLS_MD_CAN_SHA224 #define MBEDTLS_MD_SHA224_VIA_PSA #define MBEDTLS_MD_SOME_PSA #endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256) +#if defined(PSA_WANT_ALG_SHA_256) #define MBEDTLS_MD_CAN_SHA256 #define MBEDTLS_MD_SHA256_VIA_PSA #define MBEDTLS_MD_SOME_PSA #endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384) +#if defined(PSA_WANT_ALG_SHA_384) #define MBEDTLS_MD_CAN_SHA384 #define MBEDTLS_MD_SHA384_VIA_PSA #define MBEDTLS_MD_SOME_PSA #endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512) +#if defined(PSA_WANT_ALG_SHA_512) #define MBEDTLS_MD_CAN_SHA512 #define MBEDTLS_MD_SHA512_VIA_PSA #define MBEDTLS_MD_SOME_PSA #endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) +#if defined(PSA_WANT_ALG_RIPEMD160) #define MBEDTLS_MD_CAN_RIPEMD160 #define MBEDTLS_MD_RIPEMD160_VIA_PSA #define MBEDTLS_MD_SOME_PSA #endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224) +#if defined(PSA_WANT_ALG_SHA3_224) #define MBEDTLS_MD_CAN_SHA3_224 #define MBEDTLS_MD_SHA3_224_VIA_PSA #define MBEDTLS_MD_SOME_PSA #endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256) +#if defined(PSA_WANT_ALG_SHA3_256) #define MBEDTLS_MD_CAN_SHA3_256 #define MBEDTLS_MD_SHA3_256_VIA_PSA #define MBEDTLS_MD_SOME_PSA #endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384) +#if defined(PSA_WANT_ALG_SHA3_384) #define MBEDTLS_MD_CAN_SHA3_384 #define MBEDTLS_MD_SHA3_384_VIA_PSA #define MBEDTLS_MD_SOME_PSA #endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512) +#if defined(PSA_WANT_ALG_SHA3_512) #define MBEDTLS_MD_CAN_SHA3_512 #define MBEDTLS_MD_SHA3_512_VIA_PSA #define MBEDTLS_MD_SOME_PSA #endif -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ /* Built-in implementations */ #if defined(MBEDTLS_MD5_C) diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 4e62154f22..4497d042e3 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -420,7 +420,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ void md_psa_dynamic_dispatch(int md_type, int pre_psa_ret, int post_psa_engine) { const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type); From 460d2ee3633946590a2c0f3d486142873c8130e7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 17 Sep 2024 11:40:40 +0200 Subject: [PATCH 036/126] adjust_legacy_crypto: improve enablement of MBEDTLS_MD_xxx_VIA_PSA The previous change that replaced CRYPTO_C with CRYPTO_CLIENT caused an increase of the mbedtls_md struct in scenarios where the hash related PSA_WANTs were enabled, but not accelerated. This caused an ABI-API break which is not allowed for an LTS branch. Since the main goal here is to allow PSA dispatch in a "pure crypto client" scenario, we partially revert the previous change to config_adjust_legacy_crypto.h and add an extra condition for "CRYPTO_CLIENT && !CRYPTO_C". This commit also reverts changes done in analyze_outcomes.py because they are no more necessary. Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_legacy_crypto.h | 63 ++++++++++++++++++- 1 file changed, 61 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 2777f7d05e..331ac9b2da 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -108,7 +108,65 @@ */ /* PSA accelerated implementations */ -#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) +#if defined(MBEDTLS_PSA_CRYPTO_C) + +#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5) +#define MBEDTLS_MD_CAN_MD5 +#define MBEDTLS_MD_MD5_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1) +#define MBEDTLS_MD_CAN_SHA1 +#define MBEDTLS_MD_SHA1_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224) +#define MBEDTLS_MD_CAN_SHA224 +#define MBEDTLS_MD_SHA224_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256) +#define MBEDTLS_MD_CAN_SHA256 +#define MBEDTLS_MD_SHA256_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384) +#define MBEDTLS_MD_CAN_SHA384 +#define MBEDTLS_MD_SHA384_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512) +#define MBEDTLS_MD_CAN_SHA512 +#define MBEDTLS_MD_SHA512_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) +#define MBEDTLS_MD_CAN_RIPEMD160 +#define MBEDTLS_MD_RIPEMD160_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224) +#define MBEDTLS_MD_CAN_SHA3_224 +#define MBEDTLS_MD_SHA3_224_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256) +#define MBEDTLS_MD_CAN_SHA3_256 +#define MBEDTLS_MD_SHA3_256_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384) +#define MBEDTLS_MD_CAN_SHA3_384 +#define MBEDTLS_MD_SHA3_384_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512) +#define MBEDTLS_MD_CAN_SHA3_512 +#define MBEDTLS_MD_SHA3_512_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif + +#elif defined(MBEDTLS_PSA_CRYPTO_CLIENT) #if defined(PSA_WANT_ALG_MD5) #define MBEDTLS_MD_CAN_MD5 @@ -165,7 +223,8 @@ #define MBEDTLS_MD_SHA3_512_VIA_PSA #define MBEDTLS_MD_SOME_PSA #endif -#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ + +#endif /* !MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */ /* Built-in implementations */ #if defined(MBEDTLS_MD5_C) From 1a2d07d83ac0cd2abf0d1fad12a7dfab5998dfac Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 23 Jan 2025 11:10:48 +0100 Subject: [PATCH 037/126] docs: update md-cipher-dispatch Signed-off-by: Valerio Setti --- .../psa-migration/md-cipher-dispatch.md | 84 ++++++++++--------- 1 file changed, 44 insertions(+), 40 deletions(-) diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md index eda65a348c..89b7b61ef0 100644 --- a/docs/architecture/psa-migration/md-cipher-dispatch.md +++ b/docs/architecture/psa-migration/md-cipher-dispatch.md @@ -17,36 +17,44 @@ A difference between the original strategy and the current one is that in this w #### Backward compatibility user story -As a developer of an application that uses Mbed TLS's interfaces (including legacy crypto), -I want Mbed TLS to preserve backward compatibility, +As a developer of an application that uses Mbed TLS's interfaces (including legacy crypto), +I want Mbed TLS to preserve backward compatibility, so that my code keeps working in new minor versions of Mbed TLS. #### Interface design user story -As a developer of library code that uses Mbed TLS to perform cryptographic operations, -I want to know which functions to call and which feature macros to check, +As a developer of library code that uses Mbed TLS to perform cryptographic operations, +I want to know which functions to call and which feature macros to check, so that my code works in all Mbed TLS configurations. Note: this is the same problem we face in X.509 and TLS. #### Hardware accelerator vendor user stories -As a vendor of a platform with hardware acceleration for some crypto, -I want to build Mbed TLS in a way that uses my hardware wherever relevant, +As a vendor of a platform with hardware acceleration for some crypto, +I want to build Mbed TLS in a way that uses my hardware wherever relevant, so that my customers maximally benefit from my hardware. -As a vendor of a platform with hardware acceleration for some crypto, -I want to build Mbed TLS without software that replicates what my hardware does, +As a vendor of a platform with hardware acceleration for some crypto, +I want to build Mbed TLS without software that replicates what my hardware does, to minimize the code size. +#### Integrators of Mbed TLS alongside a PSA Crypto provider + +I have a platform where the PSA Crypto is already provided "externally" from +Mbed TLS (ex: through TF-M in Zephyr) and I would like Mbed TLS to make use +of it whenever possible in order to benefit from higher performances (if some +hardware acceleration is supported in the provider) and/or higher isolation/security +(if the PSA provider is running in a completetly separated/inaccessible context). + #### Maintainer user stories -As a maintainer of Mbed TLS, -I want to have clear rules for when to use which interface, +As a maintainer of Mbed TLS, +I want to have clear rules for when to use which interface, to avoid bugs in “unusual” configurations. -As a maintainer of Mbed TLS, -I want to avoid duplicating code, +As a maintainer of Mbed TLS, +I want to avoid duplicating code, because this is inefficient and error-prone. ### Use PSA more @@ -55,8 +63,8 @@ In the long term, all code using cryptography should use PSA interfaces, to bene The goal of this work is to arrange for more non-PSA interfaces to use PSA interfaces under the hood, without breaking code in the cases where this doesn't work. Using PSA interfaces has two benefits: -* Where a PSA driver is available, it likely has better performance, and sometimes better security, than the built-in software implementation. -* In many scenarios, where a PSA driver is available, this allows removing the software implementation altogether. +* Where a PSA driver/provider is available, it likely has better performance, and sometimes better security, than the built-in software implementation. +* In many scenarios, where a PSA driver/provider is available, this allows removing the software implementation altogether. * We may be able to get rid of some redundancies, for example the duplication between the implementations of HMAC in `md.c` and in `psa_crypto_mac.c`, and HKDF in `hkdf.c` and `psa_crypto.c`. ### Correct dependencies @@ -72,7 +80,6 @@ All documented behavior must be preserved, except for interfaces currently descr The following configuration options are described as experimental, and are likely to change at least marginally: * `MBEDTLS_PSA_CRYPTO_CLIENT`: “This interface is experimental and may change or be removed without notice.” In practice we don't want to remove this, but we may constrain how it's used. -* `MBEDTLS_PSA_CRYPTO_DRIVERS`: “This interface is experimental. We intend to maintain backward compatibility with application code that relies on drivers, but the driver interfaces may change without notice.” In practice, this may mean constraints not only on how to write drivers, but also on how to integrate drivers into code that is platform code more than application code. * `MBEDTLS_PSA_CRYPTO_CONFIG`: “This feature is still experimental and is not ready for production since it is not completed.” We may want to change this, for example, to automatically enable more mechanisms (although this wouldn't be considered a backward compatibility break anyway, since we don't promise that you will not get a feature if you don't enable its `PSA_WANT_xxx`). ### Non-goals @@ -190,7 +197,7 @@ Note: PSA cipher is built on Cipher, but PSA AEAD directly calls the underlying Here are some reasons why calling `psa_xxx()` to perform a hash or cipher calculation might not be desirable in some circumstances, explaining why the application would arrange to call the legacy software implementation instead. -* `MBEDTLS_PSA_CRYPTO_C` is disabled. +* `MBEDTLS_PSA_CRYPTO_CLIENT` is disabled. * There is a PSA driver which has not been initialized (this happens in `psa_crypto_init()`). * For ciphers, the keystore is not initialized yet, and Mbed TLS uses a custom implementation of PSA ITS where the file system is not accessible yet (because something else needs to happen first, and the application takes care that it happens before it calls `psa_crypto_init()`). A possible workaround may be to dispatch to the internal functions that are called after the keystore lookup, rather than to the PSA API functions (but this is incompatible with `MBEDTLS_PSA_CRYPTO_CLIENT`). * The requested mechanism is enabled in the legacy interface but not in the PSA interface. This was not really intended, but is possible, for example, if you enable `MBEDTLS_MD5_C` for PEM decoding with PBKDF1 but don't want `PSA_ALG_WANT_MD5` because it isn't supported for `PSA_ALG_RSA_PSS` and `PSA_ALG_DETERMINISTIC_ECDSA`. @@ -208,7 +215,7 @@ Generally speaking, modules in the mixed domain: #### Non-support guarantees: requirements -Generally speaking, just because some feature is not enabled in `mbedtls_config.h` or `psa_config.h` doesn't guarantee that it won't be enabled in the build. We can enable additional features through `build_info.h`. +Generally speaking, just because some feature is not enabled in `mbedtls_config.h` or `crypto_config.h` doesn't guarantee that it won't be enabled in the build. We can enable additional features through `build_info.h` and other header files included there (`*adjust*.h`). If `PSA_WANT_xxx` is disabled, this should guarantee that attempting xxx through the PSA API will fail. This is generally guaranteed by the test suite `test_suite_psa_crypto_not_supported` with automatically enumerated test cases, so it would be inconvenient to carve out an exception. @@ -331,14 +338,10 @@ Note that this applies to TLS 1.3 as well, as some uses of hashes and all uses o This will go away naturally in 4.0 when this macros is not longer an option (because it's always on). -#### Don't support for `MBEDTLS_PSA_CRYPTO_CLIENT` without `MBEDTLS_PSA_CRYPTO_C` +#### Support for `MBEDTLS_PSA_CRYPTO_CLIENT` without `MBEDTLS_PSA_CRYPTO_C` We generally don't really support builds with `MBEDTLS_PSA_CRYPTO_CLIENT` without `MBEDTLS_PSA_CRYPTO_C`. For example, both `MBEDTLS_USE_PSA_CRYPTO` and `MBEDTLS_SSL_PROTO_TLS1_3` require `MBEDTLS_PSA_CRYPTO_C`, while in principle they should only require `MBEDTLS_PSA_CRYPTO_CLIENT`. -Considering this existing restriction which we do not plan to lift before 4.0, it is acceptable driver-only hashes and cipher support to have the same restriction in 3.x. - -It is however desirable for the design to keep support for `MBEDTLS_PSA_CRYPTO_CLIENT` in mind, in order to avoid making it more difficult to add in the future. - #### For cipher: prioritize constrained devices and modern TLS The primary target is a configuration like TF-M's medium profile, plus TLS with only AEAD ciphersuites. @@ -420,8 +423,9 @@ Unlike the full MD, MD light does not support null pointers as `mbedtls_md_conte For each hash algorithm, `md.h` defines a macro `MBEDTLS_MD_CAN_xxx` whenever the corresponding hash is available through MD light. These macros are only defined when `MBEDTLS_MD_LIGHT` is enabled. Per “[Availability of hashes](#availability-of-hashes)”, `MBEDTLS_MD_CAN_xxx` is enabled if: -* the corresponding `MBEDTLS_xxx_C` is defined; or -* one of `MBEDTLS_PSA_CRYPTO_C` or `MBEDTLS_PSA_CRYPTO_CLIENT` is enabled, and the corresponding `PSA_WANT_ALG_xxx` is enabled. +* the corresponding `MBEDTLS_xxx_C` is defined. +* `MBEDTLS_PSA_CRYPTO_C` is enabled and the corresponding `PSA_WANT_ALG_xxx` and `MBEDTLS_PSA_ACCEL_ALG_xxx` are enabled. This enables driver acceleration support. +* `MBEDTLS_PSA_CRYPTO_CLIENT` is enabled the corresponding `PSA_WANT_ALG_xxx` is enabled. Then the Mbed TLS library must be linked against the PSA Crypto provider one which will eventually handle all PSA calls. Note that some algorithms have different spellings in legacy and PSA. Since MD is a legacy interface, we'll use the legacy names. Thus, for example: @@ -440,7 +444,7 @@ for now this is out of scope. #### MD light internal support macros -* If at least one hash has a PSA driver, define `MBEDTLS_MD_SOME_PSA`. +* If at least one hash has a PSA driver or support in PSA Crypto provider, define `MBEDTLS_MD_SOME_PSA`. * If at least one hash has a legacy implementation, defined `MBEDTLS_MD_SOME_LEGACY`. #### Support for PSA in the MD context @@ -488,15 +492,24 @@ static inline psa_algorithm_t psa_alg_of_md_info( #### Determination of PSA support at runtime +Mbed TLS defines internal symbols `MBEDTLS_MD_xxx_VIA_PSA` which are used to check if the `xxx` hash algorithm is supported in PSA. They are enabled when: + +* `MBEDTLS_PSA_CRYPTO_C && MBEDTLS_PSA_ACCEL_ALG_xxx`, i.e. when the PSA Crypto core is built with Mbed TLS and the `xxx` is accelerated through a driver. +* `MBEDTLS_PSA_CRYPTO_CLIENT && PSA_WANT_ALG_xxx`, i.e. there is a PSA Crypto provider/server which supports `xxx` hash algorithm. + +MD internally uses the following private function to determine if PSA can be used at runtime or not: + ``` -int psa_can_do_hash(psa_algorithm_t hash_alg); +static int md_can_use_psa(const mbedtls_md_info_t *info) ``` -The job of this private function is to return 1 if `hash_alg` can be performed through PSA now, and 0 otherwise. It is only defined on algorithms that are enabled via PSA. +Internally this function does the following: -As a starting point, return 1 if PSA crypto's driver subsystem has been initialized. +* First of all it converts the `mbedtls_md_info_t` to `psa_algorithm_t`. The result of this conversion is based on the `MBEDTLS_MD_xxx_VIA_PSA` symbols: if an algorithm does not have the corresponding `MBEDTLS_MD_xxx_VIA_PSA` enabled, then `md_can_use_psa` will return false. -Usage note: for algorithms that are not enabled via PSA, calling `psa_can_do_hash` is generally safe: whether it returns 0 or 1, you can call a PSA hash function on the algorithm and it will return `PSA_ERROR_NOT_SUPPORTED`. +* `int psa_can_do_hash(psa_algorithm_t hash_alg)` is then used to further checking if the PSA Crypto core has been initialized or not. If so then `md_can_use_psa` will finally succeed, otherwise it will fail. + +To be noted that in client/server builds (i.e. `MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C`) the implementer of the client interface is expected to provide psa_can_do_hash(). #### Support for PSA dispatch in hash operations @@ -506,7 +519,7 @@ If given an established context, use its `engine` field. If given an algorithm as an `mbedtls_md_type_t type` (possibly being the `type` field of a `const mbedtls_md_info_t *`): -* If there is a PSA accelerator for this hash and `psa_can_do_hash(alg)`, call the corresponding PSA function, and if applicable set the engine to `MBEDTLS_MD_ENGINE_PSA`. (Skip this is `MBEDTLS_MD_SOME_PSA` is not defined.) +* If there is a PSA accelerator/provider for this hash and `md_can_use_psa` succeeds, call the corresponding PSA function, and if applicable set the engine to `MBEDTLS_MD_ENGINE_PSA`. (Skip this is `MBEDTLS_MD_SOME_PSA` is not defined.) * Otherwise dispatch to the legacy module based on the type as currently done. (Skip this is `MBEDTLS_MD_SOME_LEGACY` is not defined.) * If no dispatch is possible, return `MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE`. @@ -522,7 +535,7 @@ As discussed in [“Implications between legacy availability and PSA availabilit > If an algorithm has a legacy implementation, it is also available through PSA. -When `MBEDTLS_PSA_CRYPTO_CONFIG` is disabled, this is already the case. When is enabled, we will now make it so as well. Change `include/mbedtls/config_psa.h` accordingly. +When `MBEDTLS_PSA_CRYPTO_CONFIG` is disabled, this is already the case. When is enabled, `include/config_adjust_psa_superset_legacy.h` will ensure that PSA configuration is always a superset of what's enabled in legacy. ### MD light optimizations @@ -557,15 +570,6 @@ Work in progress on this conversion is at https://github.com/gilles-peskine-arm/ PSA has its own HMAC implementation. In builds with both `MBEDTLS_MD_C` and `PSA_WANT_ALG_HMAC` not fully provided by drivers, we should have a single implementation. Replace the one in `md.h` by calls to the PSA driver interface. This will also give mixed-domain modules access to HMAC accelerated directly by a PSA driver (eliminating the need to a HMAC interface in software if all supported hashes have an accelerator that includes HMAC support). -### Improving support for `MBEDTLS_PSA_CRYPTO_CLIENT` - -So far, MD light only dispatches to PSA if an algorithm is available via `MBEDTLS_PSA_CRYPTO_C`, not if it's available via `MBEDTLS_PSA_CRYPTO_CLIENT`. This is acceptable because `MBEDTLS_USE_PSA_CRYPTO` requires `MBEDTLS_PSA_CRYPTO_C`, hence mixed-domain code never invokes PSA. - -The architecture can be extended to support `MBEDTLS_PSA_CRYPTO_CLIENT` with a little extra work. Here is an overview of the task breakdown, which should be fleshed up after we've done the first [migration](#migration-to-md-light): - -* Compile-time dependencies: instead of checking `defined(MBEDTLS_PSA_CRYPTO_C)`, check `defined(MBEDTLS_PSA_CRYPTO_C) || defined(MBEDTLS_PSA_CRYPTO_CLIENT)`. -* Implementers of `MBEDTLS_PSA_CRYPTO_CLIENT` will need to provide `psa_can_do_hash()` (or a more general function `psa_can_do`) alongside `psa_crypto_init()`. Note that at this point, it will become a public interface, hence we won't be able to change it at a whim. - ### Internal "block cipher" abstraction (previously known as "Cipher light") #### Definition From 05b3835bd62c3378eb231b468dda14d43f5ce44d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 21 Feb 2025 14:40:51 +0100 Subject: [PATCH 038/126] psa: move definition of psa_can_do_hash() to crypto_extra.h This allows any implementer of the PSA client interface to easily include this header and therefore function's prototype. Signed-off-by: Valerio Setti --- include/psa/crypto_extra.h | 26 ++++++++++++++++++++++++++ library/psa_crypto_core.h | 12 ------------ 2 files changed, 26 insertions(+), 12 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index f48c0873b5..b991c866b2 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -583,6 +583,32 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( /** @} */ +/** \defgroup psa_crypto_client Functions defined by a client provider + * + * The functions in this group are meant to be implemented by providers of + * the PSA Crypto client interface. They are provided by the library when + * #MBEDTLS_PSA_CRYPTO_C is enabled. + * + * \note All functions in this group are experimental, as using + * alternative client interface providers is experimental. + * + * @{ + */ + +/** + * Tell if PSA is ready for this hash. + * + * \note For now, only checks the state of the driver subsystem, + * not the algorithm. Might do more in the future. + * + * \param hash_alg The hash algorithm (ignored for now). + * + * \return 1 if the driver subsytem is ready, 0 otherwise. + */ +int psa_can_do_hash(psa_algorithm_t hash_alg); + +/**@}*/ + /** \addtogroup crypto_types * @{ */ diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index df0ee501ab..c3c0770142 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -24,18 +24,6 @@ #include "mbedtls/threading.h" #endif -/** - * Tell if PSA is ready for this hash. - * - * \note For now, only checks the state of the driver subsystem, - * not the algorithm. Might do more in the future. - * - * \param hash_alg The hash algorithm (ignored for now). - * - * \return 1 if the driver subsytem is ready, 0 otherwise. - */ -int psa_can_do_hash(psa_algorithm_t hash_alg); - /** * Tell if PSA is ready for this cipher. * From 79a98bd7b63f31bed9fb19d1df0a0c9eedc3569e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 21 Feb 2025 15:00:11 +0100 Subject: [PATCH 039/126] crypto_extra: improve description of psa_can_do_hash() Signed-off-by: Valerio Setti --- include/psa/crypto_extra.h | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index b991c866b2..a046ba5777 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -595,15 +595,18 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * @{ */ -/** - * Tell if PSA is ready for this hash. +/** Check if PSA is capable of handling the specified hash algorithm. * - * \note For now, only checks the state of the driver subsystem, - * not the algorithm. Might do more in the future. + * This means that PSA core was built with the corresponding PSA_WANT_ALG_xxx + * set and that psa_crypto_init has already been called. * - * \param hash_alg The hash algorithm (ignored for now). + * \note When using Mbed TLS version of PSA core (i.e. MBEDTLS_PSA_CRYPTO_C is + * set) for now this function only checks the state of the driver + * subsystem, not the algorithm. This might be improved in the future. * - * \return 1 if the driver subsytem is ready, 0 otherwise. + * \param hash_alg The hash algorithm. + * + * \return 1 if the PSA can handle \p hash_alg, 0 otherwise. */ int psa_can_do_hash(psa_algorithm_t hash_alg); From cc1b26bd9a31642a1afcae135c758fe636b47fb9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 23 Jan 2025 16:22:05 +0100 Subject: [PATCH 040/126] changelog: add note for MD changes Signed-off-by: Valerio Setti --- ChangeLog.d/9652.txt | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 ChangeLog.d/9652.txt diff --git a/ChangeLog.d/9652.txt b/ChangeLog.d/9652.txt new file mode 100644 index 0000000000..98a8eae4db --- /dev/null +++ b/ChangeLog.d/9652.txt @@ -0,0 +1,9 @@ +Features + * MD module can now perform PSA dispatching also when + `MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C`, even though this + configuration is not officially supported. This requires that a + PSA Crypto provider library which: + * supports the required `PSA_WANT_ALG_xxx` and + * implements `psa_can_do_hash()` on the client interface + is linked against Mbed TLS and that `psa_crypto_init()` is called before + performing any PSA call. From 29581ce229fe3d9a242cad2c2b8f0ddeb9b15bea Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 24 Jan 2025 17:39:58 +0000 Subject: [PATCH 041/126] Add TLS Hanshake defragmentation tests Tests uses openssl s_server with a mix of max_send_frag and split_send_frag options. Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 84 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0376018f5d..caef6405a8 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14457,6 +14457,90 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth -c "Handshake was completed" \ -s "dumping .client hello, compression. (2 bytes)" +# Handshake defragmentation testing + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (512)" \ + "$O_SRV -max_send_frag 512 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (513)" \ + "$O_SRV -max_send_frag 513 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (256)" \ + "$O_SRV -mtu 32 -split_send_frag 256 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (128)" \ + "$O_SRV -mtu 32 -split_send_frag 128 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (64)" \ + "$O_SRV -mtu 32 -split_send_frag 64 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (36)" \ + "$O_SRV -mtu 32 -split_send_frag 36 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (32)" \ + "$O_SRV -mtu 32 -split_send_frag 32 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (16)" \ + "$O_SRV -mtu 32 -split_send_frag 16 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (13)" \ + "$O_SRV -mtu 32 -split_send_frag 13 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (5)" \ + "$O_SRV -mtu 32 -split_send_frag 5 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From e11d8c9333a7791fcb9caf6832feae2744f978de Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 28 Jan 2025 16:47:21 +0000 Subject: [PATCH 042/126] Improve TLS handshake defragmentation tests * Add tests for the server side. * Remove restriction for TLS 1.2 so that we can test TLS 1.2 & 1.3. * Use latest version of openSSL to make sure -max_send_frag & -split_send_frag flags are supported. Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 131 ++++++++++++++++++++++++++++++++++++----------- 1 file changed, 100 insertions(+), 31 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index caef6405a8..54e70ddd12 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14459,87 +14459,156 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (512)" \ - "$O_SRV -max_send_frag 512 " \ +run_test "Client Hanshake defragmentation (512)" \ + "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (513)" \ - "$O_SRV -max_send_frag 513 " \ +run_test "Client Hanshake defragmentation (513)" \ + "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (256)" \ - "$O_SRV -mtu 32 -split_send_frag 256 " \ +run_test "Client Hanshake defragmentation (256)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (128)" \ - "$O_SRV -mtu 32 -split_send_frag 128 " \ +run_test "Client Hanshake defragmentation (128)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (64)" \ - "$O_SRV -mtu 32 -split_send_frag 64 " \ +run_test "Client Hanshake defragmentation (64)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (36)" \ - "$O_SRV -mtu 32 -split_send_frag 36 " \ +run_test "Client Hanshake defragmentation (36)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (32)" \ - "$O_SRV -mtu 32 -split_send_frag 32 " \ +run_test "Client Hanshake defragmentation (32)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (16)" \ - "$O_SRV -mtu 32 -split_send_frag 16 " \ +run_test "Client Hanshake defragmentation (16)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (13)" \ - "$O_SRV -mtu 32 -split_send_frag 13 " \ +run_test "Client Hanshake defragmentation (13)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (5)" \ - "$O_SRV -mtu 32 -split_send_frag 5 " \ +run_test "Client Hanshake defragmentation (5)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " + +run_test "Server Hanshake defragmentation (512)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -max_send_frag 512 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (513)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -max_send_frag 513 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (256)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 256 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (128)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 128 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (64)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 64 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (36)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 36 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (32)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 32 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (16)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 16 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (13)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 13 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (5)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 5 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 From 8870b99da4fa9e058f69965b3af80aad205b1a1b Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 29 Jan 2025 16:23:40 +0000 Subject: [PATCH 043/126] Fix typo in TLS Handshake defrafmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 54e70ddd12..2a29a6df91 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14459,7 +14459,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing -run_test "Client Hanshake defragmentation (512)" \ +run_test "Client Handshake defragmentation (512)" \ "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14467,7 +14467,7 @@ run_test "Client Hanshake defragmentation (512)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (513)" \ +run_test "Client Handshake defragmentation (513)" \ "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14475,7 +14475,7 @@ run_test "Client Hanshake defragmentation (513)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (256)" \ +run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14483,7 +14483,7 @@ run_test "Client Hanshake defragmentation (256)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (128)" \ +run_test "Client Handshake defragmentation (128)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14491,7 +14491,7 @@ run_test "Client Hanshake defragmentation (128)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (64)" \ +run_test "Client Handshake defragmentation (64)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14499,7 +14499,7 @@ run_test "Client Hanshake defragmentation (64)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (36)" \ +run_test "Client Handshake defragmentation (36)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14507,7 +14507,7 @@ run_test "Client Hanshake defragmentation (36)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (32)" \ +run_test "Client Handshake defragmentation (32)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14515,7 +14515,7 @@ run_test "Client Hanshake defragmentation (32)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (16)" \ +run_test "Client Handshake defragmentation (16)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14524,7 +14524,7 @@ run_test "Client Hanshake defragmentation (16)" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (13)" \ +run_test "Client Handshake defragmentation (13)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14532,7 +14532,7 @@ run_test "Client Hanshake defragmentation (13)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (5)" \ +run_test "Client Handshake defragmentation (5)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14540,70 +14540,70 @@ run_test "Client Hanshake defragmentation (5)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Server Hanshake defragmentation (512)" \ +run_test "Server Handshake defragmentation (512)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -max_send_frag 512 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (513)" \ +run_test "Server Handshake defragmentation (513)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -max_send_frag 513 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (256)" \ +run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 256 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (128)" \ +run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 128 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (64)" \ +run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 64 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (36)" \ +run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 36 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (32)" \ +run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 32 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (16)" \ +run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 16 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (13)" \ +run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 13 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (5)" \ +run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 5 " \ 0 \ From 5b7c8bb064cd0e0e21b9c85101db9b294d66df33 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 29 Jan 2025 16:58:58 +0000 Subject: [PATCH 044/126] Remove unnecessary string check in handshake defragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2a29a6df91..adae592151 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14463,7 +14463,6 @@ run_test "Client Handshake defragmentation (512)" \ "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -14471,7 +14470,6 @@ run_test "Client Handshake defragmentation (513)" \ "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -14479,7 +14477,6 @@ run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -14487,7 +14484,6 @@ run_test "Client Handshake defragmentation (128)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -14495,7 +14491,6 @@ run_test "Client Handshake defragmentation (64)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -14503,7 +14498,6 @@ run_test "Client Handshake defragmentation (36)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -14511,7 +14505,6 @@ run_test "Client Handshake defragmentation (32)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -14519,7 +14512,6 @@ run_test "Client Handshake defragmentation (16)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -14528,7 +14520,6 @@ run_test "Client Handshake defragmentation (13)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -14536,7 +14527,6 @@ run_test "Client Handshake defragmentation (5)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " From 1b2590b125476f43a8ccbcefbc52f7f6c55149db Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 29 Jan 2025 17:01:55 +0000 Subject: [PATCH 045/126] Require openssl to support TLS 1.3 in handshake defragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index adae592151..c2f23f0db7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14459,6 +14459,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (512)" \ "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ @@ -14466,6 +14467,7 @@ run_test "Client Handshake defragmentation (512)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (513)" \ "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ @@ -14473,6 +14475,7 @@ run_test "Client Handshake defragmentation (513)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ @@ -14480,6 +14483,7 @@ run_test "Client Handshake defragmentation (256)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (128)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ @@ -14487,6 +14491,7 @@ run_test "Client Handshake defragmentation (128)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (64)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ @@ -14494,6 +14499,7 @@ run_test "Client Handshake defragmentation (64)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (36)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ @@ -14501,6 +14507,7 @@ run_test "Client Handshake defragmentation (36)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (32)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ @@ -14508,6 +14515,7 @@ run_test "Client Handshake defragmentation (32)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (16)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ @@ -14515,7 +14523,7 @@ run_test "Client Handshake defragmentation (16)" \ -c "<= handshake" \ -c "handshake fragment: " - +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (13)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ @@ -14523,6 +14531,7 @@ run_test "Client Handshake defragmentation (13)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (5)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ @@ -14530,6 +14539,7 @@ run_test "Client Handshake defragmentation (5)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (512)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -max_send_frag 512 " \ @@ -14537,6 +14547,7 @@ run_test "Server Handshake defragmentation (512)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (513)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -max_send_frag 513 " \ @@ -14544,6 +14555,7 @@ run_test "Server Handshake defragmentation (513)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 256 " \ @@ -14551,6 +14563,7 @@ run_test "Server Handshake defragmentation (256)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 128 " \ @@ -14558,6 +14571,7 @@ run_test "Server Handshake defragmentation (128)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 64 " \ @@ -14565,6 +14579,7 @@ run_test "Server Handshake defragmentation (64)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 36 " \ @@ -14572,6 +14587,7 @@ run_test "Server Handshake defragmentation (36)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 32 " \ @@ -14579,6 +14595,7 @@ run_test "Server Handshake defragmentation (32)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 16 " \ @@ -14586,6 +14603,7 @@ run_test "Server Handshake defragmentation (16)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 13 " \ @@ -14593,6 +14611,7 @@ run_test "Server Handshake defragmentation (13)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 5 " \ From e9b08846dac5e7a6455d5c41bd2c4031aa11cfe4 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 29 Jan 2025 17:13:34 +0000 Subject: [PATCH 046/126] Add client authentication to handshake defragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c2f23f0db7..e59fd811ea 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14542,7 +14542,7 @@ run_test "Client Handshake defragmentation (5)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (512)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -max_send_frag 512 " \ + "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14550,7 +14550,7 @@ run_test "Server Handshake defragmentation (512)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (513)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -max_send_frag 513 " \ + "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14558,7 +14558,7 @@ run_test "Server Handshake defragmentation (513)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 256 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14566,7 +14566,7 @@ run_test "Server Handshake defragmentation (256)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 128 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14574,7 +14574,7 @@ run_test "Server Handshake defragmentation (128)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 64 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14582,7 +14582,7 @@ run_test "Server Handshake defragmentation (64)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 36 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14590,7 +14590,7 @@ run_test "Server Handshake defragmentation (36)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 32 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14598,7 +14598,7 @@ run_test "Server Handshake defragmentation (32)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 16 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14606,7 +14606,7 @@ run_test "Server Handshake defragmentation (16)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 13 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14614,7 +14614,7 @@ run_test "Server Handshake defragmentation (13)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 5 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " From 826fc5c383274208eb74985618cfe8edd96d04c9 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 29 Jan 2025 18:28:56 +0000 Subject: [PATCH 047/126] Remove unneeded mtu option from handshake fragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e59fd811ea..46f41ee1bd 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14477,7 +14477,7 @@ run_test "Client Handshake defragmentation (513)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (256)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 256 " \ + "$O_NEXT_SRV -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -14485,7 +14485,7 @@ run_test "Client Handshake defragmentation (256)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (128)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 128 " \ + "$O_NEXT_SRV -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -14493,7 +14493,7 @@ run_test "Client Handshake defragmentation (128)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (64)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 64 " \ + "$O_NEXT_SRV -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -14501,7 +14501,7 @@ run_test "Client Handshake defragmentation (64)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (36)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 36 " \ + "$O_NEXT_SRV -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -14509,7 +14509,7 @@ run_test "Client Handshake defragmentation (36)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (32)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 32 " \ + "$O_NEXT_SRV -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -14517,7 +14517,7 @@ run_test "Client Handshake defragmentation (32)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (16)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 16 " \ + "$O_NEXT_SRV -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -14525,7 +14525,7 @@ run_test "Client Handshake defragmentation (16)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (13)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 13 " \ + "$O_NEXT_SRV -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -14533,7 +14533,7 @@ run_test "Client Handshake defragmentation (13)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (5)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 5 " \ + "$O_NEXT_SRV -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -14558,7 +14558,7 @@ run_test "Server Handshake defragmentation (513)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14566,7 +14566,7 @@ run_test "Server Handshake defragmentation (256)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14574,7 +14574,7 @@ run_test "Server Handshake defragmentation (128)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14582,7 +14582,7 @@ run_test "Server Handshake defragmentation (64)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14590,7 +14590,7 @@ run_test "Server Handshake defragmentation (36)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14598,7 +14598,7 @@ run_test "Server Handshake defragmentation (32)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14606,7 +14606,7 @@ run_test "Server Handshake defragmentation (16)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14614,7 +14614,7 @@ run_test "Server Handshake defragmentation (13)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " From 57f61f82fd29a2686a428d27be2f8835026546da Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 30 Jan 2025 12:02:12 +0000 Subject: [PATCH 048/126] Enforce client authentication in handshake fragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 46f41ee1bd..9a597e191f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14541,7 +14541,7 @@ run_test "Client Handshake defragmentation (5)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (512)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -14549,7 +14549,7 @@ run_test "Server Handshake defragmentation (512)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (513)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -14557,7 +14557,7 @@ run_test "Server Handshake defragmentation (513)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (256)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -14565,7 +14565,7 @@ run_test "Server Handshake defragmentation (256)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (128)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -14573,7 +14573,7 @@ run_test "Server Handshake defragmentation (128)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (64)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -14581,7 +14581,7 @@ run_test "Server Handshake defragmentation (64)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (36)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -14589,7 +14589,7 @@ run_test "Server Handshake defragmentation (36)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (32)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -14597,7 +14597,7 @@ run_test "Server Handshake defragmentation (32)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (16)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -14605,7 +14605,7 @@ run_test "Server Handshake defragmentation (16)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (13)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -14613,7 +14613,7 @@ run_test "Server Handshake defragmentation (13)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (5)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ From 99f4691bd6703701b79d7b30ebacb6b5905ecc98 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 30 Jan 2025 17:53:02 +0000 Subject: [PATCH 049/126] Add a comment to elaborate using split_send_frag in handshake defragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9a597e191f..8b2a56d0c2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14475,6 +14475,9 @@ run_test "Client Handshake defragmentation (513)" \ -c "<= handshake" \ -c "handshake fragment: " +# OpenSSL does not allow max_send_frag to be less than 512 +# so we use split_send_frag instead for tests lower than 512 below. + requires_openssl_tls1_3 run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -split_send_frag 256 " \ From be59ab5671d9578d767444529361c1ed24071bc3 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 31 Jan 2025 11:25:43 +0000 Subject: [PATCH 050/126] Add guard to handshake defragmentation tests for client certificate Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8b2a56d0c2..74b673be76 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14479,6 +14479,7 @@ run_test "Client Handshake defragmentation (513)" \ # so we use split_send_frag instead for tests lower than 512 below. requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ @@ -14487,6 +14488,7 @@ run_test "Client Handshake defragmentation (256)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (128)" \ "$O_NEXT_SRV -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ @@ -14495,6 +14497,7 @@ run_test "Client Handshake defragmentation (128)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (64)" \ "$O_NEXT_SRV -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ @@ -14503,6 +14506,7 @@ run_test "Client Handshake defragmentation (64)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (36)" \ "$O_NEXT_SRV -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ @@ -14511,6 +14515,7 @@ run_test "Client Handshake defragmentation (36)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (32)" \ "$O_NEXT_SRV -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ @@ -14519,6 +14524,7 @@ run_test "Client Handshake defragmentation (32)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (16)" \ "$O_NEXT_SRV -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ @@ -14527,6 +14533,7 @@ run_test "Client Handshake defragmentation (16)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (13)" \ "$O_NEXT_SRV -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ @@ -14535,6 +14542,7 @@ run_test "Client Handshake defragmentation (13)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (5)" \ "$O_NEXT_SRV -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ @@ -14543,6 +14551,7 @@ run_test "Client Handshake defragmentation (5)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (512)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14551,6 +14560,7 @@ run_test "Server Handshake defragmentation (512)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (513)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14559,6 +14569,7 @@ run_test "Server Handshake defragmentation (513)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14567,6 +14578,7 @@ run_test "Server Handshake defragmentation (256)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14575,6 +14587,7 @@ run_test "Server Handshake defragmentation (128)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14583,6 +14596,7 @@ run_test "Server Handshake defragmentation (64)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14591,6 +14605,7 @@ run_test "Server Handshake defragmentation (36)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14599,6 +14614,7 @@ run_test "Server Handshake defragmentation (32)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14607,6 +14623,7 @@ run_test "Server Handshake defragmentation (16)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14615,6 +14632,7 @@ run_test "Server Handshake defragmentation (13)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ From 5fc8d3f035a82db04f70871e2919b22222e822b1 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 31 Jan 2025 11:50:08 +0000 Subject: [PATCH 051/126] Test Handshake defragmentation only for TLS 1.3 only for small values Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 74b673be76..1b3708f70f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14478,8 +14478,12 @@ run_test "Client Handshake defragmentation (513)" \ # OpenSSL does not allow max_send_frag to be less than 512 # so we use split_send_frag instead for tests lower than 512 below. +# There is an issue with OpenSSL when fragmenting with values less +# than 512 bytes in TLS 1.2 so we require TLS 1.3 with these values. + requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ @@ -14489,6 +14493,7 @@ run_test "Client Handshake defragmentation (256)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (128)" \ "$O_NEXT_SRV -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ @@ -14498,6 +14503,7 @@ run_test "Client Handshake defragmentation (128)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (64)" \ "$O_NEXT_SRV -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ @@ -14507,6 +14513,7 @@ run_test "Client Handshake defragmentation (64)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (36)" \ "$O_NEXT_SRV -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ @@ -14516,6 +14523,7 @@ run_test "Client Handshake defragmentation (36)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (32)" \ "$O_NEXT_SRV -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ @@ -14525,6 +14533,7 @@ run_test "Client Handshake defragmentation (32)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (16)" \ "$O_NEXT_SRV -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ @@ -14534,6 +14543,7 @@ run_test "Client Handshake defragmentation (16)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (13)" \ "$O_NEXT_SRV -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ @@ -14543,6 +14553,7 @@ run_test "Client Handshake defragmentation (13)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (5)" \ "$O_NEXT_SRV -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ @@ -14570,6 +14581,7 @@ run_test "Server Handshake defragmentation (513)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14579,6 +14591,7 @@ run_test "Server Handshake defragmentation (256)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14588,6 +14601,7 @@ run_test "Server Handshake defragmentation (128)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14597,6 +14611,7 @@ run_test "Server Handshake defragmentation (64)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14606,6 +14621,7 @@ run_test "Server Handshake defragmentation (36)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14615,6 +14631,7 @@ run_test "Server Handshake defragmentation (32)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14624,6 +14641,7 @@ run_test "Server Handshake defragmentation (16)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14633,6 +14651,7 @@ run_test "Server Handshake defragmentation (13)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ From c5f1ba3d50510fd7c9bc554fa323460593abb7f9 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 31 Jan 2025 14:44:13 +0000 Subject: [PATCH 052/126] Add missing client certificate check in handshake defragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1b3708f70f..b62a7c154e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14460,6 +14460,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (512)" \ "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ @@ -14468,6 +14469,7 @@ run_test "Client Handshake defragmentation (512)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (513)" \ "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ From afb428e5846c8399a3ee74eff21fa06fc07f897c Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 5 Feb 2025 15:23:14 +0000 Subject: [PATCH 053/126] ssl-opt: Updated the keywords to look up during handshake fragmentation tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 80 ++++++++++++++++++++++++------------------------ 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b62a7c154e..372225837b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14465,8 +14465,8 @@ run_test "Client Handshake defragmentation (512)" \ "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (512 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14474,8 +14474,8 @@ run_test "Client Handshake defragmentation (513)" \ "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (513 [0-9]\\+, [0-9]\\+ left)" # OpenSSL does not allow max_send_frag to be less than 512 # so we use split_send_frag instead for tests lower than 512 below. @@ -14490,8 +14490,8 @@ run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (256 of [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14500,8 +14500,8 @@ run_test "Client Handshake defragmentation (128)" \ "$O_NEXT_SRV -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (128 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14510,8 +14510,8 @@ run_test "Client Handshake defragmentation (64)" \ "$O_NEXT_SRV -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (64 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14520,8 +14520,8 @@ run_test "Client Handshake defragmentation (36)" \ "$O_NEXT_SRV -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (36 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14530,8 +14530,8 @@ run_test "Client Handshake defragmentation (32)" \ "$O_NEXT_SRV -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (32 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14540,8 +14540,8 @@ run_test "Client Handshake defragmentation (16)" \ "$O_NEXT_SRV -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (16 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14550,8 +14550,8 @@ run_test "Client Handshake defragmentation (13)" \ "$O_NEXT_SRV -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (13 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14560,8 +14560,8 @@ run_test "Client Handshake defragmentation (5)" \ "$O_NEXT_SRV -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (5 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14569,8 +14569,8 @@ run_test "Server Handshake defragmentation (512)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (512 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14578,8 +14578,8 @@ run_test "Server Handshake defragmentation (513)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (513 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14588,8 +14588,8 @@ run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (256 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14598,8 +14598,8 @@ run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (128 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14608,8 +14608,8 @@ run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (64 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14618,8 +14618,8 @@ run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (36 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14628,8 +14628,8 @@ run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (32 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14638,8 +14638,8 @@ run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (16 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14648,8 +14648,8 @@ run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (12 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14658,8 +14658,8 @@ run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (5 [0-9]\\+, [0-9]\\+ left)" # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 From 9886fd17dbdf87f29c6120c70b3f0dccd95b0b8a Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 7 Feb 2025 14:10:18 +0000 Subject: [PATCH 054/126] ssl-opt: Added requires_openssl_3_x to defragmentation tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 80 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 60 insertions(+), 20 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 372225837b..a0f2b832c5 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14459,6 +14459,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication run_test "Client Handshake defragmentation (512)" \ @@ -14466,8 +14467,10 @@ run_test "Client Handshake defragmentation (512)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (512 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -c "waiting for more fragments (512 of [0-9]\\+" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication run_test "Client Handshake defragmentation (513)" \ @@ -14475,7 +14478,8 @@ run_test "Client Handshake defragmentation (513)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (513 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -c "waiting for more fragments (513 of [0-9]\\+" # OpenSSL does not allow max_send_frag to be less than 512 # so we use split_send_frag instead for tests lower than 512 below. @@ -14483,6 +14487,7 @@ run_test "Client Handshake defragmentation (513)" \ # There is an issue with OpenSSL when fragmenting with values less # than 512 bytes in TLS 1.2 so we require TLS 1.3 with these values. +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14491,8 +14496,10 @@ run_test "Client Handshake defragmentation (256)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (256 of [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -c "waiting for more fragments (256 of [0-9]\\+" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14501,8 +14508,10 @@ run_test "Client Handshake defragmentation (128)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (128 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -c "waiting for more fragments (128" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14511,8 +14520,10 @@ run_test "Client Handshake defragmentation (64)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (64 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -c "waiting for more fragments (64" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14521,8 +14532,10 @@ run_test "Client Handshake defragmentation (36)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (36 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -c "waiting for more fragments (36" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14531,8 +14544,10 @@ run_test "Client Handshake defragmentation (32)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (32 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -c "waiting for more fragments (32" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14541,8 +14556,10 @@ run_test "Client Handshake defragmentation (16)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (16 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -c "waiting for more fragments (16" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14551,8 +14568,10 @@ run_test "Client Handshake defragmentation (13)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (13 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -c "waiting for more fragments (13" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14561,8 +14580,10 @@ run_test "Client Handshake defragmentation (5)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (5 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -c "waiting for more fragments (5" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication run_test "Server Handshake defragmentation (512)" \ @@ -14570,8 +14591,10 @@ run_test "Server Handshake defragmentation (512)" \ "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (512 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -s "waiting for more fragments (512" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication run_test "Server Handshake defragmentation (513)" \ @@ -14579,8 +14602,10 @@ run_test "Server Handshake defragmentation (513)" \ "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (513 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -s "waiting for more fragments (513" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14589,8 +14614,10 @@ run_test "Server Handshake defragmentation (256)" \ "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (256 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -s "waiting for more fragments (256" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14599,8 +14626,10 @@ run_test "Server Handshake defragmentation (128)" \ "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (128 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -s "waiting for more fragments (128" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14609,8 +14638,10 @@ run_test "Server Handshake defragmentation (64)" \ "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (64 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -s "waiting for more fragments (64" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14619,8 +14650,10 @@ run_test "Server Handshake defragmentation (36)" \ "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (36 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -s "waiting for more fragments (36" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14629,8 +14662,10 @@ run_test "Server Handshake defragmentation (32)" \ "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (32 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -s "waiting for more fragments (32" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14639,8 +14674,10 @@ run_test "Server Handshake defragmentation (16)" \ "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (16 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -s "waiting for more fragments (16" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14649,8 +14686,10 @@ run_test "Server Handshake defragmentation (13)" \ "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (12 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -s "waiting for more fragments (13" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14659,7 +14698,8 @@ run_test "Server Handshake defragmentation (5)" \ "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (5 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -s "waiting for more fragments (5" # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 From 502da02817ed3cfffbaafd1d677c0f3463368fca Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 7 Feb 2025 17:06:18 +0000 Subject: [PATCH 055/126] ssl-opt: Adjusted the wording on handshake fragmentation tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a0f2b832c5..707db889a4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14462,7 +14462,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication -run_test "Client Handshake defragmentation (512)" \ +run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14473,7 +14473,7 @@ run_test "Client Handshake defragmentation (512)" \ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication -run_test "Client Handshake defragmentation (513)" \ +run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14491,7 +14491,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (256)" \ +run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14503,7 +14503,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (128)" \ +run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14515,7 +14515,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (64)" \ +run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14527,7 +14527,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (36)" \ +run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14539,7 +14539,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (32)" \ +run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14551,7 +14551,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (16)" \ +run_test "Handshake defragmentation on client: len=14, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14563,7 +14563,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (13)" \ +run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14575,7 +14575,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (5)" \ +run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14586,7 +14586,7 @@ run_test "Client Handshake defragmentation (5)" \ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication -run_test "Server Handshake defragmentation (512)" \ +run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14597,7 +14597,7 @@ run_test "Server Handshake defragmentation (512)" \ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication -run_test "Server Handshake defragmentation (513)" \ +run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14609,7 +14609,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (256)" \ +run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14621,7 +14621,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (128)" \ +run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14633,7 +14633,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (64)" \ +run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14645,7 +14645,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (36)" \ +run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14657,7 +14657,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (32)" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14669,7 +14669,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (16)" \ +run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14681,7 +14681,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (13)" \ +run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14693,7 +14693,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (5)" \ +run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ From 1d47cebde109c6fe13fc5e27f6029290bd625a5d Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sat, 8 Feb 2025 23:31:43 +0000 Subject: [PATCH 056/126] ssl-opt: Dependency resolving set to use to requires_protocol_version HS deframentation tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 96 ++++++++++++++++++++---------------------------- 1 file changed, 40 insertions(+), 56 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 707db889a4..1de5776ecb 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14460,10 +14460,10 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ - "$O_NEXT_SRV -max_send_frag 512 " \ + "$O_NEXT_SRV -tls1_3 -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -14471,10 +14471,10 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ -c "waiting for more fragments (512 of [0-9]\\+" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ - "$O_NEXT_SRV -max_send_frag 513 " \ + "$O_NEXT_SRV -tls1_3 -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -14488,11 +14488,10 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ # than 512 bytes in TLS 1.2 so we require TLS 1.3 with these values. requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 256 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -14500,11 +14499,10 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ -c "waiting for more fragments (256 of [0-9]\\+" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 128 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -14512,11 +14510,10 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ -c "waiting for more fragments (128" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 64 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -14524,11 +14521,10 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ -c "waiting for more fragments (64" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 36 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -14536,11 +14532,10 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ -c "waiting for more fragments (36" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 32 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -14548,11 +14543,10 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ -c "waiting for more fragments (32" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=14, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 16 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -14560,11 +14554,10 @@ run_test "Handshake defragmentation on client: len=14, TLS 1.3" \ -c "waiting for more fragments (16" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 13 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -14572,11 +14565,10 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ -c "waiting for more fragments (13" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 5 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -14584,118 +14576,110 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ -c "waiting for more fragments (5" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -s "waiting for more fragments (512" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -s "waiting for more fragments (513" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -s "waiting for more fragments (256" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -s "waiting for more fragments (128" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -s "waiting for more fragments (64" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -s "waiting for more fragments (36" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -s "waiting for more fragments (32" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -s "waiting for more fragments (16" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -s "waiting for more fragments (13" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ From 48aa2deb0bc93737d3dd3fbefa7df059b76ca336 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sun, 9 Feb 2025 23:37:34 +0000 Subject: [PATCH 057/126] ssl-opt: Added tls 1.2 tests for HS defragmentation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 221 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 221 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1de5776ecb..f460ccebf1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14470,6 +14470,17 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -c "waiting for more fragments (512 of [0-9]\\+" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -max_send_frag 512 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -c "waiting for more fragments (512 of [0-9]\\+" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14481,6 +14492,17 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -c "waiting for more fragments (513 of [0-9]\\+" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -max_send_frag 513 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -c "waiting for more fragments (513 of [0-9]\\+" + # OpenSSL does not allow max_send_frag to be less than 512 # so we use split_send_frag instead for tests lower than 512 below. @@ -14498,6 +14520,17 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -c "waiting for more fragments (256 of [0-9]\\+" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -c "waiting for more fragments (256 of [0-9]\\+" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14509,6 +14542,17 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -c "waiting for more fragments (128" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -c "waiting for more fragments (128" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14520,6 +14564,17 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -c "waiting for more fragments (64" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -c "waiting for more fragments (64" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14531,6 +14586,17 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -c "waiting for more fragments (36" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -c "waiting for more fragments (36" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14542,6 +14608,17 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -c "waiting for more fragments (32" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -c "waiting for more fragments (32" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14553,6 +14630,17 @@ run_test "Handshake defragmentation on client: len=14, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -c "waiting for more fragments (16" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=14, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -c "waiting for more fragments (16" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14564,6 +14652,17 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -c "waiting for more fragments (13" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -c "waiting for more fragments (13" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14575,6 +14674,17 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -c "waiting for more fragments (5" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14586,6 +14696,17 @@ run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -s "waiting for more fragments (512" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -s "waiting for more fragments (512" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14597,6 +14718,17 @@ run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -s "waiting for more fragments (513" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -s "waiting for more fragments (513" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14608,6 +14740,18 @@ run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -s "waiting for more fragments (256" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -s "waiting for more fragments (256" + + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14619,6 +14763,17 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -s "waiting for more fragments (128" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=128, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -s "waiting for more fragments (128" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14630,6 +14785,17 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -s "waiting for more fragments (64" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=64, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -s "waiting for more fragments (64" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14641,6 +14807,17 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -s "waiting for more fragments (36" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=36, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -s "waiting for more fragments (36" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14652,6 +14829,17 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -s "waiting for more fragments (32" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=32, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -s "waiting for more fragments (32" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14663,6 +14851,17 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -s "waiting for more fragments (16" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=16, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -s "waiting for more fragments (16" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14674,6 +14873,17 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -s "waiting for more fragments (13" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=13, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -s "waiting for more fragments (13" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14685,6 +14895,17 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -s "waiting for more fragments (5" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=5, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -s "waiting for more fragments (5" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 871469a1066ac761f108a8d4da451f97506901e0 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 18 Feb 2025 17:21:22 +0000 Subject: [PATCH 058/126] ssl-opt: Added negative-assertion testing, (HS Fragmentation disabled) Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f460ccebf1..7e6f6ed0d7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14458,6 +14458,15 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth -s "dumping .client hello, compression. (2 bytes)" # Handshake defragmentation testing +requires_openssl_3_x +requires_protocol_version tls13 +requires_certificate_authentication +run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ + "$O_NEXT_SRV" \ + "$P_CLI debug_level=4 " \ + 0 \ + -C "reassembled record" \ + -C "waiting for more fragments" requires_openssl_3_x requires_protocol_version tls13 @@ -14685,6 +14694,16 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" +requires_openssl_3_x +requires_protocol_version tls13 +requires_certificate_authentication +run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -C "reassembled record" \ + -C "waiting for more fragments" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication From 03ae3523400425ef669f6bc96ea7dc9f614adc39 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 18 Feb 2025 17:33:22 +0000 Subject: [PATCH 059/126] ssl-opt: Added handshake fragmentation tests for 4 byte fragments. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7e6f6ed0d7..016617be02 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14694,7 +14694,6 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" -requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ @@ -14925,6 +14924,28 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -s "waiting for more fragments (5" +requires_protocol_version tls13 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -s "waiting for more fragments (4" + +requires_openssl_3_x +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=4, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -s "waiting for more fragments (4" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 79693bf48ae4ababb45b7202b6adb8124083f4c8 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 18 Feb 2025 17:41:18 +0000 Subject: [PATCH 060/126] ssl-opt: Added negative tests for handshake fragmentation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 56 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 016617be02..f2a502278f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14694,6 +14694,27 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" +requires_openssl_3_x +requires_protocol_version tls13 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ + "$P_CLI debug_level=4 " \ + 1 \ + -c "=> ssl_tls13_process_server_hello" \ + -c "handshake message too short: 3" \ + -c "SSL - An invalid SSL record was received" + +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \ + "$P_CLI debug_level=4 " \ + 1 \ + -c "handshake message too short: 3" \ + -c "SSL - An invalid SSL record was received" + requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ @@ -14946,6 +14967,41 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ -s "waiting for more fragments (4" +requires_openssl_3_x +requires_protocol_version tls13 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 1 \ + -s "<= parse client hello" \ + -s "handshake message too short: 3" \ + -s "SSL - An invalid SSL record was received" + +requires_openssl_3_x +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 1 \ + -s "<= parse client hello" \ + -s "handshake message too short: 3" \ + -s "SSL - An invalid SSL record was received" + +requires_openssl_3_x +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=32, TLS 1.2" \ + "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 1 \ + -s "The SSL configuration is tls12 only" \ + -s "bad client hello message" \ + -s "SSL - A message could not be parsed due to a syntactic error" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From e6dbf495b1512a5d26999ebc5af791f9032f8331 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 18 Feb 2025 17:28:27 +0000 Subject: [PATCH 061/126] ssl-opt: Updated documentation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f2a502278f..8f072881c1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14458,6 +14458,11 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth -s "dumping .client hello, compression. (2 bytes)" # Handshake defragmentation testing + +# To warrant that the handhake messages are large enough and need to be split +# into fragments, the tests require certificate authentication. The party in control +# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes) +# either from O_NEXT_SRV or test data. requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14512,12 +14517,6 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -c "waiting for more fragments (513 of [0-9]\\+" -# OpenSSL does not allow max_send_frag to be less than 512 -# so we use split_send_frag instead for tests lower than 512 below. - -# There is an issue with OpenSSL when fragmenting with values less -# than 512 bytes in TLS 1.2 so we require TLS 1.3 with these values. - requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14978,11 +14977,13 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ -s "handshake message too short: 3" \ -s "SSL - An invalid SSL record was received" +# Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing +# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ +run_test "Handshake defragmentation on server: len=3, TLS 1.3 -> 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ From 2622aea5378657b8c63c13784a7e1e26370a2423 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 19 Feb 2025 11:37:39 +0000 Subject: [PATCH 062/126] ChangeLog: Updated the entry for tls-hs-defragmentation Signed-off-by: Minos Galanakis --- ChangeLog.d/tls-hs-defrag-in.txt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt index 55103c9a42..4fd4a4e372 100644 --- a/ChangeLog.d/tls-hs-defrag-in.txt +++ b/ChangeLog.d/tls-hs-defrag-in.txt @@ -3,3 +3,10 @@ Bugfix by the spec. Lack of support was causing handshake failures with some servers, especially with TLS 1.3 in practice (though both protocol version could be affected in principle, and both are fixed now). + The initial fragment for each handshake message must be at least 4 bytes. + + Server-side, defragmentation of the ClientHello message is only + supported if the server accepts TLS 1.3 (regardless of whether the + ClientHello is 1.3 or 1.2). That is, servers configured (either + at compile time or at runtime) to only accept TLS 1.2 will + still fail the handshake if the ClientHello message is fragmented. From ee8e7c3fb3d6654a7ff88f6969c8ba1a5722d2cf Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 20 Feb 2025 20:27:51 +0000 Subject: [PATCH 063/126] ssl-opt: Added coverage for hs defragmentation TLS 1.2 tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 57 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 43 insertions(+), 14 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8f072881c1..8e5f5e8ad2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14630,7 +14630,7 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication -run_test "Handshake defragmentation on client: len=14, TLS 1.3" \ +run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14641,7 +14641,7 @@ run_test "Handshake defragmentation on client: len=14, TLS 1.3" \ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication -run_test "Handshake defragmentation on client: len=14, TLS 1.2" \ +run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14693,6 +14693,28 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" +requires_openssl_3_x +requires_protocol_version tls13 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -c "waiting for more fragments (4" + +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -c "waiting for more fragments (4" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14783,13 +14805,12 @@ requires_protocol_version tls12 requires_certificate_authentication run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -s "waiting for more fragments (256" - requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14801,8 +14822,11 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -s "waiting for more fragments (128" +# Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing +# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=128, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14824,7 +14848,8 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ -s "waiting for more fragments (64" requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=64, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14846,7 +14871,8 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ -s "waiting for more fragments (36" requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=36, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14868,7 +14894,8 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ -s "waiting for more fragments (32" requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=32, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14890,7 +14917,8 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ -s "waiting for more fragments (16" requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=16, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14912,7 +14940,8 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ -s "waiting for more fragments (13" requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=13, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14934,7 +14963,8 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ -s "waiting for more fragments (5" requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=5, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14944,6 +14974,7 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -s "waiting for more fragments (5" +requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ @@ -14977,8 +15008,6 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ -s "handshake message too short: 3" \ -s "SSL - An invalid SSL record was received" -# Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing -# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14995,7 +15024,7 @@ requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.2 -> 1.2" \ "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ From 4335125664eb936782a20ae6509aa3b92c83e2cd Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 20 Feb 2025 23:24:34 +0000 Subject: [PATCH 064/126] ssl-opt: Replaced max_send_frag with split_send_frag Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8e5f5e8ad2..7141890896 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14477,7 +14477,7 @@ requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -max_send_frag 512 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -14488,7 +14488,7 @@ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -max_send_frag 512 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -14499,7 +14499,7 @@ requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -max_send_frag 513 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -14510,7 +14510,7 @@ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -max_send_frag 513 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -14750,7 +14750,7 @@ requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ @@ -14761,7 +14761,7 @@ requires_protocol_version tls12 requires_certificate_authentication run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ @@ -14772,7 +14772,7 @@ requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ @@ -14783,7 +14783,7 @@ requires_protocol_version tls12 requires_certificate_authentication run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ From 065b89c7ad10fd1c23d4589d68568d035d5e8c57 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 24 Feb 2025 09:27:09 +0000 Subject: [PATCH 065/126] ssl-opt.sh: Disabled HS Defrag Tests for TLS1.2 where len < 16 Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7141890896..dea598a041 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14660,6 +14660,7 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -c "waiting for more fragments (13" +skip_next_test requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication @@ -14682,6 +14683,7 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" +skip_next_test requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication @@ -14704,6 +14706,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ -c "waiting for more fragments (4" +skip_next_test requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication From bb1bd8bf9e5e8164257006cd224a0ae0ac5eda2b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 24 Feb 2025 23:43:07 +0000 Subject: [PATCH 066/126] ssl-opt: Removed redundant dependencies: requires_openssl_3_x Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 132 +++++++++++++++-------------------------------- 1 file changed, 41 insertions(+), 91 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index dea598a041..d82ad60469 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14463,8 +14463,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # into fragments, the tests require certificate authentication. The party in control # of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes) # either from O_NEXT_SRV or test data. -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ "$O_NEXT_SRV" \ @@ -14473,8 +14472,7 @@ run_test "Handshake defragmentation on client (no fragmentation, for referenc -C "reassembled record" \ -C "waiting for more fragments" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \ @@ -14484,8 +14482,7 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -c "waiting for more fragments (512 of [0-9]\\+" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \ @@ -14495,8 +14492,7 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -c "waiting for more fragments (512 of [0-9]\\+" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \ @@ -14506,8 +14502,7 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -c "waiting for more fragments (513 of [0-9]\\+" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \ @@ -14517,8 +14512,7 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -c "waiting for more fragments (513 of [0-9]\\+" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \ @@ -14528,8 +14522,7 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -c "waiting for more fragments (256 of [0-9]\\+" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \ @@ -14539,8 +14532,7 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -c "waiting for more fragments (256 of [0-9]\\+" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \ @@ -14550,8 +14542,7 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -c "waiting for more fragments (128" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \ @@ -14561,8 +14552,7 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -c "waiting for more fragments (128" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \ @@ -14572,8 +14562,7 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -c "waiting for more fragments (64" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \ @@ -14583,8 +14572,7 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -c "waiting for more fragments (64" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \ @@ -14594,8 +14582,7 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -c "waiting for more fragments (36" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \ @@ -14605,8 +14592,7 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -c "waiting for more fragments (36" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \ @@ -14616,8 +14602,7 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -c "waiting for more fragments (32" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \ @@ -14627,8 +14612,7 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -c "waiting for more fragments (32" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \ @@ -14638,8 +14622,7 @@ run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -c "waiting for more fragments (16" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \ @@ -14649,8 +14632,7 @@ run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -c "waiting for more fragments (16" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \ @@ -14661,8 +14643,7 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ -c "waiting for more fragments (13" skip_next_test -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \ @@ -14672,8 +14653,7 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -c "waiting for more fragments (13" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \ @@ -14684,8 +14664,7 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ -c "waiting for more fragments (5" skip_next_test -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \ @@ -14695,8 +14674,7 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \ @@ -14707,8 +14685,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ -c "waiting for more fragments (4" skip_next_test -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \ @@ -14718,8 +14695,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ -c "waiting for more fragments (4" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ @@ -14729,8 +14705,7 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ -c "handshake message too short: 3" \ -c "SSL - An invalid SSL record was received" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \ @@ -14739,7 +14714,7 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ -c "handshake message too short: 3" \ -c "SSL - An invalid SSL record was received" -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14748,8 +14723,7 @@ run_test "Handshake defragmentation on server (no fragmentation, for referenc -C "reassembled record" \ -C "waiting for more fragments" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14759,8 +14733,7 @@ run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -s "waiting for more fragments (512" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14770,8 +14743,7 @@ run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -s "waiting for more fragments (512" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14781,8 +14753,7 @@ run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -s "waiting for more fragments (513" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14792,8 +14763,7 @@ run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -s "waiting for more fragments (513" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14803,8 +14773,7 @@ run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -s "waiting for more fragments (256" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14814,8 +14783,7 @@ run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -s "waiting for more fragments (256" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14827,7 +14795,6 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ # Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing # the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14839,8 +14806,7 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -s "waiting for more fragments (128" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14850,7 +14816,6 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -s "waiting for more fragments (64" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14862,8 +14827,7 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -s "waiting for more fragments (64" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14873,7 +14837,6 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -s "waiting for more fragments (36" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14885,8 +14848,7 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -s "waiting for more fragments (36" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14896,7 +14858,6 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -s "waiting for more fragments (32" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14908,8 +14869,7 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -s "waiting for more fragments (32" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14919,7 +14879,6 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -s "waiting for more fragments (16" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14931,8 +14890,7 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -s "waiting for more fragments (16" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14942,7 +14900,6 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -s "waiting for more fragments (13" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14954,8 +14911,7 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -s "waiting for more fragments (13" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14965,7 +14921,6 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -s "waiting for more fragments (5" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14977,8 +14932,7 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -s "waiting for more fragments (5" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14988,7 +14942,6 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ -s "waiting for more fragments (4" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -15000,8 +14953,7 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ -s "waiting for more fragments (4" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -15011,7 +14963,6 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ -s "handshake message too short: 3" \ -s "SSL - An invalid SSL record was received" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -15023,7 +14974,6 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3 -> 1.2" \ -s "handshake message too short: 3" \ -s "SSL - An invalid SSL record was received" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication From 618ad79395a5d03baa47efbce5cda3aa8b02d3b6 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 27 Feb 2025 11:40:33 +0000 Subject: [PATCH 067/126] ssl-opt: Updated documentation of HS-Defrag tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d82ad60469..fc58421027 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14798,7 +14798,7 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=128, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14819,7 +14819,7 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=64, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14840,7 +14840,7 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=36, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14861,7 +14861,7 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14882,7 +14882,7 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=16, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14903,7 +14903,7 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=13, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14924,7 +14924,7 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=5, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14945,7 +14945,7 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=4, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14966,7 +14966,7 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=3, TLS 1.3 -> 1.2" \ +run_test "Handshake defragmentation on server: len=3, TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ @@ -14977,7 +14977,7 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3 -> 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2 -> 1.2" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ From 21e4f21df9126cc89ab14874603debaf4cf2da63 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 27 Feb 2025 11:45:02 +0000 Subject: [PATCH 068/126] analyze_outcomes: Temporary disabled 3 HS Degragmentation tests. Signed-off-by: Minos Galanakis --- tests/scripts/analyze_outcomes.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 301bfc403d..720143292b 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -53,6 +53,11 @@ class CoverageTask(outcome_analysis.CoverageTask): # https://github.com/Mbed-TLS/mbedtls/issues/9581 'Opaque key for server authentication: invalid key: decrypt with ECC key, no async', 'Opaque key for server authentication: invalid key: ecdh with RSA key, no async', + # Temporary disable Handshake defragmentation tests until mbedtls + # pr #10011 has been merged. + 'Handshake defragmentation on client: len=4, TLS 1.2', + 'Handshake defragmentation on client: len=5, TLS 1.2', + 'Handshake defragmentation on client: len=13, TLS 1.2' ], 'test_suite_config.mbedtls_boolean': [ # We never test with CBC/PKCS5/PKCS12 enabled but From 19d857d74cb9448567b03559d3b60a3d96f57827 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 27 Feb 2025 14:43:17 +0000 Subject: [PATCH 069/126] ssl-opt: Minor typos and documentation fixes. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index fc58421027..39be6205cf 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14459,10 +14459,9 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing -# To warrant that the handhake messages are large enough and need to be split +# To guarantee that the handhake messages are large enough and need to be split # into fragments, the tests require certificate authentication. The party in control -# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes) -# either from O_NEXT_SRV or test data. +# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ @@ -14793,12 +14792,12 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -s "waiting for more fragments (128" -# Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing +# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing # the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14819,7 +14818,7 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14840,7 +14839,7 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14861,7 +14860,7 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14882,7 +14881,7 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14903,7 +14902,7 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14924,7 +14923,7 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14945,7 +14944,7 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14966,7 +14965,7 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=3, TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ @@ -14977,7 +14976,7 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3 Client-Hallo -> requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello" \ "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ From 48348261d4811cdb92733f1573256b20d008beed Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 27 Feb 2025 15:11:09 +0000 Subject: [PATCH 070/126] ssl-opt: Adjusted reference hs defragmentation tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 39be6205cf..6e4109c4f2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14462,7 +14462,6 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # To guarantee that the handhake messages are large enough and need to be split # into fragments, the tests require certificate authentication. The party in control # of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ "$O_NEXT_SRV" \ @@ -14713,14 +14712,13 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ -c "handshake message too short: 3" \ -c "SSL - An invalid SSL record was received" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -C "reassembled record" \ - -C "waiting for more fragments" + -S "reassembled record" \ + -S "waiting for more fragments" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication From 97a24ebdb185112cd686e2720cc0e5b3b7f395d7 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 27 Feb 2025 18:02:33 +0000 Subject: [PATCH 071/126] ssl-opt: Removed dependencies for HS defrag negative tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6e4109c4f2..479e79ce9f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14694,7 +14694,6 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ -c "waiting for more fragments (4" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ "$P_CLI debug_level=4 " \ @@ -14704,7 +14703,6 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ -c "SSL - An invalid SSL record was received" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \ "$P_CLI debug_level=4 " \ @@ -14972,7 +14970,6 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> -s "SSL - An invalid SSL record was received" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello" \ "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ From 57648163358fb8e0e34e22b00268a7b43bb928e5 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 27 Feb 2025 22:36:58 +0000 Subject: [PATCH 072/126] ssl-opt: Re-introduce certificate dependency for HS negative tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 479e79ce9f..2645122dd0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14694,6 +14694,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ -c "waiting for more fragments (4" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ "$P_CLI debug_level=4 " \ From bc55af83d3942b4401a54e27f24564a788bf4d1e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 22 Jan 2025 16:34:26 +0100 Subject: [PATCH 073/126] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 523a12d05b..b5dc86cfe7 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 523a12d05b91301b020e2aa560d9774135e3a801 +Subproject commit b5dc86cfe7f1f15626bc43e6720447a0a51860b9 From 72b391fe074b6c2b008dc41e7076cfb16fe63547 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Mon, 3 Mar 2025 12:35:28 +0000 Subject: [PATCH 074/126] Fix psa_key_derivation_input_integer() not detecting bad state Signed-off-by: Waleed Elmelegy --- .../fix-key-derive-bad-state-error.txt | 3 +++ library/psa_crypto.c | 13 +++++++++++++ tests/suites/test_suite_psa_crypto.data | 8 ++++---- tests/suites/test_suite_psa_crypto.function | 19 +++++++++++++++++++ 4 files changed, 39 insertions(+), 4 deletions(-) create mode 100644 ChangeLog.d/fix-key-derive-bad-state-error.txt diff --git a/ChangeLog.d/fix-key-derive-bad-state-error.txt b/ChangeLog.d/fix-key-derive-bad-state-error.txt new file mode 100644 index 0000000000..0bccf77682 --- /dev/null +++ b/ChangeLog.d/fix-key-derive-bad-state-error.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix issue where psa_key_derivation_input_integer() is not detecting + bad state after an operation has been aborted. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b576f95789..63c6ad46e7 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7488,6 +7488,12 @@ static psa_status_t psa_key_derivation_input_internal( psa_status_t status; psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation); + if (kdf_alg == 0) { + /* This is a blank or aborted operation. */ + status = PSA_ERROR_BAD_STATE; + goto exit; + } + status = psa_key_derivation_check_input_type(step, key_type); if (status != PSA_SUCCESS) { goto exit; @@ -7546,6 +7552,12 @@ static psa_status_t psa_key_derivation_input_integer_internal( psa_status_t status; psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation); + if (kdf_alg == 0) { + /* This is a blank or aborted operation. */ + status = PSA_ERROR_BAD_STATE; + goto exit; + } + #if defined(PSA_HAVE_SOFT_PBKDF2) if (PSA_ALG_IS_PBKDF2(kdf_alg)) { status = psa_pbkdf2_set_input_cost( @@ -7559,6 +7571,7 @@ static psa_status_t psa_key_derivation_input_integer_internal( status = PSA_ERROR_INVALID_ARGUMENT; } +exit: if (status != PSA_SUCCESS) { psa_key_derivation_abort(operation); } diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 8c53fdc0a6..6bafc589e6 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5567,11 +5567,11 @@ derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST: PSA key derivation: PBKDF2-HMAC-SHA256, salt and password before cost depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-HMAC-SHA256, password before cost depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-HMAC-SHA256, password bad key type depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 @@ -5643,11 +5643,11 @@ derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT PSA key derivation: PBKDF2-AES-CMAC-PRF-128, salt and password before cost depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, password before cost depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, password bad key type depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 94bf28be4d..951686730c 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -8893,6 +8893,25 @@ void derive_input(int alg_arg, } TEST_EQUAL(actual_output_status, expected_output_status); + /* Test calling input functions after operation has been aborted + result in PSA_ERROR_BAD_STATE error. + */ + psa_key_derivation_abort(&operation); + for (i = 0; i < ARRAY_LENGTH(steps); i++) { + if (key_types[i] == INPUT_INTEGER) { + TEST_EQUAL(psa_key_derivation_input_integer( + &operation, steps[i], + mbedtls_test_parse_binary_string(inputs[i])), + PSA_ERROR_BAD_STATE); + break; + } + } + + TEST_EQUAL(psa_key_derivation_input_bytes( + &operation, steps[0], + inputs[0]->x, inputs[0]->len), + PSA_ERROR_BAD_STATE); + exit: psa_key_derivation_abort(&operation); for (i = 0; i < ARRAY_LENGTH(keys); i++) { From b6ed6f72cdb9acccdef391a2bf004ab228831669 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Mon, 3 Mar 2025 12:42:55 +0000 Subject: [PATCH 075/126] Simplify testing psa_key_derivation_input_*() bad state Signed-off-by: Waleed Elmelegy --- tests/suites/test_suite_psa_crypto.data | 4 ++++ tests/suites/test_suite_psa_crypto.function | 23 +++------------------ 2 files changed, 7 insertions(+), 20 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 6bafc589e6..5761e0c25b 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5697,6 +5697,10 @@ PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject cost greater than PSA_VENDOR depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input_invalid_cost:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_VENDOR_PBKDF2_MAX_ITERATIONS+1ULL +PSA key derivation: reject calling input functions without calling setup +depends_on:PSA_WANT_ALG_SHA_256 +derive_input:0:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + PSA key derivation over capacity: HKDF depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_over_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 951686730c..531e82b3df 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -8839,7 +8839,9 @@ void derive_input(int alg_arg, psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&attributes, alg); - PSA_ASSERT(psa_key_derivation_setup(&operation, alg)); + if (alg != 0) { + PSA_ASSERT(psa_key_derivation_setup(&operation, alg)); + } for (i = 0; i < ARRAY_LENGTH(steps); i++) { mbedtls_test_set_step(i); @@ -8893,25 +8895,6 @@ void derive_input(int alg_arg, } TEST_EQUAL(actual_output_status, expected_output_status); - /* Test calling input functions after operation has been aborted - result in PSA_ERROR_BAD_STATE error. - */ - psa_key_derivation_abort(&operation); - for (i = 0; i < ARRAY_LENGTH(steps); i++) { - if (key_types[i] == INPUT_INTEGER) { - TEST_EQUAL(psa_key_derivation_input_integer( - &operation, steps[i], - mbedtls_test_parse_binary_string(inputs[i])), - PSA_ERROR_BAD_STATE); - break; - } - } - - TEST_EQUAL(psa_key_derivation_input_bytes( - &operation, steps[0], - inputs[0]->x, inputs[0]->len), - PSA_ERROR_BAD_STATE); - exit: psa_key_derivation_abort(&operation); for (i = 0; i < ARRAY_LENGTH(keys); i++) { From 07e573911578e12fabf3d63e832a7ee82516b29b Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Mon, 3 Mar 2025 12:48:16 +0000 Subject: [PATCH 076/126] Replace zero by PSA_ALG_NONE in key derivation testing Signed-off-by: Waleed Elmelegy --- tests/suites/test_suite_psa_crypto.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 5761e0c25b..038d912dc0 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5699,7 +5699,7 @@ derive_input_invalid_cost:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_VENDOR_PBKDF2_MAX_ PSA key derivation: reject calling input functions without calling setup depends_on:PSA_WANT_ALG_SHA_256 -derive_input:0:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_NONE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation over capacity: HKDF depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 From cba05ece2bbd429c7756050aa4b6d381b772747c Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Mon, 3 Mar 2025 12:48:40 +0000 Subject: [PATCH 077/126] Replace zero by PSA_ALG_NONE in key derivation test function Signed-off-by: Waleed Elmelegy --- tests/suites/test_suite_psa_crypto.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 531e82b3df..da6c1c454c 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -8839,7 +8839,7 @@ void derive_input(int alg_arg, psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&attributes, alg); - if (alg != 0) { + if (alg != PSA_ALG_NONE) { PSA_ASSERT(psa_key_derivation_setup(&operation, alg)); } From 82cd324fd4ae9349ceac9e9ae1dd49eb87d8e6cb Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Mon, 3 Mar 2025 15:04:17 +0000 Subject: [PATCH 078/126] Fix code style for key derivation input function Signed-off-by: Waleed Elmelegy --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 63c6ad46e7..57533cc492 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7489,7 +7489,7 @@ static psa_status_t psa_key_derivation_input_internal( psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation); if (kdf_alg == 0) { - /* This is a blank or aborted operation. */ + /* This is a blank or aborted operation. */ status = PSA_ERROR_BAD_STATE; goto exit; } From 28f953c5ecaf11aa65612dd3e22c30fb3d9ddb18 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 1 Mar 2025 14:28:20 +0100 Subject: [PATCH 079/126] New generated file: tests/opt-testcases/handshake-generated.sh Signed-off-by: Gilles Peskine --- framework | 2 +- scripts/make_generated_files.bat | 1 + tests/.gitignore | 1 + tests/CMakeLists.txt | 18 ++++++++++++++++++ tests/Makefile | 7 +++++++ tests/scripts/check-generated-files.sh | 1 + 6 files changed, 29 insertions(+), 1 deletion(-) diff --git a/framework b/framework index 523a12d05b..11e4f5ac1c 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 523a12d05b91301b020e2aa560d9774135e3a801 +Subproject commit 11e4f5ac1c71fe7d803fa5193236560b2e176cea diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat index 0c15c38e58..75c2de0ffb 100644 --- a/scripts/make_generated_files.bat +++ b/scripts/make_generated_files.bat @@ -28,4 +28,5 @@ python framework\scripts\generate_ecp_tests.py || exit /b 1 python framework\scripts\generate_psa_tests.py || exit /b 1 python framework\scripts\generate_test_keys.py --output framework\tests\include\test\test_keys.h || exit /b 1 python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1 +python framework\scripts\generate_tls_handshake_tests.py || exit /b 1 python framework\scripts\generate_tls13_compat_tests.py || exit /b 1 diff --git a/tests/.gitignore b/tests/.gitignore index 0c58875faf..10eb87383e 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -18,6 +18,7 @@ ###START_GENERATED_FILES### # Generated source files +/opt-testcases/handshake-generated.sh /opt-testcases/tls13-compat.sh /suites/*.generated.data /suites/test_suite_config.mbedtls_boolean.data diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 98973c9231..aa8ae230a2 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -124,6 +124,24 @@ if(GEN_FILES) # change too often in ways that don't affect the result # ((un)commenting some options). ) + + add_custom_command( + OUTPUT + ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh + WORKING_DIRECTORY + ${CMAKE_CURRENT_SOURCE_DIR}/.. + COMMAND + "${MBEDTLS_PYTHON_EXECUTABLE}" + "${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py" + DEPENDS + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/tls_test_case.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py + ) + add_custom_target(handshake-generated.sh + DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh) + set_target_properties(handshake-generated.sh PROPERTIES EXCLUDE_FROM_ALL NO) + add_dependencies(${ssl_opt_target} handshake-generated.sh) + add_custom_command( OUTPUT ${ecp_generated_data_files} diff --git a/tests/Makefile b/tests/Makefile index dd1af159ee..1fa5dd179e 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -58,6 +58,13 @@ GENERATED_FILES += ../framework/tests/include/test/test_keys.h src/test_certs.h # Generated files needed to (fully) run ssl-opt.sh .PHONY: ssl-opt +opt-testcases/handshake-generated.sh: ../framework/scripts/mbedtls_framework/tls_test_case.py +opt-testcases/handshake-generated.sh: ../framework/scripts/generate_tls_handshake_tests.py + echo " Gen $@" + $(PYTHON) ../framework/scripts/generate_tls_handshake_tests.py -o $@ +GENERATED_FILES += opt-testcases/handshake-generated.sh +ssl-opt: opt-testcases/handshake-generated.sh + opt-testcases/tls13-compat.sh: ../framework/scripts/generate_tls13_compat_tests.py echo " Gen $@" $(PYTHON) ../framework/scripts/generate_tls13_compat_tests.py -o $@ diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index b61c5ac172..088f16f059 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -135,6 +135,7 @@ if in_mbedtls_repo; then check scripts/generate_query_config.pl programs/test/query_config.c check scripts/generate_features.pl library/version_features.c check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c + check framework/scripts/generate_tls_handshake_tests.py tests/opt-testcases/handshake-generated.sh check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h # generate_visualc_files enumerates source files (library/*.c). It doesn't From 8ef2e74704eeac596f042ecaff6645db729a261c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 1 Mar 2025 14:26:51 +0100 Subject: [PATCH 080/126] Move most TLS handshake defragmentation tests to a separate file Prepare for those test cases to be automatically generated by a script. Signed-off-by: Gilles Peskine --- tests/opt-testcases/handshake-manual.sh | 510 +++++++++++++++++++++++ tests/ssl-opt.sh | 511 +----------------------- 2 files changed, 511 insertions(+), 510 deletions(-) create mode 100644 tests/opt-testcases/handshake-manual.sh diff --git a/tests/opt-testcases/handshake-manual.sh b/tests/opt-testcases/handshake-manual.sh new file mode 100644 index 0000000000..86795a2e1b --- /dev/null +++ b/tests/opt-testcases/handshake-manual.sh @@ -0,0 +1,510 @@ +# To guarantee that the handhake messages are large enough and need to be split +# into fragments, the tests require certificate authentication. The party in control +# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). +requires_certificate_authentication +run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ + "$O_NEXT_SRV" \ + "$P_CLI debug_level=4 " \ + 0 \ + -C "reassembled record" \ + -C "waiting for more fragments" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -c "waiting for more fragments (512 of [0-9]\\+" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -c "waiting for more fragments (512 of [0-9]\\+" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -c "waiting for more fragments (513 of [0-9]\\+" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -c "waiting for more fragments (513 of [0-9]\\+" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -c "waiting for more fragments (256 of [0-9]\\+" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -c "waiting for more fragments (256 of [0-9]\\+" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -c "waiting for more fragments (128" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -c "waiting for more fragments (128" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -c "waiting for more fragments (64" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -c "waiting for more fragments (64" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -c "waiting for more fragments (36" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -c "waiting for more fragments (36" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -c "waiting for more fragments (32" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -c "waiting for more fragments (32" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -c "waiting for more fragments (16" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -c "waiting for more fragments (16" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -c "waiting for more fragments (13" + +skip_next_test +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -c "waiting for more fragments (13" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -c "waiting for more fragments (5" + +skip_next_test +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -c "waiting for more fragments (5" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -c "waiting for more fragments (4" + +skip_next_test +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -c "waiting for more fragments (4" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ + "$P_CLI debug_level=4 " \ + 1 \ + -c "=> ssl_tls13_process_server_hello" \ + -c "handshake message too short: 3" \ + -c "SSL - An invalid SSL record was received" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \ + "$P_CLI debug_level=4 " \ + 1 \ + -c "handshake message too short: 3" \ + -c "SSL - An invalid SSL record was received" + +requires_certificate_authentication +run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -S "reassembled record" \ + -S "waiting for more fragments" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -s "waiting for more fragments (512" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -s "waiting for more fragments (512" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -s "waiting for more fragments (513" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -s "waiting for more fragments (513" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -s "waiting for more fragments (256" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -s "waiting for more fragments (256" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -s "waiting for more fragments (128" + +# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing +# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -s "waiting for more fragments (128" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -s "waiting for more fragments (64" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -s "waiting for more fragments (64" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -s "waiting for more fragments (36" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -s "waiting for more fragments (36" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -s "waiting for more fragments (32" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -s "waiting for more fragments (32" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -s "waiting for more fragments (16" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -s "waiting for more fragments (16" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -s "waiting for more fragments (13" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -s "waiting for more fragments (13" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -s "waiting for more fragments (5" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -s "waiting for more fragments (5" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -s "waiting for more fragments (4" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -s "waiting for more fragments (4" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 1 \ + -s "<= parse client hello" \ + -s "handshake message too short: 3" \ + -s "SSL - An invalid SSL record was received" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 1 \ + -s "<= parse client hello" \ + -s "handshake message too short: 3" \ + -s "SSL - An invalid SSL record was received" diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2645122dd0..fdbe0a900d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14459,516 +14459,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing -# To guarantee that the handhake messages are large enough and need to be split -# into fragments, the tests require certificate authentication. The party in control -# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). -requires_certificate_authentication -run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ - "$O_NEXT_SRV" \ - "$P_CLI debug_level=4 " \ - 0 \ - -C "reassembled record" \ - -C "waiting for more fragments" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -c "waiting for more fragments (512 of [0-9]\\+" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -c "waiting for more fragments (512 of [0-9]\\+" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -c "waiting for more fragments (513 of [0-9]\\+" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -c "waiting for more fragments (513 of [0-9]\\+" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -c "waiting for more fragments (256 of [0-9]\\+" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -c "waiting for more fragments (256 of [0-9]\\+" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -c "waiting for more fragments (128" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -c "waiting for more fragments (128" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -c "waiting for more fragments (64" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -c "waiting for more fragments (64" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -c "waiting for more fragments (36" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -c "waiting for more fragments (36" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -c "waiting for more fragments (32" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -c "waiting for more fragments (32" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -c "waiting for more fragments (16" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -c "waiting for more fragments (16" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -c "waiting for more fragments (13" - -skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -c "waiting for more fragments (13" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -c "waiting for more fragments (5" - -skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -c "waiting for more fragments (5" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -c "waiting for more fragments (4" - -skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -c "waiting for more fragments (4" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ - "$P_CLI debug_level=4 " \ - 1 \ - -c "=> ssl_tls13_process_server_hello" \ - -c "handshake message too short: 3" \ - -c "SSL - An invalid SSL record was received" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \ - "$P_CLI debug_level=4 " \ - 1 \ - -c "handshake message too short: 3" \ - -c "SSL - An invalid SSL record was received" - -requires_certificate_authentication -run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -S "reassembled record" \ - -S "waiting for more fragments" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -s "waiting for more fragments (512" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -s "waiting for more fragments (512" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -s "waiting for more fragments (513" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -s "waiting for more fragments (513" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -s "waiting for more fragments (256" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -s "waiting for more fragments (256" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -s "waiting for more fragments (128" - -# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing -# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -s "waiting for more fragments (128" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -s "waiting for more fragments (64" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -s "waiting for more fragments (64" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -s "waiting for more fragments (36" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -s "waiting for more fragments (36" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -s "waiting for more fragments (32" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -s "waiting for more fragments (32" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -s "waiting for more fragments (16" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -s "waiting for more fragments (16" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -s "waiting for more fragments (13" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -s "waiting for more fragments (13" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -s "waiting for more fragments (5" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -s "waiting for more fragments (5" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -s "waiting for more fragments (4" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -s "waiting for more fragments (4" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 1 \ - -s "<= parse client hello" \ - -s "handshake message too short: 3" \ - -s "SSL - An invalid SSL record was received" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 1 \ - -s "<= parse client hello" \ - -s "handshake message too short: 3" \ - -s "SSL - An invalid SSL record was received" +# Most test cases are in opt-testcases/handshake-generated.sh requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication From 8321ab574c13b9ab38443ff6f85b0888ec0157ee Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 1 Mar 2025 13:53:18 +0100 Subject: [PATCH 081/126] Normalize whitespace in defragmentation test cases Signed-off-by: Gilles Peskine --- tests/opt-testcases/handshake-manual.sh | 98 ++++++++++++------------- 1 file changed, 49 insertions(+), 49 deletions(-) diff --git a/tests/opt-testcases/handshake-manual.sh b/tests/opt-testcases/handshake-manual.sh index 86795a2e1b..0ad37caa63 100644 --- a/tests/opt-testcases/handshake-manual.sh +++ b/tests/opt-testcases/handshake-manual.sh @@ -4,7 +4,7 @@ requires_certificate_authentication run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ "$O_NEXT_SRV" \ - "$P_CLI debug_level=4 " \ + "$P_CLI debug_level=4" \ 0 \ -C "reassembled record" \ -C "waiting for more fragments" @@ -12,8 +12,8 @@ run_test "Handshake defragmentation on client (no fragmentation, for referenc requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 512" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ @@ -22,8 +22,8 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 512" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ @@ -32,8 +32,8 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 513" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ @@ -42,8 +42,8 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 513" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ @@ -52,8 +52,8 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 256" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ @@ -62,8 +62,8 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 256" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ @@ -72,8 +72,8 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 128" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ @@ -82,8 +82,8 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 128" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ @@ -92,8 +92,8 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 64" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ @@ -102,8 +102,8 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 64" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ @@ -112,8 +112,8 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 36" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ @@ -122,8 +122,8 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 36" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ @@ -132,8 +132,8 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 32" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ @@ -142,8 +142,8 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 32" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ @@ -152,8 +152,8 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 16" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ @@ -162,8 +162,8 @@ run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 16" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ @@ -172,8 +172,8 @@ run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 13" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ @@ -183,8 +183,8 @@ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 13" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ @@ -193,8 +193,8 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 5" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ @@ -204,8 +204,8 @@ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 5" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ @@ -214,8 +214,8 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 4" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ @@ -225,8 +225,8 @@ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 4" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ @@ -235,8 +235,8 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 3" \ + "$P_CLI debug_level=4" \ 1 \ -c "=> ssl_tls13_process_server_hello" \ -c "handshake message too short: 3" \ @@ -244,8 +244,8 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 3" \ + "$P_CLI debug_level=4" \ 1 \ -c "handshake message too short: 3" \ -c "SSL - An invalid SSL record was received" From 49e1ed277ed8090773ac848fd1f80700910e756a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 1 Mar 2025 14:12:02 +0100 Subject: [PATCH 082/126] Normalize messages in defragmentation test cases Make some test case descriptions and log patterns follow more systematic patterns. Signed-off-by: Gilles Peskine --- tests/opt-testcases/handshake-manual.sh | 94 ++++++++++++------------- 1 file changed, 47 insertions(+), 47 deletions(-) diff --git a/tests/opt-testcases/handshake-manual.sh b/tests/opt-testcases/handshake-manual.sh index 0ad37caa63..9f24fb5e5f 100644 --- a/tests/opt-testcases/handshake-manual.sh +++ b/tests/opt-testcases/handshake-manual.sh @@ -2,7 +2,7 @@ # into fragments, the tests require certificate authentication. The party in control # of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). requires_certificate_authentication -run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ +run_test "Handshake defragmentation on client: no fragmentation, for reference" \ "$O_NEXT_SRV" \ "$P_CLI debug_level=4" \ 0 \ @@ -17,7 +17,7 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -c "waiting for more fragments (512 of [0-9]\\+" + -c "waiting for more fragments (512 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -27,7 +27,7 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -c "waiting for more fragments (512 of [0-9]\\+" + -c "waiting for more fragments (512 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -37,7 +37,7 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -c "waiting for more fragments (513 of [0-9]\\+" + -c "waiting for more fragments (513 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -47,7 +47,7 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -c "waiting for more fragments (513 of [0-9]\\+" + -c "waiting for more fragments (513 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -57,7 +57,7 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -c "waiting for more fragments (256 of [0-9]\\+" + -c "waiting for more fragments (256 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -67,7 +67,7 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -c "waiting for more fragments (256 of [0-9]\\+" + -c "waiting for more fragments (256 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -77,7 +77,7 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -c "waiting for more fragments (128" + -c "waiting for more fragments (128 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -87,7 +87,7 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -c "waiting for more fragments (128" + -c "waiting for more fragments (128 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -97,7 +97,7 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -c "waiting for more fragments (64" + -c "waiting for more fragments (64 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -107,7 +107,7 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -c "waiting for more fragments (64" + -c "waiting for more fragments (64 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -117,7 +117,7 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -c "waiting for more fragments (36" + -c "waiting for more fragments (36 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -127,7 +127,7 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -c "waiting for more fragments (36" + -c "waiting for more fragments (36 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -137,7 +137,7 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -c "waiting for more fragments (32" + -c "waiting for more fragments (32 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -147,7 +147,7 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -c "waiting for more fragments (32" + -c "waiting for more fragments (32 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -157,7 +157,7 @@ run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -c "waiting for more fragments (16" + -c "waiting for more fragments (16 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -167,7 +167,7 @@ run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -c "waiting for more fragments (16" + -c "waiting for more fragments (16 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -177,7 +177,7 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -c "waiting for more fragments (13" + -c "waiting for more fragments (13 of" skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -188,7 +188,7 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -c "waiting for more fragments (13" + -c "waiting for more fragments (13 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -198,7 +198,7 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -c "waiting for more fragments (5" + -c "waiting for more fragments (5 of" skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -209,7 +209,7 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -c "waiting for more fragments (5" + -c "waiting for more fragments (5 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -219,7 +219,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -c "waiting for more fragments (4" + -c "waiting for more fragments (4 of" skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -230,7 +230,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -c "waiting for more fragments (4" + -c "waiting for more fragments (4 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -251,7 +251,7 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ -c "SSL - An invalid SSL record was received" requires_certificate_authentication -run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ +run_test "Handshake defragmentation on server: no fragmentation, for reference" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -266,7 +266,7 @@ run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -s "waiting for more fragments (512" + -s "waiting for more fragments (512 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -276,7 +276,7 @@ run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -s "waiting for more fragments (512" + -s "waiting for more fragments (512 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -286,7 +286,7 @@ run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -s "waiting for more fragments (513" + -s "waiting for more fragments (513 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -296,7 +296,7 @@ run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -s "waiting for more fragments (513" + -s "waiting for more fragments (513 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -306,7 +306,7 @@ run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -s "waiting for more fragments (256" + -s "waiting for more fragments (256 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -316,7 +316,7 @@ run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -s "waiting for more fragments (256" + -s "waiting for more fragments (256 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -326,7 +326,7 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -s "waiting for more fragments (128" + -s "waiting for more fragments (128 of" # Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing # the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. @@ -339,7 +339,7 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 Clie 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -s "waiting for more fragments (128" + -s "waiting for more fragments (128 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -349,7 +349,7 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -s "waiting for more fragments (64" + -s "waiting for more fragments (64 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -360,7 +360,7 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 Clien 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -s "waiting for more fragments (64" + -s "waiting for more fragments (64 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -370,7 +370,7 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -s "waiting for more fragments (36" + -s "waiting for more fragments (36 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -381,7 +381,7 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 Clien 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -s "waiting for more fragments (36" + -s "waiting for more fragments (36 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -391,7 +391,7 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -s "waiting for more fragments (32" + -s "waiting for more fragments (32 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -402,7 +402,7 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 Clien 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -s "waiting for more fragments (32" + -s "waiting for more fragments (32 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -412,7 +412,7 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -s "waiting for more fragments (16" + -s "waiting for more fragments (16 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -423,7 +423,7 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 Clien 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -s "waiting for more fragments (16" + -s "waiting for more fragments (16 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -433,7 +433,7 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -s "waiting for more fragments (13" + -s "waiting for more fragments (13 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -444,7 +444,7 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 Clien 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -s "waiting for more fragments (13" + -s "waiting for more fragments (13 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -454,7 +454,7 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -s "waiting for more fragments (5" + -s "waiting for more fragments (5 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -465,7 +465,7 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 Client 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -s "waiting for more fragments (5" + -s "waiting for more fragments (5 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -475,7 +475,7 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -s "waiting for more fragments (4" + -s "waiting for more fragments (4 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -486,7 +486,7 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 Client 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -s "waiting for more fragments (4" + -s "waiting for more fragments (4 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -501,7 +501,7 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \ +run_test "Handshake defragmentation on server: len=3, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ From 6183a645fc312bcfe555ff8d55571d8a4fd4c72d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 1 Mar 2025 16:38:50 +0100 Subject: [PATCH 083/126] Normalize requirements in defragmentation test cases Be more uniform in where certificate authentication and ECDSA are explicitly required. A few test cases now run in PSK-only configurations where they always could. Add a missing requirement on ECDSA to test cases that are currently skipped. Signed-off-by: Gilles Peskine --- tests/opt-testcases/handshake-manual.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/tests/opt-testcases/handshake-manual.sh b/tests/opt-testcases/handshake-manual.sh index 9f24fb5e5f..bc78231586 100644 --- a/tests/opt-testcases/handshake-manual.sh +++ b/tests/opt-testcases/handshake-manual.sh @@ -1,7 +1,6 @@ # To guarantee that the handhake messages are large enough and need to be split # into fragments, the tests require certificate authentication. The party in control # of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). -requires_certificate_authentication run_test "Handshake defragmentation on client: no fragmentation, for reference" \ "$O_NEXT_SRV" \ "$P_CLI debug_level=4" \ @@ -182,6 +181,7 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 13" \ "$P_CLI debug_level=4" \ @@ -203,6 +203,7 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 5" \ "$P_CLI debug_level=4" \ @@ -224,6 +225,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 4" \ "$P_CLI debug_level=4" \ @@ -233,7 +235,6 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ -c "waiting for more fragments (4 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 3" \ "$P_CLI debug_level=4" \ @@ -250,7 +251,6 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ -c "handshake message too short: 3" \ -c "SSL - An invalid SSL record was received" -requires_certificate_authentication run_test "Handshake defragmentation on server: no fragmentation, for reference" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -489,7 +489,6 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 Client -s "waiting for more fragments (4 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -500,7 +499,6 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication run_test "Handshake defragmentation on server: len=3, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ From 2e7f2a2e48124155b5422dfe90c914444b5ca782 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 1 Mar 2025 16:48:33 +0100 Subject: [PATCH 084/126] Switch to generated handshake tests Replace `tests/opt-testcases/handshake-manual.sh` by `tests/opt-testcases/handshake-generated.sh`. They are identical except for comments, and for some extra dependencies on `MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED` which are needed in `development, but not in `mbedtls-3.6. Those dependencies don't hurt the useful coverage of the tests, so we'll live with them. Signed-off-by: Gilles Peskine --- framework | 2 +- tests/opt-testcases/handshake-manual.sh | 508 ------------------------ 2 files changed, 1 insertion(+), 509 deletions(-) delete mode 100644 tests/opt-testcases/handshake-manual.sh diff --git a/framework b/framework index 11e4f5ac1c..f88eb21ff1 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 11e4f5ac1c71fe7d803fa5193236560b2e176cea +Subproject commit f88eb21ff11afe2c9ed553dcdba27166198f90d9 diff --git a/tests/opt-testcases/handshake-manual.sh b/tests/opt-testcases/handshake-manual.sh deleted file mode 100644 index bc78231586..0000000000 --- a/tests/opt-testcases/handshake-manual.sh +++ /dev/null @@ -1,508 +0,0 @@ -# To guarantee that the handhake messages are large enough and need to be split -# into fragments, the tests require certificate authentication. The party in control -# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). -run_test "Handshake defragmentation on client: no fragmentation, for reference" \ - "$O_NEXT_SRV" \ - "$P_CLI debug_level=4" \ - 0 \ - -C "reassembled record" \ - -C "waiting for more fragments" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 512" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -c "waiting for more fragments (512 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 512" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -c "waiting for more fragments (512 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 513" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -c "waiting for more fragments (513 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 513" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -c "waiting for more fragments (513 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 256" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -c "waiting for more fragments (256 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 256" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -c "waiting for more fragments (256 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 128" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -c "waiting for more fragments (128 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 128" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -c "waiting for more fragments (128 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 64" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -c "waiting for more fragments (64 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 64" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -c "waiting for more fragments (64 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 36" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -c "waiting for more fragments (36 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 36" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -c "waiting for more fragments (36 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 32" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -c "waiting for more fragments (32 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 32" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -c "waiting for more fragments (32 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 16" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -c "waiting for more fragments (16 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 16" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -c "waiting for more fragments (16 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 13" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -c "waiting for more fragments (13 of" - -skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 13" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -c "waiting for more fragments (13 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 5" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -c "waiting for more fragments (5 of" - -skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 5" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -c "waiting for more fragments (5 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 4" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -c "waiting for more fragments (4 of" - -skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 4" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -c "waiting for more fragments (4 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 3" \ - "$P_CLI debug_level=4" \ - 1 \ - -c "=> ssl_tls13_process_server_hello" \ - -c "handshake message too short: 3" \ - -c "SSL - An invalid SSL record was received" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 3" \ - "$P_CLI debug_level=4" \ - 1 \ - -c "handshake message too short: 3" \ - -c "SSL - An invalid SSL record was received" - -run_test "Handshake defragmentation on server: no fragmentation, for reference" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -S "reassembled record" \ - -S "waiting for more fragments" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -s "waiting for more fragments (512 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -s "waiting for more fragments (512 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -s "waiting for more fragments (513 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -s "waiting for more fragments (513 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -s "waiting for more fragments (256 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -s "waiting for more fragments (256 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -s "waiting for more fragments (128 of" - -# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing -# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -s "waiting for more fragments (128 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -s "waiting for more fragments (64 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -s "waiting for more fragments (64 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -s "waiting for more fragments (36 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -s "waiting for more fragments (36 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -s "waiting for more fragments (32 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -s "waiting for more fragments (32 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -s "waiting for more fragments (16 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -s "waiting for more fragments (16 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -s "waiting for more fragments (13 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -s "waiting for more fragments (13 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -s "waiting for more fragments (5 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -s "waiting for more fragments (5 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -s "waiting for more fragments (4 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -s "waiting for more fragments (4 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 1 \ - -s "<= parse client hello" \ - -s "handshake message too short: 3" \ - -s "SSL - An invalid SSL record was received" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Handshake defragmentation on server: len=3, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 1 \ - -s "<= parse client hello" \ - -s "handshake message too short: 3" \ - -s "SSL - An invalid SSL record was received" From 9d54be57b01205d7a66df925eaaf1fb61824b4e1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 3 Mar 2025 14:10:08 +0100 Subject: [PATCH 085/126] Generate handshake defragmentation test cases: update analyze_outcomes Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 720143292b..7704170fe2 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -34,6 +34,13 @@ class CoverageTask(outcome_analysis.CoverageTask): re.DOTALL) IGNORED_TESTS = { + 'handshake-generated': [ + # Temporary disable Handshake defragmentation tests until mbedtls + # pr #10011 has been merged. + 'Handshake defragmentation on client: len=4, TLS 1.2', + 'Handshake defragmentation on client: len=5, TLS 1.2', + 'Handshake defragmentation on client: len=13, TLS 1.2' + ], 'ssl-opt': [ # We don't run ssl-opt.sh with Valgrind on the CI because # it's extremely slow. We don't intend to change this. @@ -53,11 +60,6 @@ class CoverageTask(outcome_analysis.CoverageTask): # https://github.com/Mbed-TLS/mbedtls/issues/9581 'Opaque key for server authentication: invalid key: decrypt with ECC key, no async', 'Opaque key for server authentication: invalid key: ecdh with RSA key, no async', - # Temporary disable Handshake defragmentation tests until mbedtls - # pr #10011 has been merged. - 'Handshake defragmentation on client: len=4, TLS 1.2', - 'Handshake defragmentation on client: len=5, TLS 1.2', - 'Handshake defragmentation on client: len=13, TLS 1.2' ], 'test_suite_config.mbedtls_boolean': [ # We never test with CBC/PKCS5/PKCS12 enabled but From 2e7def5748299c60896e2db15708b93175692b35 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Mar 2025 10:08:29 +0100 Subject: [PATCH 086/126] Update framework Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index f88eb21ff1..4a009d4b3c 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit f88eb21ff11afe2c9ed553dcdba27166198f90d9 +Subproject commit 4a009d4b3cf6c55a558d90c92c1aa2d1ea2bb99b From b6102b6ccf0fe50577d563d0e87134b0ce4d6b15 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Feb 2025 23:11:09 +0100 Subject: [PATCH 087/126] Fix Doxygen markup Pacify `clang -Wdocumentation`. Signed-off-by: Gilles Peskine --- programs/ssl/ssl_test_lib.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 9614333571..d7fe80f834 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -243,8 +243,8 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2, * - free the provided PK context and re-initilize it as an opaque PK context * wrapping the PSA key imported in the above step. * - * \param[in/out] pk On input the non-opaque PK context which contains the - * key to be wrapped. On output the re-initialized PK + * \param[in,out] pk On input, the non-opaque PK context which contains the + * key to be wrapped. On output, the re-initialized PK * context which represents the opaque version of the one * provided as input. * \param[in] psa_alg The primary algorithm that will be associated to the From 3d490a91adadfad9a9d68889f5d9a4a972a2c7a6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 Feb 2025 21:29:59 +0100 Subject: [PATCH 088/126] Tweak "waiting for more handshake fragments" log message In preparation for reworking mbedtls_ssl_prepare_handshake_record(), tweak the "waiting for more handshake fragments" log message in ssl_consume_current_message(), and add a similar one in mbedtls_ssl_prepare_handshake_record(). Assert both. Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 7b11e4d06a..c2da065fad 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3320,6 +3320,9 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) ssl->in_hdr = ssl->in_msg + ssl->in_msglen; ssl->in_msglen = 0; mbedtls_ssl_update_in_pointers(ssl); + MBEDTLS_SSL_DEBUG_MSG(3, ("Prepare: waiting for more handshake fragments " + "%u/%" MBEDTLS_PRINTF_SIZET, + ssl->badmac_seen_or_in_hsfraglen, ssl->in_hslen)); return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; } if (ssl->badmac_seen_or_in_hsfraglen > 0) { @@ -4704,11 +4707,9 @@ static int ssl_consume_current_message(mbedtls_ssl_context *ssl) if (ssl->badmac_seen_or_in_hsfraglen != 0) { /* Not all handshake fragments have arrived, do not consume. */ - MBEDTLS_SSL_DEBUG_MSG(3, - ("waiting for more fragments (%u of %" - MBEDTLS_PRINTF_SIZET ", %" MBEDTLS_PRINTF_SIZET " left)", - ssl->badmac_seen_or_in_hsfraglen, ssl->in_hslen, - ssl->in_hslen - ssl->badmac_seen_or_in_hsfraglen)); + MBEDTLS_SSL_DEBUG_MSG(3, ("Consume: waiting for more handshake fragments " + "%u/%" MBEDTLS_PRINTF_SIZET, + ssl->badmac_seen_or_in_hsfraglen, ssl->in_hslen)); return 0; } From 1e81d349b8e5ca24d8b9fad24a2da573f02ac058 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 3 Mar 2025 16:46:10 +0100 Subject: [PATCH 089/126] Tweak handshake fragment log message In preparation for reworking mbedtls_ssl_prepare_handshake_record(), tweak the "handshake fragment:" log message. This changes what information is displayed when a record contains data beyond the expected end of the handshake message. This case is currently untested and its handling will change in a subsequent commit. Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index c2da065fad..1c642fe960 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3301,13 +3301,13 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) int ret; const size_t hs_remain = ssl->in_hslen - ssl->badmac_seen_or_in_hsfraglen; MBEDTLS_SSL_DEBUG_MSG(3, - ("handshake fragment: %u .. %" - MBEDTLS_PRINTF_SIZET " of %" - MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET, + ("handshake fragment: %" MBEDTLS_PRINTF_SIZET + ", %u..%u of %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen, ssl->badmac_seen_or_in_hsfraglen, - (size_t) ssl->badmac_seen_or_in_hsfraglen + - (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen), - ssl->in_hslen, ssl->in_msglen)); + ssl->badmac_seen_or_in_hsfraglen + + (unsigned) ssl->in_msglen, + ssl->in_hslen)); if (ssl->in_msglen < hs_remain) { /* ssl->in_msglen is a 25-bit value since it is the sum of the * header length plus the payload length, the header length is 4 From af0c461f3969a8c51c29cd48b83197250a120c60 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 Feb 2025 21:59:12 +0100 Subject: [PATCH 090/126] mbedtls_ssl_prepare_handshake_record(): refactor first fragment prep Minor refactoring of the initial checks and preparation when receiving the first fragment. Use `ssl->in_hsfraglen` to determine whether there is a pending handshake fragment, for consistency, and possibly for more robustness in case handshake fragments are mixed with non-handshake records (although this is not currently supported anyway). Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 1c642fe960..e68474d458 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3221,16 +3221,19 @@ static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl) int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) { - /* First handshake fragment must at least include the header. */ - if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl) && ssl->in_hslen == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen)); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } + if (ssl->badmac_seen_or_in_hsfraglen == 0) { + /* The handshake message must at least include the header. + * We may not have the full message yet in case of fragmentation. + * To simplify the code, we insist on having the header (and in + * particular the handshake message length) in the first + * fragment. */ + if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen)); + return MBEDTLS_ERR_SSL_INVALID_RECORD; + } - if (ssl->in_hslen == 0) { ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl); - ssl->badmac_seen_or_in_hsfraglen = 0; } MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen =" From 22c51b9a0bfbd85a81bb21cc58f51afd80157244 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 Feb 2025 22:02:52 +0100 Subject: [PATCH 091/126] mbedtls_ssl_prepare_handshake_record(): log offsets after decryption Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index e68474d458..9f9cda9d29 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3241,6 +3241,14 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) MBEDTLS_PRINTF_SIZET, ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen)); + if (ssl->transform_in != NULL) { + MBEDTLS_SSL_DEBUG_MSG(4, ("decrypted handshake message:" + " iv-buf=%d hdr-buf=%d hdr-buf=%d", + (int) (ssl->in_iv - ssl->in_buf), + (int) (ssl->in_hdr - ssl->in_buf), + (int) (ssl->in_msg - ssl->in_buf))); + } + #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; From cc856a2c0ede76986155f01d0d69a041d39c128c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 Feb 2025 22:24:56 +0100 Subject: [PATCH 092/126] Handshake defragmentation: reassemble incrementally Reassemble handshake fragments incrementally instead of all at the end. That is, every time we receive a non-initial handshake fragment, append it to the initial fragment. Since we only have to deal with at most two handshake fragments at the same time, this simplifies the code (no re-parsing of a record) and is a little more memory-efficient (no need to store one record header per record). This commit also fixes a bug. The previous code did not calculate offsets correctly when records use an explicit IV, which is the case in TLS 1.2 with CBC (encrypt-then-MAC or not), GCM and CCM encryption (i.e. all but null and ChachaPoly). This led to the wrong data when an encrypted handshake message was fragmented (Finished or renegotiation). The new code handles this correctly. Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 162 +++++++++++++++++++----------- tests/scripts/analyze_outcomes.py | 7 -- 2 files changed, 105 insertions(+), 64 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 9f9cda9d29..f80eed7fa4 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3308,70 +3308,118 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) } } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - if (ssl->badmac_seen_or_in_hsfraglen <= ssl->in_hslen) { - int ret; - const size_t hs_remain = ssl->in_hslen - ssl->badmac_seen_or_in_hsfraglen; - MBEDTLS_SSL_DEBUG_MSG(3, - ("handshake fragment: %" MBEDTLS_PRINTF_SIZET - ", %u..%u of %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen, - ssl->badmac_seen_or_in_hsfraglen, - ssl->badmac_seen_or_in_hsfraglen + - (unsigned) ssl->in_msglen, - ssl->in_hslen)); - if (ssl->in_msglen < hs_remain) { - /* ssl->in_msglen is a 25-bit value since it is the sum of the - * header length plus the payload length, the header length is 4 - * and the payload length was received on the wire encoded as - * 3 octets. We don't support 16-bit platforms; more specifically, - * we assume that both unsigned and size_t are at least 32 bits. - * Therefore there is no possible integer overflow here. - */ - ssl->badmac_seen_or_in_hsfraglen += (unsigned) ssl->in_msglen; - ssl->in_hdr = ssl->in_msg + ssl->in_msglen; - ssl->in_msglen = 0; - mbedtls_ssl_update_in_pointers(ssl); + { + unsigned char *const reassembled_record_start = + ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; + unsigned char *const payload_start = + reassembled_record_start + mbedtls_ssl_in_hdr_len(ssl); + unsigned char *payload_end = payload_start + ssl->badmac_seen_or_in_hsfraglen; + + if (ssl->badmac_seen_or_in_hsfraglen != 0) { + /* We already had a handshake fragment. Prepare to append + * to the initial segment. */ + MBEDTLS_SSL_DEBUG_MSG(3, + ("subsequent handshake fragment: %" MBEDTLS_PRINTF_SIZET + ", %u..%u of %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen, + ssl->badmac_seen_or_in_hsfraglen, + ssl->badmac_seen_or_in_hsfraglen + + (unsigned) ssl->in_msglen, + ssl->in_hslen)); + + const size_t hs_remain = ssl->in_hslen - ssl->badmac_seen_or_in_hsfraglen; + if (ssl->in_msglen > hs_remain) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Handshake fragment too long: %" + MBEDTLS_PRINTF_SIZET " but only %" + MBEDTLS_PRINTF_SIZET " of %" + MBEDTLS_PRINTF_SIZET " remain", + ssl->in_msglen, + hs_remain, + ssl->in_hslen)); + return MBEDTLS_ERR_SSL_INVALID_RECORD; + } + } else if (ssl->in_msglen == ssl->in_hslen) { + /* This is the sole fragment. */ + /* Emit a log message in the same format as when there are + * multiple fragments, for ease of matching. */ + MBEDTLS_SSL_DEBUG_MSG(3, + ("sole handshake fragment: %" MBEDTLS_PRINTF_SIZET + ", %u..%u of %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen, + ssl->badmac_seen_or_in_hsfraglen, + ssl->badmac_seen_or_in_hsfraglen + + (unsigned) ssl->in_msglen, + ssl->in_hslen)); + } else { + /* This is the first fragment of many. */ + MBEDTLS_SSL_DEBUG_MSG(3, + ("initial handshake fragment: %" MBEDTLS_PRINTF_SIZET + ", %u..%u of %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen, + ssl->badmac_seen_or_in_hsfraglen, + ssl->badmac_seen_or_in_hsfraglen + + (unsigned) ssl->in_msglen, + ssl->in_hslen)); + } + + /* Move the received handshake fragment to have the whole message + * (at least the part received so far) in a single segment at a + * known offset in the input buffer. + * - When receiving a non-initial handshake fragment, append it to + * the initial segment. + * - Even the initial handshake fragment is moved, if it was + * encrypted with an explicit IV: decryption leaves the payload + * after the explicit IV, but here we move it to start where the + * IV was. + */ +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + size_t const in_buf_len = ssl->in_buf_len; +#else + size_t const in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; +#endif + if (payload_end + ssl->badmac_seen_or_in_hsfraglen > ssl->in_buf + in_buf_len) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("Shouldn't happen: no room to move handshake fragment %" + MBEDTLS_PRINTF_SIZET " from %p to %p (buf=%p len=%" + MBEDTLS_PRINTF_SIZET ")", + ssl->in_msglen, + ssl->in_msg, payload_end, + ssl->in_buf, in_buf_len)); + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + } + memmove(payload_end, ssl->in_msg, ssl->in_msglen); + + ssl->badmac_seen_or_in_hsfraglen += ssl->in_msglen; + payload_end += ssl->in_msglen; + + if (ssl->badmac_seen_or_in_hsfraglen < ssl->in_hslen) { MBEDTLS_SSL_DEBUG_MSG(3, ("Prepare: waiting for more handshake fragments " "%u/%" MBEDTLS_PRINTF_SIZET, ssl->badmac_seen_or_in_hsfraglen, ssl->in_hslen)); - return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; - } - if (ssl->badmac_seen_or_in_hsfraglen > 0) { - /* - * At in_first_hdr we have a sequence of records that cover the next handshake - * record, each with its own record header that we need to remove. - * Note that the reassembled record size may not equal the size of the message, - * there may be more messages after it, complete or partial. - */ - unsigned char *in_first_hdr = ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; - unsigned char *p = in_first_hdr, *q = NULL; - size_t merged_rec_len = 0; - do { - mbedtls_record rec; - ret = ssl_parse_record_header(ssl, p, mbedtls_ssl_in_hdr_len(ssl), &rec); - if (ret != 0) { - return ret; - } - merged_rec_len += rec.data_len; - p = rec.buf + rec.buf_len; - if (q != NULL) { - memmove(q, rec.buf + rec.data_offset, rec.data_len); - q += rec.data_len; - } else { - q = p; - } - } while (merged_rec_len < ssl->in_hslen); - ssl->in_hdr = in_first_hdr; + ssl->in_hdr = payload_end; + ssl->in_msglen = 0; mbedtls_ssl_update_in_pointers(ssl); - ssl->in_msglen = merged_rec_len; - /* Adjust message length. */ - MBEDTLS_PUT_UINT16_BE(merged_rec_len, ssl->in_len, 0); + return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; + } else { + ssl->in_msglen = ssl->badmac_seen_or_in_hsfraglen; ssl->badmac_seen_or_in_hsfraglen = 0; + ssl->in_hdr = reassembled_record_start; + mbedtls_ssl_update_in_pointers(ssl); + + /* Update the record length in the fully reassembled record */ + if (ssl->in_msglen > 0xffff) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("Shouldn't happen: in_msglen=%" + MBEDTLS_PRINTF_SIZET " > 0xffff", + ssl->in_msglen)); + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + } + MBEDTLS_PUT_UINT16_BE(ssl->in_msglen, ssl->in_len, 0); + MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record", - ssl->in_hdr, mbedtls_ssl_in_hdr_len(ssl) + merged_rec_len); + ssl->in_hdr, + mbedtls_ssl_in_hdr_len(ssl) + ssl->in_msglen); } - } else { - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } return 0; diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 7704170fe2..301bfc403d 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -34,13 +34,6 @@ class CoverageTask(outcome_analysis.CoverageTask): re.DOTALL) IGNORED_TESTS = { - 'handshake-generated': [ - # Temporary disable Handshake defragmentation tests until mbedtls - # pr #10011 has been merged. - 'Handshake defragmentation on client: len=4, TLS 1.2', - 'Handshake defragmentation on client: len=5, TLS 1.2', - 'Handshake defragmentation on client: len=13, TLS 1.2' - ], 'ssl-opt': [ # We don't run ssl-opt.sh with Valgrind on the CI because # it's extremely slow. We don't intend to change this. From 302f37b05d4950494d8409b5dd0e275d1e76058c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Feb 2025 23:57:20 +0100 Subject: [PATCH 093/126] Fix dodgy printf calls Pacify `clang -Wformat-pedantic`. Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index f80eed7fa4..823b0ccf15 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3383,8 +3383,8 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) MBEDTLS_PRINTF_SIZET " from %p to %p (buf=%p len=%" MBEDTLS_PRINTF_SIZET ")", ssl->in_msglen, - ssl->in_msg, payload_end, - ssl->in_buf, in_buf_len)); + (void *) ssl->in_msg, (void *) payload_end, + (void *) ssl->in_buf, in_buf_len)); return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } memmove(payload_end, ssl->in_msg, ssl->in_msglen); From 58c3301f65e078c3080ec6fe9aaf025a560ab6d7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 4 Mar 2025 10:30:24 +0100 Subject: [PATCH 094/126] Make conversion explicit to silence MSVC warning Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 823b0ccf15..436870b518 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3389,7 +3389,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) } memmove(payload_end, ssl->in_msg, ssl->in_msglen); - ssl->badmac_seen_or_in_hsfraglen += ssl->in_msglen; + ssl->badmac_seen_or_in_hsfraglen += (unsigned) ssl->in_msglen; payload_end += ssl->in_msglen; if (ssl->badmac_seen_or_in_hsfraglen < ssl->in_hslen) { From 7719169ef4d73d18a8e3d4247881dec108c6a324 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 3 Mar 2025 17:53:53 +0100 Subject: [PATCH 095/126] Update framework Changed log messages and added more tests in `tests/opt-testcases/handshake-generated.sh`. Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 4a009d4b3c..8d85112a44 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 4a009d4b3cf6c55a558d90c92c1aa2d1ea2bb99b +Subproject commit 8d85112a44d052a5d89cb0a135e162384da42584 From 3175fc3be239c9029b32ec9ef87eff7763284890 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Mar 2025 15:15:20 +0100 Subject: [PATCH 096/126] Fix end check before memmove Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 436870b518..1dca728a07 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3377,7 +3377,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) #else size_t const in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; #endif - if (payload_end + ssl->badmac_seen_or_in_hsfraglen > ssl->in_buf + in_buf_len) { + if (payload_end + ssl->in_msglen > ssl->in_buf + in_buf_len) { MBEDTLS_SSL_DEBUG_MSG(1, ("Shouldn't happen: no room to move handshake fragment %" MBEDTLS_PRINTF_SIZET " from %p to %p (buf=%p len=%" From b888cca5b658c2ed95ddd2dbf4fc7c0134ee0e90 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Mar 2025 19:03:00 +0100 Subject: [PATCH 097/126] Fix handshake defragmentation when the record has multiple messages A handshake record may contain multiple handshake messages, or multiple fragments (there can be the final fragment of a pending message, then zero or more whole messages, and an initial fragment of an incomplete message). This was previously untested, but supported, so don't break it. Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 43 ++++++++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 1dca728a07..6cd0f41377 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3314,6 +3314,15 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) unsigned char *const payload_start = reassembled_record_start + mbedtls_ssl_in_hdr_len(ssl); unsigned char *payload_end = payload_start + ssl->badmac_seen_or_in_hsfraglen; + /* How many more bytes we want to have a complete handshake message. */ + const size_t hs_remain = ssl->in_hslen - ssl->badmac_seen_or_in_hsfraglen; + /* How many bytes of the current record are part of the first + * handshake message. There may be more handshake messages (possibly + * incomplete) in the same record; if so, we leave them after the + * current record, and ssl_consume_current_message() will take + * care of consuming the next handshake message. */ + const size_t hs_this_fragment_len = + ssl->in_msglen > hs_remain ? hs_remain : ssl->in_msglen; if (ssl->badmac_seen_or_in_hsfraglen != 0) { /* We already had a handshake fragment. Prepare to append @@ -3324,21 +3333,9 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) ssl->in_msglen, ssl->badmac_seen_or_in_hsfraglen, ssl->badmac_seen_or_in_hsfraglen + - (unsigned) ssl->in_msglen, + (unsigned) hs_this_fragment_len, ssl->in_hslen)); - - const size_t hs_remain = ssl->in_hslen - ssl->badmac_seen_or_in_hsfraglen; - if (ssl->in_msglen > hs_remain) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Handshake fragment too long: %" - MBEDTLS_PRINTF_SIZET " but only %" - MBEDTLS_PRINTF_SIZET " of %" - MBEDTLS_PRINTF_SIZET " remain", - ssl->in_msglen, - hs_remain, - ssl->in_hslen)); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - } else if (ssl->in_msglen == ssl->in_hslen) { + } else if (hs_this_fragment_len == ssl->in_hslen) { /* This is the sole fragment. */ /* Emit a log message in the same format as when there are * multiple fragments, for ease of matching. */ @@ -3348,7 +3345,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) ssl->in_msglen, ssl->badmac_seen_or_in_hsfraglen, ssl->badmac_seen_or_in_hsfraglen + - (unsigned) ssl->in_msglen, + (unsigned) hs_this_fragment_len, ssl->in_hslen)); } else { /* This is the first fragment of many. */ @@ -3358,7 +3355,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) ssl->in_msglen, ssl->badmac_seen_or_in_hsfraglen, ssl->badmac_seen_or_in_hsfraglen + - (unsigned) ssl->in_msglen, + (unsigned) hs_this_fragment_len, ssl->in_hslen)); } @@ -3409,16 +3406,24 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) /* Update the record length in the fully reassembled record */ if (ssl->in_msglen > 0xffff) { MBEDTLS_SSL_DEBUG_MSG(1, - ("Shouldn't happen: in_msglen=%" + ("Shouldn't happen: in_hslen=%" MBEDTLS_PRINTF_SIZET " > 0xffff", ssl->in_msglen)); return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } MBEDTLS_PUT_UINT16_BE(ssl->in_msglen, ssl->in_len, 0); + size_t record_len = mbedtls_ssl_in_hdr_len(ssl) + ssl->in_msglen; MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record", - ssl->in_hdr, - mbedtls_ssl_in_hdr_len(ssl) + ssl->in_msglen); + ssl->in_hdr, record_len); + if (ssl->in_hslen < ssl->in_msglen) { + MBEDTLS_SSL_DEBUG_MSG(3, + ("More handshake messages in the record: " + "%" MBEDTLS_PRINTF_SIZET " + " + "%" MBEDTLS_PRINTF_SIZET, + ssl->in_hslen, + ssl->in_msglen - ssl->in_hslen)); + } } } From 0a467ccd2435bbf1e67a977e92a7992183a7a3d3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Mar 2025 19:22:52 +0100 Subject: [PATCH 098/126] Unify handshake fragment log messages There is no longer any different processing at this point, just near-identical log messages. Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 47 +++++++++++++---------------------------------- 1 file changed, 13 insertions(+), 34 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 6cd0f41377..b63533d19d 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3324,40 +3324,19 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) const size_t hs_this_fragment_len = ssl->in_msglen > hs_remain ? hs_remain : ssl->in_msglen; - if (ssl->badmac_seen_or_in_hsfraglen != 0) { - /* We already had a handshake fragment. Prepare to append - * to the initial segment. */ - MBEDTLS_SSL_DEBUG_MSG(3, - ("subsequent handshake fragment: %" MBEDTLS_PRINTF_SIZET - ", %u..%u of %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen, - ssl->badmac_seen_or_in_hsfraglen, - ssl->badmac_seen_or_in_hsfraglen + - (unsigned) hs_this_fragment_len, - ssl->in_hslen)); - } else if (hs_this_fragment_len == ssl->in_hslen) { - /* This is the sole fragment. */ - /* Emit a log message in the same format as when there are - * multiple fragments, for ease of matching. */ - MBEDTLS_SSL_DEBUG_MSG(3, - ("sole handshake fragment: %" MBEDTLS_PRINTF_SIZET - ", %u..%u of %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen, - ssl->badmac_seen_or_in_hsfraglen, - ssl->badmac_seen_or_in_hsfraglen + - (unsigned) hs_this_fragment_len, - ssl->in_hslen)); - } else { - /* This is the first fragment of many. */ - MBEDTLS_SSL_DEBUG_MSG(3, - ("initial handshake fragment: %" MBEDTLS_PRINTF_SIZET - ", %u..%u of %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen, - ssl->badmac_seen_or_in_hsfraglen, - ssl->badmac_seen_or_in_hsfraglen + - (unsigned) hs_this_fragment_len, - ssl->in_hslen)); - } + MBEDTLS_SSL_DEBUG_MSG(3, + ("%s handshake fragment: %" MBEDTLS_PRINTF_SIZET + ", %u..%u of %" MBEDTLS_PRINTF_SIZET, + (ssl->badmac_seen_or_in_hsfraglen != 0 ? + "subsequent" : + hs_this_fragment_len == ssl->in_hslen ? + "sole" : + "initial"), + ssl->in_msglen, + ssl->badmac_seen_or_in_hsfraglen, + ssl->badmac_seen_or_in_hsfraglen + + (unsigned) hs_this_fragment_len, + ssl->in_hslen)); /* Move the received handshake fragment to have the whole message * (at least the part received so far) in a single segment at a From dee926359ca8d351c97e0a9086aea244fda4f64c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Mar 2025 21:32:08 +0100 Subject: [PATCH 099/126] Pacify uncrustify Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index b63533d19d..fd3cb2f1d5 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3398,8 +3398,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) if (ssl->in_hslen < ssl->in_msglen) { MBEDTLS_SSL_DEBUG_MSG(3, ("More handshake messages in the record: " - "%" MBEDTLS_PRINTF_SIZET " + " - "%" MBEDTLS_PRINTF_SIZET, + "%" MBEDTLS_PRINTF_SIZET " + %" MBEDTLS_PRINTF_SIZET, ssl->in_hslen, ssl->in_msglen - ssl->in_hslen)); } From 229e200cb4cbbfdc449f711301201c5cf067f161 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Mar 2025 21:30:23 +0100 Subject: [PATCH 100/126] Note unused variables when debugging is disabled Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index fd3cb2f1d5..ef842b06b3 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3323,6 +3323,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) * care of consuming the next handshake message. */ const size_t hs_this_fragment_len = ssl->in_msglen > hs_remain ? hs_remain : ssl->in_msglen; + (void) hs_this_fragment_len; MBEDTLS_SSL_DEBUG_MSG(3, ("%s handshake fragment: %" MBEDTLS_PRINTF_SIZET @@ -3393,6 +3394,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) MBEDTLS_PUT_UINT16_BE(ssl->in_msglen, ssl->in_len, 0); size_t record_len = mbedtls_ssl_in_hdr_len(ssl) + ssl->in_msglen; + (void) record_len; MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record", ssl->in_hdr, record_len); if (ssl->in_hslen < ssl->in_msglen) { From c22e31508677fed2cd41af7bb899a1ef8953f233 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 10:43:39 +0100 Subject: [PATCH 101/126] Fix a log message Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index ef842b06b3..0a8f4a3c60 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3386,7 +3386,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) /* Update the record length in the fully reassembled record */ if (ssl->in_msglen > 0xffff) { MBEDTLS_SSL_DEBUG_MSG(1, - ("Shouldn't happen: in_hslen=%" + ("Shouldn't happen: in_msglen=%" MBEDTLS_PRINTF_SIZET " > 0xffff", ssl->in_msglen)); return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; From d5102c9d7cee0ad86c99b9bd774d818de4783d3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 28 Feb 2025 16:22:33 +0100 Subject: [PATCH 102/126] Run test_suite_debug without MBEDTLS_SSL_TLS_C MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Move the suite's global dependency on MBEDTLS_SSL_TLS_C to the individual test cases. Add an preprocesor guard around string_debug to prevent warning about unused functions. Signed-off-by: Bence Szépkúti --- tests/suites/test_suite_debug.function | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 878ceed574..371f3976f4 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -9,6 +9,7 @@ struct buffer_data { char *ptr; }; +#if defined(MBEDTLS_SSL_TLS_C) static void string_debug(void *data, int level, const char *file, int line, const char *str) { struct buffer_data *buffer = (struct buffer_data *) data; @@ -44,14 +45,15 @@ static void string_debug(void *data, int level, const char *file, int line, cons buffer->ptr = p; } +#endif /* MBEDTLS_SSL_TLS_C */ /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_DEBUG_C:MBEDTLS_SSL_TLS_C + * depends_on:MBEDTLS_DEBUG_C * END_DEPENDENCIES */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C */ void debug_print_msg_threshold(int threshold, int level, char *file, int line, char *result_str) { @@ -90,7 +92,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C */ void mbedtls_debug_print_ret(char *file, int line, char *text, int value, char *result_str) { @@ -126,7 +128,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C */ void mbedtls_debug_print_buf(char *file, int line, char *text, data_t *data, char *result_str) { @@ -162,7 +164,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void mbedtls_debug_print_crt(char *crt_file, char *file, int line, char *prefix, char *result_str) { @@ -202,7 +204,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_BIGNUM_C */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C:MBEDTLS_BIGNUM_C */ void mbedtls_debug_print_mpi(char *value, char *file, int line, char *prefix, char *result_str) { From 85d92ec1ce4374342b75b30d2181a885ff873d2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 28 Feb 2025 22:32:15 +0100 Subject: [PATCH 103/126] Test handling of format macros defined in debug.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- tests/suites/test_suite_debug.data | 7 +++++++ tests/suites/test_suite_debug.function | 28 ++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index 8b17eb8720..4b38728afb 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -1,3 +1,10 @@ +# printf_int_expr expects a smuggled string expression as its first parameter +printf "%" MBEDTLS_PRINTF_SIZET, 0 +printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_SIZET:sizeof(size_t):0:"0" + +printf "%" MBEDTLS_PRINTF_LONGLONG, 0 +printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_LONGLONG:sizeof(long long):0:"0" + Debug print msg (threshold 1, level 0) debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n" diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 371f3976f4..e17ffbb921 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -53,6 +53,34 @@ static void string_debug(void *data, int level, const char *file, int line, cons * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void printf_int_expr(intmax_t smuggle_format_expr, /* TODO: teach test framework about string expressions */ + intmax_t sizeof_x, intmax_t x, char *result) +{ + const char *format = (char *) ((uintptr_t) smuggle_format_expr); + char *output = NULL; + const size_t n = strlen(result); + + /* Nominal case: buffer just large enough */ + TEST_CALLOC(output, n + 1); + if ((size_t) sizeof_x <= sizeof(int)) { // Any smaller integers would be promoted to an int due to calling a vararg function + TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (int) x)); + } else if (sizeof_x == sizeof(long)) { + TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (long) x)); + } else if (sizeof_x == sizeof(long long)) { + TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (long long) x)); + } else { + TEST_FAIL( + "sizeof_x <= sizeof(int) || sizeof_x == sizeof(long) || sizeof_x == sizeof(long long)"); + } + TEST_MEMORY_COMPARE(result, n + 1, output, n + 1); + +exit: + mbedtls_free(output); + output = NULL; +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C */ void debug_print_msg_threshold(int threshold, int level, char *file, int line, char *result_str) From 9cde9d4b2cae9b35f7459117b699eb3794b64b1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Sun, 2 Mar 2025 00:58:11 +0100 Subject: [PATCH 104/126] Add testcase for MBEDTLS_PRINTF_MS_TIME MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- tests/suites/test_suite_debug.data | 3 +++ tests/suites/test_suite_debug.function | 9 +++++++++ 2 files changed, 12 insertions(+) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index 4b38728afb..b994e54c44 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -5,6 +5,9 @@ printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_SIZET:sizeof(size_t):0:"0" printf "%" MBEDTLS_PRINTF_LONGLONG, 0 printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_LONGLONG:sizeof(long long):0:"0" +printf "%" MBEDTLS_PRINTF_MS_TIME, 0 +printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_MS_TIME:MBEDTLS_MS_TIME_SIZE:0:"0" + Debug print msg (threshold 1, level 0) debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n" diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index e17ffbb921..de5458ca00 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -4,6 +4,15 @@ #include "mbedtls/pk.h" #include +// Use a macro instead of sizeof(mbedtls_ms_time_t) because the expression store +// doesn't exclude entries based on depends_on headers, which would cause failures +// in builds without MBEDTLS_HAVE_TIME +#if defined(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO) +# define MBEDTLS_MS_TIME_SIZE sizeof(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO) +#else +# define MBEDTLS_MS_TIME_SIZE sizeof(int64_t) +#endif + struct buffer_data { char buf[2000]; char *ptr; From 1e62c95148748a6a0b17ee0ecb2ff3794d6e573f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Sun, 2 Mar 2025 01:17:02 +0100 Subject: [PATCH 105/126] Disable fatal assertions in Windows printf tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Windows CRT treats any invalid format specifiers passed to the CRT as fatal assertion failures. Disable thie behaviour temporarily while testing if the format specifiers we use are supported. Signed-off-by: Bence Szépkúti --- tests/suites/test_suite_debug.function | 40 ++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index de5458ca00..f6d7611a63 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -4,6 +4,11 @@ #include "mbedtls/pk.h" #include +#if defined(_WIN32) +# include +# include +#endif + // Use a macro instead of sizeof(mbedtls_ms_time_t) because the expression store // doesn't exclude entries based on depends_on headers, which would cause failures // in builds without MBEDTLS_HAVE_TIME @@ -55,6 +60,23 @@ static void string_debug(void *data, int level, const char *file, int line, cons buffer->ptr = p; } #endif /* MBEDTLS_SSL_TLS_C */ + +#if defined(_WIN32) +static void noop_invalid_parameter_handler( + const wchar_t *expression, + const wchar_t *function, + const wchar_t *file, + unsigned int line, + uintptr_t pReserved) +{ + (void) expression; + (void) function; + (void) file; + (void) line; + (void) pReserved; +} +#endif /* _WIN32 */ + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -66,6 +88,17 @@ static void string_debug(void *data, int level, const char *file, int line, cons void printf_int_expr(intmax_t smuggle_format_expr, /* TODO: teach test framework about string expressions */ intmax_t sizeof_x, intmax_t x, char *result) { +#if defined(_WIN32) + /* Windows treats any invalid format specifiers passsed to the CRT as fatal assertion failures. + Disable this behaviour temporarily, so the rest of the test cases can complete. */ + _invalid_parameter_handler saved_handler = + _set_invalid_parameter_handler(noop_invalid_parameter_handler); + + // Disable assertion pop-up window in Debug builds + int saved_report_mode = _CrtSetReportMode(_CRT_ASSERT, _CRTDBG_REPORT_MODE); + _CrtSetReportMode(_CRT_ASSERT, _CRTDBG_MODE_DEBUG); +#endif + const char *format = (char *) ((uintptr_t) smuggle_format_expr); char *output = NULL; const size_t n = strlen(result); @@ -87,6 +120,13 @@ void printf_int_expr(intmax_t smuggle_format_expr, /* TODO: teach test framework exit: mbedtls_free(output); output = NULL; + +#if defined(_WIN32) + // Restore default Windows behaviour + _set_invalid_parameter_handler(saved_handler); + _CrtSetReportMode(_CRT_ASSERT, saved_report_mode); + (void) saved_report_mode; +#endif } /* END_CASE */ From f65983d6706c3cff2c2ebedf56a9e1c331e8feab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 28 Feb 2025 22:39:09 +0100 Subject: [PATCH 106/126] Fix MSVC version guard for C99 format size specifiers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Visual Studio 2013 (_MSC_VER == 1800) doesn't support %zu - only use it on 2015 and above (_MSC_VER >= 1900). %ldd works on Visual Studio 2013, but this patch keeps the two macro definitions together, for simplicity's sake. Signed-off-by: Bence Szépkúti --- ChangeLog.d/fix-msvc-version-guard-format-zu.txt | 5 +++++ include/mbedtls/debug.h | 6 +++--- 2 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 ChangeLog.d/fix-msvc-version-guard-format-zu.txt diff --git a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt new file mode 100644 index 0000000000..637388ecaa --- /dev/null +++ b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that + occurred whenever SSL debugging was enabled on a copy of Mbed TLS built + with Visual Studio 2013. + Fixes #10017. diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 424ed4b3fd..a940ef7821 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -108,16 +108,16 @@ * * This module provides debugging functions. */ -#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) +#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1900) #include #define MBEDTLS_PRINTF_SIZET PRIuPTR #define MBEDTLS_PRINTF_LONGLONG "I64d" #else \ - /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */ + /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1900) */ #define MBEDTLS_PRINTF_SIZET "zu" #define MBEDTLS_PRINTF_LONGLONG "lld" #endif \ - /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */ + /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1900) */ #if !defined(MBEDTLS_PRINTF_MS_TIME) #include From 8154c5823e957a14f845a2cfb5d9363314d93bca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Sat, 1 Mar 2025 23:53:47 +0100 Subject: [PATCH 107/126] Remove Everest VS2010 compatibility headers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These headers were necessary for compatibility with Visual Studio 2010, and interfere with the system headers on Visual Studio 2013+, eg. when building Mbed TLS using the .sln file shipped with the project. Move the still-required definition of "inline" to callconv.h, where the definition for GCC also lives. Signed-off-by: Bence Szépkúti --- .../include/everest/kremlin/c_endianness.h | 2 ++ .../everest/kremlin/internal/callconv.h | 4 ++- .../everest/include/everest/vs2013/inttypes.h | 36 ------------------- .../everest/include/everest/vs2013/stdbool.h | 31 ---------------- .../fix-msvc-version-guard-format-zu.txt | 3 ++ 5 files changed, 8 insertions(+), 68 deletions(-) delete mode 100644 3rdparty/everest/include/everest/vs2013/inttypes.h delete mode 100644 3rdparty/everest/include/everest/vs2013/stdbool.h diff --git a/3rdparty/everest/include/everest/kremlin/c_endianness.h b/3rdparty/everest/include/everest/kremlin/c_endianness.h index 5cfde5d9ea..1b0d0eb05b 100644 --- a/3rdparty/everest/include/everest/kremlin/c_endianness.h +++ b/3rdparty/everest/include/everest/kremlin/c_endianness.h @@ -7,6 +7,8 @@ #include #include +#include "kremlin/internal/callconv.h" + /******************************************************************************/ /* Implementing C.fst (part 2: endian-ness macros) */ /******************************************************************************/ diff --git a/3rdparty/everest/include/everest/kremlin/internal/callconv.h b/3rdparty/everest/include/everest/kremlin/internal/callconv.h index bf631ff46f..8ff8ca5ae9 100644 --- a/3rdparty/everest/include/everest/kremlin/internal/callconv.h +++ b/3rdparty/everest/include/everest/kremlin/internal/callconv.h @@ -27,8 +27,10 @@ /* Since KreMLin emits the inline keyword unconditionally, we follow the * guidelines at https://gcc.gnu.org/onlinedocs/gcc/Inline.html and make this * __inline__ to ensure the code compiles with -std=c90 and earlier. */ -#ifdef __GNUC__ +#if defined(__GNUC__) # define inline __inline__ +#elif defined(_MSC_VER) +# define inline __inline #endif /* GCC-specific attribute syntax; everyone else gets the standard C inline diff --git a/3rdparty/everest/include/everest/vs2013/inttypes.h b/3rdparty/everest/include/everest/vs2013/inttypes.h deleted file mode 100644 index 77003be0b0..0000000000 --- a/3rdparty/everest/include/everest/vs2013/inttypes.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Custom inttypes.h for VS2010 KreMLin requires these definitions, - * but VS2010 doesn't provide them. - * - * Copyright 2016-2018 INRIA and Microsoft Corporation - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of Mbed TLS (https://tls.mbed.org) - */ - -#ifndef _INTTYPES_H_VS2010 -#define _INTTYPES_H_VS2010 - -#include - -#ifdef _MSC_VER -#define inline __inline -#endif - -/* VS2010 unsigned long == 8 bytes */ - -#define PRIu64 "I64u" - -#endif diff --git a/3rdparty/everest/include/everest/vs2013/stdbool.h b/3rdparty/everest/include/everest/vs2013/stdbool.h deleted file mode 100644 index dcae6d80ad..0000000000 --- a/3rdparty/everest/include/everest/vs2013/stdbool.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Custom stdbool.h for VS2010 KreMLin requires these definitions, - * but VS2010 doesn't provide them. - * - * Copyright 2016-2018 INRIA and Microsoft Corporation - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of Mbed TLS (https://tls.mbed.org) - */ - -#ifndef _STDBOOL_H_VS2010 -#define _STDBOOL_H_VS2010 - -typedef int bool; - -static bool true = 1; -static bool false = 0; - -#endif diff --git a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt index 637388ecaa..7e68ddb602 100644 --- a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt +++ b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt @@ -3,3 +3,6 @@ Bugfix occurred whenever SSL debugging was enabled on a copy of Mbed TLS built with Visual Studio 2013. Fixes #10017. + * Remove Everest Visual Studio 2010 compatibility headers, which could + interfere with standard CRT headers in certain situations, eg. when + building Mbed TLS with the .sln file shipped with the project. From c6934ff670fde243ce60793815baa96eefbf5945 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 7 Mar 2025 17:22:40 +0100 Subject: [PATCH 108/126] Never use %zu on MinGW MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- include/mbedtls/debug.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index a940ef7821..8e1bd83a1a 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -108,7 +108,7 @@ * * This module provides debugging functions. */ -#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1900) +#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) #include #define MBEDTLS_PRINTF_SIZET PRIuPTR #define MBEDTLS_PRINTF_LONGLONG "I64d" From 23e941a2e72b7ed1976c0b2bfe4c3216b76ce28c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Sat, 8 Mar 2025 00:40:47 +0100 Subject: [PATCH 109/126] Update changelog to call out MinGW MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- ChangeLog.d/fix-msvc-version-guard-format-zu.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt index 7e68ddb602..e61cd7d429 100644 --- a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt +++ b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt @@ -1,7 +1,7 @@ Bugfix * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that occurred whenever SSL debugging was enabled on a copy of Mbed TLS built - with Visual Studio 2013. + with Visual Studio 2013 or MinGW. Fixes #10017. * Remove Everest Visual Studio 2010 compatibility headers, which could interfere with standard CRT headers in certain situations, eg. when From db475821f9849e6cb6db913dab097be96198f300 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Sat, 8 Mar 2025 01:02:37 +0100 Subject: [PATCH 110/126] Fix comments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- include/mbedtls/debug.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 8e1bd83a1a..e6f5dadb14 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -113,11 +113,11 @@ #define MBEDTLS_PRINTF_SIZET PRIuPTR #define MBEDTLS_PRINTF_LONGLONG "I64d" #else \ - /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1900) */ + /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */ #define MBEDTLS_PRINTF_SIZET "zu" #define MBEDTLS_PRINTF_LONGLONG "lld" #endif \ - /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1900) */ + /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */ #if !defined(MBEDTLS_PRINTF_MS_TIME) #include From 443908bc5df6622c76a0cf4c9af36d99c840773f Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Mon, 10 Mar 2025 14:19:01 +0000 Subject: [PATCH 111/126] Replace zero by PSA_ALG_NONE in key derivation input functions Signed-off-by: Waleed Elmelegy --- library/psa_crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 57533cc492..3ec92cc061 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7488,7 +7488,7 @@ static psa_status_t psa_key_derivation_input_internal( psa_status_t status; psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation); - if (kdf_alg == 0) { + if (kdf_alg == PSA_ALG_NONE) { /* This is a blank or aborted operation. */ status = PSA_ERROR_BAD_STATE; goto exit; @@ -7552,7 +7552,7 @@ static psa_status_t psa_key_derivation_input_integer_internal( psa_status_t status; psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation); - if (kdf_alg == 0) { + if (kdf_alg == PSA_ALG_NONE) { /* This is a blank or aborted operation. */ status = PSA_ERROR_BAD_STATE; goto exit; From 8a4ec49671a66c20f09789d0fbee7ee8dcdafcfd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 5 Mar 2025 12:52:18 +0100 Subject: [PATCH 112/126] Cleanly reject non-HS in-between HS fragments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_msg.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 0a8f4a3c60..4adaf7dc6f 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5148,6 +5148,18 @@ int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + /* If we're in the middle of a fragmented TLS handshake message, + * we don't accept any other message type. For TLS 1.3, the spec forbids + * interleaving other message types between handshake fragments. For TLS + * 1.2, the spec does not forbid it but we do. */ + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM && + ssl->badmac_seen_or_in_hsfraglen != 0 && + ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("non-handshake message in the middle" + " of a fragmented handshake message")); + return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; + } + /* * Handle particular types of records */ From d5e64f71db23eb673489d85c4de534dbfcd87551 Mon Sep 17 00:00:00 2001 From: Georgios Vasilakis Date: Tue, 11 Mar 2025 09:37:29 +0100 Subject: [PATCH 113/126] PSA core: Allow enabling one volatile/builtin key The current impelementation asserts if the user sets MBEDTLS_PSA_KEY_SLOT_COUNT to one or if they limit their builtin range to one key. This removes the requirement and allows for only one key volatile/builtin to be enabled. Signed-off-by: Georgios Vasilakis --- library/psa_crypto_slot_management.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 9850d8c750..358c7a2f2f 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -35,9 +35,9 @@ MBEDTLS_STATIC_ASSERT(PSA_KEY_ID_USER_MIN < PSA_KEY_ID_USER_MAX, "Empty user key ID range"); MBEDTLS_STATIC_ASSERT(PSA_KEY_ID_VENDOR_MIN < PSA_KEY_ID_VENDOR_MAX, "Empty vendor key ID range"); -MBEDTLS_STATIC_ASSERT(MBEDTLS_PSA_KEY_ID_BUILTIN_MIN < MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, +MBEDTLS_STATIC_ASSERT(MBEDTLS_PSA_KEY_ID_BUILTIN_MIN <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, "Empty builtin key ID range"); -MBEDTLS_STATIC_ASSERT(PSA_KEY_ID_VOLATILE_MIN < PSA_KEY_ID_VOLATILE_MAX, +MBEDTLS_STATIC_ASSERT(PSA_KEY_ID_VOLATILE_MIN <= PSA_KEY_ID_VOLATILE_MAX, "Empty volatile key ID range"); MBEDTLS_STATIC_ASSERT(PSA_KEY_ID_USER_MAX < PSA_KEY_ID_VENDOR_MIN || From d3b3c6740f95c8141913e9627089a75d6e08d150 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Mar 2025 14:45:54 +0100 Subject: [PATCH 114/126] More generally, what needs psa_crypto_init also needs threading Signed-off-by: Gilles Peskine --- include/mbedtls/mbedtls_config.h | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 3300f5f86c..e16f31a64a 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2130,6 +2130,10 @@ * before calling any function from the SSL/TLS, X.509 or PK modules, except * for the various mbedtls_xxx_init() functions which can be called at any time. * + * \warning In multithreaded applications, you must also enable + * #MBEDTLS_THREADING_C, unless only one thread ever calls PSA functions + * (`psa_xxx()`), including indirect calls through SSL/TLS, X.509 or PK. + * * \note An important and desirable effect of this option is that it allows * PK, X.509 and TLS to take advantage of PSA drivers. For example, enabling * this option is what allows use of drivers for ECDSA, ECDH and EC J-PAKE in @@ -2139,10 +2143,6 @@ * * \note See docs/use-psa-crypto.md for a complete description this option. * - * \note In multithreaded applications, you must also enable - * #MBEDTLS_THREADING_C, unless only one thread ever calls - * `psa_xxx()`, PK, X.509 or TLS functions. - * * Requires: MBEDTLS_PSA_CRYPTO_C. * * Uncomment this to enable internal use of PSA Crypto and new associated APIs. @@ -3224,6 +3224,14 @@ * * \note In multithreaded applications, you must enable #MBEDTLS_THREADING_C, * unless only one thread ever calls `psa_xxx()` functions. + * That includes indirect calls, such as: + * - performing a TLS handshake if support for TLS 1.3 is enabled; + * - using a TLS 1.3 connection; + * - indirect calls from PK, X.509 or SSL functions when + * #MBEDTLS_USE_PSA_CRYPTO is enabled; + * - indirect calls to calculate a hash when #MBEDTLS_MD_C is disabled; + * - any other call to a function that requires calling psa_crypto_init() + * beforehand. * * Module: library/psa_crypto.c * @@ -3662,12 +3670,17 @@ * if `MBEDTLS_USE_PSA_CRYPTO` is enabled (regardless of whether individual * TLS, X.509 or PK contexts are shared between threads). * - A TLS 1.3 connection, regardless of the compile-time configuration. - * - Any library feature that calculates a hash, except for algorithm-specific - * low-level modules, if `MBEDTLS_MD_C` is disabled. - * - Any library feature that calculates a hash, except for algorithm-specific - * low-level modules, if `MBEDTLS_CIPHER_C` is disabled. + * - Any library feature that calculates a hash, if `MBEDTLS_MD_C` is disabled. + * As an exception, algorithm-specific low-level modules do not require + * threading protection unless the contexts are shared between threads. + * - Any library feature that performs symmetric encryption or decryption, + * if `MBEDTLS_CIPHER_C` is disabled. + * As an exception, algorithm-specific low-level modules do not require + * threading protection unless the contexts are shared between threads. * - Any use of a cryptographic context if the same context is used in * multiple threads. + * - Any call to a function where the documentation specifies that + * psa_crypto_init() must be called prior to that function. * * See also our Knowledge Base article about threading: * https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading From b5ccd32390d6e31388a01979640d7603b6be33ea Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Mar 2025 17:41:59 +0100 Subject: [PATCH 115/126] Document the limitations of TLS handshake message defragmentation Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 597da2571f..e34e3af6af 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4449,6 +4449,24 @@ void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, * with \c mbedtls_ssl_read()), not handshake messages. * With DTLS, this affects both ApplicationData and handshake. * + * \note Defragmentation of incoming handshake messages in TLS + * (excluding DTLS) is supported with some limitations: + * - On an Mbed TLS server that only accepts TLS 1.2, + * the initial ClientHello message must not be fragmented. + * A TLS 1.2 ClientHello may be fragmented if the server + * also accepts TLS 1.3 connections (meaning + * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the + * accepted versions have not been restricted with + * mbedtls_ssl_conf_max_tls_version() or the like). + * - A ClientHello message that initiates a renegotiation + * must not be fragmented. + * - The first fragment of a handshake message must be + * at least 4 bytes long. + * - Non-handshake records must not be interleaved between + * the fragments of a handshake message. (This is permitted + * in TLS 1.2 but not in TLS 1.3, but Mbed TLS rejects it + * even in TLS 1.2.) + * * \note This sets the maximum length for a record's payload, * excluding record overhead that will be added to it, see * \c mbedtls_ssl_get_record_expansion(). From 1933932e553b53a8844da0a93c1052de5f0d227b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Mar 2025 17:44:20 +0100 Subject: [PATCH 116/126] Refer to the API documentation for details Signed-off-by: Gilles Peskine --- ChangeLog.d/tls-hs-defrag-in.txt | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt index 4fd4a4e372..748f95c104 100644 --- a/ChangeLog.d/tls-hs-defrag-in.txt +++ b/ChangeLog.d/tls-hs-defrag-in.txt @@ -1,12 +1,7 @@ Bugfix - * Support re-assembly of fragmented handshake messages in TLS, as mandated - by the spec. Lack of support was causing handshake failures with some - servers, especially with TLS 1.3 in practice (though both protocol - version could be affected in principle, and both are fixed now). - The initial fragment for each handshake message must be at least 4 bytes. - - Server-side, defragmentation of the ClientHello message is only - supported if the server accepts TLS 1.3 (regardless of whether the - ClientHello is 1.3 or 1.2). That is, servers configured (either - at compile time or at runtime) to only accept TLS 1.2 will - still fail the handshake if the ClientHello message is fragmented. + * Support re-assembly of fragmented handshake messages in TLS (both + 1.2 and 1.3). The lack of support was causing handshake failures with + some servers, especially with TLS 1.3 in practice. There are a few + limitations, notably a fragmented ClientHello is only supported when + TLS 1.3 support is enabled. See the documentation of + mbedtls_ssl_conf_max_frag_len() for details. From 494e4943b539c070374d97af6328bdd251133bbc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Mar 2025 13:45:27 +0100 Subject: [PATCH 117/126] Move the defragmentation documentation to mbedtls_ssl_handshake Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e34e3af6af..26b1fd4cdd 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4449,23 +4449,9 @@ void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, * with \c mbedtls_ssl_read()), not handshake messages. * With DTLS, this affects both ApplicationData and handshake. * - * \note Defragmentation of incoming handshake messages in TLS - * (excluding DTLS) is supported with some limitations: - * - On an Mbed TLS server that only accepts TLS 1.2, - * the initial ClientHello message must not be fragmented. - * A TLS 1.2 ClientHello may be fragmented if the server - * also accepts TLS 1.3 connections (meaning - * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the - * accepted versions have not been restricted with - * mbedtls_ssl_conf_max_tls_version() or the like). - * - A ClientHello message that initiates a renegotiation - * must not be fragmented. - * - The first fragment of a handshake message must be - * at least 4 bytes long. - * - Non-handshake records must not be interleaved between - * the fragments of a handshake message. (This is permitted - * in TLS 1.2 but not in TLS 1.3, but Mbed TLS rejects it - * even in TLS 1.2.) + * \note Defragmentation of TLS handshake messages is supported + * with some limitations. See the documentation of + * mbedtls_ssl_handshake() for details. * * \note This sets the maximum length for a record's payload, * excluding record overhead that will be added to it, see @@ -4997,6 +4983,24 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * if a negotiation involving TLS 1.3 takes place (this may * be the case even if TLS 1.3 is offered but eventually * not selected). + * + * \note Defragmentation of incoming handshake messages in TLS + * (excluding DTLS) is supported with some limitations: + * - On an Mbed TLS server that only accepts TLS 1.2, + * the initial ClientHello message must not be fragmented. + * A TLS 1.2 ClientHello may be fragmented if the server + * also accepts TLS 1.3 connections (meaning + * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the + * accepted versions have not been restricted with + * mbedtls_ssl_conf_max_tls_version() or the like). + * - A ClientHello message that initiates a renegotiation + * must not be fragmented. + * - The first fragment of a handshake message must be + * at least 4 bytes long. + * - Non-handshake records must not be interleaved between + * the fragments of a handshake message. (This is permitted + * in TLS 1.2 but not in TLS 1.3, but Mbed TLS rejects it + * even in TLS 1.2.) */ int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl); From c3af2f48c4aa63df3b077a26990ea83c8c6f81b1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Mar 2025 13:47:14 +0100 Subject: [PATCH 118/126] ClientHello may be fragmented in renegotiation Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 26b1fd4cdd..4d2410e778 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4993,8 +4993,6 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the * accepted versions have not been restricted with * mbedtls_ssl_conf_max_tls_version() or the like). - * - A ClientHello message that initiates a renegotiation - * must not be fragmented. * - The first fragment of a handshake message must be * at least 4 bytes long. * - Non-handshake records must not be interleaved between From bc0255592fed525ac19459f6bf7f1f68540b680d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Mar 2025 13:47:49 +0100 Subject: [PATCH 119/126] Clarify DTLS Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4d2410e778..8fdf6a689d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4985,7 +4985,7 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * not selected). * * \note Defragmentation of incoming handshake messages in TLS - * (excluding DTLS) is supported with some limitations: + * is supported with some limitations: * - On an Mbed TLS server that only accepts TLS 1.2, * the initial ClientHello message must not be fragmented. * A TLS 1.2 ClientHello may be fragmented if the server @@ -4993,6 +4993,7 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the * accepted versions have not been restricted with * mbedtls_ssl_conf_max_tls_version() or the like). + * This limitation does not apply to DTLS. * - The first fragment of a handshake message must be * at least 4 bytes long. * - Non-handshake records must not be interleaved between From 858900656eb36c7ad8b70e9104a7420529bd36ed Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Mar 2025 10:07:33 +0100 Subject: [PATCH 120/126] State globally that the limitations don't apply to DTLS Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8fdf6a689d..97b0dcb380 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4984,8 +4984,10 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * be the case even if TLS 1.3 is offered but eventually * not selected). * - * \note Defragmentation of incoming handshake messages in TLS - * is supported with some limitations: + * \note In TLS, reception of fragmented handshake messages is + * supported with some limitations (those limitations do + * not apply to DTLS, where defragmentation is fully + * supported): * - On an Mbed TLS server that only accepts TLS 1.2, * the initial ClientHello message must not be fragmented. * A TLS 1.2 ClientHello may be fragmented if the server @@ -4993,7 +4995,6 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the * accepted versions have not been restricted with * mbedtls_ssl_conf_max_tls_version() or the like). - * This limitation does not apply to DTLS. * - The first fragment of a handshake message must be * at least 4 bytes long. * - Non-handshake records must not be interleaved between From a7c020d6cbe5fadfe0126e90c077f01223b6e968 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Mar 2025 10:08:14 +0100 Subject: [PATCH 121/126] Update the location of defragmentation limitations Signed-off-by: Gilles Peskine --- ChangeLog.d/tls-hs-defrag-in.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt index 748f95c104..6bab02a029 100644 --- a/ChangeLog.d/tls-hs-defrag-in.txt +++ b/ChangeLog.d/tls-hs-defrag-in.txt @@ -4,4 +4,4 @@ Bugfix some servers, especially with TLS 1.3 in practice. There are a few limitations, notably a fragmented ClientHello is only supported when TLS 1.3 support is enabled. See the documentation of - mbedtls_ssl_conf_max_frag_len() for details. + mbedtls_ssl_handshake() for details. From 51668e5249f3995072e38003eb51f0d7ffd8e6ce Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 12 Mar 2025 15:22:27 +0000 Subject: [PATCH 122/126] Updated framework pointer. Signed-off-by: Minos Galanakis --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index b1c5f3110b..cab0c5fe19 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit b1c5f3110b3619d3f9bd955545f85469302510b1 +Subproject commit cab0c5fe19d5747cb9603552b80ebe64b9c67fdd From f525505886cd9319430be6382dbb7fd28bdb7912 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Tue, 11 Mar 2025 17:47:11 +0100 Subject: [PATCH 123/126] Clarify changelog MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove mention of the shipped .sln files, as those are planned to be removed from Mbed TLS. Clarify the affected CRT headers. Signed-off-by: Bence Szépkúti --- ChangeLog.d/fix-msvc-version-guard-format-zu.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt index e61cd7d429..2713f6c9f4 100644 --- a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt +++ b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt @@ -4,5 +4,6 @@ Bugfix with Visual Studio 2013 or MinGW. Fixes #10017. * Remove Everest Visual Studio 2010 compatibility headers, which could - interfere with standard CRT headers in certain situations, eg. when - building Mbed TLS with the .sln file shipped with the project. + shadow standard CRT headers inttypes.h and stdbool.h with incomplete + implementatios if placed on the include path, eg. when building Mbed TLS + with the .sln file shipped with the project. From a029387d1bc37cb475952bffef9087357d0c3162 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 12 Mar 2025 16:43:38 +0100 Subject: [PATCH 124/126] Use dummy typedef instead of macro MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use a dummy definition of mbedtls_ms_time_t in builds without MBEDTLS_HAVE_TIME. Signed-off-by: Bence Szépkúti --- tests/suites/test_suite_debug.data | 2 +- tests/suites/test_suite_debug.function | 10 +++------- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index b994e54c44..69e2c8bcf0 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -6,7 +6,7 @@ printf "%" MBEDTLS_PRINTF_LONGLONG, 0 printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_LONGLONG:sizeof(long long):0:"0" printf "%" MBEDTLS_PRINTF_MS_TIME, 0 -printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_MS_TIME:MBEDTLS_MS_TIME_SIZE:0:"0" +printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0:"0" Debug print msg (threshold 1, level 0) debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n" diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index f6d7611a63..b99e27d738 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -9,13 +9,9 @@ # include #endif -// Use a macro instead of sizeof(mbedtls_ms_time_t) because the expression store -// doesn't exclude entries based on depends_on headers, which would cause failures -// in builds without MBEDTLS_HAVE_TIME -#if defined(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO) -# define MBEDTLS_MS_TIME_SIZE sizeof(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO) -#else -# define MBEDTLS_MS_TIME_SIZE sizeof(int64_t) +// Dummy type for builds without MBEDTLS_HAVE_TIME +#if !defined(MBEDTLS_HAVE_TIME) +typedef int64_t mbedtls_ms_time_t; #endif struct buffer_data { From c64b7bc6643c8a0310105e6e00bf517b5ead384c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 12 Mar 2025 17:08:46 +0100 Subject: [PATCH 125/126] Use an array of strings instead of pointer smuggling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- tests/suites/test_suite_debug.data | 7 +++---- tests/suites/test_suite_debug.function | 17 ++++++++++++++--- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index 69e2c8bcf0..46b6be4581 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -1,12 +1,11 @@ -# printf_int_expr expects a smuggled string expression as its first parameter printf "%" MBEDTLS_PRINTF_SIZET, 0 -printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_SIZET:sizeof(size_t):0:"0" +printf_int_expr:PRINTF_SIZET:sizeof(size_t):0:"0" printf "%" MBEDTLS_PRINTF_LONGLONG, 0 -printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_LONGLONG:sizeof(long long):0:"0" +printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0:"0" printf "%" MBEDTLS_PRINTF_MS_TIME, 0 -printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0:"0" +printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0:"0" Debug print msg (threshold 1, level 0) debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n" diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index b99e27d738..9e53107626 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -14,6 +14,18 @@ typedef int64_t mbedtls_ms_time_t; #endif +typedef enum { + PRINTF_SIZET, + PRINTF_LONGLONG, + PRINTF_MS_TIME, +} printf_format_indicator_t; + +const char *const printf_formats[] = { + [PRINTF_SIZET] = "%" MBEDTLS_PRINTF_SIZET, + [PRINTF_LONGLONG] = "%" MBEDTLS_PRINTF_LONGLONG, + [PRINTF_MS_TIME] = "%" MBEDTLS_PRINTF_MS_TIME, +}; + struct buffer_data { char buf[2000]; char *ptr; @@ -81,8 +93,7 @@ static void noop_invalid_parameter_handler( */ /* BEGIN_CASE */ -void printf_int_expr(intmax_t smuggle_format_expr, /* TODO: teach test framework about string expressions */ - intmax_t sizeof_x, intmax_t x, char *result) +void printf_int_expr(int format_indicator, intmax_t sizeof_x, intmax_t x, char *result) { #if defined(_WIN32) /* Windows treats any invalid format specifiers passsed to the CRT as fatal assertion failures. @@ -95,7 +106,7 @@ void printf_int_expr(intmax_t smuggle_format_expr, /* TODO: teach test framework _CrtSetReportMode(_CRT_ASSERT, _CRTDBG_MODE_DEBUG); #endif - const char *format = (char *) ((uintptr_t) smuggle_format_expr); + const char *format = printf_formats[format_indicator]; char *output = NULL; const size_t n = strlen(result); From b05b3b19d7deedac4de9a9400ae416dd08fe7afd Mon Sep 17 00:00:00 2001 From: Noah Pendleton Date: Fri, 3 May 2024 11:02:22 -0400 Subject: [PATCH 126/126] mbedtls_net_send API description typo fix Signed-off-by: Noah Pendleton --- include/mbedtls/net_sockets.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index 85c11971d8..8e69bc0fb3 100644 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -229,7 +229,7 @@ int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len); /** * \brief Write at most 'len' characters. If no error occurs, - * the actual amount read is returned. + * the actual amount written is returned. * * \param ctx Socket * \param buf The buffer to read from