From 3fc5a4dc86cfd43278d1891cb3d178e14c6254d2 Mon Sep 17 00:00:00 2001
From: Deomid rojer Ryabkov <rojer@rojer.me>
Date: Sun, 10 Mar 2024 02:11:03 +0000
Subject: [PATCH 01/80] Defragment incoming TLS handshake messages

Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
---
 ChangeLog.d/tls-hs-defrag-in.txt |  2 +
 include/mbedtls/ssl.h            |  2 +
 library/ssl_misc.h               |  8 ++-
 library/ssl_msg.c                | 99 ++++++++++++++++++++++++++++----
 library/ssl_tls.c                | 17 +++++-
 5 files changed, 113 insertions(+), 15 deletions(-)
 create mode 100644 ChangeLog.d/tls-hs-defrag-in.txt

diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt
new file mode 100644
index 0000000000..8c57200119
--- /dev/null
+++ b/ChangeLog.d/tls-hs-defrag-in.txt
@@ -0,0 +1,2 @@
+Change
+   * Defragment incoming TLS handshake messages.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 42fffbf860..26ea791208 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1817,6 +1817,8 @@ struct mbedtls_ssl_context {
 
     size_t MBEDTLS_PRIVATE(in_hslen);            /*!< current handshake message length,
                                                     including the handshake header   */
+    unsigned char *MBEDTLS_PRIVATE(in_hshdr);    /*!< original handshake header start  */
+    size_t MBEDTLS_PRIVATE(in_hsfraglen);        /*!< accumulated hs fragments length  */
     int MBEDTLS_PRIVATE(nb_zero);                /*!< # of 0-length encrypted messages */
 
     int MBEDTLS_PRIVATE(keep_current_message);   /*!< drop or reuse current message
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 7495ae3bec..89947e9575 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1830,7 +1830,13 @@ void mbedtls_ssl_set_timer(mbedtls_ssl_context *ssl, uint32_t millisecs);
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl);
 
-void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_reset_in_pointers(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_reset_out_pointers(mbedtls_ssl_context *ssl);
+static inline void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl)
+{
+    mbedtls_ssl_reset_in_pointers(ssl);
+    mbedtls_ssl_reset_out_pointers(ssl);
+}
 void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl,
                                      mbedtls_ssl_transform *transform);
 void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl);
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index dcda1d3f21..99b60f382e 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3226,7 +3226,11 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
         return MBEDTLS_ERR_SSL_INVALID_RECORD;
     }
 
-    ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl);
+    if (ssl->in_hslen == 0) {
+        ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl);
+        ssl->in_hsfraglen = 0;
+        ssl->in_hshdr = ssl->in_hdr;
+    }
 
     MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen ="
                               " %" MBEDTLS_PRINTF_SIZET ", type = %u, hslen = %"
@@ -3292,10 +3296,59 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
         }
     } else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-    /* With TLS we don't handle fragmentation (for now) */
-    if (ssl->in_msglen < ssl->in_hslen) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("TLS handshake fragmentation not supported"));
-        return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+    {
+        int ret;
+        const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen;
+        const size_t msg_hslen = (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen);
+
+        MBEDTLS_SSL_DEBUG_MSG(3,
+                              ("handshake fragment: %" MBEDTLS_PRINTF_SIZET " .. %"
+                               MBEDTLS_PRINTF_SIZET " of %"
+                               MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET,
+                               ssl->in_hsfraglen, ssl->in_hsfraglen + msg_hslen,
+                               ssl->in_hslen, ssl->in_msglen));
+        (void) msg_hslen;
+        if (ssl->in_msglen < hs_remain) {
+            ssl->in_hsfraglen += ssl->in_msglen;
+            ssl->in_hdr = ssl->in_msg + ssl->in_msglen;
+            ssl->in_msglen = 0;
+            mbedtls_ssl_update_in_pointers(ssl);
+            return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
+        }
+        if (ssl->in_hshdr != ssl->in_hdr) {
+            /*
+             * At ssl->in_hshdr we have a sequence of records that cover the next handshake
+             * record, each with its own record header that we need to remove.
+             * Note that the reassembled record size may not equal the size of the message,
+             * there maybe bytes from the next message following it.
+             */
+            size_t merged_rec_len = 0;
+            unsigned char *p = ssl->in_hshdr, *q = NULL;
+            do {
+                mbedtls_record rec;
+                ret = ssl_parse_record_header(ssl, p, mbedtls_ssl_in_hdr_len(ssl), &rec);
+                if (ret != 0) {
+                    return ret;
+                }
+                merged_rec_len += rec.data_len;
+                p = rec.buf + rec.buf_len;
+                if (q != NULL) {
+                    memmove(q, rec.buf + rec.data_offset, rec.data_len);
+                    q += rec.data_len;
+                } else {
+                    q = p;
+                }
+            } while (merged_rec_len < ssl->in_hslen);
+            ssl->in_hdr = ssl->in_hshdr;
+            mbedtls_ssl_update_in_pointers(ssl);
+            ssl->in_msglen = merged_rec_len;
+            /* Adjust message length. */
+            MBEDTLS_PUT_UINT16_BE(merged_rec_len, ssl->in_len, 0);
+            ssl->in_hsfraglen = 0;
+            ssl->in_hshdr = NULL;
+            MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record",
+                                  ssl->in_hdr, mbedtls_ssl_in_hdr_len(ssl) + merged_rec_len);
+        }
     }
 
     return 0;
@@ -4640,6 +4693,16 @@ static int ssl_consume_current_message(mbedtls_ssl_context *ssl)
             return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
 
+        if (ssl->in_hsfraglen != 0) {
+            /* Not all handshake fragments have arrived, do not consume. */
+            MBEDTLS_SSL_DEBUG_MSG(3,
+                                  ("waiting for more fragments (%" MBEDTLS_PRINTF_SIZET " of %"
+                                   MBEDTLS_PRINTF_SIZET ", %" MBEDTLS_PRINTF_SIZET " left)",
+                                   ssl->in_hsfraglen, ssl->in_hslen,
+                                   ssl->in_hslen - ssl->in_hsfraglen));
+            return 0;
+        }
+
         /*
          * Get next Handshake message in the current record
          */
@@ -4665,6 +4728,7 @@ static int ssl_consume_current_message(mbedtls_ssl_context *ssl)
             ssl->in_msglen -= ssl->in_hslen;
             memmove(ssl->in_msg, ssl->in_msg + ssl->in_hslen,
                     ssl->in_msglen);
+            MBEDTLS_PUT_UINT16_BE(ssl->in_msglen, ssl->in_len, 0);
 
             MBEDTLS_SSL_DEBUG_BUF(4, "remaining content in record",
                                   ssl->in_msg, ssl->in_msglen);
@@ -5339,7 +5403,7 @@ void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl)
     } else
 #endif
     {
-        ssl->in_ctr = ssl->in_hdr - MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
+        ssl->in_ctr = ssl->in_buf;
         ssl->in_len = ssl->in_hdr + 3;
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
         ssl->in_cid = ssl->in_len;
@@ -5355,24 +5419,35 @@ void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl)
  * Setup an SSL context
  */
 
-void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl)
+void mbedtls_ssl_reset_in_pointers(mbedtls_ssl_context *ssl)
+{
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+        ssl->in_hdr = ssl->in_buf;
+    } else
+#endif
+    {
+        ssl->in_hdr = ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
+    }
+
+    /* Derive other internal pointers. */
+    mbedtls_ssl_update_in_pointers(ssl);
+}
+
+void mbedtls_ssl_reset_out_pointers(mbedtls_ssl_context *ssl)
 {
     /* Set the incoming and outgoing record pointers. */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         ssl->out_hdr = ssl->out_buf;
-        ssl->in_hdr  = ssl->in_buf;
     } else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
     {
         ssl->out_ctr = ssl->out_buf;
-        ssl->out_hdr = ssl->out_buf + 8;
-        ssl->in_hdr  = ssl->in_buf  + 8;
+        ssl->out_hdr = ssl->out_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
     }
-
     /* Derive other internal pointers. */
     mbedtls_ssl_update_out_pointers(ssl, NULL /* no transform enabled */);
-    mbedtls_ssl_update_in_pointers(ssl);
 }
 
 /*
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c773365bf6..4bb170b15e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -344,12 +344,17 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing,
                                    size_t out_buf_new_len)
 {
     int modified = 0;
-    size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0;
+    size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0, hdr_in = 0;
     size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0;
+    size_t hshdr_in = 0;
     if (ssl->in_buf != NULL) {
         written_in = ssl->in_msg - ssl->in_buf;
         iv_offset_in = ssl->in_iv - ssl->in_buf;
         len_offset_in = ssl->in_len - ssl->in_buf;
+        hdr_in = ssl->in_hdr - ssl->in_buf;
+        if (ssl->in_hshdr != NULL) {
+            hshdr_in = ssl->in_hshdr - ssl->in_buf;
+        }
         if (downsizing ?
             ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len :
             ssl->in_buf_len < in_buf_new_len) {
@@ -381,7 +386,10 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing,
     }
     if (modified) {
         /* Update pointers here to avoid doing it twice. */
-        mbedtls_ssl_reset_in_out_pointers(ssl);
+        ssl->in_hdr = ssl->in_buf + hdr_in;
+        mbedtls_ssl_update_in_pointers(ssl);
+        mbedtls_ssl_reset_out_pointers(ssl);
+
         /* Fields below might not be properly updated with record
          * splitting or with CID, so they are manually updated here. */
         ssl->out_msg = ssl->out_buf + written_out;
@@ -391,6 +399,9 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing,
         ssl->in_msg = ssl->in_buf + written_in;
         ssl->in_len = ssl->in_buf + len_offset_in;
         ssl->in_iv = ssl->in_buf + iv_offset_in;
+        if (ssl->in_hshdr != NULL) {
+            ssl->in_hshdr = ssl->in_buf + hshdr_in;
+        }
     }
 }
 #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
@@ -1484,6 +1495,8 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl,
     ssl->in_hslen   = 0;
     ssl->keep_current_message = 0;
     ssl->transform_in  = NULL;
+    ssl->in_hshdr = NULL;
+    ssl->in_hsfraglen = 0;
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     ssl->next_record_offset = 0;

From db2da526ff6ae3e05619d975e6b8af78f5b12336 Mon Sep 17 00:00:00 2001
From: Deomid Ryabkov <rojer@rojer.me>
Date: Wed, 15 Jan 2025 19:26:47 +0000
Subject: [PATCH 02/80] Update ChangeLog.d/tls-hs-defrag-in.txt

Co-authored-by: minosgalanakis <30719586+minosgalanakis@users.noreply.github.com>
Signed-off-by: Deomid Ryabkov <rojer@rojer.me>
---
 ChangeLog.d/tls-hs-defrag-in.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt
index 8c57200119..3555a789d8 100644
--- a/ChangeLog.d/tls-hs-defrag-in.txt
+++ b/ChangeLog.d/tls-hs-defrag-in.txt
@@ -1,2 +1,2 @@
-Change
+Changes
    * Defragment incoming TLS handshake messages.

From 1f4088ceda88bcf411b04982efeeb2df634dc848 Mon Sep 17 00:00:00 2001
From: Deomid rojer Ryabkov <rojer@rojer.me>
Date: Sat, 18 Jan 2025 15:58:57 +0200
Subject: [PATCH 03/80] Review comments

Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
---
 library/ssl_msg.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 99b60f382e..50dda51cad 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3299,15 +3299,14 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
     {
         int ret;
         const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen;
-        const size_t msg_hslen = (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen);
-
         MBEDTLS_SSL_DEBUG_MSG(3,
                               ("handshake fragment: %" MBEDTLS_PRINTF_SIZET " .. %"
                                MBEDTLS_PRINTF_SIZET " of %"
                                MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET,
-                               ssl->in_hsfraglen, ssl->in_hsfraglen + msg_hslen,
+                               ssl->in_hsfraglen,
+                               ssl->in_hsfraglen +
+                               (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen),
                                ssl->in_hslen, ssl->in_msglen));
-        (void) msg_hslen;
         if (ssl->in_msglen < hs_remain) {
             ssl->in_hsfraglen += ssl->in_msglen;
             ssl->in_hdr = ssl->in_msg + ssl->in_msglen;
@@ -5425,7 +5424,7 @@ void mbedtls_ssl_reset_in_pointers(mbedtls_ssl_context *ssl)
     if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         ssl->in_hdr = ssl->in_buf;
     } else
-#endif
+#endif  /* MBEDTLS_SSL_PROTO_DTLS */
     {
         ssl->in_hdr = ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
     }

From 96e2290e3d7e1a8a502163fed190971021570780 Mon Sep 17 00:00:00 2001
From: Deomid rojer Ryabkov <rojer@rojer.me>
Date: Sun, 26 Jan 2025 10:43:42 +0200
Subject: [PATCH 04/80] Remove mbedtls_ssl_reset_in_out_pointers

Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
---
 library/ssl_misc.h | 7 +------
 library/ssl_tls.c  | 6 ++++--
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 89947e9575..348c3197dd 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1831,15 +1831,10 @@ MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl);
 
 void mbedtls_ssl_reset_in_pointers(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl);
 void mbedtls_ssl_reset_out_pointers(mbedtls_ssl_context *ssl);
-static inline void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl)
-{
-    mbedtls_ssl_reset_in_pointers(ssl);
-    mbedtls_ssl_reset_out_pointers(ssl);
-}
 void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl,
                                      mbedtls_ssl_transform *transform);
-void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl);
 
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial);
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4bb170b15e..f7554d202d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1420,7 +1420,8 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl,
         goto error;
     }
 
-    mbedtls_ssl_reset_in_out_pointers(ssl);
+    mbedtls_ssl_reset_in_pointers(ssl);
+    mbedtls_ssl_reset_out_pointers(ssl);
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
     memset(&ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info));
@@ -1485,7 +1486,8 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl,
     /* Cancel any possibly running timer */
     mbedtls_ssl_set_timer(ssl, 0);
 
-    mbedtls_ssl_reset_in_out_pointers(ssl);
+    mbedtls_ssl_reset_in_pointers(ssl);
+    mbedtls_ssl_reset_out_pointers(ssl);
 
     /* Reset incoming message parsing */
     ssl->in_offt    = NULL;

From 5c853ea2c557c8b68c8ae75ea068ff8073b1185e Mon Sep 17 00:00:00 2001
From: Deomid rojer Ryabkov <rojer@rojer.me>
Date: Sun, 26 Jan 2025 11:10:54 +0200
Subject: [PATCH 05/80] Allow fragments less HS msg header size (4 bytes)

Except the first

Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
---
 library/ssl_msg.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 50dda51cad..83920f6327 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3220,7 +3220,8 @@ static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl)
 
 int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
 {
-    if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl)) {
+    /* First handshake fragment must at least include the header. */
+    if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl) && ssl->in_hslen == 0) {
         MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET,
                                   ssl->in_msglen));
         return MBEDTLS_ERR_SSL_INVALID_RECORD;

From 85ec2b36326cdefdbc11bd57c002c70fd9fe1d70 Mon Sep 17 00:00:00 2001
From: Deomid rojer Ryabkov <rojer@rojer.me>
Date: Mon, 27 Jan 2025 22:37:37 +0400
Subject: [PATCH 06/80] Add a safety check for in_hsfraglen

Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
---
 library/ssl_msg.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 83920f6327..fcab63eef5 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3298,6 +3298,9 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
     } else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
     {
+        if (ssl->in_hsfraglen > ssl->in_hslen) {
+            return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+        }
         int ret;
         const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen;
         MBEDTLS_SSL_DEBUG_MSG(3,

From bbe8745d193e2daa60d0c350e335f7ea7d289050 Mon Sep 17 00:00:00 2001
From: Deomid rojer Ryabkov <rojer@rojer.me>
Date: Thu, 13 Feb 2025 13:41:51 +0300
Subject: [PATCH 07/80] Remove in_hshdr

The first fragment of a fragmented handshake message always starts at the beginning of the buffer so there's no need to store it.

Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
---
 include/mbedtls/ssl.h |  4 ++--
 library/ssl_msg.c     | 20 +++++++++-----------
 library/ssl_tls.c     | 10 +---------
 3 files changed, 12 insertions(+), 22 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 26ea791208..8f7bb1feb9 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1817,8 +1817,8 @@ struct mbedtls_ssl_context {
 
     size_t MBEDTLS_PRIVATE(in_hslen);            /*!< current handshake message length,
                                                     including the handshake header   */
-    unsigned char *MBEDTLS_PRIVATE(in_hshdr);    /*!< original handshake header start  */
-    size_t MBEDTLS_PRIVATE(in_hsfraglen);        /*!< accumulated hs fragments length  */
+    size_t MBEDTLS_PRIVATE(in_hsfraglen);        /*!< accumulated length of hs fragments
+                                                    (up to in_hslen) */
     int MBEDTLS_PRIVATE(nb_zero);                /*!< # of 0-length encrypted messages */
 
     int MBEDTLS_PRIVATE(keep_current_message);   /*!< drop or reuse current message
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index fcab63eef5..8b1aa23415 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3230,7 +3230,6 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
     if (ssl->in_hslen == 0) {
         ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl);
         ssl->in_hsfraglen = 0;
-        ssl->in_hshdr = ssl->in_hdr;
     }
 
     MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen ="
@@ -3297,10 +3296,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
         }
     } else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-    {
-        if (ssl->in_hsfraglen > ssl->in_hslen) {
-            return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-        }
+    if (ssl->in_hsfraglen <= ssl->in_hslen) {
         int ret;
         const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen;
         MBEDTLS_SSL_DEBUG_MSG(3,
@@ -3318,15 +3314,16 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
             mbedtls_ssl_update_in_pointers(ssl);
             return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
         }
-        if (ssl->in_hshdr != ssl->in_hdr) {
+        if (ssl->in_hsfraglen > 0) {
             /*
-             * At ssl->in_hshdr we have a sequence of records that cover the next handshake
+             * At in_first_hdr we have a sequence of records that cover the next handshake
              * record, each with its own record header that we need to remove.
              * Note that the reassembled record size may not equal the size of the message,
-             * there maybe bytes from the next message following it.
+             * there may be more messages after it, complete or partial.
              */
+            unsigned char *in_first_hdr = ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
+            unsigned char *p = in_first_hdr, *q = NULL;
             size_t merged_rec_len = 0;
-            unsigned char *p = ssl->in_hshdr, *q = NULL;
             do {
                 mbedtls_record rec;
                 ret = ssl_parse_record_header(ssl, p, mbedtls_ssl_in_hdr_len(ssl), &rec);
@@ -3342,16 +3339,17 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
                     q = p;
                 }
             } while (merged_rec_len < ssl->in_hslen);
-            ssl->in_hdr = ssl->in_hshdr;
+            ssl->in_hdr = in_first_hdr;
             mbedtls_ssl_update_in_pointers(ssl);
             ssl->in_msglen = merged_rec_len;
             /* Adjust message length. */
             MBEDTLS_PUT_UINT16_BE(merged_rec_len, ssl->in_len, 0);
             ssl->in_hsfraglen = 0;
-            ssl->in_hshdr = NULL;
             MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record",
                                   ssl->in_hdr, mbedtls_ssl_in_hdr_len(ssl) + merged_rec_len);
         }
+    } else {
+        return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     }
 
     return 0;
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f7554d202d..0c394946a5 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -346,15 +346,11 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing,
     int modified = 0;
     size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0, hdr_in = 0;
     size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0;
-    size_t hshdr_in = 0;
     if (ssl->in_buf != NULL) {
         written_in = ssl->in_msg - ssl->in_buf;
         iv_offset_in = ssl->in_iv - ssl->in_buf;
         len_offset_in = ssl->in_len - ssl->in_buf;
         hdr_in = ssl->in_hdr - ssl->in_buf;
-        if (ssl->in_hshdr != NULL) {
-            hshdr_in = ssl->in_hshdr - ssl->in_buf;
-        }
         if (downsizing ?
             ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len :
             ssl->in_buf_len < in_buf_new_len) {
@@ -399,9 +395,6 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing,
         ssl->in_msg = ssl->in_buf + written_in;
         ssl->in_len = ssl->in_buf + len_offset_in;
         ssl->in_iv = ssl->in_buf + iv_offset_in;
-        if (ssl->in_hshdr != NULL) {
-            ssl->in_hshdr = ssl->in_buf + hshdr_in;
-        }
     }
 }
 #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
@@ -1495,10 +1488,9 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl,
     ssl->in_msgtype = 0;
     ssl->in_msglen  = 0;
     ssl->in_hslen   = 0;
+    ssl->in_hsfraglen = 0;
     ssl->keep_current_message = 0;
     ssl->transform_in  = NULL;
-    ssl->in_hshdr = NULL;
-    ssl->in_hsfraglen = 0;
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     ssl->next_record_offset = 0;

From 69f8f45e6f561651c1000af78a81ecb374af11bd Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 17 Feb 2025 16:08:59 +0100
Subject: [PATCH 08/80] Minor readability improvement

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/ssl_msg.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 8b1aa23415..fb91b948d7 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5032,10 +5032,12 @@ static int ssl_get_next_record(mbedtls_ssl_context *ssl)
                     return ret;
                 }
 
-                if (ssl->conf->badmac_limit != 0 &&
-                    ++ssl->badmac_seen >= ssl->conf->badmac_limit) {
-                    MBEDTLS_SSL_DEBUG_MSG(1, ("too many records with bad MAC"));
-                    return MBEDTLS_ERR_SSL_INVALID_MAC;
+                if (ssl->conf->badmac_limit != 0) {
+                    ++ssl->badmac_seen;
+                    if (ssl->badmac_seen >= ssl->conf->badmac_limit) {
+                        MBEDTLS_SSL_DEBUG_MSG(1, ("too many records with bad MAC"));
+                        return MBEDTLS_ERR_SSL_INVALID_MAC;
+                    }
                 }
 
                 /* As above, invalid records cause

From f6a676d93f47ba4f3cc78ec9b4adc02397ce4df4 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 17 Feb 2025 16:10:14 +0100
Subject: [PATCH 09/80] Rename badmac_seen to badmac_seen_or_in_hsfraglen

Prepare to unify two fields of the `mbedtls_ssl_context` structure:
`badmac_seen` (always present but only used in DTLS) and
`in_hsfraglen` (always present but only used in non-DTLS TLS).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/ssl.h | 11 ++++++++++-
 library/ssl_msg.c     |  4 ++--
 library/ssl_tls.c     |  6 +++---
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 8f7bb1feb9..0cad449011 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1724,7 +1724,16 @@ struct mbedtls_ssl_context {
     int MBEDTLS_PRIVATE(early_data_state);
 #endif
 
-    unsigned MBEDTLS_PRIVATE(badmac_seen);       /*!< records with a bad MAC received    */
+    /** Multipurpose field.
+     *
+     * - DTLS: records with a bad MAC received.
+     * - TLS: accumulated length of handshake fragments (up to ::in_hslen).
+     *
+     * This field is multipurpose in order to preserve the ABI in the
+     * Mbed TLS 3.6 LTS branch. Until 3.6.2, it was only used in DTLS
+     * and called `badmac_seen`.
+     */
+    unsigned MBEDTLS_PRIVATE(badmac_seen_or_in_hsfraglen);
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
     /** Callback to customize X.509 certificate chain verification          */
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index fb91b948d7..1ad8f5ab91 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5033,8 +5033,8 @@ static int ssl_get_next_record(mbedtls_ssl_context *ssl)
                 }
 
                 if (ssl->conf->badmac_limit != 0) {
-                    ++ssl->badmac_seen;
-                    if (ssl->badmac_seen >= ssl->conf->badmac_limit) {
+                    ++ssl->badmac_seen_or_in_hsfraglen;
+                    if (ssl->badmac_seen_or_in_hsfraglen >= ssl->conf->badmac_limit) {
                         MBEDTLS_SSL_DEBUG_MSG(1, ("too many records with bad MAC"));
                         return MBEDTLS_ERR_SSL_INVALID_MAC;
                     }
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0c394946a5..f8cd74b91e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5021,7 +5021,7 @@ static const unsigned char ssl_serialized_context_header[] = {
  *  uint8 in_cid<0..2^8-1>      // Connection ID: expected incoming value
  *  uint8 out_cid<0..2^8-1>     // Connection ID: outgoing value to use
  *  // fields from ssl_context
- *  uint32 badmac_seen;         // DTLS: number of records with failing MAC
+ *  uint32 badmac_seen_or_in_hsfraglen;         // DTLS: number of records with failing MAC
  *  uint64 in_window_top;       // DTLS: last validated record seq_num
  *  uint64 in_window;           // DTLS: bitmask for replay protection
  *  uint8 disable_datagram_packing; // DTLS: only one record per datagram
@@ -5163,7 +5163,7 @@ int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl,
      */
     used += 4;
     if (used <= buf_len) {
-        MBEDTLS_PUT_UINT32_BE(ssl->badmac_seen, p, 0);
+        MBEDTLS_PUT_UINT32_BE(ssl->badmac_seen_or_in_hsfraglen, p, 0);
         p += 4;
     }
 
@@ -5393,7 +5393,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl,
         return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
-    ssl->badmac_seen = MBEDTLS_GET_UINT32_BE(p, 0);
+    ssl->badmac_seen_or_in_hsfraglen = MBEDTLS_GET_UINT32_BE(p, 0);
     p += 4;
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)

From ebdd405f6821b16a627fc723f2ed9a0e7d5c702e Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 17 Feb 2025 16:25:24 +0100
Subject: [PATCH 10/80] Change the type of in_hsfraglen to unsigned

In the `mbedtls_ssl_context` structure, change the type of `in_hsfraglen`
from `size_t` to `unsigned`. This is in preparation for merging
`in_hsfraglen` into `badmac_seen_or_in_hsfraglen`, which has the type
`unsigned` and cannot change since we do not want to change the ABI.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/ssl.h |  2 +-
 library/ssl_msg.c     | 16 ++++++++++++----
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 0cad449011..161eb7e74e 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1826,7 +1826,7 @@ struct mbedtls_ssl_context {
 
     size_t MBEDTLS_PRIVATE(in_hslen);            /*!< current handshake message length,
                                                     including the handshake header   */
-    size_t MBEDTLS_PRIVATE(in_hsfraglen);        /*!< accumulated length of hs fragments
+    unsigned MBEDTLS_PRIVATE(in_hsfraglen);      /*!< accumulated length of hs fragments
                                                     (up to in_hslen) */
     int MBEDTLS_PRIVATE(nb_zero);                /*!< # of 0-length encrypted messages */
 
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 1ad8f5ab91..5940abafea 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -25,6 +25,7 @@
 #include "constant_time_internal.h"
 #include "mbedtls/constant_time.h"
 
+#include <limits.h>
 #include <string.h>
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -3300,15 +3301,22 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
         int ret;
         const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen;
         MBEDTLS_SSL_DEBUG_MSG(3,
-                              ("handshake fragment: %" MBEDTLS_PRINTF_SIZET " .. %"
+                              ("handshake fragment: %u .. %"
                                MBEDTLS_PRINTF_SIZET " of %"
                                MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET,
                                ssl->in_hsfraglen,
-                               ssl->in_hsfraglen +
+                               (size_t) ssl->in_hsfraglen +
                                (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen),
                                ssl->in_hslen, ssl->in_msglen));
         if (ssl->in_msglen < hs_remain) {
-            ssl->in_hsfraglen += ssl->in_msglen;
+            /* ssl->in_msglen is a 25-bit value since it is the sum of the
+             * header length plus the payload length, the header length is 4
+             * and the payload length was received on the wire encoded as
+             * 3 octets. We don't support 16-bit platforms; more specifically,
+             * we assume that both unsigned and size_t are at least 32 bits.
+             * Therefore there is no possible integer overflow here.
+             */
+            ssl->in_hsfraglen += (unsigned) ssl->in_msglen;
             ssl->in_hdr = ssl->in_msg + ssl->in_msglen;
             ssl->in_msglen = 0;
             mbedtls_ssl_update_in_pointers(ssl);
@@ -4697,7 +4705,7 @@ static int ssl_consume_current_message(mbedtls_ssl_context *ssl)
         if (ssl->in_hsfraglen != 0) {
             /* Not all handshake fragments have arrived, do not consume. */
             MBEDTLS_SSL_DEBUG_MSG(3,
-                                  ("waiting for more fragments (%" MBEDTLS_PRINTF_SIZET " of %"
+                                  ("waiting for more fragments (%u of %"
                                    MBEDTLS_PRINTF_SIZET ", %" MBEDTLS_PRINTF_SIZET " left)",
                                    ssl->in_hsfraglen, ssl->in_hslen,
                                    ssl->in_hslen - ssl->in_hsfraglen));

From b710599e4ac1138a67fb87a8c08a2690c0ea2fed Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 17 Feb 2025 16:28:51 +0100
Subject: [PATCH 11/80] Merge in_hsfraglen with badmac_seen_or_in_hsfraglen

In the `mbedtls_ssl_context` structure, merge the field `in_hsfraglen` into
`badmac_seen_or_in_hsfraglen`. This restores the ABI of `libmbedtls` as it
was in Mbed TLS 3.6.0 through 3.6.2.

The field `badmac_seen_or_in_hsfraglen` (formerly `badmac_seen`) was only
used for DTLS (despite being present in non-DTLS builds), and the field
`in_hsfraglen` was only used in non-DTLS TLS. Therefore the two values can
be stored in the same field.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/ssl.h |  2 --
 library/ssl_msg.c     | 22 +++++++++++-----------
 library/ssl_tls.c     |  2 +-
 3 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 161eb7e74e..09a58a25ae 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1826,8 +1826,6 @@ struct mbedtls_ssl_context {
 
     size_t MBEDTLS_PRIVATE(in_hslen);            /*!< current handshake message length,
                                                     including the handshake header   */
-    unsigned MBEDTLS_PRIVATE(in_hsfraglen);      /*!< accumulated length of hs fragments
-                                                    (up to in_hslen) */
     int MBEDTLS_PRIVATE(nb_zero);                /*!< # of 0-length encrypted messages */
 
     int MBEDTLS_PRIVATE(keep_current_message);   /*!< drop or reuse current message
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 5940abafea..7b11e4d06a 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3230,7 +3230,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
 
     if (ssl->in_hslen == 0) {
         ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl);
-        ssl->in_hsfraglen = 0;
+        ssl->badmac_seen_or_in_hsfraglen = 0;
     }
 
     MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen ="
@@ -3297,15 +3297,15 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
         }
     } else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-    if (ssl->in_hsfraglen <= ssl->in_hslen) {
+    if (ssl->badmac_seen_or_in_hsfraglen <= ssl->in_hslen) {
         int ret;
-        const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen;
+        const size_t hs_remain = ssl->in_hslen - ssl->badmac_seen_or_in_hsfraglen;
         MBEDTLS_SSL_DEBUG_MSG(3,
                               ("handshake fragment: %u .. %"
                                MBEDTLS_PRINTF_SIZET " of %"
                                MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET,
-                               ssl->in_hsfraglen,
-                               (size_t) ssl->in_hsfraglen +
+                               ssl->badmac_seen_or_in_hsfraglen,
+                               (size_t) ssl->badmac_seen_or_in_hsfraglen +
                                (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen),
                                ssl->in_hslen, ssl->in_msglen));
         if (ssl->in_msglen < hs_remain) {
@@ -3316,13 +3316,13 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
              * we assume that both unsigned and size_t are at least 32 bits.
              * Therefore there is no possible integer overflow here.
              */
-            ssl->in_hsfraglen += (unsigned) ssl->in_msglen;
+            ssl->badmac_seen_or_in_hsfraglen += (unsigned) ssl->in_msglen;
             ssl->in_hdr = ssl->in_msg + ssl->in_msglen;
             ssl->in_msglen = 0;
             mbedtls_ssl_update_in_pointers(ssl);
             return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
         }
-        if (ssl->in_hsfraglen > 0) {
+        if (ssl->badmac_seen_or_in_hsfraglen > 0) {
             /*
              * At in_first_hdr we have a sequence of records that cover the next handshake
              * record, each with its own record header that we need to remove.
@@ -3352,7 +3352,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
             ssl->in_msglen = merged_rec_len;
             /* Adjust message length. */
             MBEDTLS_PUT_UINT16_BE(merged_rec_len, ssl->in_len, 0);
-            ssl->in_hsfraglen = 0;
+            ssl->badmac_seen_or_in_hsfraglen = 0;
             MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record",
                                   ssl->in_hdr, mbedtls_ssl_in_hdr_len(ssl) + merged_rec_len);
         }
@@ -4702,13 +4702,13 @@ static int ssl_consume_current_message(mbedtls_ssl_context *ssl)
             return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
 
-        if (ssl->in_hsfraglen != 0) {
+        if (ssl->badmac_seen_or_in_hsfraglen != 0) {
             /* Not all handshake fragments have arrived, do not consume. */
             MBEDTLS_SSL_DEBUG_MSG(3,
                                   ("waiting for more fragments (%u of %"
                                    MBEDTLS_PRINTF_SIZET ", %" MBEDTLS_PRINTF_SIZET " left)",
-                                   ssl->in_hsfraglen, ssl->in_hslen,
-                                   ssl->in_hslen - ssl->in_hsfraglen));
+                                   ssl->badmac_seen_or_in_hsfraglen, ssl->in_hslen,
+                                   ssl->in_hslen - ssl->badmac_seen_or_in_hsfraglen));
             return 0;
         }
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f8cd74b91e..8428b38725 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1488,7 +1488,7 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl,
     ssl->in_msgtype = 0;
     ssl->in_msglen  = 0;
     ssl->in_hslen   = 0;
-    ssl->in_hsfraglen = 0;
+    ssl->badmac_seen_or_in_hsfraglen = 0;
     ssl->keep_current_message = 0;
     ssl->transform_in  = NULL;
 

From cb72cd2ec3e82458e0fcc5dbfe89dae1edd4ee99 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 17 Feb 2025 16:36:36 +0100
Subject: [PATCH 12/80] Don't reset badmac_seen on a DTLS client reconnect

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/ssl_tls.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8428b38725..7f74248252 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1488,10 +1488,15 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl,
     ssl->in_msgtype = 0;
     ssl->in_msglen  = 0;
     ssl->in_hslen   = 0;
-    ssl->badmac_seen_or_in_hsfraglen = 0;
     ssl->keep_current_message = 0;
     ssl->transform_in  = NULL;
 
+    /* TLS: reset in_hsfraglen, which is part of message parsing.
+     * DTLS: on a client reconnect, don't reset badmac_seen. */
+    if (!partial) {
+        ssl->badmac_seen_or_in_hsfraglen = 0;
+    }
+
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     ssl->next_record_offset = 0;
     ssl->in_epoch = 0;

From 55151d3da67936fda6f7d6b7aae392194abd0aac Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 17 Feb 2025 23:09:00 +0100
Subject: [PATCH 13/80] Fix Doxygen misuse

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/ssl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 09a58a25ae..597da2571f 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1727,7 +1727,7 @@ struct mbedtls_ssl_context {
     /** Multipurpose field.
      *
      * - DTLS: records with a bad MAC received.
-     * - TLS: accumulated length of handshake fragments (up to ::in_hslen).
+     * - TLS: accumulated length of handshake fragments (up to \c in_hslen).
      *
      * This field is multipurpose in order to preserve the ABI in the
      * Mbed TLS 3.6 LTS branch. Until 3.6.2, it was only used in DTLS

From c52273d017fc185638b8e7da878695fa090b4105 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 18 Feb 2025 14:11:25 +0100
Subject: [PATCH 14/80] Add a note about badmac_seen's new name in
 ssl_context_info

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 programs/ssl/ssl_context_info.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
index 51e87817ad..b9a0fe8751 100644
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -743,6 +743,13 @@ static void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len,
  *  uint8 alpn_chosen_len;
  *  uint8 alpn_chosen<0..2^8-1> // ALPN: negotiated application protocol
  *
+ * Note: In the mbedtls_ssl_context structure, badmac_seen is called
+ * badmac_seen_or_in_hsfraglen since Mbed TLS 3.6.2. The field contains
+ * the badmac_seen value in DTLS, and a handshake parsing intermediate
+ * value in non-DTLS TLS. The value is only meaningful for DTLS and should
+ * not be saved in non-DTLS TLS, so in this program, the context info file
+ * filed remains badmac_seen.
+ *
  * /p ssl   pointer to serialized session
  * /p len   number of bytes in the buffer
  */

From 2878a0559eb302652a3b3c9ffc8439f79008e631 Mon Sep 17 00:00:00 2001
From: Deomid rojer Ryabkov <rojer@rojer.me>
Date: Sat, 1 Feb 2025 15:33:37 +0200
Subject: [PATCH 15/80] Remove obselete checks due to the introduction of
 handhsake defragmen...

tation. h/t @waleed-elmelegy-arm

https://github.com/Mbed-TLS/mbedtls/pull/9928/commits/909e71672f6a11219e12347c2d7d2429b98e6500

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
---
 library/ssl_tls12_server.c | 17 -----------------
 1 file changed, 17 deletions(-)

diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 03722ac33c..3db1f44e34 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -1061,23 +1061,6 @@ read_record_header:
         size_t handshake_len = MBEDTLS_GET_UINT24_BE(buf, 1);
         MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake len.: %u",
                                   (unsigned) handshake_len));
-
-        /* The record layer has a record size limit of 2^14 - 1 and
-         * fragmentation is not supported, so buf[1] should be zero. */
-        if (buf[1] != 0) {
-            MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message: %u != 0",
-                                      (unsigned) buf[1]));
-            return MBEDTLS_ERR_SSL_DECODE_ERROR;
-        }
-
-        /* We don't support fragmentation of ClientHello (yet?) */
-        if (msg_len != mbedtls_ssl_hs_hdr_len(ssl) + handshake_len) {
-            MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message: %u != %u + %u",
-                                      (unsigned) msg_len,
-                                      (unsigned) mbedtls_ssl_hs_hdr_len(ssl),
-                                      (unsigned) handshake_len));
-            return MBEDTLS_ERR_SSL_DECODE_ERROR;
-        }
     }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)

From 716aead3b95353510e4c7c38a337935e74e182c5 Mon Sep 17 00:00:00 2001
From: Deomid rojer Ryabkov <rojer@rojer.me>
Date: Tue, 4 Feb 2025 12:08:15 +0200
Subject: [PATCH 16/80] Update the changelog message

Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
---
 ChangeLog.d/tls-hs-defrag-in.txt | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt
index 3555a789d8..55103c9a42 100644
--- a/ChangeLog.d/tls-hs-defrag-in.txt
+++ b/ChangeLog.d/tls-hs-defrag-in.txt
@@ -1,2 +1,5 @@
-Changes
-   * Defragment incoming TLS handshake messages.
+Bugfix
+   * Support re-assembly of fragmented handshake messages in TLS, as mandated
+     by the spec. Lack of support was causing handshake failures with some
+     servers, especially with TLS 1.3 in practice (though both protocol
+     version could be affected in principle, and both are fixed now).

From 4726d20320e640c77acb9431ab098e865ab10adb Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Fri, 31 Jan 2025 11:11:06 +0000
Subject: [PATCH 17/80] Remove unused variable in ssl_server.c

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
---
 library/ssl_tls12_server.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 3db1f44e34..67df4284a4 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -1057,11 +1057,6 @@ read_record_header:
         MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
         return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
     }
-    {
-        size_t handshake_len = MBEDTLS_GET_UINT24_BE(buf, 1);
-        MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake len.: %u",
-                                  (unsigned) handshake_len));
-    }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {

From 29581ce229fe3d9a242cad2c2b8f0ddeb9b15bea Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Fri, 24 Jan 2025 17:39:58 +0000
Subject: [PATCH 18/80] Add TLS Hanshake defragmentation tests

Tests uses openssl s_server with a mix of max_send_frag
and split_send_frag options.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
---
 tests/ssl-opt.sh | 84 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 84 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 0376018f5d..caef6405a8 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14457,6 +14457,90 @@ run_test    "TLS 1.2 ClientHello indicating support for deflate compression meth
             -c "Handshake was completed" \
             -s "dumping .client hello, compression. (2 bytes)"
 
+# Handshake defragmentation testing
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test    "Hanshake defragmentation (512)" \
+            "$O_SRV -max_send_frag 512 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "received ServerHello message" \
+            -c "<= handshake" \
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test    "Hanshake defragmentation (513)" \
+            "$O_SRV -max_send_frag 513 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "received ServerHello message" \
+            -c "<= handshake" \
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test    "Hanshake defragmentation (256)" \
+            "$O_SRV -mtu 32 -split_send_frag 256 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "received ServerHello message" \
+            -c "<= handshake" \
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test    "Hanshake defragmentation (128)" \
+            "$O_SRV -mtu 32 -split_send_frag 128 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "received ServerHello message" \
+            -c "<= handshake" \
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test    "Hanshake defragmentation (64)" \
+            "$O_SRV -mtu 32 -split_send_frag 64 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "received ServerHello message" \
+            -c "<= handshake" \
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test    "Hanshake defragmentation (36)" \
+            "$O_SRV -mtu 32 -split_send_frag 36 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "received ServerHello message" \
+            -c "<= handshake" \
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test    "Hanshake defragmentation (32)" \
+            "$O_SRV -mtu 32 -split_send_frag 32 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "received ServerHello message" \
+            -c "<= handshake" \
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test    "Hanshake defragmentation (16)" \
+            "$O_SRV -mtu 32 -split_send_frag 16 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "received ServerHello message" \
+            -c "<= handshake" \
+
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test    "Hanshake defragmentation (13)" \
+            "$O_SRV -mtu 32 -split_send_frag 13 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "received ServerHello message" \
+            -c "<= handshake" \
+
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test    "Hanshake defragmentation (5)" \
+            "$O_SRV -mtu 32 -split_send_frag 5 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "received ServerHello message" \
+            -c "<= handshake" \
+
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_MEMORY_DEBUG

From e11d8c9333a7791fcb9caf6832feae2744f978de Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Tue, 28 Jan 2025 16:47:21 +0000
Subject: [PATCH 19/80] Improve TLS handshake defragmentation tests

* Add tests for the server side.
* Remove restriction for TLS 1.2 so that we can test TLS 1.2 & 1.3.
* Use latest version of openSSL to make sure -max_send_frag &
  -split_send_frag flags are supported.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
---
 tests/ssl-opt.sh | 131 ++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 100 insertions(+), 31 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index caef6405a8..54e70ddd12 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14459,87 +14459,156 @@ run_test    "TLS 1.2 ClientHello indicating support for deflate compression meth
 
 # Handshake defragmentation testing
 
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test    "Hanshake defragmentation (512)" \
-            "$O_SRV -max_send_frag 512 " \
+run_test    "Client Hanshake defragmentation (512)" \
+            "$O_NEXT_SRV -max_send_frag 512 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "received ServerHello message" \
             -c "<= handshake" \
+            -c "handshake fragment: "
 
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test    "Hanshake defragmentation (513)" \
-            "$O_SRV -max_send_frag 513 " \
+run_test    "Client Hanshake defragmentation (513)" \
+            "$O_NEXT_SRV -max_send_frag 513 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "received ServerHello message" \
             -c "<= handshake" \
+            -c "handshake fragment: "
 
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test    "Hanshake defragmentation (256)" \
-            "$O_SRV -mtu 32 -split_send_frag 256 " \
+run_test    "Client Hanshake defragmentation (256)" \
+            "$O_NEXT_SRV -mtu 32 -split_send_frag 256 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "received ServerHello message" \
             -c "<= handshake" \
+            -c "handshake fragment: "
 
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test    "Hanshake defragmentation (128)" \
-            "$O_SRV -mtu 32 -split_send_frag 128 " \
+run_test    "Client Hanshake defragmentation (128)" \
+            "$O_NEXT_SRV -mtu 32 -split_send_frag 128 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "received ServerHello message" \
             -c "<= handshake" \
+            -c "handshake fragment: "
 
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test    "Hanshake defragmentation (64)" \
-            "$O_SRV -mtu 32 -split_send_frag 64 " \
+run_test    "Client Hanshake defragmentation (64)" \
+            "$O_NEXT_SRV -mtu 32 -split_send_frag 64 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "received ServerHello message" \
             -c "<= handshake" \
+            -c "handshake fragment: "
 
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test    "Hanshake defragmentation (36)" \
-            "$O_SRV -mtu 32 -split_send_frag 36 " \
+run_test    "Client Hanshake defragmentation (36)" \
+            "$O_NEXT_SRV -mtu 32 -split_send_frag 36 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "received ServerHello message" \
             -c "<= handshake" \
+            -c "handshake fragment: "
 
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test    "Hanshake defragmentation (32)" \
-            "$O_SRV -mtu 32 -split_send_frag 32 " \
+run_test    "Client Hanshake defragmentation (32)" \
+            "$O_NEXT_SRV -mtu 32 -split_send_frag 32 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "received ServerHello message" \
             -c "<= handshake" \
+            -c "handshake fragment: "
 
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test    "Hanshake defragmentation (16)" \
-            "$O_SRV -mtu 32 -split_send_frag 16 " \
+run_test    "Client Hanshake defragmentation (16)" \
+            "$O_NEXT_SRV -mtu 32 -split_send_frag 16 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "received ServerHello message" \
             -c "<= handshake" \
+            -c "handshake fragment: "
 
 
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test    "Hanshake defragmentation (13)" \
-            "$O_SRV -mtu 32 -split_send_frag 13 " \
+run_test    "Client Hanshake defragmentation (13)" \
+            "$O_NEXT_SRV -mtu 32 -split_send_frag 13 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "received ServerHello message" \
             -c "<= handshake" \
+            -c "handshake fragment: "
 
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test    "Hanshake defragmentation (5)" \
-            "$O_SRV -mtu 32 -split_send_frag 5 " \
+run_test    "Client Hanshake defragmentation (5)" \
+            "$O_NEXT_SRV -mtu 32 -split_send_frag 5 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "received ServerHello message" \
             -c "<= handshake" \
+            -c "handshake fragment: "
+
+run_test    "Server Hanshake defragmentation (512)" \
+            "$P_SRV debug_level=4 " \
+            "$O_NEXT_CLI -max_send_frag 512 " \
+            0 \
+            -s "<= handshake" \
+            -s "handshake fragment: "
+
+run_test    "Server Hanshake defragmentation (513)" \
+            "$P_SRV debug_level=4 " \
+            "$O_NEXT_CLI -max_send_frag 513 " \
+            0 \
+            -s "<= handshake" \
+            -s "handshake fragment: "
+
+run_test    "Server Hanshake defragmentation (256)" \
+            "$P_SRV debug_level=4 " \
+            "$O_NEXT_CLI -mtu 32 -split_send_frag 256 " \
+            0 \
+            -s "<= handshake" \
+            -s "handshake fragment: "
+
+run_test    "Server Hanshake defragmentation (128)" \
+            "$P_SRV debug_level=4 " \
+            "$O_NEXT_CLI -mtu 32 -split_send_frag 128 " \
+            0 \
+            -s "<= handshake" \
+            -s "handshake fragment: "
+
+run_test    "Server Hanshake defragmentation (64)" \
+            "$P_SRV debug_level=4 " \
+            "$O_NEXT_CLI -mtu 32 -split_send_frag 64 " \
+            0 \
+            -s "<= handshake" \
+            -s "handshake fragment: "
+
+run_test    "Server Hanshake defragmentation (36)" \
+            "$P_SRV debug_level=4 " \
+            "$O_NEXT_CLI -mtu 32 -split_send_frag 36 " \
+            0 \
+            -s "<= handshake" \
+            -s "handshake fragment: "
+
+run_test    "Server Hanshake defragmentation (32)" \
+            "$P_SRV debug_level=4 " \
+            "$O_NEXT_CLI -mtu 32 -split_send_frag 32 " \
+            0 \
+            -s "<= handshake" \
+            -s "handshake fragment: "
+
+run_test    "Server Hanshake defragmentation (16)" \
+            "$P_SRV debug_level=4 " \
+            "$O_NEXT_CLI -mtu 32 -split_send_frag 16 " \
+            0 \
+            -s "<= handshake" \
+            -s "handshake fragment: "
+
+run_test    "Server Hanshake defragmentation (13)" \
+            "$P_SRV debug_level=4 " \
+            "$O_NEXT_CLI -mtu 32 -split_send_frag 13 " \
+            0 \
+            -s "<= handshake" \
+            -s "handshake fragment: "
+
+run_test    "Server Hanshake defragmentation (5)" \
+            "$P_SRV debug_level=4 " \
+            "$O_NEXT_CLI -mtu 32 -split_send_frag 5 " \
+            0 \
+            -s "<= handshake" \
+            -s "handshake fragment: "
 
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2

From 8870b99da4fa9e058f69965b3af80aad205b1a1b Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Wed, 29 Jan 2025 16:23:40 +0000
Subject: [PATCH 20/80] Fix typo in TLS Handshake defrafmentation tests

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
---
 tests/ssl-opt.sh | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 54e70ddd12..2a29a6df91 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14459,7 +14459,7 @@ run_test    "TLS 1.2 ClientHello indicating support for deflate compression meth
 
 # Handshake defragmentation testing
 
-run_test    "Client Hanshake defragmentation (512)" \
+run_test    "Client Handshake defragmentation (512)" \
             "$O_NEXT_SRV -max_send_frag 512 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14467,7 +14467,7 @@ run_test    "Client Hanshake defragmentation (512)" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
-run_test    "Client Hanshake defragmentation (513)" \
+run_test    "Client Handshake defragmentation (513)" \
             "$O_NEXT_SRV -max_send_frag 513 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14475,7 +14475,7 @@ run_test    "Client Hanshake defragmentation (513)" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
-run_test    "Client Hanshake defragmentation (256)" \
+run_test    "Client Handshake defragmentation (256)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 256 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14483,7 +14483,7 @@ run_test    "Client Hanshake defragmentation (256)" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
-run_test    "Client Hanshake defragmentation (128)" \
+run_test    "Client Handshake defragmentation (128)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 128 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14491,7 +14491,7 @@ run_test    "Client Hanshake defragmentation (128)" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
-run_test    "Client Hanshake defragmentation (64)" \
+run_test    "Client Handshake defragmentation (64)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 64 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14499,7 +14499,7 @@ run_test    "Client Hanshake defragmentation (64)" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
-run_test    "Client Hanshake defragmentation (36)" \
+run_test    "Client Handshake defragmentation (36)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 36 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14507,7 +14507,7 @@ run_test    "Client Hanshake defragmentation (36)" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
-run_test    "Client Hanshake defragmentation (32)" \
+run_test    "Client Handshake defragmentation (32)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 32 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14515,7 +14515,7 @@ run_test    "Client Hanshake defragmentation (32)" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
-run_test    "Client Hanshake defragmentation (16)" \
+run_test    "Client Handshake defragmentation (16)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 16 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14524,7 +14524,7 @@ run_test    "Client Hanshake defragmentation (16)" \
             -c "handshake fragment: "
 
 
-run_test    "Client Hanshake defragmentation (13)" \
+run_test    "Client Handshake defragmentation (13)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 13 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14532,7 +14532,7 @@ run_test    "Client Hanshake defragmentation (13)" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
-run_test    "Client Hanshake defragmentation (5)" \
+run_test    "Client Handshake defragmentation (5)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 5 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14540,70 +14540,70 @@ run_test    "Client Hanshake defragmentation (5)" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
-run_test    "Server Hanshake defragmentation (512)" \
+run_test    "Server Handshake defragmentation (512)" \
             "$P_SRV debug_level=4 " \
             "$O_NEXT_CLI -max_send_frag 512 " \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
 
-run_test    "Server Hanshake defragmentation (513)" \
+run_test    "Server Handshake defragmentation (513)" \
             "$P_SRV debug_level=4 " \
             "$O_NEXT_CLI -max_send_frag 513 " \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
 
-run_test    "Server Hanshake defragmentation (256)" \
+run_test    "Server Handshake defragmentation (256)" \
             "$P_SRV debug_level=4 " \
             "$O_NEXT_CLI -mtu 32 -split_send_frag 256 " \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
 
-run_test    "Server Hanshake defragmentation (128)" \
+run_test    "Server Handshake defragmentation (128)" \
             "$P_SRV debug_level=4 " \
             "$O_NEXT_CLI -mtu 32 -split_send_frag 128 " \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
 
-run_test    "Server Hanshake defragmentation (64)" \
+run_test    "Server Handshake defragmentation (64)" \
             "$P_SRV debug_level=4 " \
             "$O_NEXT_CLI -mtu 32 -split_send_frag 64 " \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
 
-run_test    "Server Hanshake defragmentation (36)" \
+run_test    "Server Handshake defragmentation (36)" \
             "$P_SRV debug_level=4 " \
             "$O_NEXT_CLI -mtu 32 -split_send_frag 36 " \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
 
-run_test    "Server Hanshake defragmentation (32)" \
+run_test    "Server Handshake defragmentation (32)" \
             "$P_SRV debug_level=4 " \
             "$O_NEXT_CLI -mtu 32 -split_send_frag 32 " \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
 
-run_test    "Server Hanshake defragmentation (16)" \
+run_test    "Server Handshake defragmentation (16)" \
             "$P_SRV debug_level=4 " \
             "$O_NEXT_CLI -mtu 32 -split_send_frag 16 " \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
 
-run_test    "Server Hanshake defragmentation (13)" \
+run_test    "Server Handshake defragmentation (13)" \
             "$P_SRV debug_level=4 " \
             "$O_NEXT_CLI -mtu 32 -split_send_frag 13 " \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
 
-run_test    "Server Hanshake defragmentation (5)" \
+run_test    "Server Handshake defragmentation (5)" \
             "$P_SRV debug_level=4 " \
             "$O_NEXT_CLI -mtu 32 -split_send_frag 5 " \
             0 \

From 5b7c8bb064cd0e0e21b9c85101db9b294d66df33 Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Wed, 29 Jan 2025 16:58:58 +0000
Subject: [PATCH 21/80] Remove unnecessary string check in handshake
 defragmentation tests

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
---
 tests/ssl-opt.sh | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 2a29a6df91..adae592151 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14463,7 +14463,6 @@ run_test    "Client Handshake defragmentation (512)" \
             "$O_NEXT_SRV -max_send_frag 512 " \
             "$P_CLI debug_level=4 " \
             0 \
-            -c "received ServerHello message" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
@@ -14471,7 +14470,6 @@ run_test    "Client Handshake defragmentation (513)" \
             "$O_NEXT_SRV -max_send_frag 513 " \
             "$P_CLI debug_level=4 " \
             0 \
-            -c "received ServerHello message" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
@@ -14479,7 +14477,6 @@ run_test    "Client Handshake defragmentation (256)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 256 " \
             "$P_CLI debug_level=4 " \
             0 \
-            -c "received ServerHello message" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
@@ -14487,7 +14484,6 @@ run_test    "Client Handshake defragmentation (128)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 128 " \
             "$P_CLI debug_level=4 " \
             0 \
-            -c "received ServerHello message" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
@@ -14495,7 +14491,6 @@ run_test    "Client Handshake defragmentation (64)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 64 " \
             "$P_CLI debug_level=4 " \
             0 \
-            -c "received ServerHello message" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
@@ -14503,7 +14498,6 @@ run_test    "Client Handshake defragmentation (36)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 36 " \
             "$P_CLI debug_level=4 " \
             0 \
-            -c "received ServerHello message" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
@@ -14511,7 +14505,6 @@ run_test    "Client Handshake defragmentation (32)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 32 " \
             "$P_CLI debug_level=4 " \
             0 \
-            -c "received ServerHello message" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
@@ -14519,7 +14512,6 @@ run_test    "Client Handshake defragmentation (16)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 16 " \
             "$P_CLI debug_level=4 " \
             0 \
-            -c "received ServerHello message" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
@@ -14528,7 +14520,6 @@ run_test    "Client Handshake defragmentation (13)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 13 " \
             "$P_CLI debug_level=4 " \
             0 \
-            -c "received ServerHello message" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
@@ -14536,7 +14527,6 @@ run_test    "Client Handshake defragmentation (5)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 5 " \
             "$P_CLI debug_level=4 " \
             0 \
-            -c "received ServerHello message" \
             -c "<= handshake" \
             -c "handshake fragment: "
 

From 1b2590b125476f43a8ccbcefbc52f7f6c55149db Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Wed, 29 Jan 2025 17:01:55 +0000
Subject: [PATCH 22/80] Require openssl to support TLS 1.3 in handshake
 defragmentation tests

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
---
 tests/ssl-opt.sh | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index adae592151..c2f23f0db7 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14459,6 +14459,7 @@ run_test    "TLS 1.2 ClientHello indicating support for deflate compression meth
 
 # Handshake defragmentation testing
 
+requires_openssl_tls1_3
 run_test    "Client Handshake defragmentation (512)" \
             "$O_NEXT_SRV -max_send_frag 512 " \
             "$P_CLI debug_level=4 " \
@@ -14466,6 +14467,7 @@ run_test    "Client Handshake defragmentation (512)" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
+requires_openssl_tls1_3
 run_test    "Client Handshake defragmentation (513)" \
             "$O_NEXT_SRV -max_send_frag 513 " \
             "$P_CLI debug_level=4 " \
@@ -14473,6 +14475,7 @@ run_test    "Client Handshake defragmentation (513)" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
+requires_openssl_tls1_3
 run_test    "Client Handshake defragmentation (256)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 256 " \
             "$P_CLI debug_level=4 " \
@@ -14480,6 +14483,7 @@ run_test    "Client Handshake defragmentation (256)" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
+requires_openssl_tls1_3
 run_test    "Client Handshake defragmentation (128)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 128 " \
             "$P_CLI debug_level=4 " \
@@ -14487,6 +14491,7 @@ run_test    "Client Handshake defragmentation (128)" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
+requires_openssl_tls1_3
 run_test    "Client Handshake defragmentation (64)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 64 " \
             "$P_CLI debug_level=4 " \
@@ -14494,6 +14499,7 @@ run_test    "Client Handshake defragmentation (64)" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
+requires_openssl_tls1_3
 run_test    "Client Handshake defragmentation (36)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 36 " \
             "$P_CLI debug_level=4 " \
@@ -14501,6 +14507,7 @@ run_test    "Client Handshake defragmentation (36)" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
+requires_openssl_tls1_3
 run_test    "Client Handshake defragmentation (32)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 32 " \
             "$P_CLI debug_level=4 " \
@@ -14508,6 +14515,7 @@ run_test    "Client Handshake defragmentation (32)" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
+requires_openssl_tls1_3
 run_test    "Client Handshake defragmentation (16)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 16 " \
             "$P_CLI debug_level=4 " \
@@ -14515,7 +14523,7 @@ run_test    "Client Handshake defragmentation (16)" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
-
+requires_openssl_tls1_3
 run_test    "Client Handshake defragmentation (13)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 13 " \
             "$P_CLI debug_level=4 " \
@@ -14523,6 +14531,7 @@ run_test    "Client Handshake defragmentation (13)" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
+requires_openssl_tls1_3
 run_test    "Client Handshake defragmentation (5)" \
             "$O_NEXT_SRV -mtu 32 -split_send_frag 5 " \
             "$P_CLI debug_level=4 " \
@@ -14530,6 +14539,7 @@ run_test    "Client Handshake defragmentation (5)" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
+requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (512)" \
             "$P_SRV debug_level=4 " \
             "$O_NEXT_CLI -max_send_frag 512 " \
@@ -14537,6 +14547,7 @@ run_test    "Server Handshake defragmentation (512)" \
             -s "<= handshake" \
             -s "handshake fragment: "
 
+requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (513)" \
             "$P_SRV debug_level=4 " \
             "$O_NEXT_CLI -max_send_frag 513 " \
@@ -14544,6 +14555,7 @@ run_test    "Server Handshake defragmentation (513)" \
             -s "<= handshake" \
             -s "handshake fragment: "
 
+requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (256)" \
             "$P_SRV debug_level=4 " \
             "$O_NEXT_CLI -mtu 32 -split_send_frag 256 " \
@@ -14551,6 +14563,7 @@ run_test    "Server Handshake defragmentation (256)" \
             -s "<= handshake" \
             -s "handshake fragment: "
 
+requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (128)" \
             "$P_SRV debug_level=4 " \
             "$O_NEXT_CLI -mtu 32 -split_send_frag 128 " \
@@ -14558,6 +14571,7 @@ run_test    "Server Handshake defragmentation (128)" \
             -s "<= handshake" \
             -s "handshake fragment: "
 
+requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (64)" \
             "$P_SRV debug_level=4 " \
             "$O_NEXT_CLI -mtu 32 -split_send_frag 64 " \
@@ -14565,6 +14579,7 @@ run_test    "Server Handshake defragmentation (64)" \
             -s "<= handshake" \
             -s "handshake fragment: "
 
+requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (36)" \
             "$P_SRV debug_level=4 " \
             "$O_NEXT_CLI -mtu 32 -split_send_frag 36 " \
@@ -14572,6 +14587,7 @@ run_test    "Server Handshake defragmentation (36)" \
             -s "<= handshake" \
             -s "handshake fragment: "
 
+requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (32)" \
             "$P_SRV debug_level=4 " \
             "$O_NEXT_CLI -mtu 32 -split_send_frag 32 " \
@@ -14579,6 +14595,7 @@ run_test    "Server Handshake defragmentation (32)" \
             -s "<= handshake" \
             -s "handshake fragment: "
 
+requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (16)" \
             "$P_SRV debug_level=4 " \
             "$O_NEXT_CLI -mtu 32 -split_send_frag 16 " \
@@ -14586,6 +14603,7 @@ run_test    "Server Handshake defragmentation (16)" \
             -s "<= handshake" \
             -s "handshake fragment: "
 
+requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (13)" \
             "$P_SRV debug_level=4 " \
             "$O_NEXT_CLI -mtu 32 -split_send_frag 13 " \
@@ -14593,6 +14611,7 @@ run_test    "Server Handshake defragmentation (13)" \
             -s "<= handshake" \
             -s "handshake fragment: "
 
+requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (5)" \
             "$P_SRV debug_level=4 " \
             "$O_NEXT_CLI -mtu 32 -split_send_frag 5 " \

From e9b08846dac5e7a6455d5c41bd2c4031aa11cfe4 Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Wed, 29 Jan 2025 17:13:34 +0000
Subject: [PATCH 23/80] Add client authentication to handshake defragmentation
 tests

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
---
 tests/ssl-opt.sh | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index c2f23f0db7..e59fd811ea 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14542,7 +14542,7 @@ run_test    "Client Handshake defragmentation (5)" \
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (512)" \
             "$P_SRV debug_level=4 " \
-            "$O_NEXT_CLI -max_send_frag 512 " \
+            "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
@@ -14550,7 +14550,7 @@ run_test    "Server Handshake defragmentation (512)" \
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (513)" \
             "$P_SRV debug_level=4 " \
-            "$O_NEXT_CLI -max_send_frag 513 " \
+            "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
@@ -14558,7 +14558,7 @@ run_test    "Server Handshake defragmentation (513)" \
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (256)" \
             "$P_SRV debug_level=4 " \
-            "$O_NEXT_CLI -mtu 32 -split_send_frag 256 " \
+            "$O_NEXT_CLI -mtu 32 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
@@ -14566,7 +14566,7 @@ run_test    "Server Handshake defragmentation (256)" \
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (128)" \
             "$P_SRV debug_level=4 " \
-            "$O_NEXT_CLI -mtu 32 -split_send_frag 128 " \
+            "$O_NEXT_CLI -mtu 32 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
@@ -14574,7 +14574,7 @@ run_test    "Server Handshake defragmentation (128)" \
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (64)" \
             "$P_SRV debug_level=4 " \
-            "$O_NEXT_CLI -mtu 32 -split_send_frag 64 " \
+            "$O_NEXT_CLI -mtu 32 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
@@ -14582,7 +14582,7 @@ run_test    "Server Handshake defragmentation (64)" \
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (36)" \
             "$P_SRV debug_level=4 " \
-            "$O_NEXT_CLI -mtu 32 -split_send_frag 36 " \
+            "$O_NEXT_CLI -mtu 32 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
@@ -14590,7 +14590,7 @@ run_test    "Server Handshake defragmentation (36)" \
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (32)" \
             "$P_SRV debug_level=4 " \
-            "$O_NEXT_CLI -mtu 32 -split_send_frag 32 " \
+            "$O_NEXT_CLI -mtu 32 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
@@ -14598,7 +14598,7 @@ run_test    "Server Handshake defragmentation (32)" \
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (16)" \
             "$P_SRV debug_level=4 " \
-            "$O_NEXT_CLI -mtu 32 -split_send_frag 16 " \
+            "$O_NEXT_CLI -mtu 32 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
@@ -14606,7 +14606,7 @@ run_test    "Server Handshake defragmentation (16)" \
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (13)" \
             "$P_SRV debug_level=4 " \
-            "$O_NEXT_CLI -mtu 32 -split_send_frag 13 " \
+            "$O_NEXT_CLI -mtu 32 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
@@ -14614,7 +14614,7 @@ run_test    "Server Handshake defragmentation (13)" \
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (5)" \
             "$P_SRV debug_level=4 " \
-            "$O_NEXT_CLI -mtu 32 -split_send_frag 5 " \
+            "$O_NEXT_CLI -mtu 32 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "

From 826fc5c383274208eb74985618cfe8edd96d04c9 Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Wed, 29 Jan 2025 18:28:56 +0000
Subject: [PATCH 24/80] Remove unneeded mtu option from handshake fragmentation
 tests

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
---
 tests/ssl-opt.sh | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index e59fd811ea..46f41ee1bd 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14477,7 +14477,7 @@ run_test    "Client Handshake defragmentation (513)" \
 
 requires_openssl_tls1_3
 run_test    "Client Handshake defragmentation (256)" \
-            "$O_NEXT_SRV -mtu 32 -split_send_frag 256 " \
+            "$O_NEXT_SRV -split_send_frag 256 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "<= handshake" \
@@ -14485,7 +14485,7 @@ run_test    "Client Handshake defragmentation (256)" \
 
 requires_openssl_tls1_3
 run_test    "Client Handshake defragmentation (128)" \
-            "$O_NEXT_SRV -mtu 32 -split_send_frag 128 " \
+            "$O_NEXT_SRV -split_send_frag 128 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "<= handshake" \
@@ -14493,7 +14493,7 @@ run_test    "Client Handshake defragmentation (128)" \
 
 requires_openssl_tls1_3
 run_test    "Client Handshake defragmentation (64)" \
-            "$O_NEXT_SRV -mtu 32 -split_send_frag 64 " \
+            "$O_NEXT_SRV -split_send_frag 64 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "<= handshake" \
@@ -14501,7 +14501,7 @@ run_test    "Client Handshake defragmentation (64)" \
 
 requires_openssl_tls1_3
 run_test    "Client Handshake defragmentation (36)" \
-            "$O_NEXT_SRV -mtu 32 -split_send_frag 36 " \
+            "$O_NEXT_SRV -split_send_frag 36 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "<= handshake" \
@@ -14509,7 +14509,7 @@ run_test    "Client Handshake defragmentation (36)" \
 
 requires_openssl_tls1_3
 run_test    "Client Handshake defragmentation (32)" \
-            "$O_NEXT_SRV -mtu 32 -split_send_frag 32 " \
+            "$O_NEXT_SRV -split_send_frag 32 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "<= handshake" \
@@ -14517,7 +14517,7 @@ run_test    "Client Handshake defragmentation (32)" \
 
 requires_openssl_tls1_3
 run_test    "Client Handshake defragmentation (16)" \
-            "$O_NEXT_SRV -mtu 32 -split_send_frag 16 " \
+            "$O_NEXT_SRV -split_send_frag 16 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "<= handshake" \
@@ -14525,7 +14525,7 @@ run_test    "Client Handshake defragmentation (16)" \
 
 requires_openssl_tls1_3
 run_test    "Client Handshake defragmentation (13)" \
-            "$O_NEXT_SRV -mtu 32 -split_send_frag 13 " \
+            "$O_NEXT_SRV -split_send_frag 13 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "<= handshake" \
@@ -14533,7 +14533,7 @@ run_test    "Client Handshake defragmentation (13)" \
 
 requires_openssl_tls1_3
 run_test    "Client Handshake defragmentation (5)" \
-            "$O_NEXT_SRV -mtu 32 -split_send_frag 5 " \
+            "$O_NEXT_SRV -split_send_frag 5 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "<= handshake" \
@@ -14558,7 +14558,7 @@ run_test    "Server Handshake defragmentation (513)" \
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (256)" \
             "$P_SRV debug_level=4 " \
-            "$O_NEXT_CLI -mtu 32 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
@@ -14566,7 +14566,7 @@ run_test    "Server Handshake defragmentation (256)" \
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (128)" \
             "$P_SRV debug_level=4 " \
-            "$O_NEXT_CLI -mtu 32 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
@@ -14574,7 +14574,7 @@ run_test    "Server Handshake defragmentation (128)" \
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (64)" \
             "$P_SRV debug_level=4 " \
-            "$O_NEXT_CLI -mtu 32 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
@@ -14582,7 +14582,7 @@ run_test    "Server Handshake defragmentation (64)" \
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (36)" \
             "$P_SRV debug_level=4 " \
-            "$O_NEXT_CLI -mtu 32 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
@@ -14590,7 +14590,7 @@ run_test    "Server Handshake defragmentation (36)" \
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (32)" \
             "$P_SRV debug_level=4 " \
-            "$O_NEXT_CLI -mtu 32 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
@@ -14598,7 +14598,7 @@ run_test    "Server Handshake defragmentation (32)" \
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (16)" \
             "$P_SRV debug_level=4 " \
-            "$O_NEXT_CLI -mtu 32 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
@@ -14606,7 +14606,7 @@ run_test    "Server Handshake defragmentation (16)" \
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (13)" \
             "$P_SRV debug_level=4 " \
-            "$O_NEXT_CLI -mtu 32 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "
@@ -14614,7 +14614,7 @@ run_test    "Server Handshake defragmentation (13)" \
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (5)" \
             "$P_SRV debug_level=4 " \
-            "$O_NEXT_CLI -mtu 32 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
             -s "handshake fragment: "

From 57f61f82fd29a2686a428d27be2f8835026546da Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Thu, 30 Jan 2025 12:02:12 +0000
Subject: [PATCH 25/80] Enforce client authentication in handshake
 fragmentation tests

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
---
 tests/ssl-opt.sh | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 46f41ee1bd..9a597e191f 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14541,7 +14541,7 @@ run_test    "Client Handshake defragmentation (5)" \
 
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (512)" \
-            "$P_SRV debug_level=4 " \
+            "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
@@ -14549,7 +14549,7 @@ run_test    "Server Handshake defragmentation (512)" \
 
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (513)" \
-            "$P_SRV debug_level=4 " \
+            "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
@@ -14557,7 +14557,7 @@ run_test    "Server Handshake defragmentation (513)" \
 
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (256)" \
-            "$P_SRV debug_level=4 " \
+            "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
@@ -14565,7 +14565,7 @@ run_test    "Server Handshake defragmentation (256)" \
 
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (128)" \
-            "$P_SRV debug_level=4 " \
+            "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
@@ -14573,7 +14573,7 @@ run_test    "Server Handshake defragmentation (128)" \
 
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (64)" \
-            "$P_SRV debug_level=4 " \
+            "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
@@ -14581,7 +14581,7 @@ run_test    "Server Handshake defragmentation (64)" \
 
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (36)" \
-            "$P_SRV debug_level=4 " \
+            "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
@@ -14589,7 +14589,7 @@ run_test    "Server Handshake defragmentation (36)" \
 
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (32)" \
-            "$P_SRV debug_level=4 " \
+            "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
@@ -14597,7 +14597,7 @@ run_test    "Server Handshake defragmentation (32)" \
 
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (16)" \
-            "$P_SRV debug_level=4 " \
+            "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
@@ -14605,7 +14605,7 @@ run_test    "Server Handshake defragmentation (16)" \
 
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (13)" \
-            "$P_SRV debug_level=4 " \
+            "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \
@@ -14613,7 +14613,7 @@ run_test    "Server Handshake defragmentation (13)" \
 
 requires_openssl_tls1_3
 run_test    "Server Handshake defragmentation (5)" \
-            "$P_SRV debug_level=4 " \
+            "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "<= handshake" \

From 99f4691bd6703701b79d7b30ebacb6b5905ecc98 Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Thu, 30 Jan 2025 17:53:02 +0000
Subject: [PATCH 26/80] Add a comment to elaborate using split_send_frag in
 handshake defragmentation tests

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
---
 tests/ssl-opt.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 9a597e191f..8b2a56d0c2 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14475,6 +14475,9 @@ run_test    "Client Handshake defragmentation (513)" \
             -c "<= handshake" \
             -c "handshake fragment: "
 
+# OpenSSL does not allow max_send_frag to be less than 512
+# so we use split_send_frag instead for tests lower than 512 below.
+
 requires_openssl_tls1_3
 run_test    "Client Handshake defragmentation (256)" \
             "$O_NEXT_SRV -split_send_frag 256 " \

From be59ab5671d9578d767444529361c1ed24071bc3 Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Fri, 31 Jan 2025 11:25:43 +0000
Subject: [PATCH 27/80] Add guard to handshake defragmentation tests for client
 certificate

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
---
 tests/ssl-opt.sh | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 8b2a56d0c2..74b673be76 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14479,6 +14479,7 @@ run_test    "Client Handshake defragmentation (513)" \
 # so we use split_send_frag instead for tests lower than 512 below.
 
 requires_openssl_tls1_3
+requires_certificate_authentication
 run_test    "Client Handshake defragmentation (256)" \
             "$O_NEXT_SRV -split_send_frag 256 " \
             "$P_CLI debug_level=4 " \
@@ -14487,6 +14488,7 @@ run_test    "Client Handshake defragmentation (256)" \
             -c "handshake fragment: "
 
 requires_openssl_tls1_3
+requires_certificate_authentication
 run_test    "Client Handshake defragmentation (128)" \
             "$O_NEXT_SRV -split_send_frag 128 " \
             "$P_CLI debug_level=4 " \
@@ -14495,6 +14497,7 @@ run_test    "Client Handshake defragmentation (128)" \
             -c "handshake fragment: "
 
 requires_openssl_tls1_3
+requires_certificate_authentication
 run_test    "Client Handshake defragmentation (64)" \
             "$O_NEXT_SRV -split_send_frag 64 " \
             "$P_CLI debug_level=4 " \
@@ -14503,6 +14506,7 @@ run_test    "Client Handshake defragmentation (64)" \
             -c "handshake fragment: "
 
 requires_openssl_tls1_3
+requires_certificate_authentication
 run_test    "Client Handshake defragmentation (36)" \
             "$O_NEXT_SRV -split_send_frag 36 " \
             "$P_CLI debug_level=4 " \
@@ -14511,6 +14515,7 @@ run_test    "Client Handshake defragmentation (36)" \
             -c "handshake fragment: "
 
 requires_openssl_tls1_3
+requires_certificate_authentication
 run_test    "Client Handshake defragmentation (32)" \
             "$O_NEXT_SRV -split_send_frag 32 " \
             "$P_CLI debug_level=4 " \
@@ -14519,6 +14524,7 @@ run_test    "Client Handshake defragmentation (32)" \
             -c "handshake fragment: "
 
 requires_openssl_tls1_3
+requires_certificate_authentication
 run_test    "Client Handshake defragmentation (16)" \
             "$O_NEXT_SRV -split_send_frag 16 " \
             "$P_CLI debug_level=4 " \
@@ -14527,6 +14533,7 @@ run_test    "Client Handshake defragmentation (16)" \
             -c "handshake fragment: "
 
 requires_openssl_tls1_3
+requires_certificate_authentication
 run_test    "Client Handshake defragmentation (13)" \
             "$O_NEXT_SRV -split_send_frag 13 " \
             "$P_CLI debug_level=4 " \
@@ -14535,6 +14542,7 @@ run_test    "Client Handshake defragmentation (13)" \
             -c "handshake fragment: "
 
 requires_openssl_tls1_3
+requires_certificate_authentication
 run_test    "Client Handshake defragmentation (5)" \
             "$O_NEXT_SRV -split_send_frag 5 " \
             "$P_CLI debug_level=4 " \
@@ -14543,6 +14551,7 @@ run_test    "Client Handshake defragmentation (5)" \
             -c "handshake fragment: "
 
 requires_openssl_tls1_3
+requires_certificate_authentication
 run_test    "Server Handshake defragmentation (512)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
@@ -14551,6 +14560,7 @@ run_test    "Server Handshake defragmentation (512)" \
             -s "handshake fragment: "
 
 requires_openssl_tls1_3
+requires_certificate_authentication
 run_test    "Server Handshake defragmentation (513)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
@@ -14559,6 +14569,7 @@ run_test    "Server Handshake defragmentation (513)" \
             -s "handshake fragment: "
 
 requires_openssl_tls1_3
+requires_certificate_authentication
 run_test    "Server Handshake defragmentation (256)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
@@ -14567,6 +14578,7 @@ run_test    "Server Handshake defragmentation (256)" \
             -s "handshake fragment: "
 
 requires_openssl_tls1_3
+requires_certificate_authentication
 run_test    "Server Handshake defragmentation (128)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
@@ -14575,6 +14587,7 @@ run_test    "Server Handshake defragmentation (128)" \
             -s "handshake fragment: "
 
 requires_openssl_tls1_3
+requires_certificate_authentication
 run_test    "Server Handshake defragmentation (64)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
@@ -14583,6 +14596,7 @@ run_test    "Server Handshake defragmentation (64)" \
             -s "handshake fragment: "
 
 requires_openssl_tls1_3
+requires_certificate_authentication
 run_test    "Server Handshake defragmentation (36)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
@@ -14591,6 +14605,7 @@ run_test    "Server Handshake defragmentation (36)" \
             -s "handshake fragment: "
 
 requires_openssl_tls1_3
+requires_certificate_authentication
 run_test    "Server Handshake defragmentation (32)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
@@ -14599,6 +14614,7 @@ run_test    "Server Handshake defragmentation (32)" \
             -s "handshake fragment: "
 
 requires_openssl_tls1_3
+requires_certificate_authentication
 run_test    "Server Handshake defragmentation (16)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
@@ -14607,6 +14623,7 @@ run_test    "Server Handshake defragmentation (16)" \
             -s "handshake fragment: "
 
 requires_openssl_tls1_3
+requires_certificate_authentication
 run_test    "Server Handshake defragmentation (13)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
@@ -14615,6 +14632,7 @@ run_test    "Server Handshake defragmentation (13)" \
             -s "handshake fragment: "
 
 requires_openssl_tls1_3
+requires_certificate_authentication
 run_test    "Server Handshake defragmentation (5)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \

From 5fc8d3f035a82db04f70871e2919b22222e822b1 Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Fri, 31 Jan 2025 11:50:08 +0000
Subject: [PATCH 28/80] Test Handshake defragmentation only for TLS 1.3 only
 for small values

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
---
 tests/ssl-opt.sh | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 74b673be76..1b3708f70f 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14478,8 +14478,12 @@ run_test    "Client Handshake defragmentation (513)" \
 # OpenSSL does not allow max_send_frag to be less than 512
 # so we use split_send_frag instead for tests lower than 512 below.
 
+# There is an issue with OpenSSL when fragmenting with values less
+# than 512 bytes in TLS 1.2 so we require TLS 1.3 with these values.
+
 requires_openssl_tls1_3
 requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Client Handshake defragmentation (256)" \
             "$O_NEXT_SRV -split_send_frag 256 " \
             "$P_CLI debug_level=4 " \
@@ -14489,6 +14493,7 @@ run_test    "Client Handshake defragmentation (256)" \
 
 requires_openssl_tls1_3
 requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Client Handshake defragmentation (128)" \
             "$O_NEXT_SRV -split_send_frag 128 " \
             "$P_CLI debug_level=4 " \
@@ -14498,6 +14503,7 @@ run_test    "Client Handshake defragmentation (128)" \
 
 requires_openssl_tls1_3
 requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Client Handshake defragmentation (64)" \
             "$O_NEXT_SRV -split_send_frag 64 " \
             "$P_CLI debug_level=4 " \
@@ -14507,6 +14513,7 @@ run_test    "Client Handshake defragmentation (64)" \
 
 requires_openssl_tls1_3
 requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Client Handshake defragmentation (36)" \
             "$O_NEXT_SRV -split_send_frag 36 " \
             "$P_CLI debug_level=4 " \
@@ -14516,6 +14523,7 @@ run_test    "Client Handshake defragmentation (36)" \
 
 requires_openssl_tls1_3
 requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Client Handshake defragmentation (32)" \
             "$O_NEXT_SRV -split_send_frag 32 " \
             "$P_CLI debug_level=4 " \
@@ -14525,6 +14533,7 @@ run_test    "Client Handshake defragmentation (32)" \
 
 requires_openssl_tls1_3
 requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Client Handshake defragmentation (16)" \
             "$O_NEXT_SRV -split_send_frag 16 " \
             "$P_CLI debug_level=4 " \
@@ -14534,6 +14543,7 @@ run_test    "Client Handshake defragmentation (16)" \
 
 requires_openssl_tls1_3
 requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Client Handshake defragmentation (13)" \
             "$O_NEXT_SRV -split_send_frag 13 " \
             "$P_CLI debug_level=4 " \
@@ -14543,6 +14553,7 @@ run_test    "Client Handshake defragmentation (13)" \
 
 requires_openssl_tls1_3
 requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Client Handshake defragmentation (5)" \
             "$O_NEXT_SRV -split_send_frag 5 " \
             "$P_CLI debug_level=4 " \
@@ -14570,6 +14581,7 @@ run_test    "Server Handshake defragmentation (513)" \
 
 requires_openssl_tls1_3
 requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Server Handshake defragmentation (256)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
@@ -14579,6 +14591,7 @@ run_test    "Server Handshake defragmentation (256)" \
 
 requires_openssl_tls1_3
 requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Server Handshake defragmentation (128)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
@@ -14588,6 +14601,7 @@ run_test    "Server Handshake defragmentation (128)" \
 
 requires_openssl_tls1_3
 requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Server Handshake defragmentation (64)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
@@ -14597,6 +14611,7 @@ run_test    "Server Handshake defragmentation (64)" \
 
 requires_openssl_tls1_3
 requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Server Handshake defragmentation (36)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
@@ -14606,6 +14621,7 @@ run_test    "Server Handshake defragmentation (36)" \
 
 requires_openssl_tls1_3
 requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Server Handshake defragmentation (32)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
@@ -14615,6 +14631,7 @@ run_test    "Server Handshake defragmentation (32)" \
 
 requires_openssl_tls1_3
 requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Server Handshake defragmentation (16)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
@@ -14624,6 +14641,7 @@ run_test    "Server Handshake defragmentation (16)" \
 
 requires_openssl_tls1_3
 requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Server Handshake defragmentation (13)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
@@ -14633,6 +14651,7 @@ run_test    "Server Handshake defragmentation (13)" \
 
 requires_openssl_tls1_3
 requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Server Handshake defragmentation (5)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \

From c5f1ba3d50510fd7c9bc554fa323460593abb7f9 Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Fri, 31 Jan 2025 14:44:13 +0000
Subject: [PATCH 29/80] Add missing client certificate check in handshake
 defragmentation tests

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
---
 tests/ssl-opt.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 1b3708f70f..b62a7c154e 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14460,6 +14460,7 @@ run_test    "TLS 1.2 ClientHello indicating support for deflate compression meth
 # Handshake defragmentation testing
 
 requires_openssl_tls1_3
+requires_certificate_authentication
 run_test    "Client Handshake defragmentation (512)" \
             "$O_NEXT_SRV -max_send_frag 512 " \
             "$P_CLI debug_level=4 " \
@@ -14468,6 +14469,7 @@ run_test    "Client Handshake defragmentation (512)" \
             -c "handshake fragment: "
 
 requires_openssl_tls1_3
+requires_certificate_authentication
 run_test    "Client Handshake defragmentation (513)" \
             "$O_NEXT_SRV -max_send_frag 513 " \
             "$P_CLI debug_level=4 " \

From afb428e5846c8399a3ee74eff21fa06fc07f897c Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Wed, 5 Feb 2025 15:23:14 +0000
Subject: [PATCH 30/80] ssl-opt: Updated the keywords to look up during
 handshake fragmentation tests.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/ssl-opt.sh | 80 ++++++++++++++++++++++++------------------------
 1 file changed, 40 insertions(+), 40 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index b62a7c154e..372225837b 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14465,8 +14465,8 @@ run_test    "Client Handshake defragmentation (512)" \
             "$O_NEXT_SRV -max_send_frag 512 " \
             "$P_CLI debug_level=4 " \
             0 \
-            -c "<= handshake" \
-            -c "handshake fragment: "
+            -c "reassembled record" \
+            -c "waiting for more fragments (512 [0-9]\\+, [0-9]\\+ left)"
 
 requires_openssl_tls1_3
 requires_certificate_authentication
@@ -14474,8 +14474,8 @@ run_test    "Client Handshake defragmentation (513)" \
             "$O_NEXT_SRV -max_send_frag 513 " \
             "$P_CLI debug_level=4 " \
             0 \
-            -c "<= handshake" \
-            -c "handshake fragment: "
+            -c "reassembled record" \
+            -c "waiting for more fragments (513 [0-9]\\+, [0-9]\\+ left)"
 
 # OpenSSL does not allow max_send_frag to be less than 512
 # so we use split_send_frag instead for tests lower than 512 below.
@@ -14490,8 +14490,8 @@ run_test    "Client Handshake defragmentation (256)" \
             "$O_NEXT_SRV -split_send_frag 256 " \
             "$P_CLI debug_level=4 " \
             0 \
-            -c "<= handshake" \
-            -c "handshake fragment: "
+            -c "reassembled record" \
+            -c "waiting for more fragments (256 of [0-9]\\+, [0-9]\\+ left)"
 
 requires_openssl_tls1_3
 requires_certificate_authentication
@@ -14500,8 +14500,8 @@ run_test    "Client Handshake defragmentation (128)" \
             "$O_NEXT_SRV -split_send_frag 128 " \
             "$P_CLI debug_level=4 " \
             0 \
-            -c "<= handshake" \
-            -c "handshake fragment: "
+            -c "reassembled record" \
+            -c "waiting for more fragments (128 [0-9]\\+, [0-9]\\+ left)"
 
 requires_openssl_tls1_3
 requires_certificate_authentication
@@ -14510,8 +14510,8 @@ run_test    "Client Handshake defragmentation (64)" \
             "$O_NEXT_SRV -split_send_frag 64 " \
             "$P_CLI debug_level=4 " \
             0 \
-            -c "<= handshake" \
-            -c "handshake fragment: "
+            -c "reassembled record" \
+            -c "waiting for more fragments (64 [0-9]\\+, [0-9]\\+ left)"
 
 requires_openssl_tls1_3
 requires_certificate_authentication
@@ -14520,8 +14520,8 @@ run_test    "Client Handshake defragmentation (36)" \
             "$O_NEXT_SRV -split_send_frag 36 " \
             "$P_CLI debug_level=4 " \
             0 \
-            -c "<= handshake" \
-            -c "handshake fragment: "
+            -c "reassembled record" \
+            -c "waiting for more fragments (36 [0-9]\\+, [0-9]\\+ left)"
 
 requires_openssl_tls1_3
 requires_certificate_authentication
@@ -14530,8 +14530,8 @@ run_test    "Client Handshake defragmentation (32)" \
             "$O_NEXT_SRV -split_send_frag 32 " \
             "$P_CLI debug_level=4 " \
             0 \
-            -c "<= handshake" \
-            -c "handshake fragment: "
+            -c "reassembled record" \
+            -c "waiting for more fragments (32 [0-9]\\+, [0-9]\\+ left)"
 
 requires_openssl_tls1_3
 requires_certificate_authentication
@@ -14540,8 +14540,8 @@ run_test    "Client Handshake defragmentation (16)" \
             "$O_NEXT_SRV -split_send_frag 16 " \
             "$P_CLI debug_level=4 " \
             0 \
-            -c "<= handshake" \
-            -c "handshake fragment: "
+            -c "reassembled record" \
+            -c "waiting for more fragments (16 [0-9]\\+, [0-9]\\+ left)"
 
 requires_openssl_tls1_3
 requires_certificate_authentication
@@ -14550,8 +14550,8 @@ run_test    "Client Handshake defragmentation (13)" \
             "$O_NEXT_SRV -split_send_frag 13 " \
             "$P_CLI debug_level=4 " \
             0 \
-            -c "<= handshake" \
-            -c "handshake fragment: "
+            -c "reassembled record" \
+            -c "waiting for more fragments (13 [0-9]\\+, [0-9]\\+ left)"
 
 requires_openssl_tls1_3
 requires_certificate_authentication
@@ -14560,8 +14560,8 @@ run_test    "Client Handshake defragmentation (5)" \
             "$O_NEXT_SRV -split_send_frag 5 " \
             "$P_CLI debug_level=4 " \
             0 \
-            -c "<= handshake" \
-            -c "handshake fragment: "
+            -c "reassembled record" \
+            -c "waiting for more fragments (5 [0-9]\\+, [0-9]\\+ left)"
 
 requires_openssl_tls1_3
 requires_certificate_authentication
@@ -14569,8 +14569,8 @@ run_test    "Server Handshake defragmentation (512)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
-            -s "<= handshake" \
-            -s "handshake fragment: "
+            -s "reassembled record" \
+            -s "waiting for more fragments (512 [0-9]\\+, [0-9]\\+ left)"
 
 requires_openssl_tls1_3
 requires_certificate_authentication
@@ -14578,8 +14578,8 @@ run_test    "Server Handshake defragmentation (513)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
-            -s "<= handshake" \
-            -s "handshake fragment: "
+            -s "reassembled record" \
+            -s "waiting for more fragments (513 [0-9]\\+, [0-9]\\+ left)"
 
 requires_openssl_tls1_3
 requires_certificate_authentication
@@ -14588,8 +14588,8 @@ run_test    "Server Handshake defragmentation (256)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
-            -s "<= handshake" \
-            -s "handshake fragment: "
+            -s "reassembled record" \
+            -s "waiting for more fragments (256 [0-9]\\+, [0-9]\\+ left)"
 
 requires_openssl_tls1_3
 requires_certificate_authentication
@@ -14598,8 +14598,8 @@ run_test    "Server Handshake defragmentation (128)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
-            -s "<= handshake" \
-            -s "handshake fragment: "
+            -s "reassembled record" \
+            -s "waiting for more fragments (128 [0-9]\\+, [0-9]\\+ left)"
 
 requires_openssl_tls1_3
 requires_certificate_authentication
@@ -14608,8 +14608,8 @@ run_test    "Server Handshake defragmentation (64)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
-            -s "<= handshake" \
-            -s "handshake fragment: "
+            -s "reassembled record" \
+            -s "waiting for more fragments (64 [0-9]\\+, [0-9]\\+ left)"
 
 requires_openssl_tls1_3
 requires_certificate_authentication
@@ -14618,8 +14618,8 @@ run_test    "Server Handshake defragmentation (36)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
-            -s "<= handshake" \
-            -s "handshake fragment: "
+            -s "reassembled record" \
+            -s "waiting for more fragments (36 [0-9]\\+, [0-9]\\+ left)"
 
 requires_openssl_tls1_3
 requires_certificate_authentication
@@ -14628,8 +14628,8 @@ run_test    "Server Handshake defragmentation (32)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
-            -s "<= handshake" \
-            -s "handshake fragment: "
+            -s "reassembled record" \
+            -s "waiting for more fragments (32 [0-9]\\+, [0-9]\\+ left)"
 
 requires_openssl_tls1_3
 requires_certificate_authentication
@@ -14638,8 +14638,8 @@ run_test    "Server Handshake defragmentation (16)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
-            -s "<= handshake" \
-            -s "handshake fragment: "
+            -s "reassembled record" \
+            -s "waiting for more fragments (16 [0-9]\\+, [0-9]\\+ left)"
 
 requires_openssl_tls1_3
 requires_certificate_authentication
@@ -14648,8 +14648,8 @@ run_test    "Server Handshake defragmentation (13)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
-            -s "<= handshake" \
-            -s "handshake fragment: "
+            -s "reassembled record" \
+            -s "waiting for more fragments (12 [0-9]\\+, [0-9]\\+ left)"
 
 requires_openssl_tls1_3
 requires_certificate_authentication
@@ -14658,8 +14658,8 @@ run_test    "Server Handshake defragmentation (5)" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
-            -s "<= handshake" \
-            -s "handshake fragment: "
+            -s "reassembled record" \
+            -s "waiting for more fragments (5 [0-9]\\+, [0-9]\\+ left)"
 
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2

From 9886fd17dbdf87f29c6120c70b3f0dccd95b0b8a Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Fri, 7 Feb 2025 14:10:18 +0000
Subject: [PATCH 31/80] ssl-opt: Added requires_openssl_3_x to defragmentation
 tests.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/ssl-opt.sh | 80 ++++++++++++++++++++++++++++++++++++------------
 1 file changed, 60 insertions(+), 20 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 372225837b..a0f2b832c5 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14459,6 +14459,7 @@ run_test    "TLS 1.2 ClientHello indicating support for deflate compression meth
 
 # Handshake defragmentation testing
 
+requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 run_test    "Client Handshake defragmentation (512)" \
@@ -14466,8 +14467,10 @@ run_test    "Client Handshake defragmentation (512)" \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
-            -c "waiting for more fragments (512 [0-9]\\+, [0-9]\\+ left)"
+            -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
+            -c "waiting for more fragments (512 of [0-9]\\+"
 
+requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 run_test    "Client Handshake defragmentation (513)" \
@@ -14475,7 +14478,8 @@ run_test    "Client Handshake defragmentation (513)" \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
-            -c "waiting for more fragments (513 [0-9]\\+, [0-9]\\+ left)"
+            -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
+            -c "waiting for more fragments (513 of [0-9]\\+"
 
 # OpenSSL does not allow max_send_frag to be less than 512
 # so we use split_send_frag instead for tests lower than 512 below.
@@ -14483,6 +14487,7 @@ run_test    "Client Handshake defragmentation (513)" \
 # There is an issue with OpenSSL when fragmenting with values less
 # than 512 bytes in TLS 1.2 so we require TLS 1.3 with these values.
 
+requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -14491,8 +14496,10 @@ run_test    "Client Handshake defragmentation (256)" \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
-            -c "waiting for more fragments (256 of [0-9]\\+, [0-9]\\+ left)"
+            -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
+            -c "waiting for more fragments (256 of [0-9]\\+"
 
+requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -14501,8 +14508,10 @@ run_test    "Client Handshake defragmentation (128)" \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
-            -c "waiting for more fragments (128 [0-9]\\+, [0-9]\\+ left)"
+            -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
+            -c "waiting for more fragments (128"
 
+requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -14511,8 +14520,10 @@ run_test    "Client Handshake defragmentation (64)" \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
-            -c "waiting for more fragments (64 [0-9]\\+, [0-9]\\+ left)"
+            -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
+            -c "waiting for more fragments (64"
 
+requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -14521,8 +14532,10 @@ run_test    "Client Handshake defragmentation (36)" \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
-            -c "waiting for more fragments (36 [0-9]\\+, [0-9]\\+ left)"
+            -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
+            -c "waiting for more fragments (36"
 
+requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -14531,8 +14544,10 @@ run_test    "Client Handshake defragmentation (32)" \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
-            -c "waiting for more fragments (32 [0-9]\\+, [0-9]\\+ left)"
+            -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
+            -c "waiting for more fragments (32"
 
+requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -14541,8 +14556,10 @@ run_test    "Client Handshake defragmentation (16)" \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
-            -c "waiting for more fragments (16 [0-9]\\+, [0-9]\\+ left)"
+            -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
+            -c "waiting for more fragments (16"
 
+requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -14551,8 +14568,10 @@ run_test    "Client Handshake defragmentation (13)" \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
-            -c "waiting for more fragments (13 [0-9]\\+, [0-9]\\+ left)"
+            -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
+            -c "waiting for more fragments (13"
 
+requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -14561,8 +14580,10 @@ run_test    "Client Handshake defragmentation (5)" \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
-            -c "waiting for more fragments (5 [0-9]\\+, [0-9]\\+ left)"
+            -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
+            -c "waiting for more fragments (5"
 
+requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 run_test    "Server Handshake defragmentation (512)" \
@@ -14570,8 +14591,10 @@ run_test    "Server Handshake defragmentation (512)" \
             "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
-            -s "waiting for more fragments (512 [0-9]\\+, [0-9]\\+ left)"
+            -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
+            -s "waiting for more fragments (512"
 
+requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 run_test    "Server Handshake defragmentation (513)" \
@@ -14579,8 +14602,10 @@ run_test    "Server Handshake defragmentation (513)" \
             "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
-            -s "waiting for more fragments (513 [0-9]\\+, [0-9]\\+ left)"
+            -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
+            -s "waiting for more fragments (513"
 
+requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -14589,8 +14614,10 @@ run_test    "Server Handshake defragmentation (256)" \
             "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
-            -s "waiting for more fragments (256 [0-9]\\+, [0-9]\\+ left)"
+            -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
+            -s "waiting for more fragments (256"
 
+requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -14599,8 +14626,10 @@ run_test    "Server Handshake defragmentation (128)" \
             "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
-            -s "waiting for more fragments (128 [0-9]\\+, [0-9]\\+ left)"
+            -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
+            -s "waiting for more fragments (128"
 
+requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -14609,8 +14638,10 @@ run_test    "Server Handshake defragmentation (64)" \
             "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
-            -s "waiting for more fragments (64 [0-9]\\+, [0-9]\\+ left)"
+            -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
+            -s "waiting for more fragments (64"
 
+requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -14619,8 +14650,10 @@ run_test    "Server Handshake defragmentation (36)" \
             "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
-            -s "waiting for more fragments (36 [0-9]\\+, [0-9]\\+ left)"
+            -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
+            -s "waiting for more fragments (36"
 
+requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -14629,8 +14662,10 @@ run_test    "Server Handshake defragmentation (32)" \
             "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
-            -s "waiting for more fragments (32 [0-9]\\+, [0-9]\\+ left)"
+            -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
+            -s "waiting for more fragments (32"
 
+requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -14639,8 +14674,10 @@ run_test    "Server Handshake defragmentation (16)" \
             "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
-            -s "waiting for more fragments (16 [0-9]\\+, [0-9]\\+ left)"
+            -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
+            -s "waiting for more fragments (16"
 
+requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -14649,8 +14686,10 @@ run_test    "Server Handshake defragmentation (13)" \
             "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
-            -s "waiting for more fragments (12 [0-9]\\+, [0-9]\\+ left)"
+            -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
+            -s "waiting for more fragments (13"
 
+requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -14659,7 +14698,8 @@ run_test    "Server Handshake defragmentation (5)" \
             "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
-            -s "waiting for more fragments (5 [0-9]\\+, [0-9]\\+ left)"
+            -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
+            -s "waiting for more fragments (5"
 
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2

From 502da02817ed3cfffbaafd1d677c0f3463368fca Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Fri, 7 Feb 2025 17:06:18 +0000
Subject: [PATCH 32/80] ssl-opt: Adjusted the wording on handshake
 fragmentation tests.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/ssl-opt.sh | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index a0f2b832c5..707db889a4 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14462,7 +14462,7 @@ run_test    "TLS 1.2 ClientHello indicating support for deflate compression meth
 requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
-run_test    "Client Handshake defragmentation (512)" \
+run_test    "Handshake defragmentation on client: len=512, TLS 1.3" \
             "$O_NEXT_SRV -max_send_frag 512 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14473,7 +14473,7 @@ run_test    "Client Handshake defragmentation (512)" \
 requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
-run_test    "Client Handshake defragmentation (513)" \
+run_test    "Handshake defragmentation on client: len=513, TLS 1.3" \
             "$O_NEXT_SRV -max_send_frag 513 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14491,7 +14491,7 @@ requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test    "Client Handshake defragmentation (256)" \
+run_test    "Handshake defragmentation on client: len=256, TLS 1.3" \
             "$O_NEXT_SRV -split_send_frag 256 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14503,7 +14503,7 @@ requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test    "Client Handshake defragmentation (128)" \
+run_test    "Handshake defragmentation on client: len=128, TLS 1.3" \
             "$O_NEXT_SRV -split_send_frag 128 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14515,7 +14515,7 @@ requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test    "Client Handshake defragmentation (64)" \
+run_test    "Handshake defragmentation on client: len=64, TLS 1.3" \
             "$O_NEXT_SRV -split_send_frag 64 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14527,7 +14527,7 @@ requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test    "Client Handshake defragmentation (36)" \
+run_test    "Handshake defragmentation on client: len=36, TLS 1.3" \
             "$O_NEXT_SRV -split_send_frag 36 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14539,7 +14539,7 @@ requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test    "Client Handshake defragmentation (32)" \
+run_test    "Handshake defragmentation on client: len=32, TLS 1.3" \
             "$O_NEXT_SRV -split_send_frag 32 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14551,7 +14551,7 @@ requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test    "Client Handshake defragmentation (16)" \
+run_test    "Handshake defragmentation on client: len=14, TLS 1.3" \
             "$O_NEXT_SRV -split_send_frag 16 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14563,7 +14563,7 @@ requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test    "Client Handshake defragmentation (13)" \
+run_test    "Handshake defragmentation on client: len=13, TLS 1.3" \
             "$O_NEXT_SRV -split_send_frag 13 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14575,7 +14575,7 @@ requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test    "Client Handshake defragmentation (5)" \
+run_test    "Handshake defragmentation on client: len=5, TLS 1.3" \
             "$O_NEXT_SRV -split_send_frag 5 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14586,7 +14586,7 @@ run_test    "Client Handshake defragmentation (5)" \
 requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
-run_test    "Server Handshake defragmentation (512)" \
+run_test    "Handshake defragmentation on server: len=512, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14597,7 +14597,7 @@ run_test    "Server Handshake defragmentation (512)" \
 requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
-run_test    "Server Handshake defragmentation (513)" \
+run_test    "Handshake defragmentation on server: len=513, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14609,7 +14609,7 @@ requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test    "Server Handshake defragmentation (256)" \
+run_test    "Handshake defragmentation on server: len=256, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14621,7 +14621,7 @@ requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test    "Server Handshake defragmentation (128)" \
+run_test    "Handshake defragmentation on server: len=128, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14633,7 +14633,7 @@ requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test    "Server Handshake defragmentation (64)" \
+run_test    "Handshake defragmentation on server: len=64, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14645,7 +14645,7 @@ requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test    "Server Handshake defragmentation (36)" \
+run_test    "Handshake defragmentation on server: len=36, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14657,7 +14657,7 @@ requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test    "Server Handshake defragmentation (32)" \
+run_test    "Handshake defragmentation on server: len=32, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14669,7 +14669,7 @@ requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test    "Server Handshake defragmentation (16)" \
+run_test    "Handshake defragmentation on server: len=16, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14681,7 +14681,7 @@ requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test    "Server Handshake defragmentation (13)" \
+run_test    "Handshake defragmentation on server: len=13, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14693,7 +14693,7 @@ requires_openssl_3_x
 requires_openssl_tls1_3
 requires_certificate_authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test    "Server Handshake defragmentation (5)" \
+run_test    "Handshake defragmentation on server: len=5, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \

From 1d47cebde109c6fe13fc5e27f6029290bd625a5d Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Sat, 8 Feb 2025 23:31:43 +0000
Subject: [PATCH 33/80] ssl-opt: Dependency resolving set to use to
 requires_protocol_version HS deframentation tests.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/ssl-opt.sh | 96 ++++++++++++++++++++----------------------------
 1 file changed, 40 insertions(+), 56 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 707db889a4..1de5776ecb 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14460,10 +14460,10 @@ run_test    "TLS 1.2 ClientHello indicating support for deflate compression meth
 # Handshake defragmentation testing
 
 requires_openssl_3_x
-requires_openssl_tls1_3
+requires_protocol_version tls13
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=512, TLS 1.3" \
-            "$O_NEXT_SRV -max_send_frag 512 " \
+            "$O_NEXT_SRV -tls1_3 -max_send_frag 512 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
@@ -14471,10 +14471,10 @@ run_test    "Handshake defragmentation on client: len=512, TLS 1.3" \
             -c "waiting for more fragments (512 of [0-9]\\+"
 
 requires_openssl_3_x
-requires_openssl_tls1_3
+requires_protocol_version tls13
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=513, TLS 1.3" \
-            "$O_NEXT_SRV -max_send_frag 513 " \
+            "$O_NEXT_SRV -tls1_3 -max_send_frag 513 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
@@ -14488,11 +14488,10 @@ run_test    "Handshake defragmentation on client: len=513, TLS 1.3" \
 # than 512 bytes in TLS 1.2 so we require TLS 1.3 with these values.
 
 requires_openssl_3_x
-requires_openssl_tls1_3
+requires_protocol_version tls13
 requires_certificate_authentication
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Handshake defragmentation on client: len=256, TLS 1.3" \
-            "$O_NEXT_SRV -split_send_frag 256 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
@@ -14500,11 +14499,10 @@ run_test    "Handshake defragmentation on client: len=256, TLS 1.3" \
             -c "waiting for more fragments (256 of [0-9]\\+"
 
 requires_openssl_3_x
-requires_openssl_tls1_3
+requires_protocol_version tls13
 requires_certificate_authentication
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Handshake defragmentation on client: len=128, TLS 1.3" \
-            "$O_NEXT_SRV -split_send_frag 128 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
@@ -14512,11 +14510,10 @@ run_test    "Handshake defragmentation on client: len=128, TLS 1.3" \
             -c "waiting for more fragments (128"
 
 requires_openssl_3_x
-requires_openssl_tls1_3
+requires_protocol_version tls13
 requires_certificate_authentication
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Handshake defragmentation on client: len=64, TLS 1.3" \
-            "$O_NEXT_SRV -split_send_frag 64 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
@@ -14524,11 +14521,10 @@ run_test    "Handshake defragmentation on client: len=64, TLS 1.3" \
             -c "waiting for more fragments (64"
 
 requires_openssl_3_x
-requires_openssl_tls1_3
+requires_protocol_version tls13
 requires_certificate_authentication
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Handshake defragmentation on client: len=36, TLS 1.3" \
-            "$O_NEXT_SRV -split_send_frag 36 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
@@ -14536,11 +14532,10 @@ run_test    "Handshake defragmentation on client: len=36, TLS 1.3" \
             -c "waiting for more fragments (36"
 
 requires_openssl_3_x
-requires_openssl_tls1_3
+requires_protocol_version tls13
 requires_certificate_authentication
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Handshake defragmentation on client: len=32, TLS 1.3" \
-            "$O_NEXT_SRV -split_send_frag 32 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
@@ -14548,11 +14543,10 @@ run_test    "Handshake defragmentation on client: len=32, TLS 1.3" \
             -c "waiting for more fragments (32"
 
 requires_openssl_3_x
-requires_openssl_tls1_3
+requires_protocol_version tls13
 requires_certificate_authentication
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Handshake defragmentation on client: len=14, TLS 1.3" \
-            "$O_NEXT_SRV -split_send_frag 16 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
@@ -14560,11 +14554,10 @@ run_test    "Handshake defragmentation on client: len=14, TLS 1.3" \
             -c "waiting for more fragments (16"
 
 requires_openssl_3_x
-requires_openssl_tls1_3
+requires_protocol_version tls13
 requires_certificate_authentication
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Handshake defragmentation on client: len=13, TLS 1.3" \
-            "$O_NEXT_SRV -split_send_frag 13 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
@@ -14572,11 +14565,10 @@ run_test    "Handshake defragmentation on client: len=13, TLS 1.3" \
             -c "waiting for more fragments (13"
 
 requires_openssl_3_x
-requires_openssl_tls1_3
+requires_protocol_version tls13
 requires_certificate_authentication
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Handshake defragmentation on client: len=5, TLS 1.3" \
-            "$O_NEXT_SRV -split_send_frag 5 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
@@ -14584,118 +14576,110 @@ run_test    "Handshake defragmentation on client: len=5, TLS 1.3" \
             -c "waiting for more fragments (5"
 
 requires_openssl_3_x
-requires_openssl_tls1_3
+requires_protocol_version tls13
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=512, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -tls1_3 -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
             -s "waiting for more fragments (512"
 
 requires_openssl_3_x
-requires_openssl_tls1_3
+requires_protocol_version tls13
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=513, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -tls1_3 -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
             -s "waiting for more fragments (513"
 
 requires_openssl_3_x
-requires_openssl_tls1_3
+requires_protocol_version tls13
 requires_certificate_authentication
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Handshake defragmentation on server: len=256, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
             -s "waiting for more fragments (256"
 
 requires_openssl_3_x
-requires_openssl_tls1_3
+requires_protocol_version tls13
 requires_certificate_authentication
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Handshake defragmentation on server: len=128, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
             -s "waiting for more fragments (128"
 
 requires_openssl_3_x
-requires_openssl_tls1_3
+requires_protocol_version tls13
 requires_certificate_authentication
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Handshake defragmentation on server: len=64, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
             -s "waiting for more fragments (64"
 
 requires_openssl_3_x
-requires_openssl_tls1_3
+requires_protocol_version tls13
 requires_certificate_authentication
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Handshake defragmentation on server: len=36, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
             -s "waiting for more fragments (36"
 
 requires_openssl_3_x
-requires_openssl_tls1_3
+requires_protocol_version tls13
 requires_certificate_authentication
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Handshake defragmentation on server: len=32, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
             -s "waiting for more fragments (32"
 
 requires_openssl_3_x
-requires_openssl_tls1_3
+requires_protocol_version tls13
 requires_certificate_authentication
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Handshake defragmentation on server: len=16, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
             -s "waiting for more fragments (16"
 
 requires_openssl_3_x
-requires_openssl_tls1_3
+requires_protocol_version tls13
 requires_certificate_authentication
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Handshake defragmentation on server: len=13, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
             -s "waiting for more fragments (13"
 
 requires_openssl_3_x
-requires_openssl_tls1_3
+requires_protocol_version tls13
 requires_certificate_authentication
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 run_test    "Handshake defragmentation on server: len=5, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \

From 48aa2deb0bc93737d3dd3fbefa7df059b76ca336 Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Sun, 9 Feb 2025 23:37:34 +0000
Subject: [PATCH 34/80] ssl-opt: Added tls 1.2 tests for HS defragmentation.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/ssl-opt.sh | 221 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 221 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 1de5776ecb..f460ccebf1 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14470,6 +14470,17 @@ run_test    "Handshake defragmentation on client: len=512, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
             -c "waiting for more fragments (512 of [0-9]\\+"
 
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=512, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -max_send_frag 512 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
+            -c "waiting for more fragments (512 of [0-9]\\+"
+
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14481,6 +14492,17 @@ run_test    "Handshake defragmentation on client: len=513, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
             -c "waiting for more fragments (513 of [0-9]\\+"
 
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=513, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -max_send_frag 513 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
+            -c "waiting for more fragments (513 of [0-9]\\+"
+
 # OpenSSL does not allow max_send_frag to be less than 512
 # so we use split_send_frag instead for tests lower than 512 below.
 
@@ -14498,6 +14520,17 @@ run_test    "Handshake defragmentation on client: len=256, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
             -c "waiting for more fragments (256 of [0-9]\\+"
 
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=256, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
+            -c "waiting for more fragments (256 of [0-9]\\+"
+
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14509,6 +14542,17 @@ run_test    "Handshake defragmentation on client: len=128, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
             -c "waiting for more fragments (128"
 
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=128, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
+            -c "waiting for more fragments (128"
+
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14520,6 +14564,17 @@ run_test    "Handshake defragmentation on client: len=64, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
             -c "waiting for more fragments (64"
 
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=64, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
+            -c "waiting for more fragments (64"
+
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14531,6 +14586,17 @@ run_test    "Handshake defragmentation on client: len=36, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
             -c "waiting for more fragments (36"
 
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=36, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
+            -c "waiting for more fragments (36"
+
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14542,6 +14608,17 @@ run_test    "Handshake defragmentation on client: len=32, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
             -c "waiting for more fragments (32"
 
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=32, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
+            -c "waiting for more fragments (32"
+
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14553,6 +14630,17 @@ run_test    "Handshake defragmentation on client: len=14, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
             -c "waiting for more fragments (16"
 
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=14, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
+            -c "waiting for more fragments (16"
+
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14564,6 +14652,17 @@ run_test    "Handshake defragmentation on client: len=13, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
             -c "waiting for more fragments (13"
 
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=13, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
+            -c "waiting for more fragments (13"
+
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14575,6 +14674,17 @@ run_test    "Handshake defragmentation on client: len=5, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
             -c "waiting for more fragments (5"
 
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=5, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
+            -c "waiting for more fragments (5"
+
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14586,6 +14696,17 @@ run_test    "Handshake defragmentation on server: len=512, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
             -s "waiting for more fragments (512"
 
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=512, TLS 1.2" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
+            -s "waiting for more fragments (512"
+
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14597,6 +14718,17 @@ run_test    "Handshake defragmentation on server: len=513, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
             -s "waiting for more fragments (513"
 
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=513, TLS 1.2" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
+            -s "waiting for more fragments (513"
+
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14608,6 +14740,18 @@ run_test    "Handshake defragmentation on server: len=256, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
             -s "waiting for more fragments (256"
 
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=256, TLS 1.2" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
+            -s "waiting for more fragments (256"
+
+
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14619,6 +14763,17 @@ run_test    "Handshake defragmentation on server: len=128, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
             -s "waiting for more fragments (128"
 
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=128, TLS 1.2" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
+            -s "waiting for more fragments (128"
+
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14630,6 +14785,17 @@ run_test    "Handshake defragmentation on server: len=64, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
             -s "waiting for more fragments (64"
 
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=64, TLS 1.2" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
+            -s "waiting for more fragments (64"
+
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14641,6 +14807,17 @@ run_test    "Handshake defragmentation on server: len=36, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
             -s "waiting for more fragments (36"
 
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=36, TLS 1.2" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
+            -s "waiting for more fragments (36"
+
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14652,6 +14829,17 @@ run_test    "Handshake defragmentation on server: len=32, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
             -s "waiting for more fragments (32"
 
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=32, TLS 1.2" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
+            -s "waiting for more fragments (32"
+
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14663,6 +14851,17 @@ run_test    "Handshake defragmentation on server: len=16, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
             -s "waiting for more fragments (16"
 
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=16, TLS 1.2" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
+            -s "waiting for more fragments (16"
+
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14674,6 +14873,17 @@ run_test    "Handshake defragmentation on server: len=13, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
             -s "waiting for more fragments (13"
 
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=13, TLS 1.2" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
+            -s "waiting for more fragments (13"
+
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14685,6 +14895,17 @@ run_test    "Handshake defragmentation on server: len=5, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
             -s "waiting for more fragments (5"
 
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=5, TLS 1.2" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
+            -s "waiting for more fragments (5"
+
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_MEMORY_DEBUG

From 871469a1066ac761f108a8d4da451f97506901e0 Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Tue, 18 Feb 2025 17:21:22 +0000
Subject: [PATCH 35/80] ssl-opt: Added negative-assertion testing, (HS
 Fragmentation disabled)

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/ssl-opt.sh | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index f460ccebf1..7e6f6ed0d7 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14458,6 +14458,15 @@ run_test    "TLS 1.2 ClientHello indicating support for deflate compression meth
             -s "dumping .client hello, compression. (2 bytes)"
 
 # Handshake defragmentation testing
+requires_openssl_3_x
+requires_protocol_version tls13
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client (no fragmentation, for reference)" \
+            "$O_NEXT_SRV" \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -C "reassembled record" \
+            -C "waiting for more fragments"
 
 requires_openssl_3_x
 requires_protocol_version tls13
@@ -14685,6 +14694,16 @@ run_test    "Handshake defragmentation on client: len=5, TLS 1.2" \
             -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
             -c "waiting for more fragments (5"
 
+requires_openssl_3_x
+requires_protocol_version tls13
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server (no fragmentation, for reference)." \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -C "reassembled record" \
+            -C "waiting for more fragments"
+
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication

From 03ae3523400425ef669f6bc96ea7dc9f614adc39 Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Tue, 18 Feb 2025 17:33:22 +0000
Subject: [PATCH 36/80] ssl-opt: Added handshake fragmentation tests for 4 byte
 fragments.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/ssl-opt.sh | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 7e6f6ed0d7..016617be02 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14694,7 +14694,6 @@ run_test    "Handshake defragmentation on client: len=5, TLS 1.2" \
             -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
             -c "waiting for more fragments (5"
 
-requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server (no fragmentation, for reference)." \
@@ -14925,6 +14924,28 @@ run_test    "Handshake defragmentation on server: len=5, TLS 1.2" \
             -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
             -s "waiting for more fragments (5"
 
+requires_protocol_version tls13
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=4, TLS 1.3" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
+            -s "waiting for more fragments (4"
+
+requires_openssl_3_x
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=4, TLS 1.2" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
+            -s "waiting for more fragments (4"
+
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_MEMORY_DEBUG

From 79693bf48ae4ababb45b7202b6adb8124083f4c8 Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Tue, 18 Feb 2025 17:41:18 +0000
Subject: [PATCH 37/80] ssl-opt: Added negative tests for handshake
 fragmentation.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/ssl-opt.sh | 56 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 016617be02..f2a502278f 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14694,6 +14694,27 @@ run_test    "Handshake defragmentation on client: len=5, TLS 1.2" \
             -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
             -c "waiting for more fragments (5"
 
+requires_openssl_3_x
+requires_protocol_version tls13
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=3, TLS 1.3" \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \
+            "$P_CLI debug_level=4 " \
+            1 \
+            -c "=> ssl_tls13_process_server_hello" \
+            -c "handshake message too short: 3" \
+            -c "SSL - An invalid SSL record was received"
+
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=3, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \
+            "$P_CLI debug_level=4 " \
+            1 \
+            -c "handshake message too short: 3" \
+            -c "SSL - An invalid SSL record was received"
+
 requires_protocol_version tls13
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server (no fragmentation, for reference)." \
@@ -14946,6 +14967,41 @@ run_test    "Handshake defragmentation on server: len=4, TLS 1.2" \
             -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
             -s "waiting for more fragments (4"
 
+requires_openssl_3_x
+requires_protocol_version tls13
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=3, TLS 1.3" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            1 \
+            -s "<= parse client hello" \
+            -s "handshake message too short: 3" \
+            -s "SSL - An invalid SSL record was received"
+
+requires_openssl_3_x
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=3, TLS 1.3" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            1 \
+            -s "<= parse client hello" \
+            -s "handshake message too short: 3" \
+            -s "SSL - An invalid SSL record was received"
+
+requires_openssl_3_x
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=32, TLS 1.2" \
+            "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            1 \
+            -s "The SSL configuration is tls12 only" \
+            -s "bad client hello message" \
+            -s "SSL - A message could not be parsed due to a syntactic error"
+
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_MEMORY_DEBUG

From e6dbf495b1512a5d26999ebc5af791f9032f8331 Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Tue, 18 Feb 2025 17:28:27 +0000
Subject: [PATCH 38/80] ssl-opt: Updated documentation.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/ssl-opt.sh | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index f2a502278f..8f072881c1 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14458,6 +14458,11 @@ run_test    "TLS 1.2 ClientHello indicating support for deflate compression meth
             -s "dumping .client hello, compression. (2 bytes)"
 
 # Handshake defragmentation testing
+
+# To warrant that the handhake messages are large enough and need to be split
+# into fragments, the tests require certificate authentication. The party in control
+# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes)
+# either from O_NEXT_SRV or test data.
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14512,12 +14517,6 @@ run_test    "Handshake defragmentation on client: len=513, TLS 1.2" \
             -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
             -c "waiting for more fragments (513 of [0-9]\\+"
 
-# OpenSSL does not allow max_send_frag to be less than 512
-# so we use split_send_frag instead for tests lower than 512 below.
-
-# There is an issue with OpenSSL when fragmenting with values less
-# than 512 bytes in TLS 1.2 so we require TLS 1.3 with these values.
-
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14978,11 +14977,13 @@ run_test    "Handshake defragmentation on server: len=3, TLS 1.3" \
             -s "handshake message too short: 3" \
             -s "SSL - An invalid SSL record was received"
 
+# Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing
+# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello.
 requires_openssl_3_x
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=3, TLS 1.3" \
+run_test    "Handshake defragmentation on server: len=3, TLS 1.3 -> 1.2" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             1 \

From 2622aea5378657b8c63c13784a7e1e26370a2423 Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Wed, 19 Feb 2025 11:37:39 +0000
Subject: [PATCH 39/80] ChangeLog: Updated the entry for tls-hs-defragmentation

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 ChangeLog.d/tls-hs-defrag-in.txt | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt
index 55103c9a42..4fd4a4e372 100644
--- a/ChangeLog.d/tls-hs-defrag-in.txt
+++ b/ChangeLog.d/tls-hs-defrag-in.txt
@@ -3,3 +3,10 @@ Bugfix
      by the spec. Lack of support was causing handshake failures with some
      servers, especially with TLS 1.3 in practice (though both protocol
      version could be affected in principle, and both are fixed now).
+     The initial fragment for each handshake message must be at least 4 bytes.
+
+     Server-side, defragmentation of the ClientHello message is only
+     supported if the server accepts TLS 1.3 (regardless of whether the
+     ClientHello is 1.3 or 1.2). That is, servers configured (either
+     at compile time or at runtime) to only accept TLS 1.2 will
+     still fail the handshake if the ClientHello message is fragmented.

From ee8e7c3fb3d6654a7ff88f6969c8ba1a5722d2cf Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Thu, 20 Feb 2025 20:27:51 +0000
Subject: [PATCH 40/80] ssl-opt: Added coverage for hs defragmentation TLS 1.2
 tests.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/ssl-opt.sh | 57 ++++++++++++++++++++++++++++++++++++------------
 1 file changed, 43 insertions(+), 14 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 8f072881c1..8e5f5e8ad2 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14630,7 +14630,7 @@ run_test    "Handshake defragmentation on client: len=32, TLS 1.2" \
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=14, TLS 1.3" \
+run_test    "Handshake defragmentation on client: len=16, TLS 1.3" \
             "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14641,7 +14641,7 @@ run_test    "Handshake defragmentation on client: len=14, TLS 1.3" \
 requires_openssl_3_x
 requires_protocol_version tls12
 requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=14, TLS 1.2" \
+run_test    "Handshake defragmentation on client: len=16, TLS 1.2" \
             "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \
             "$P_CLI debug_level=4 " \
             0 \
@@ -14693,6 +14693,28 @@ run_test    "Handshake defragmentation on client: len=5, TLS 1.2" \
             -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
             -c "waiting for more fragments (5"
 
+requires_openssl_3_x
+requires_protocol_version tls13
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=4, TLS 1.3" \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
+            -c "waiting for more fragments (4"
+
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=4, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
+            -c "waiting for more fragments (4"
+
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14783,13 +14805,12 @@ requires_protocol_version tls12
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=256, TLS 1.2" \
             "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
             -s "waiting for more fragments (256"
 
-
 requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
@@ -14801,8 +14822,11 @@ run_test    "Handshake defragmentation on server: len=128, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
             -s "waiting for more fragments (128"
 
+# Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing
+# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello.
 requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=128, TLS 1.2" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14824,7 +14848,8 @@ run_test    "Handshake defragmentation on server: len=64, TLS 1.3" \
             -s "waiting for more fragments (64"
 
 requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=64, TLS 1.2" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14846,7 +14871,8 @@ run_test    "Handshake defragmentation on server: len=36, TLS 1.3" \
             -s "waiting for more fragments (36"
 
 requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=36, TLS 1.2" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14868,7 +14894,8 @@ run_test    "Handshake defragmentation on server: len=32, TLS 1.3" \
             -s "waiting for more fragments (32"
 
 requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=32, TLS 1.2" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14890,7 +14917,8 @@ run_test    "Handshake defragmentation on server: len=16, TLS 1.3" \
             -s "waiting for more fragments (16"
 
 requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=16, TLS 1.2" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14912,7 +14940,8 @@ run_test    "Handshake defragmentation on server: len=13, TLS 1.3" \
             -s "waiting for more fragments (13"
 
 requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=13, TLS 1.2" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14934,7 +14963,8 @@ run_test    "Handshake defragmentation on server: len=5, TLS 1.3" \
             -s "waiting for more fragments (5"
 
 requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=5, TLS 1.2" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14944,6 +14974,7 @@ run_test    "Handshake defragmentation on server: len=5, TLS 1.2" \
             -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
             -s "waiting for more fragments (5"
 
+requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=4, TLS 1.3" \
@@ -14977,8 +15008,6 @@ run_test    "Handshake defragmentation on server: len=3, TLS 1.3" \
             -s "handshake message too short: 3" \
             -s "SSL - An invalid SSL record was received"
 
-# Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing
-# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello.
 requires_openssl_3_x
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -14995,7 +15024,7 @@ requires_openssl_3_x
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=32, TLS 1.2" \
+run_test    "Handshake defragmentation on server: len=32, TLS 1.2 -> 1.2" \
             "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             1 \

From 4335125664eb936782a20ae6509aa3b92c83e2cd Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Thu, 20 Feb 2025 23:24:34 +0000
Subject: [PATCH 41/80] ssl-opt: Replaced max_send_frag with split_send_frag

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/ssl-opt.sh | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 8e5f5e8ad2..7141890896 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14477,7 +14477,7 @@ requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=512, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -max_send_frag 512 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
@@ -14488,7 +14488,7 @@ requires_openssl_3_x
 requires_protocol_version tls12
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=512, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -max_send_frag 512 " \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
@@ -14499,7 +14499,7 @@ requires_openssl_3_x
 requires_protocol_version tls13
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=513, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -max_send_frag 513 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
@@ -14510,7 +14510,7 @@ requires_openssl_3_x
 requires_protocol_version tls12
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=513, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -max_send_frag 513 " \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \
             "$P_CLI debug_level=4 " \
             0 \
             -c "reassembled record" \
@@ -14750,7 +14750,7 @@ requires_protocol_version tls13
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=512, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
@@ -14761,7 +14761,7 @@ requires_protocol_version tls12
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=512, TLS 1.2" \
             "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
@@ -14772,7 +14772,7 @@ requires_protocol_version tls13
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=513, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
@@ -14783,7 +14783,7 @@ requires_protocol_version tls12
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=513, TLS 1.2" \
             "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \

From 065b89c7ad10fd1c23d4589d68568d035d5e8c57 Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Mon, 24 Feb 2025 09:27:09 +0000
Subject: [PATCH 42/80] ssl-opt.sh: Disabled HS Defrag Tests for TLS1.2 where
 len < 16

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/ssl-opt.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 7141890896..dea598a041 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14660,6 +14660,7 @@ run_test    "Handshake defragmentation on client: len=13, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
             -c "waiting for more fragments (13"
 
+skip_next_test
 requires_openssl_3_x
 requires_protocol_version tls12
 requires_certificate_authentication
@@ -14682,6 +14683,7 @@ run_test    "Handshake defragmentation on client: len=5, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
             -c "waiting for more fragments (5"
 
+skip_next_test
 requires_openssl_3_x
 requires_protocol_version tls12
 requires_certificate_authentication
@@ -14704,6 +14706,7 @@ run_test    "Handshake defragmentation on client: len=4, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
             -c "waiting for more fragments (4"
 
+skip_next_test
 requires_openssl_3_x
 requires_protocol_version tls12
 requires_certificate_authentication

From bb1bd8bf9e5e8164257006cd224a0ae0ac5eda2b Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Mon, 24 Feb 2025 23:43:07 +0000
Subject: [PATCH 43/80] ssl-opt: Removed redundant dependencies:
 requires_openssl_3_x

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/ssl-opt.sh | 132 +++++++++++++++--------------------------------
 1 file changed, 41 insertions(+), 91 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index dea598a041..d82ad60469 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14463,8 +14463,7 @@ run_test    "TLS 1.2 ClientHello indicating support for deflate compression meth
 # into fragments, the tests require certificate authentication. The party in control
 # of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes)
 # either from O_NEXT_SRV or test data.
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client (no fragmentation, for reference)" \
             "$O_NEXT_SRV" \
@@ -14473,8 +14472,7 @@ run_test    "Handshake defragmentation on client (no fragmentation, for referenc
             -C "reassembled record" \
             -C "waiting for more fragments"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=512, TLS 1.3" \
             "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \
@@ -14484,8 +14482,7 @@ run_test    "Handshake defragmentation on client: len=512, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
             -c "waiting for more fragments (512 of [0-9]\\+"
 
-requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=512, TLS 1.2" \
             "$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \
@@ -14495,8 +14492,7 @@ run_test    "Handshake defragmentation on client: len=512, TLS 1.2" \
             -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
             -c "waiting for more fragments (512 of [0-9]\\+"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=513, TLS 1.3" \
             "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \
@@ -14506,8 +14502,7 @@ run_test    "Handshake defragmentation on client: len=513, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
             -c "waiting for more fragments (513 of [0-9]\\+"
 
-requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=513, TLS 1.2" \
             "$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \
@@ -14517,8 +14512,7 @@ run_test    "Handshake defragmentation on client: len=513, TLS 1.2" \
             -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
             -c "waiting for more fragments (513 of [0-9]\\+"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=256, TLS 1.3" \
             "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \
@@ -14528,8 +14522,7 @@ run_test    "Handshake defragmentation on client: len=256, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
             -c "waiting for more fragments (256 of [0-9]\\+"
 
-requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=256, TLS 1.2" \
             "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \
@@ -14539,8 +14532,7 @@ run_test    "Handshake defragmentation on client: len=256, TLS 1.2" \
             -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
             -c "waiting for more fragments (256 of [0-9]\\+"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=128, TLS 1.3" \
             "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \
@@ -14550,8 +14542,7 @@ run_test    "Handshake defragmentation on client: len=128, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
             -c "waiting for more fragments (128"
 
-requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=128, TLS 1.2" \
             "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \
@@ -14561,8 +14552,7 @@ run_test    "Handshake defragmentation on client: len=128, TLS 1.2" \
             -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
             -c "waiting for more fragments (128"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=64, TLS 1.3" \
             "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \
@@ -14572,8 +14562,7 @@ run_test    "Handshake defragmentation on client: len=64, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
             -c "waiting for more fragments (64"
 
-requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=64, TLS 1.2" \
             "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \
@@ -14583,8 +14572,7 @@ run_test    "Handshake defragmentation on client: len=64, TLS 1.2" \
             -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
             -c "waiting for more fragments (64"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=36, TLS 1.3" \
             "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \
@@ -14594,8 +14582,7 @@ run_test    "Handshake defragmentation on client: len=36, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
             -c "waiting for more fragments (36"
 
-requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=36, TLS 1.2" \
             "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \
@@ -14605,8 +14592,7 @@ run_test    "Handshake defragmentation on client: len=36, TLS 1.2" \
             -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
             -c "waiting for more fragments (36"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=32, TLS 1.3" \
             "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \
@@ -14616,8 +14602,7 @@ run_test    "Handshake defragmentation on client: len=32, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
             -c "waiting for more fragments (32"
 
-requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=32, TLS 1.2" \
             "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \
@@ -14627,8 +14612,7 @@ run_test    "Handshake defragmentation on client: len=32, TLS 1.2" \
             -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
             -c "waiting for more fragments (32"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=16, TLS 1.3" \
             "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \
@@ -14638,8 +14622,7 @@ run_test    "Handshake defragmentation on client: len=16, TLS 1.3" \
             -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
             -c "waiting for more fragments (16"
 
-requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=16, TLS 1.2" \
             "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \
@@ -14649,8 +14632,7 @@ run_test    "Handshake defragmentation on client: len=16, TLS 1.2" \
             -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
             -c "waiting for more fragments (16"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=13, TLS 1.3" \
             "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \
@@ -14661,8 +14643,7 @@ run_test    "Handshake defragmentation on client: len=13, TLS 1.3" \
             -c "waiting for more fragments (13"
 
 skip_next_test
-requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=13, TLS 1.2" \
             "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \
@@ -14672,8 +14653,7 @@ run_test    "Handshake defragmentation on client: len=13, TLS 1.2" \
             -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
             -c "waiting for more fragments (13"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=5, TLS 1.3" \
             "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \
@@ -14684,8 +14664,7 @@ run_test    "Handshake defragmentation on client: len=5, TLS 1.3" \
             -c "waiting for more fragments (5"
 
 skip_next_test
-requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=5, TLS 1.2" \
             "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \
@@ -14695,8 +14674,7 @@ run_test    "Handshake defragmentation on client: len=5, TLS 1.2" \
             -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
             -c "waiting for more fragments (5"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=4, TLS 1.3" \
             "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \
@@ -14707,8 +14685,7 @@ run_test    "Handshake defragmentation on client: len=4, TLS 1.3" \
             -c "waiting for more fragments (4"
 
 skip_next_test
-requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=4, TLS 1.2" \
             "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \
@@ -14718,8 +14695,7 @@ run_test    "Handshake defragmentation on client: len=4, TLS 1.2" \
             -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
             -c "waiting for more fragments (4"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=3, TLS 1.3" \
             "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \
@@ -14729,8 +14705,7 @@ run_test    "Handshake defragmentation on client: len=3, TLS 1.3" \
             -c "handshake message too short: 3" \
             -c "SSL - An invalid SSL record was received"
 
-requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=3, TLS 1.2" \
             "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \
@@ -14739,7 +14714,7 @@ run_test    "Handshake defragmentation on client: len=3, TLS 1.2" \
             -c "handshake message too short: 3" \
             -c "SSL - An invalid SSL record was received"
 
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server (no fragmentation, for reference)." \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14748,8 +14723,7 @@ run_test    "Handshake defragmentation on server (no fragmentation, for referenc
             -C "reassembled record" \
             -C "waiting for more fragments"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=512, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14759,8 +14733,7 @@ run_test    "Handshake defragmentation on server: len=512, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
             -s "waiting for more fragments (512"
 
-requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=512, TLS 1.2" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14770,8 +14743,7 @@ run_test    "Handshake defragmentation on server: len=512, TLS 1.2" \
             -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
             -s "waiting for more fragments (512"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=513, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14781,8 +14753,7 @@ run_test    "Handshake defragmentation on server: len=513, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
             -s "waiting for more fragments (513"
 
-requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=513, TLS 1.2" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14792,8 +14763,7 @@ run_test    "Handshake defragmentation on server: len=513, TLS 1.2" \
             -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
             -s "waiting for more fragments (513"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=256, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14803,8 +14773,7 @@ run_test    "Handshake defragmentation on server: len=256, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
             -s "waiting for more fragments (256"
 
-requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=256, TLS 1.2" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14814,8 +14783,7 @@ run_test    "Handshake defragmentation on server: len=256, TLS 1.2" \
             -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
             -s "waiting for more fragments (256"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=128, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14827,7 +14795,6 @@ run_test    "Handshake defragmentation on server: len=128, TLS 1.3" \
 
 # Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing
 # the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello.
-requires_openssl_3_x
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -14839,8 +14806,7 @@ run_test    "Handshake defragmentation on server: len=128, TLS 1.2" \
             -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
             -s "waiting for more fragments (128"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=64, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14850,7 +14816,6 @@ run_test    "Handshake defragmentation on server: len=64, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
             -s "waiting for more fragments (64"
 
-requires_openssl_3_x
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -14862,8 +14827,7 @@ run_test    "Handshake defragmentation on server: len=64, TLS 1.2" \
             -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
             -s "waiting for more fragments (64"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=36, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14873,7 +14837,6 @@ run_test    "Handshake defragmentation on server: len=36, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
             -s "waiting for more fragments (36"
 
-requires_openssl_3_x
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -14885,8 +14848,7 @@ run_test    "Handshake defragmentation on server: len=36, TLS 1.2" \
             -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
             -s "waiting for more fragments (36"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=32, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14896,7 +14858,6 @@ run_test    "Handshake defragmentation on server: len=32, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
             -s "waiting for more fragments (32"
 
-requires_openssl_3_x
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -14908,8 +14869,7 @@ run_test    "Handshake defragmentation on server: len=32, TLS 1.2" \
             -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
             -s "waiting for more fragments (32"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=16, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14919,7 +14879,6 @@ run_test    "Handshake defragmentation on server: len=16, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
             -s "waiting for more fragments (16"
 
-requires_openssl_3_x
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -14931,8 +14890,7 @@ run_test    "Handshake defragmentation on server: len=16, TLS 1.2" \
             -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
             -s "waiting for more fragments (16"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=13, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14942,7 +14900,6 @@ run_test    "Handshake defragmentation on server: len=13, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
             -s "waiting for more fragments (13"
 
-requires_openssl_3_x
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -14954,8 +14911,7 @@ run_test    "Handshake defragmentation on server: len=13, TLS 1.2" \
             -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
             -s "waiting for more fragments (13"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=5, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14965,7 +14921,6 @@ run_test    "Handshake defragmentation on server: len=5, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
             -s "waiting for more fragments (5"
 
-requires_openssl_3_x
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -14977,8 +14932,7 @@ run_test    "Handshake defragmentation on server: len=5, TLS 1.2" \
             -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
             -s "waiting for more fragments (5"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=4, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -14988,7 +14942,6 @@ run_test    "Handshake defragmentation on server: len=4, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
             -s "waiting for more fragments (4"
 
-requires_openssl_3_x
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -15000,8 +14953,7 @@ run_test    "Handshake defragmentation on server: len=4, TLS 1.2" \
             -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
             -s "waiting for more fragments (4"
 
-requires_openssl_3_x
-requires_protocol_version tls13
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=3, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
@@ -15011,7 +14963,6 @@ run_test    "Handshake defragmentation on server: len=3, TLS 1.3" \
             -s "handshake message too short: 3" \
             -s "SSL - An invalid SSL record was received"
 
-requires_openssl_3_x
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -15023,7 +14974,6 @@ run_test    "Handshake defragmentation on server: len=3, TLS 1.3 -> 1.2" \
             -s "handshake message too short: 3" \
             -s "SSL - An invalid SSL record was received"
 
-requires_openssl_3_x
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication

From 618ad79395a5d03baa47efbce5cda3aa8b02d3b6 Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Thu, 27 Feb 2025 11:40:33 +0000
Subject: [PATCH 44/80] ssl-opt: Updated documentation of HS-Defrag tests.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/ssl-opt.sh | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index d82ad60469..fc58421027 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14798,7 +14798,7 @@ run_test    "Handshake defragmentation on server: len=128, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=128, TLS 1.2" \
+run_test    "Handshake defragmentation on server: len=128, TLS 1.2  TLS 1.3 Client-Hallo -> 1.2 Handhsake" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14819,7 +14819,7 @@ run_test    "Handshake defragmentation on server: len=64, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=64, TLS 1.2" \
+run_test    "Handshake defragmentation on server: len=64, TLS 1.2  TLS 1.3 Client-Hallo -> 1.2 Handhsake" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14840,7 +14840,7 @@ run_test    "Handshake defragmentation on server: len=36, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=36, TLS 1.2" \
+run_test    "Handshake defragmentation on server: len=36, TLS 1.2  TLS 1.3 Client-Hallo -> 1.2 Handhsake" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14861,7 +14861,7 @@ run_test    "Handshake defragmentation on server: len=32, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=32, TLS 1.2" \
+run_test    "Handshake defragmentation on server: len=32, TLS 1.2  TLS 1.3 Client-Hallo -> 1.2 Handhsake" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14882,7 +14882,7 @@ run_test    "Handshake defragmentation on server: len=16, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=16, TLS 1.2" \
+run_test    "Handshake defragmentation on server: len=16, TLS 1.2  TLS 1.3 Client-Hallo -> 1.2 Handhsake" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14903,7 +14903,7 @@ run_test    "Handshake defragmentation on server: len=13, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=13, TLS 1.2" \
+run_test    "Handshake defragmentation on server: len=13, TLS 1.2  TLS 1.3 Client-Hallo -> 1.2 Handhsake" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14924,7 +14924,7 @@ run_test    "Handshake defragmentation on server: len=5, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=5, TLS 1.2" \
+run_test    "Handshake defragmentation on server: len=5, TLS 1.2  TLS 1.3 Client-Hallo -> 1.2 Handhsake" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14945,7 +14945,7 @@ run_test    "Handshake defragmentation on server: len=4, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=4, TLS 1.2" \
+run_test    "Handshake defragmentation on server: len=4, TLS 1.2  TLS 1.3 Client-Hallo -> 1.2 Handhsake" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14966,7 +14966,7 @@ run_test    "Handshake defragmentation on server: len=3, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=3, TLS 1.3 -> 1.2" \
+run_test    "Handshake defragmentation on server: len=3, TLS 1.3 Client-Hallo -> 1.2 Handhsake" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             1 \
@@ -14977,7 +14977,7 @@ run_test    "Handshake defragmentation on server: len=3, TLS 1.3 -> 1.2" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=32, TLS 1.2 -> 1.2" \
+run_test    "Handshake defragmentation on server: len=32, TLS 1.3 Client-Hallo -> 1.2 Handhsake" \
             "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             1 \

From 21e4f21df9126cc89ab14874603debaf4cf2da63 Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Thu, 27 Feb 2025 11:45:02 +0000
Subject: [PATCH 45/80] analyze_outcomes: Temporary disabled 3 HS
 Degragmentation tests.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/scripts/analyze_outcomes.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 301bfc403d..720143292b 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -53,6 +53,11 @@ class CoverageTask(outcome_analysis.CoverageTask):
             # https://github.com/Mbed-TLS/mbedtls/issues/9581
             'Opaque key for server authentication: invalid key: decrypt with ECC key, no async',
             'Opaque key for server authentication: invalid key: ecdh with RSA key, no async',
+            # Temporary disable Handshake defragmentation tests until mbedtls
+            # pr #10011 has been merged.
+            'Handshake defragmentation on client: len=4, TLS 1.2',
+            'Handshake defragmentation on client: len=5, TLS 1.2',
+            'Handshake defragmentation on client: len=13, TLS 1.2'
         ],
         'test_suite_config.mbedtls_boolean': [
             # We never test with CBC/PKCS5/PKCS12 enabled but

From 19d857d74cb9448567b03559d3b60a3d96f57827 Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Thu, 27 Feb 2025 14:43:17 +0000
Subject: [PATCH 46/80] ssl-opt: Minor typos and documentation fixes.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/ssl-opt.sh | 27 +++++++++++++--------------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index fc58421027..39be6205cf 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14459,10 +14459,9 @@ run_test    "TLS 1.2 ClientHello indicating support for deflate compression meth
 
 # Handshake defragmentation testing
 
-# To warrant that the handhake messages are large enough and need to be split
+# To guarantee that the handhake messages are large enough and need to be split
 # into fragments, the tests require certificate authentication. The party in control
-# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes)
-# either from O_NEXT_SRV or test data.
+# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes).
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client (no fragmentation, for reference)" \
@@ -14793,12 +14792,12 @@ run_test    "Handshake defragmentation on server: len=128, TLS 1.3" \
             -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
             -s "waiting for more fragments (128"
 
-# Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing
+# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing
 # the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello.
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=128, TLS 1.2  TLS 1.3 Client-Hallo -> 1.2 Handhsake" \
+run_test    "Handshake defragmentation on server: len=128, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14819,7 +14818,7 @@ run_test    "Handshake defragmentation on server: len=64, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=64, TLS 1.2  TLS 1.3 Client-Hallo -> 1.2 Handhsake" \
+run_test    "Handshake defragmentation on server: len=64, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14840,7 +14839,7 @@ run_test    "Handshake defragmentation on server: len=36, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=36, TLS 1.2  TLS 1.3 Client-Hallo -> 1.2 Handhsake" \
+run_test    "Handshake defragmentation on server: len=36, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14861,7 +14860,7 @@ run_test    "Handshake defragmentation on server: len=32, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=32, TLS 1.2  TLS 1.3 Client-Hallo -> 1.2 Handhsake" \
+run_test    "Handshake defragmentation on server: len=32, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14882,7 +14881,7 @@ run_test    "Handshake defragmentation on server: len=16, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=16, TLS 1.2  TLS 1.3 Client-Hallo -> 1.2 Handhsake" \
+run_test    "Handshake defragmentation on server: len=16, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14903,7 +14902,7 @@ run_test    "Handshake defragmentation on server: len=13, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=13, TLS 1.2  TLS 1.3 Client-Hallo -> 1.2 Handhsake" \
+run_test    "Handshake defragmentation on server: len=13, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14924,7 +14923,7 @@ run_test    "Handshake defragmentation on server: len=5, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=5, TLS 1.2  TLS 1.3 Client-Hallo -> 1.2 Handhsake" \
+run_test    "Handshake defragmentation on server: len=5, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14945,7 +14944,7 @@ run_test    "Handshake defragmentation on server: len=4, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=4, TLS 1.2  TLS 1.3 Client-Hallo -> 1.2 Handhsake" \
+run_test    "Handshake defragmentation on server: len=4, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -14966,7 +14965,7 @@ run_test    "Handshake defragmentation on server: len=3, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=3, TLS 1.3 Client-Hallo -> 1.2 Handhsake" \
+run_test    "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             1 \
@@ -14977,7 +14976,7 @@ run_test    "Handshake defragmentation on server: len=3, TLS 1.3 Client-Hallo ->
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=32, TLS 1.3 Client-Hallo -> 1.2 Handhsake" \
+run_test    "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello" \
             "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             1 \

From 48348261d4811cdb92733f1573256b20d008beed Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Thu, 27 Feb 2025 15:11:09 +0000
Subject: [PATCH 47/80] ssl-opt: Adjusted reference hs defragmentation tests.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/ssl-opt.sh | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 39be6205cf..6e4109c4f2 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14462,7 +14462,6 @@ run_test    "TLS 1.2 ClientHello indicating support for deflate compression meth
 # To guarantee that the handhake messages are large enough and need to be split
 # into fragments, the tests require certificate authentication. The party in control
 # of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes).
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client (no fragmentation, for reference)" \
             "$O_NEXT_SRV" \
@@ -14713,14 +14712,13 @@ run_test    "Handshake defragmentation on client: len=3, TLS 1.2" \
             -c "handshake message too short: 3" \
             -c "SSL - An invalid SSL record was received"
 
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server (no fragmentation, for reference)." \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
-            -C "reassembled record" \
-            -C "waiting for more fragments"
+            -S "reassembled record" \
+            -S "waiting for more fragments"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication

From 97a24ebdb185112cd686e2720cc0e5b3b7f395d7 Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Thu, 27 Feb 2025 18:02:33 +0000
Subject: [PATCH 48/80] ssl-opt: Removed dependencies for HS defrag negative
 tests.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/ssl-opt.sh | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 6e4109c4f2..479e79ce9f 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14694,7 +14694,6 @@ run_test    "Handshake defragmentation on client: len=4, TLS 1.2" \
             -c "waiting for more fragments (4"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=3, TLS 1.3" \
             "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \
             "$P_CLI debug_level=4 " \
@@ -14704,7 +14703,6 @@ run_test    "Handshake defragmentation on client: len=3, TLS 1.3" \
             -c "SSL - An invalid SSL record was received"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=3, TLS 1.2" \
             "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \
             "$P_CLI debug_level=4 " \
@@ -14972,7 +14970,6 @@ run_test    "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello ->
             -s "SSL - An invalid SSL record was received"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello" \
             "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \

From 57648163358fb8e0e34e22b00268a7b43bb928e5 Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Thu, 27 Feb 2025 22:36:58 +0000
Subject: [PATCH 49/80] ssl-opt: Re-introduce certificate dependency for HS
 negative tests.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/ssl-opt.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 479e79ce9f..2645122dd0 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14694,6 +14694,7 @@ run_test    "Handshake defragmentation on client: len=4, TLS 1.2" \
             -c "waiting for more fragments (4"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=3, TLS 1.3" \
             "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \
             "$P_CLI debug_level=4 " \

From 28f953c5ecaf11aa65612dd3e22c30fb3d9ddb18 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 1 Mar 2025 14:28:20 +0100
Subject: [PATCH 50/80] New generated file:
 tests/opt-testcases/handshake-generated.sh

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 framework                              |  2 +-
 scripts/make_generated_files.bat       |  1 +
 tests/.gitignore                       |  1 +
 tests/CMakeLists.txt                   | 18 ++++++++++++++++++
 tests/Makefile                         |  7 +++++++
 tests/scripts/check-generated-files.sh |  1 +
 6 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/framework b/framework
index 523a12d05b..11e4f5ac1c 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 523a12d05b91301b020e2aa560d9774135e3a801
+Subproject commit 11e4f5ac1c71fe7d803fa5193236560b2e176cea
diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat
index 0c15c38e58..75c2de0ffb 100644
--- a/scripts/make_generated_files.bat
+++ b/scripts/make_generated_files.bat
@@ -28,4 +28,5 @@ python framework\scripts\generate_ecp_tests.py || exit /b 1
 python framework\scripts\generate_psa_tests.py || exit /b 1
 python framework\scripts\generate_test_keys.py --output framework\tests\include\test\test_keys.h || exit /b 1
 python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1
+python framework\scripts\generate_tls_handshake_tests.py || exit /b 1
 python framework\scripts\generate_tls13_compat_tests.py || exit /b 1
diff --git a/tests/.gitignore b/tests/.gitignore
index 0c58875faf..10eb87383e 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -18,6 +18,7 @@
 
 ###START_GENERATED_FILES###
 # Generated source files
+/opt-testcases/handshake-generated.sh
 /opt-testcases/tls13-compat.sh
 /suites/*.generated.data
 /suites/test_suite_config.mbedtls_boolean.data
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 98973c9231..aa8ae230a2 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -124,6 +124,24 @@ if(GEN_FILES)
             # change too often in ways that don't affect the result
             # ((un)commenting some options).
     )
+
+    add_custom_command(
+        OUTPUT
+            ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh
+        WORKING_DIRECTORY
+            ${CMAKE_CURRENT_SOURCE_DIR}/..
+        COMMAND
+            "${MBEDTLS_PYTHON_EXECUTABLE}"
+            "${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py"
+        DEPENDS
+            ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/tls_test_case.py
+            ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py
+    )
+    add_custom_target(handshake-generated.sh
+        DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh)
+    set_target_properties(handshake-generated.sh PROPERTIES EXCLUDE_FROM_ALL NO)
+    add_dependencies(${ssl_opt_target} handshake-generated.sh)
+
     add_custom_command(
         OUTPUT
             ${ecp_generated_data_files}
diff --git a/tests/Makefile b/tests/Makefile
index dd1af159ee..1fa5dd179e 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -58,6 +58,13 @@ GENERATED_FILES += ../framework/tests/include/test/test_keys.h src/test_certs.h
 # Generated files needed to (fully) run ssl-opt.sh
 .PHONY: ssl-opt
 
+opt-testcases/handshake-generated.sh: ../framework/scripts/mbedtls_framework/tls_test_case.py
+opt-testcases/handshake-generated.sh: ../framework/scripts/generate_tls_handshake_tests.py
+	echo "  Gen   $@"
+	$(PYTHON) ../framework/scripts/generate_tls_handshake_tests.py -o $@
+GENERATED_FILES += opt-testcases/handshake-generated.sh
+ssl-opt: opt-testcases/handshake-generated.sh
+
 opt-testcases/tls13-compat.sh: ../framework/scripts/generate_tls13_compat_tests.py
 	echo "  Gen   $@"
 	$(PYTHON) ../framework/scripts/generate_tls13_compat_tests.py -o $@
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index b61c5ac172..088f16f059 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -135,6 +135,7 @@ if in_mbedtls_repo; then
     check scripts/generate_query_config.pl programs/test/query_config.c
     check scripts/generate_features.pl library/version_features.c
     check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
+    check framework/scripts/generate_tls_handshake_tests.py tests/opt-testcases/handshake-generated.sh
     check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh
     check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h
     # generate_visualc_files enumerates source files (library/*.c). It doesn't

From 8ef2e74704eeac596f042ecaff6645db729a261c Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 1 Mar 2025 14:26:51 +0100
Subject: [PATCH 51/80] Move most TLS handshake defragmentation tests to a
 separate file

Prepare for those test cases to be automatically generated by a script.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/opt-testcases/handshake-manual.sh | 510 +++++++++++++++++++++++
 tests/ssl-opt.sh                        | 511 +-----------------------
 2 files changed, 511 insertions(+), 510 deletions(-)
 create mode 100644 tests/opt-testcases/handshake-manual.sh

diff --git a/tests/opt-testcases/handshake-manual.sh b/tests/opt-testcases/handshake-manual.sh
new file mode 100644
index 0000000000..86795a2e1b
--- /dev/null
+++ b/tests/opt-testcases/handshake-manual.sh
@@ -0,0 +1,510 @@
+# To guarantee that the handhake messages are large enough and need to be split
+# into fragments, the tests require certificate authentication. The party in control
+# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes).
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client (no fragmentation, for reference)" \
+            "$O_NEXT_SRV" \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -C "reassembled record" \
+            -C "waiting for more fragments"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=512, TLS 1.3" \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
+            -c "waiting for more fragments (512 of [0-9]\\+"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=512, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
+            -c "waiting for more fragments (512 of [0-9]\\+"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=513, TLS 1.3" \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
+            -c "waiting for more fragments (513 of [0-9]\\+"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=513, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
+            -c "waiting for more fragments (513 of [0-9]\\+"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=256, TLS 1.3" \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
+            -c "waiting for more fragments (256 of [0-9]\\+"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=256, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
+            -c "waiting for more fragments (256 of [0-9]\\+"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=128, TLS 1.3" \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
+            -c "waiting for more fragments (128"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=128, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
+            -c "waiting for more fragments (128"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=64, TLS 1.3" \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
+            -c "waiting for more fragments (64"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=64, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
+            -c "waiting for more fragments (64"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=36, TLS 1.3" \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
+            -c "waiting for more fragments (36"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=36, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
+            -c "waiting for more fragments (36"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=32, TLS 1.3" \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
+            -c "waiting for more fragments (32"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=32, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
+            -c "waiting for more fragments (32"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=16, TLS 1.3" \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
+            -c "waiting for more fragments (16"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=16, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
+            -c "waiting for more fragments (16"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=13, TLS 1.3" \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
+            -c "waiting for more fragments (13"
+
+skip_next_test
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=13, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
+            -c "waiting for more fragments (13"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=5, TLS 1.3" \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
+            -c "waiting for more fragments (5"
+
+skip_next_test
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=5, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
+            -c "waiting for more fragments (5"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=4, TLS 1.3" \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
+            -c "waiting for more fragments (4"
+
+skip_next_test
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=4, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \
+            "$P_CLI debug_level=4 " \
+            0 \
+            -c "reassembled record" \
+            -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
+            -c "waiting for more fragments (4"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on client: len=3, TLS 1.3" \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \
+            "$P_CLI debug_level=4 " \
+            1 \
+            -c "=> ssl_tls13_process_server_hello" \
+            -c "handshake message too short: 3" \
+            -c "SSL - An invalid SSL record was received"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test    "Handshake defragmentation on client: len=3, TLS 1.2" \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \
+            "$P_CLI debug_level=4 " \
+            1 \
+            -c "handshake message too short: 3" \
+            -c "SSL - An invalid SSL record was received"
+
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server (no fragmentation, for reference)." \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -S "reassembled record" \
+            -S "waiting for more fragments"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=512, TLS 1.3" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
+            -s "waiting for more fragments (512"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=512, TLS 1.2" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
+            -s "waiting for more fragments (512"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=513, TLS 1.3" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
+            -s "waiting for more fragments (513"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=513, TLS 1.2" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
+            -s "waiting for more fragments (513"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=256, TLS 1.3" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
+            -s "waiting for more fragments (256"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=256, TLS 1.2" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
+            -s "waiting for more fragments (256"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=128, TLS 1.3" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
+            -s "waiting for more fragments (128"
+
+# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing
+# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello.
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=128, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
+            -s "waiting for more fragments (128"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=64, TLS 1.3" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
+            -s "waiting for more fragments (64"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=64, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
+            -s "waiting for more fragments (64"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=36, TLS 1.3" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
+            -s "waiting for more fragments (36"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=36, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
+            -s "waiting for more fragments (36"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=32, TLS 1.3" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
+            -s "waiting for more fragments (32"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=32, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
+            -s "waiting for more fragments (32"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=16, TLS 1.3" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
+            -s "waiting for more fragments (16"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=16, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
+            -s "waiting for more fragments (16"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=13, TLS 1.3" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
+            -s "waiting for more fragments (13"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=13, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
+            -s "waiting for more fragments (13"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=5, TLS 1.3" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
+            -s "waiting for more fragments (5"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=5, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
+            -s "waiting for more fragments (5"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=4, TLS 1.3" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
+            -s "waiting for more fragments (4"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=4, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            0 \
+            -s "reassembled record" \
+            -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
+            -s "waiting for more fragments (4"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=3, TLS 1.3" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            1 \
+            -s "<= parse client hello" \
+            -s "handshake message too short: 3" \
+            -s "SSL - An invalid SSL record was received"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_certificate_authentication
+run_test    "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \
+            "$P_SRV debug_level=4 auth_mode=required" \
+            "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+            1 \
+            -s "<= parse client hello" \
+            -s "handshake message too short: 3" \
+            -s "SSL - An invalid SSL record was received"
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 2645122dd0..fdbe0a900d 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14459,516 +14459,7 @@ run_test    "TLS 1.2 ClientHello indicating support for deflate compression meth
 
 # Handshake defragmentation testing
 
-# To guarantee that the handhake messages are large enough and need to be split
-# into fragments, the tests require certificate authentication. The party in control
-# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes).
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client (no fragmentation, for reference)" \
-            "$O_NEXT_SRV" \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -C "reassembled record" \
-            -C "waiting for more fragments"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=512, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-            -c "waiting for more fragments (512 of [0-9]\\+"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=512, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-            -c "waiting for more fragments (512 of [0-9]\\+"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=513, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-            -c "waiting for more fragments (513 of [0-9]\\+"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=513, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-            -c "waiting for more fragments (513 of [0-9]\\+"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=256, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-            -c "waiting for more fragments (256 of [0-9]\\+"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=256, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-            -c "waiting for more fragments (256 of [0-9]\\+"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=128, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-            -c "waiting for more fragments (128"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=128, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-            -c "waiting for more fragments (128"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=64, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-            -c "waiting for more fragments (64"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=64, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-            -c "waiting for more fragments (64"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=36, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-            -c "waiting for more fragments (36"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=36, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-            -c "waiting for more fragments (36"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=32, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-            -c "waiting for more fragments (32"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=32, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-            -c "waiting for more fragments (32"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=16, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-            -c "waiting for more fragments (16"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=16, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-            -c "waiting for more fragments (16"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=13, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-            -c "waiting for more fragments (13"
-
-skip_next_test
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=13, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-            -c "waiting for more fragments (13"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=5, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-            -c "waiting for more fragments (5"
-
-skip_next_test
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=5, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-            -c "waiting for more fragments (5"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=4, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-            -c "waiting for more fragments (4"
-
-skip_next_test
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=4, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-            -c "waiting for more fragments (4"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=3, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \
-            "$P_CLI debug_level=4 " \
-            1 \
-            -c "=> ssl_tls13_process_server_hello" \
-            -c "handshake message too short: 3" \
-            -c "SSL - An invalid SSL record was received"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test    "Handshake defragmentation on client: len=3, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \
-            "$P_CLI debug_level=4 " \
-            1 \
-            -c "handshake message too short: 3" \
-            -c "SSL - An invalid SSL record was received"
-
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server (no fragmentation, for reference)." \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -S "reassembled record" \
-            -S "waiting for more fragments"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=512, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-            -s "waiting for more fragments (512"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=512, TLS 1.2" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-            -s "waiting for more fragments (512"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=513, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-            -s "waiting for more fragments (513"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=513, TLS 1.2" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-            -s "waiting for more fragments (513"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=256, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-            -s "waiting for more fragments (256"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=256, TLS 1.2" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-            -s "waiting for more fragments (256"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=128, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-            -s "waiting for more fragments (128"
-
-# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing
-# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello.
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=128, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-            -s "waiting for more fragments (128"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=64, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-            -s "waiting for more fragments (64"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=64, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-            -s "waiting for more fragments (64"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=36, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-            -s "waiting for more fragments (36"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=36, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-            -s "waiting for more fragments (36"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=32, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-            -s "waiting for more fragments (32"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=32, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-            -s "waiting for more fragments (32"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=16, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-            -s "waiting for more fragments (16"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=16, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-            -s "waiting for more fragments (16"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=13, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-            -s "waiting for more fragments (13"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=13, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-            -s "waiting for more fragments (13"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=5, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-            -s "waiting for more fragments (5"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=5, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-            -s "waiting for more fragments (5"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=4, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-            -s "waiting for more fragments (4"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=4, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-            -s "waiting for more fragments (4"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=3, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            1 \
-            -s "<= parse client hello" \
-            -s "handshake message too short: 3" \
-            -s "SSL - An invalid SSL record was received"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            1 \
-            -s "<= parse client hello" \
-            -s "handshake message too short: 3" \
-            -s "SSL - An invalid SSL record was received"
+# Most test cases are in opt-testcases/handshake-generated.sh
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication

From 8321ab574c13b9ab38443ff6f85b0888ec0157ee Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 1 Mar 2025 13:53:18 +0100
Subject: [PATCH 52/80] Normalize whitespace in defragmentation test cases

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/opt-testcases/handshake-manual.sh | 98 ++++++++++++-------------
 1 file changed, 49 insertions(+), 49 deletions(-)

diff --git a/tests/opt-testcases/handshake-manual.sh b/tests/opt-testcases/handshake-manual.sh
index 86795a2e1b..0ad37caa63 100644
--- a/tests/opt-testcases/handshake-manual.sh
+++ b/tests/opt-testcases/handshake-manual.sh
@@ -4,7 +4,7 @@
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client (no fragmentation, for reference)" \
             "$O_NEXT_SRV" \
-            "$P_CLI debug_level=4 " \
+            "$P_CLI debug_level=4" \
             0 \
             -C "reassembled record" \
             -C "waiting for more fragments"
@@ -12,8 +12,8 @@ run_test    "Handshake defragmentation on client (no fragmentation, for referenc
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=512, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 512" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
@@ -22,8 +22,8 @@ run_test    "Handshake defragmentation on client: len=512, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=512, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 512" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
@@ -32,8 +32,8 @@ run_test    "Handshake defragmentation on client: len=512, TLS 1.2" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=513, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 513" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
@@ -42,8 +42,8 @@ run_test    "Handshake defragmentation on client: len=513, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=513, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 513" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
@@ -52,8 +52,8 @@ run_test    "Handshake defragmentation on client: len=513, TLS 1.2" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=256, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 256" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
@@ -62,8 +62,8 @@ run_test    "Handshake defragmentation on client: len=256, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=256, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 256" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
@@ -72,8 +72,8 @@ run_test    "Handshake defragmentation on client: len=256, TLS 1.2" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=128, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 128" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
@@ -82,8 +82,8 @@ run_test    "Handshake defragmentation on client: len=128, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=128, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 128" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
@@ -92,8 +92,8 @@ run_test    "Handshake defragmentation on client: len=128, TLS 1.2" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=64, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 64" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
@@ -102,8 +102,8 @@ run_test    "Handshake defragmentation on client: len=64, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=64, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 64" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
@@ -112,8 +112,8 @@ run_test    "Handshake defragmentation on client: len=64, TLS 1.2" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=36, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 36" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
@@ -122,8 +122,8 @@ run_test    "Handshake defragmentation on client: len=36, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=36, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 36" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
@@ -132,8 +132,8 @@ run_test    "Handshake defragmentation on client: len=36, TLS 1.2" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=32, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 32" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
@@ -142,8 +142,8 @@ run_test    "Handshake defragmentation on client: len=32, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=32, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 32" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
@@ -152,8 +152,8 @@ run_test    "Handshake defragmentation on client: len=32, TLS 1.2" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=16, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 16" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
@@ -162,8 +162,8 @@ run_test    "Handshake defragmentation on client: len=16, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=16, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 16" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
@@ -172,8 +172,8 @@ run_test    "Handshake defragmentation on client: len=16, TLS 1.2" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=13, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 13" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
@@ -183,8 +183,8 @@ skip_next_test
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=13, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 13" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
@@ -193,8 +193,8 @@ run_test    "Handshake defragmentation on client: len=13, TLS 1.2" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=5, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 5" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
@@ -204,8 +204,8 @@ skip_next_test
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=5, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 5" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
@@ -214,8 +214,8 @@ run_test    "Handshake defragmentation on client: len=5, TLS 1.2" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=4, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 4" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
@@ -225,8 +225,8 @@ skip_next_test
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=4, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 4" \
+            "$P_CLI debug_level=4" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
@@ -235,8 +235,8 @@ run_test    "Handshake defragmentation on client: len=4, TLS 1.2" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=3, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_3 -split_send_frag 3" \
+            "$P_CLI debug_level=4" \
             1 \
             -c "=> ssl_tls13_process_server_hello" \
             -c "handshake message too short: 3" \
@@ -244,8 +244,8 @@ run_test    "Handshake defragmentation on client: len=3, TLS 1.3" \
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "Handshake defragmentation on client: len=3, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \
-            "$P_CLI debug_level=4 " \
+            "$O_NEXT_SRV -tls1_2 -split_send_frag 3" \
+            "$P_CLI debug_level=4" \
             1 \
             -c "handshake message too short: 3" \
             -c "SSL - An invalid SSL record was received"

From 49e1ed277ed8090773ac848fd1f80700910e756a Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 1 Mar 2025 14:12:02 +0100
Subject: [PATCH 53/80] Normalize messages in defragmentation test cases

Make some test case descriptions and log patterns follow more systematic
patterns.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/opt-testcases/handshake-manual.sh | 94 ++++++++++++-------------
 1 file changed, 47 insertions(+), 47 deletions(-)

diff --git a/tests/opt-testcases/handshake-manual.sh b/tests/opt-testcases/handshake-manual.sh
index 0ad37caa63..9f24fb5e5f 100644
--- a/tests/opt-testcases/handshake-manual.sh
+++ b/tests/opt-testcases/handshake-manual.sh
@@ -2,7 +2,7 @@
 # into fragments, the tests require certificate authentication. The party in control
 # of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes).
 requires_certificate_authentication
-run_test    "Handshake defragmentation on client (no fragmentation, for reference)" \
+run_test    "Handshake defragmentation on client: no fragmentation, for reference" \
             "$O_NEXT_SRV" \
             "$P_CLI debug_level=4" \
             0 \
@@ -17,7 +17,7 @@ run_test    "Handshake defragmentation on client: len=512, TLS 1.3" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-            -c "waiting for more fragments (512 of [0-9]\\+"
+            -c "waiting for more fragments (512 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
@@ -27,7 +27,7 @@ run_test    "Handshake defragmentation on client: len=512, TLS 1.2" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-            -c "waiting for more fragments (512 of [0-9]\\+"
+            -c "waiting for more fragments (512 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -37,7 +37,7 @@ run_test    "Handshake defragmentation on client: len=513, TLS 1.3" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-            -c "waiting for more fragments (513 of [0-9]\\+"
+            -c "waiting for more fragments (513 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
@@ -47,7 +47,7 @@ run_test    "Handshake defragmentation on client: len=513, TLS 1.2" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-            -c "waiting for more fragments (513 of [0-9]\\+"
+            -c "waiting for more fragments (513 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -57,7 +57,7 @@ run_test    "Handshake defragmentation on client: len=256, TLS 1.3" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-            -c "waiting for more fragments (256 of [0-9]\\+"
+            -c "waiting for more fragments (256 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
@@ -67,7 +67,7 @@ run_test    "Handshake defragmentation on client: len=256, TLS 1.2" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-            -c "waiting for more fragments (256 of [0-9]\\+"
+            -c "waiting for more fragments (256 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -77,7 +77,7 @@ run_test    "Handshake defragmentation on client: len=128, TLS 1.3" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-            -c "waiting for more fragments (128"
+            -c "waiting for more fragments (128 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
@@ -87,7 +87,7 @@ run_test    "Handshake defragmentation on client: len=128, TLS 1.2" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-            -c "waiting for more fragments (128"
+            -c "waiting for more fragments (128 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -97,7 +97,7 @@ run_test    "Handshake defragmentation on client: len=64, TLS 1.3" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-            -c "waiting for more fragments (64"
+            -c "waiting for more fragments (64 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
@@ -107,7 +107,7 @@ run_test    "Handshake defragmentation on client: len=64, TLS 1.2" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-            -c "waiting for more fragments (64"
+            -c "waiting for more fragments (64 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -117,7 +117,7 @@ run_test    "Handshake defragmentation on client: len=36, TLS 1.3" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-            -c "waiting for more fragments (36"
+            -c "waiting for more fragments (36 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
@@ -127,7 +127,7 @@ run_test    "Handshake defragmentation on client: len=36, TLS 1.2" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-            -c "waiting for more fragments (36"
+            -c "waiting for more fragments (36 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -137,7 +137,7 @@ run_test    "Handshake defragmentation on client: len=32, TLS 1.3" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-            -c "waiting for more fragments (32"
+            -c "waiting for more fragments (32 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
@@ -147,7 +147,7 @@ run_test    "Handshake defragmentation on client: len=32, TLS 1.2" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-            -c "waiting for more fragments (32"
+            -c "waiting for more fragments (32 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -157,7 +157,7 @@ run_test    "Handshake defragmentation on client: len=16, TLS 1.3" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-            -c "waiting for more fragments (16"
+            -c "waiting for more fragments (16 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
@@ -167,7 +167,7 @@ run_test    "Handshake defragmentation on client: len=16, TLS 1.2" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-            -c "waiting for more fragments (16"
+            -c "waiting for more fragments (16 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -177,7 +177,7 @@ run_test    "Handshake defragmentation on client: len=13, TLS 1.3" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-            -c "waiting for more fragments (13"
+            -c "waiting for more fragments (13 of"
 
 skip_next_test
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
@@ -188,7 +188,7 @@ run_test    "Handshake defragmentation on client: len=13, TLS 1.2" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-            -c "waiting for more fragments (13"
+            -c "waiting for more fragments (13 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -198,7 +198,7 @@ run_test    "Handshake defragmentation on client: len=5, TLS 1.3" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-            -c "waiting for more fragments (5"
+            -c "waiting for more fragments (5 of"
 
 skip_next_test
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
@@ -209,7 +209,7 @@ run_test    "Handshake defragmentation on client: len=5, TLS 1.2" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-            -c "waiting for more fragments (5"
+            -c "waiting for more fragments (5 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -219,7 +219,7 @@ run_test    "Handshake defragmentation on client: len=4, TLS 1.3" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-            -c "waiting for more fragments (4"
+            -c "waiting for more fragments (4 of"
 
 skip_next_test
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
@@ -230,7 +230,7 @@ run_test    "Handshake defragmentation on client: len=4, TLS 1.2" \
             0 \
             -c "reassembled record" \
             -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-            -c "waiting for more fragments (4"
+            -c "waiting for more fragments (4 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -251,7 +251,7 @@ run_test    "Handshake defragmentation on client: len=3, TLS 1.2" \
             -c "SSL - An invalid SSL record was received"
 
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server (no fragmentation, for reference)." \
+run_test    "Handshake defragmentation on server: no fragmentation, for reference" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             0 \
@@ -266,7 +266,7 @@ run_test    "Handshake defragmentation on server: len=512, TLS 1.3" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-            -s "waiting for more fragments (512"
+            -s "waiting for more fragments (512 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
@@ -276,7 +276,7 @@ run_test    "Handshake defragmentation on server: len=512, TLS 1.2" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-            -s "waiting for more fragments (512"
+            -s "waiting for more fragments (512 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -286,7 +286,7 @@ run_test    "Handshake defragmentation on server: len=513, TLS 1.3" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-            -s "waiting for more fragments (513"
+            -s "waiting for more fragments (513 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
@@ -296,7 +296,7 @@ run_test    "Handshake defragmentation on server: len=513, TLS 1.2" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-            -s "waiting for more fragments (513"
+            -s "waiting for more fragments (513 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -306,7 +306,7 @@ run_test    "Handshake defragmentation on server: len=256, TLS 1.3" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-            -s "waiting for more fragments (256"
+            -s "waiting for more fragments (256 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
@@ -316,7 +316,7 @@ run_test    "Handshake defragmentation on server: len=256, TLS 1.2" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-            -s "waiting for more fragments (256"
+            -s "waiting for more fragments (256 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -326,7 +326,7 @@ run_test    "Handshake defragmentation on server: len=128, TLS 1.3" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-            -s "waiting for more fragments (128"
+            -s "waiting for more fragments (128 of"
 
 # Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing
 # the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello.
@@ -339,7 +339,7 @@ run_test    "Handshake defragmentation on server: len=128, TLS 1.2  TLS 1.3 Clie
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-            -s "waiting for more fragments (128"
+            -s "waiting for more fragments (128 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -349,7 +349,7 @@ run_test    "Handshake defragmentation on server: len=64, TLS 1.3" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-            -s "waiting for more fragments (64"
+            -s "waiting for more fragments (64 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -360,7 +360,7 @@ run_test    "Handshake defragmentation on server: len=64, TLS 1.2  TLS 1.3 Clien
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-            -s "waiting for more fragments (64"
+            -s "waiting for more fragments (64 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -370,7 +370,7 @@ run_test    "Handshake defragmentation on server: len=36, TLS 1.3" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-            -s "waiting for more fragments (36"
+            -s "waiting for more fragments (36 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -381,7 +381,7 @@ run_test    "Handshake defragmentation on server: len=36, TLS 1.2  TLS 1.3 Clien
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-            -s "waiting for more fragments (36"
+            -s "waiting for more fragments (36 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -391,7 +391,7 @@ run_test    "Handshake defragmentation on server: len=32, TLS 1.3" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-            -s "waiting for more fragments (32"
+            -s "waiting for more fragments (32 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -402,7 +402,7 @@ run_test    "Handshake defragmentation on server: len=32, TLS 1.2  TLS 1.3 Clien
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-            -s "waiting for more fragments (32"
+            -s "waiting for more fragments (32 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -412,7 +412,7 @@ run_test    "Handshake defragmentation on server: len=16, TLS 1.3" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-            -s "waiting for more fragments (16"
+            -s "waiting for more fragments (16 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -423,7 +423,7 @@ run_test    "Handshake defragmentation on server: len=16, TLS 1.2  TLS 1.3 Clien
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-            -s "waiting for more fragments (16"
+            -s "waiting for more fragments (16 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -433,7 +433,7 @@ run_test    "Handshake defragmentation on server: len=13, TLS 1.3" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-            -s "waiting for more fragments (13"
+            -s "waiting for more fragments (13 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -444,7 +444,7 @@ run_test    "Handshake defragmentation on server: len=13, TLS 1.2  TLS 1.3 Clien
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-            -s "waiting for more fragments (13"
+            -s "waiting for more fragments (13 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -454,7 +454,7 @@ run_test    "Handshake defragmentation on server: len=5, TLS 1.3" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-            -s "waiting for more fragments (5"
+            -s "waiting for more fragments (5 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -465,7 +465,7 @@ run_test    "Handshake defragmentation on server: len=5, TLS 1.2  TLS 1.3 Client
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-            -s "waiting for more fragments (5"
+            -s "waiting for more fragments (5 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -475,7 +475,7 @@ run_test    "Handshake defragmentation on server: len=4, TLS 1.3" \
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-            -s "waiting for more fragments (4"
+            -s "waiting for more fragments (4 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -486,7 +486,7 @@ run_test    "Handshake defragmentation on server: len=4, TLS 1.2  TLS 1.3 Client
             0 \
             -s "reassembled record" \
             -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-            -s "waiting for more fragments (4"
+            -s "waiting for more fragments (4 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
@@ -501,7 +501,7 @@ run_test    "Handshake defragmentation on server: len=3, TLS 1.3" \
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \
+run_test    "Handshake defragmentation on server: len=3, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
             1 \

From 6183a645fc312bcfe555ff8d55571d8a4fd4c72d Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 1 Mar 2025 16:38:50 +0100
Subject: [PATCH 54/80] Normalize requirements in defragmentation test cases

Be more uniform in where certificate authentication and ECDSA are explicitly
required. A few test cases now run in PSK-only configurations where they
always could. Add a missing requirement on ECDSA to test cases that are
currently skipped.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/opt-testcases/handshake-manual.sh | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/tests/opt-testcases/handshake-manual.sh b/tests/opt-testcases/handshake-manual.sh
index 9f24fb5e5f..bc78231586 100644
--- a/tests/opt-testcases/handshake-manual.sh
+++ b/tests/opt-testcases/handshake-manual.sh
@@ -1,7 +1,6 @@
 # To guarantee that the handhake messages are large enough and need to be split
 # into fragments, the tests require certificate authentication. The party in control
 # of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes).
-requires_certificate_authentication
 run_test    "Handshake defragmentation on client: no fragmentation, for reference" \
             "$O_NEXT_SRV" \
             "$P_CLI debug_level=4" \
@@ -182,6 +181,7 @@ run_test    "Handshake defragmentation on client: len=13, TLS 1.3" \
 skip_next_test
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 run_test    "Handshake defragmentation on client: len=13, TLS 1.2" \
             "$O_NEXT_SRV -tls1_2 -split_send_frag 13" \
             "$P_CLI debug_level=4" \
@@ -203,6 +203,7 @@ run_test    "Handshake defragmentation on client: len=5, TLS 1.3" \
 skip_next_test
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 run_test    "Handshake defragmentation on client: len=5, TLS 1.2" \
             "$O_NEXT_SRV -tls1_2 -split_send_frag 5" \
             "$P_CLI debug_level=4" \
@@ -224,6 +225,7 @@ run_test    "Handshake defragmentation on client: len=4, TLS 1.3" \
 skip_next_test
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 run_test    "Handshake defragmentation on client: len=4, TLS 1.2" \
             "$O_NEXT_SRV -tls1_2 -split_send_frag 4" \
             "$P_CLI debug_level=4" \
@@ -233,7 +235,6 @@ run_test    "Handshake defragmentation on client: len=4, TLS 1.2" \
             -c "waiting for more fragments (4 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
 run_test    "Handshake defragmentation on client: len=3, TLS 1.3" \
             "$O_NEXT_SRV -tls1_3 -split_send_frag 3" \
             "$P_CLI debug_level=4" \
@@ -250,7 +251,6 @@ run_test    "Handshake defragmentation on client: len=3, TLS 1.2" \
             -c "handshake message too short: 3" \
             -c "SSL - An invalid SSL record was received"
 
-requires_certificate_authentication
 run_test    "Handshake defragmentation on server: no fragmentation, for reference" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
@@ -489,7 +489,6 @@ run_test    "Handshake defragmentation on server: len=4, TLS 1.2  TLS 1.3 Client
             -s "waiting for more fragments (4 of"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=3, TLS 1.3" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
@@ -500,7 +499,6 @@ run_test    "Handshake defragmentation on server: len=3, TLS 1.3" \
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
 run_test    "Handshake defragmentation on server: len=3, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
             "$P_SRV debug_level=4 auth_mode=required" \
             "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \

From 2e7f2a2e48124155b5422dfe90c914444b5ca782 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 1 Mar 2025 16:48:33 +0100
Subject: [PATCH 55/80] Switch to generated handshake tests

Replace `tests/opt-testcases/handshake-manual.sh` by
`tests/opt-testcases/handshake-generated.sh`. They are identical except for
comments, and for some extra dependencies on
`MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED` which are needed in `development,
but not in `mbedtls-3.6. Those dependencies don't hurt the useful coverage
of the tests, so we'll live with them.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 framework                               |   2 +-
 tests/opt-testcases/handshake-manual.sh | 508 ------------------------
 2 files changed, 1 insertion(+), 509 deletions(-)
 delete mode 100644 tests/opt-testcases/handshake-manual.sh

diff --git a/framework b/framework
index 11e4f5ac1c..f88eb21ff1 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 11e4f5ac1c71fe7d803fa5193236560b2e176cea
+Subproject commit f88eb21ff11afe2c9ed553dcdba27166198f90d9
diff --git a/tests/opt-testcases/handshake-manual.sh b/tests/opt-testcases/handshake-manual.sh
deleted file mode 100644
index bc78231586..0000000000
--- a/tests/opt-testcases/handshake-manual.sh
+++ /dev/null
@@ -1,508 +0,0 @@
-# To guarantee that the handhake messages are large enough and need to be split
-# into fragments, the tests require certificate authentication. The party in control
-# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes).
-run_test    "Handshake defragmentation on client: no fragmentation, for reference" \
-            "$O_NEXT_SRV" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -C "reassembled record" \
-            -C "waiting for more fragments"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=512, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 512" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-            -c "waiting for more fragments (512 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=512, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 512" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-            -c "waiting for more fragments (512 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=513, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 513" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-            -c "waiting for more fragments (513 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=513, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 513" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-            -c "waiting for more fragments (513 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=256, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 256" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-            -c "waiting for more fragments (256 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=256, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 256" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-            -c "waiting for more fragments (256 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=128, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 128" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-            -c "waiting for more fragments (128 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=128, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 128" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-            -c "waiting for more fragments (128 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=64, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 64" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-            -c "waiting for more fragments (64 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=64, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 64" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-            -c "waiting for more fragments (64 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=36, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 36" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-            -c "waiting for more fragments (36 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=36, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 36" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-            -c "waiting for more fragments (36 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=32, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 32" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-            -c "waiting for more fragments (32 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=32, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 32" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-            -c "waiting for more fragments (32 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=16, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 16" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-            -c "waiting for more fragments (16 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=16, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 16" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-            -c "waiting for more fragments (16 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=13, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 13" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-            -c "waiting for more fragments (13 of"
-
-skip_next_test
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-run_test    "Handshake defragmentation on client: len=13, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 13" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-            -c "waiting for more fragments (13 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=5, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 5" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-            -c "waiting for more fragments (5 of"
-
-skip_next_test
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-run_test    "Handshake defragmentation on client: len=5, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 5" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-            -c "waiting for more fragments (5 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=4, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 4" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-            -c "waiting for more fragments (4 of"
-
-skip_next_test
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-run_test    "Handshake defragmentation on client: len=4, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 4" \
-            "$P_CLI debug_level=4" \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-            -c "waiting for more fragments (4 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test    "Handshake defragmentation on client: len=3, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 3" \
-            "$P_CLI debug_level=4" \
-            1 \
-            -c "=> ssl_tls13_process_server_hello" \
-            -c "handshake message too short: 3" \
-            -c "SSL - An invalid SSL record was received"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test    "Handshake defragmentation on client: len=3, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 3" \
-            "$P_CLI debug_level=4" \
-            1 \
-            -c "handshake message too short: 3" \
-            -c "SSL - An invalid SSL record was received"
-
-run_test    "Handshake defragmentation on server: no fragmentation, for reference" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -S "reassembled record" \
-            -S "waiting for more fragments"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=512, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-            -s "waiting for more fragments (512 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=512, TLS 1.2" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-            -s "waiting for more fragments (512 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=513, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-            -s "waiting for more fragments (513 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=513, TLS 1.2" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-            -s "waiting for more fragments (513 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=256, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-            -s "waiting for more fragments (256 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=256, TLS 1.2" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-            -s "waiting for more fragments (256 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=128, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-            -s "waiting for more fragments (128 of"
-
-# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing
-# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello.
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=128, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-            -s "waiting for more fragments (128 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=64, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-            -s "waiting for more fragments (64 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=64, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-            -s "waiting for more fragments (64 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=36, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-            -s "waiting for more fragments (36 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=36, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-            -s "waiting for more fragments (36 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=32, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-            -s "waiting for more fragments (32 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=32, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-            -s "waiting for more fragments (32 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=16, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-            -s "waiting for more fragments (16 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=16, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-            -s "waiting for more fragments (16 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=13, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-            -s "waiting for more fragments (13 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=13, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-            -s "waiting for more fragments (13 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=5, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-            -s "waiting for more fragments (5 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=5, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-            -s "waiting for more fragments (5 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=4, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-            -s "waiting for more fragments (4 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=4, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-            -s "waiting for more fragments (4 of"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test    "Handshake defragmentation on server: len=3, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            1 \
-            -s "<= parse client hello" \
-            -s "handshake message too short: 3" \
-            -s "SSL - An invalid SSL record was received"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test    "Handshake defragmentation on server: len=3, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            1 \
-            -s "<= parse client hello" \
-            -s "handshake message too short: 3" \
-            -s "SSL - An invalid SSL record was received"

From 9d54be57b01205d7a66df925eaaf1fb61824b4e1 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 3 Mar 2025 14:10:08 +0100
Subject: [PATCH 56/80] Generate handshake defragmentation test cases: update
 analyze_outcomes

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/analyze_outcomes.py | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 720143292b..7704170fe2 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -34,6 +34,13 @@ class CoverageTask(outcome_analysis.CoverageTask):
                           re.DOTALL)
 
     IGNORED_TESTS = {
+        'handshake-generated': [
+            # Temporary disable Handshake defragmentation tests until mbedtls
+            # pr #10011 has been merged.
+            'Handshake defragmentation on client: len=4, TLS 1.2',
+            'Handshake defragmentation on client: len=5, TLS 1.2',
+            'Handshake defragmentation on client: len=13, TLS 1.2'
+        ],
         'ssl-opt': [
             # We don't run ssl-opt.sh with Valgrind on the CI because
             # it's extremely slow. We don't intend to change this.
@@ -53,11 +60,6 @@ class CoverageTask(outcome_analysis.CoverageTask):
             # https://github.com/Mbed-TLS/mbedtls/issues/9581
             'Opaque key for server authentication: invalid key: decrypt with ECC key, no async',
             'Opaque key for server authentication: invalid key: ecdh with RSA key, no async',
-            # Temporary disable Handshake defragmentation tests until mbedtls
-            # pr #10011 has been merged.
-            'Handshake defragmentation on client: len=4, TLS 1.2',
-            'Handshake defragmentation on client: len=5, TLS 1.2',
-            'Handshake defragmentation on client: len=13, TLS 1.2'
         ],
         'test_suite_config.mbedtls_boolean': [
             # We never test with CBC/PKCS5/PKCS12 enabled but

From 2e7def5748299c60896e2db15708b93175692b35 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 5 Mar 2025 10:08:29 +0100
Subject: [PATCH 57/80] Update framework

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 framework | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework b/framework
index f88eb21ff1..4a009d4b3c 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit f88eb21ff11afe2c9ed553dcdba27166198f90d9
+Subproject commit 4a009d4b3cf6c55a558d90c92c1aa2d1ea2bb99b

From b6102b6ccf0fe50577d563d0e87134b0ce4d6b15 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 12 Feb 2025 23:11:09 +0100
Subject: [PATCH 58/80] Fix Doxygen markup

Pacify `clang -Wdocumentation`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 programs/ssl/ssl_test_lib.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index 9614333571..d7fe80f834 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -243,8 +243,8 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
  * - free the provided PK context and re-initilize it as an opaque PK context
  *   wrapping the PSA key imported in the above step.
  *
- * \param[in/out] pk    On input the non-opaque PK context which contains the
- *                      key to be wrapped. On output the re-initialized PK
+ * \param[in,out] pk    On input, the non-opaque PK context which contains the
+ *                      key to be wrapped. On output, the re-initialized PK
  *                      context which represents the opaque version of the one
  *                      provided as input.
  * \param[in] psa_alg   The primary algorithm that will be associated to the

From 3d490a91adadfad9a9d68889f5d9a4a972a2c7a6 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 28 Feb 2025 21:29:59 +0100
Subject: [PATCH 59/80] Tweak "waiting for more handshake fragments" log
 message

In preparation for reworking mbedtls_ssl_prepare_handshake_record(), tweak
the "waiting for more handshake fragments" log message in
ssl_consume_current_message(), and add a similar one in
mbedtls_ssl_prepare_handshake_record(). Assert both.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/ssl_msg.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 7b11e4d06a..c2da065fad 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3320,6 +3320,9 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
             ssl->in_hdr = ssl->in_msg + ssl->in_msglen;
             ssl->in_msglen = 0;
             mbedtls_ssl_update_in_pointers(ssl);
+            MBEDTLS_SSL_DEBUG_MSG(3, ("Prepare: waiting for more handshake fragments "
+                                      "%u/%" MBEDTLS_PRINTF_SIZET,
+                                      ssl->badmac_seen_or_in_hsfraglen, ssl->in_hslen));
             return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
         }
         if (ssl->badmac_seen_or_in_hsfraglen > 0) {
@@ -4704,11 +4707,9 @@ static int ssl_consume_current_message(mbedtls_ssl_context *ssl)
 
         if (ssl->badmac_seen_or_in_hsfraglen != 0) {
             /* Not all handshake fragments have arrived, do not consume. */
-            MBEDTLS_SSL_DEBUG_MSG(3,
-                                  ("waiting for more fragments (%u of %"
-                                   MBEDTLS_PRINTF_SIZET ", %" MBEDTLS_PRINTF_SIZET " left)",
-                                   ssl->badmac_seen_or_in_hsfraglen, ssl->in_hslen,
-                                   ssl->in_hslen - ssl->badmac_seen_or_in_hsfraglen));
+            MBEDTLS_SSL_DEBUG_MSG(3, ("Consume: waiting for more handshake fragments "
+                                      "%u/%" MBEDTLS_PRINTF_SIZET,
+                                      ssl->badmac_seen_or_in_hsfraglen, ssl->in_hslen));
             return 0;
         }
 

From 1e81d349b8e5ca24d8b9fad24a2da573f02ac058 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 3 Mar 2025 16:46:10 +0100
Subject: [PATCH 60/80] Tweak handshake fragment log message

In preparation for reworking mbedtls_ssl_prepare_handshake_record(),
tweak the "handshake fragment:" log message.

This changes what information is displayed when a record contains data
beyond the expected end of the handshake message. This case is currently
untested and its handling will change in a subsequent commit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/ssl_msg.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index c2da065fad..1c642fe960 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3301,13 +3301,13 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
         int ret;
         const size_t hs_remain = ssl->in_hslen - ssl->badmac_seen_or_in_hsfraglen;
         MBEDTLS_SSL_DEBUG_MSG(3,
-                              ("handshake fragment: %u .. %"
-                               MBEDTLS_PRINTF_SIZET " of %"
-                               MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET,
+                              ("handshake fragment: %" MBEDTLS_PRINTF_SIZET
+                               ", %u..%u of %" MBEDTLS_PRINTF_SIZET,
+                               ssl->in_msglen,
                                ssl->badmac_seen_or_in_hsfraglen,
-                               (size_t) ssl->badmac_seen_or_in_hsfraglen +
-                               (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen),
-                               ssl->in_hslen, ssl->in_msglen));
+                               ssl->badmac_seen_or_in_hsfraglen +
+                               (unsigned) ssl->in_msglen,
+                               ssl->in_hslen));
         if (ssl->in_msglen < hs_remain) {
             /* ssl->in_msglen is a 25-bit value since it is the sum of the
              * header length plus the payload length, the header length is 4

From af0c461f3969a8c51c29cd48b83197250a120c60 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 28 Feb 2025 21:59:12 +0100
Subject: [PATCH 61/80] mbedtls_ssl_prepare_handshake_record(): refactor first
 fragment prep

Minor refactoring of the initial checks and preparation when receiving the
first fragment. Use `ssl->in_hsfraglen` to determine whether there is a
pending handshake fragment, for consistency, and possibly for more
robustness in case handshake fragments are mixed with non-handshake
records (although this is not currently supported anyway).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/ssl_msg.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 1c642fe960..e68474d458 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3221,16 +3221,19 @@ static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl)
 
 int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
 {
-    /* First handshake fragment must at least include the header. */
-    if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl) && ssl->in_hslen == 0) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET,
-                                  ssl->in_msglen));
-        return MBEDTLS_ERR_SSL_INVALID_RECORD;
-    }
+    if (ssl->badmac_seen_or_in_hsfraglen == 0) {
+        /* The handshake message must at least include the header.
+         * We may not have the full message yet in case of fragmentation.
+         * To simplify the code, we insist on having the header (and in
+         * particular the handshake message length) in the first
+         * fragment. */
+        if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl)) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET,
+                                      ssl->in_msglen));
+            return MBEDTLS_ERR_SSL_INVALID_RECORD;
+        }
 
-    if (ssl->in_hslen == 0) {
         ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl);
-        ssl->badmac_seen_or_in_hsfraglen = 0;
     }
 
     MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen ="

From 22c51b9a0bfbd85a81bb21cc58f51afd80157244 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 28 Feb 2025 22:02:52 +0100
Subject: [PATCH 62/80] mbedtls_ssl_prepare_handshake_record(): log offsets
 after decryption

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/ssl_msg.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index e68474d458..9f9cda9d29 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3241,6 +3241,14 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
                               MBEDTLS_PRINTF_SIZET,
                               ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen));
 
+    if (ssl->transform_in != NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(4, ("decrypted handshake message:"
+                                  " iv-buf=%d hdr-buf=%d hdr-buf=%d",
+                                  (int) (ssl->in_iv - ssl->in_buf),
+                                  (int) (ssl->in_hdr - ssl->in_buf),
+                                  (int) (ssl->in_msg - ssl->in_buf)));
+    }
+
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;

From cc856a2c0ede76986155f01d0d69a041d39c128c Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 28 Feb 2025 22:24:56 +0100
Subject: [PATCH 63/80] Handshake defragmentation: reassemble incrementally

Reassemble handshake fragments incrementally instead of all at the end. That
is, every time we receive a non-initial handshake fragment, append it to the
initial fragment. Since we only have to deal with at most two handshake
fragments at the same time, this simplifies the code (no re-parsing of a
record) and is a little more memory-efficient (no need to store one record
header per record).

This commit also fixes a bug. The previous code did not calculate offsets
correctly when records use an explicit IV, which is the case in TLS 1.2 with
CBC (encrypt-then-MAC or not), GCM and CCM encryption (i.e. all but null and
ChachaPoly). This led to the wrong data when an encrypted handshake message
was fragmented (Finished or renegotiation). The new code handles this
correctly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/ssl_msg.c                 | 162 +++++++++++++++++++-----------
 tests/scripts/analyze_outcomes.py |   7 --
 2 files changed, 105 insertions(+), 64 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 9f9cda9d29..f80eed7fa4 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3308,70 +3308,118 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
         }
     } else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-    if (ssl->badmac_seen_or_in_hsfraglen <= ssl->in_hslen) {
-        int ret;
-        const size_t hs_remain = ssl->in_hslen - ssl->badmac_seen_or_in_hsfraglen;
-        MBEDTLS_SSL_DEBUG_MSG(3,
-                              ("handshake fragment: %" MBEDTLS_PRINTF_SIZET
-                               ", %u..%u of %" MBEDTLS_PRINTF_SIZET,
-                               ssl->in_msglen,
-                               ssl->badmac_seen_or_in_hsfraglen,
-                               ssl->badmac_seen_or_in_hsfraglen +
-                               (unsigned) ssl->in_msglen,
-                               ssl->in_hslen));
-        if (ssl->in_msglen < hs_remain) {
-            /* ssl->in_msglen is a 25-bit value since it is the sum of the
-             * header length plus the payload length, the header length is 4
-             * and the payload length was received on the wire encoded as
-             * 3 octets. We don't support 16-bit platforms; more specifically,
-             * we assume that both unsigned and size_t are at least 32 bits.
-             * Therefore there is no possible integer overflow here.
-             */
-            ssl->badmac_seen_or_in_hsfraglen += (unsigned) ssl->in_msglen;
-            ssl->in_hdr = ssl->in_msg + ssl->in_msglen;
-            ssl->in_msglen = 0;
-            mbedtls_ssl_update_in_pointers(ssl);
+    {
+        unsigned char *const reassembled_record_start =
+            ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
+        unsigned char *const payload_start =
+            reassembled_record_start + mbedtls_ssl_in_hdr_len(ssl);
+        unsigned char *payload_end = payload_start + ssl->badmac_seen_or_in_hsfraglen;
+
+        if (ssl->badmac_seen_or_in_hsfraglen != 0) {
+            /* We already had a handshake fragment. Prepare to append
+             * to the initial segment. */
+            MBEDTLS_SSL_DEBUG_MSG(3,
+                                  ("subsequent handshake fragment: %" MBEDTLS_PRINTF_SIZET
+                                   ", %u..%u of %" MBEDTLS_PRINTF_SIZET,
+                                   ssl->in_msglen,
+                                   ssl->badmac_seen_or_in_hsfraglen,
+                                   ssl->badmac_seen_or_in_hsfraglen +
+                                   (unsigned) ssl->in_msglen,
+                                   ssl->in_hslen));
+
+            const size_t hs_remain = ssl->in_hslen - ssl->badmac_seen_or_in_hsfraglen;
+            if (ssl->in_msglen > hs_remain) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("Handshake fragment too long: %"
+                                          MBEDTLS_PRINTF_SIZET " but only %"
+                                          MBEDTLS_PRINTF_SIZET " of %"
+                                          MBEDTLS_PRINTF_SIZET " remain",
+                                          ssl->in_msglen,
+                                          hs_remain,
+                                          ssl->in_hslen));
+                return MBEDTLS_ERR_SSL_INVALID_RECORD;
+            }
+        } else if (ssl->in_msglen == ssl->in_hslen) {
+            /* This is the sole fragment. */
+            /* Emit a log message in the same format as when there are
+             * multiple fragments, for ease of matching. */
+            MBEDTLS_SSL_DEBUG_MSG(3,
+                                  ("sole handshake fragment: %" MBEDTLS_PRINTF_SIZET
+                                   ", %u..%u of %" MBEDTLS_PRINTF_SIZET,
+                                   ssl->in_msglen,
+                                   ssl->badmac_seen_or_in_hsfraglen,
+                                   ssl->badmac_seen_or_in_hsfraglen +
+                                   (unsigned) ssl->in_msglen,
+                                   ssl->in_hslen));
+        } else {
+            /* This is the first fragment of many. */
+            MBEDTLS_SSL_DEBUG_MSG(3,
+                                  ("initial handshake fragment: %" MBEDTLS_PRINTF_SIZET
+                                   ", %u..%u of %" MBEDTLS_PRINTF_SIZET,
+                                   ssl->in_msglen,
+                                   ssl->badmac_seen_or_in_hsfraglen,
+                                   ssl->badmac_seen_or_in_hsfraglen +
+                                   (unsigned) ssl->in_msglen,
+                                   ssl->in_hslen));
+        }
+
+        /* Move the received handshake fragment to have the whole message
+         * (at least the part received so far) in a single segment at a
+         * known offset in the input buffer.
+         * - When receiving a non-initial handshake fragment, append it to
+         *   the initial segment.
+         * - Even the initial handshake fragment is moved, if it was
+         *   encrypted with an explicit IV: decryption leaves the payload
+         *   after the explicit IV, but here we move it to start where the
+         *   IV was.
+         */
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+        size_t const in_buf_len = ssl->in_buf_len;
+#else
+        size_t const in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
+#endif
+        if (payload_end + ssl->badmac_seen_or_in_hsfraglen > ssl->in_buf + in_buf_len) {
+            MBEDTLS_SSL_DEBUG_MSG(1,
+                                  ("Shouldn't happen: no room to move handshake fragment %"
+                                   MBEDTLS_PRINTF_SIZET " from %p to %p (buf=%p len=%"
+                                   MBEDTLS_PRINTF_SIZET ")",
+                                   ssl->in_msglen,
+                                   ssl->in_msg, payload_end,
+                                   ssl->in_buf, in_buf_len));
+            return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+        }
+        memmove(payload_end, ssl->in_msg, ssl->in_msglen);
+
+        ssl->badmac_seen_or_in_hsfraglen += ssl->in_msglen;
+        payload_end += ssl->in_msglen;
+
+        if (ssl->badmac_seen_or_in_hsfraglen < ssl->in_hslen) {
             MBEDTLS_SSL_DEBUG_MSG(3, ("Prepare: waiting for more handshake fragments "
                                       "%u/%" MBEDTLS_PRINTF_SIZET,
                                       ssl->badmac_seen_or_in_hsfraglen, ssl->in_hslen));
-            return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
-        }
-        if (ssl->badmac_seen_or_in_hsfraglen > 0) {
-            /*
-             * At in_first_hdr we have a sequence of records that cover the next handshake
-             * record, each with its own record header that we need to remove.
-             * Note that the reassembled record size may not equal the size of the message,
-             * there may be more messages after it, complete or partial.
-             */
-            unsigned char *in_first_hdr = ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
-            unsigned char *p = in_first_hdr, *q = NULL;
-            size_t merged_rec_len = 0;
-            do {
-                mbedtls_record rec;
-                ret = ssl_parse_record_header(ssl, p, mbedtls_ssl_in_hdr_len(ssl), &rec);
-                if (ret != 0) {
-                    return ret;
-                }
-                merged_rec_len += rec.data_len;
-                p = rec.buf + rec.buf_len;
-                if (q != NULL) {
-                    memmove(q, rec.buf + rec.data_offset, rec.data_len);
-                    q += rec.data_len;
-                } else {
-                    q = p;
-                }
-            } while (merged_rec_len < ssl->in_hslen);
-            ssl->in_hdr = in_first_hdr;
+            ssl->in_hdr = payload_end;
+            ssl->in_msglen = 0;
             mbedtls_ssl_update_in_pointers(ssl);
-            ssl->in_msglen = merged_rec_len;
-            /* Adjust message length. */
-            MBEDTLS_PUT_UINT16_BE(merged_rec_len, ssl->in_len, 0);
+            return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
+        } else {
+            ssl->in_msglen = ssl->badmac_seen_or_in_hsfraglen;
             ssl->badmac_seen_or_in_hsfraglen = 0;
+            ssl->in_hdr = reassembled_record_start;
+            mbedtls_ssl_update_in_pointers(ssl);
+
+            /* Update the record length in the fully reassembled record */
+            if (ssl->in_msglen > 0xffff) {
+                MBEDTLS_SSL_DEBUG_MSG(1,
+                                      ("Shouldn't happen: in_msglen=%"
+                                       MBEDTLS_PRINTF_SIZET " > 0xffff",
+                                       ssl->in_msglen));
+                return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+            }
+            MBEDTLS_PUT_UINT16_BE(ssl->in_msglen, ssl->in_len, 0);
+
             MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record",
-                                  ssl->in_hdr, mbedtls_ssl_in_hdr_len(ssl) + merged_rec_len);
+                                  ssl->in_hdr,
+                                  mbedtls_ssl_in_hdr_len(ssl) + ssl->in_msglen);
         }
-    } else {
-        return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     }
 
     return 0;
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 7704170fe2..301bfc403d 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -34,13 +34,6 @@ class CoverageTask(outcome_analysis.CoverageTask):
                           re.DOTALL)
 
     IGNORED_TESTS = {
-        'handshake-generated': [
-            # Temporary disable Handshake defragmentation tests until mbedtls
-            # pr #10011 has been merged.
-            'Handshake defragmentation on client: len=4, TLS 1.2',
-            'Handshake defragmentation on client: len=5, TLS 1.2',
-            'Handshake defragmentation on client: len=13, TLS 1.2'
-        ],
         'ssl-opt': [
             # We don't run ssl-opt.sh with Valgrind on the CI because
             # it's extremely slow. We don't intend to change this.

From 302f37b05d4950494d8409b5dd0e275d1e76058c Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 25 Feb 2025 23:57:20 +0100
Subject: [PATCH 64/80] Fix dodgy printf calls

Pacify `clang -Wformat-pedantic`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/ssl_msg.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index f80eed7fa4..823b0ccf15 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3383,8 +3383,8 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
                                    MBEDTLS_PRINTF_SIZET " from %p to %p (buf=%p len=%"
                                    MBEDTLS_PRINTF_SIZET ")",
                                    ssl->in_msglen,
-                                   ssl->in_msg, payload_end,
-                                   ssl->in_buf, in_buf_len));
+                                   (void *) ssl->in_msg, (void *) payload_end,
+                                   (void *) ssl->in_buf, in_buf_len));
             return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
         }
         memmove(payload_end, ssl->in_msg, ssl->in_msglen);

From 58c3301f65e078c3080ec6fe9aaf025a560ab6d7 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 4 Mar 2025 10:30:24 +0100
Subject: [PATCH 65/80] Make conversion explicit to silence MSVC warning

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/ssl_msg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 823b0ccf15..436870b518 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3389,7 +3389,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
         }
         memmove(payload_end, ssl->in_msg, ssl->in_msglen);
 
-        ssl->badmac_seen_or_in_hsfraglen += ssl->in_msglen;
+        ssl->badmac_seen_or_in_hsfraglen += (unsigned) ssl->in_msglen;
         payload_end += ssl->in_msglen;
 
         if (ssl->badmac_seen_or_in_hsfraglen < ssl->in_hslen) {

From 7719169ef4d73d18a8e3d4247881dec108c6a324 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 3 Mar 2025 17:53:53 +0100
Subject: [PATCH 66/80] Update framework

Changed log messages and added more tests in
`tests/opt-testcases/handshake-generated.sh`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 framework | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework b/framework
index 4a009d4b3c..8d85112a44 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 4a009d4b3cf6c55a558d90c92c1aa2d1ea2bb99b
+Subproject commit 8d85112a44d052a5d89cb0a135e162384da42584

From 3175fc3be239c9029b32ec9ef87eff7763284890 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 6 Mar 2025 15:15:20 +0100
Subject: [PATCH 67/80] Fix end check before memmove

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/ssl_msg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 436870b518..1dca728a07 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3377,7 +3377,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
 #else
         size_t const in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
 #endif
-        if (payload_end + ssl->badmac_seen_or_in_hsfraglen > ssl->in_buf + in_buf_len) {
+        if (payload_end + ssl->in_msglen > ssl->in_buf + in_buf_len) {
             MBEDTLS_SSL_DEBUG_MSG(1,
                                   ("Shouldn't happen: no room to move handshake fragment %"
                                    MBEDTLS_PRINTF_SIZET " from %p to %p (buf=%p len=%"

From b888cca5b658c2ed95ddd2dbf4fc7c0134ee0e90 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 6 Mar 2025 19:03:00 +0100
Subject: [PATCH 68/80] Fix handshake defragmentation when the record has
 multiple messages

A handshake record may contain multiple handshake messages, or multiple
fragments (there can be the final fragment of a pending message, then zero
or more whole messages, and an initial fragment of an incomplete message).
This was previously untested, but supported, so don't break it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/ssl_msg.c | 43 ++++++++++++++++++++++++-------------------
 1 file changed, 24 insertions(+), 19 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 1dca728a07..6cd0f41377 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3314,6 +3314,15 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
         unsigned char *const payload_start =
             reassembled_record_start + mbedtls_ssl_in_hdr_len(ssl);
         unsigned char *payload_end = payload_start + ssl->badmac_seen_or_in_hsfraglen;
+        /* How many more bytes we want to have a complete handshake message. */
+        const size_t hs_remain = ssl->in_hslen - ssl->badmac_seen_or_in_hsfraglen;
+        /* How many bytes of the current record are part of the first
+         * handshake message. There may be more handshake messages (possibly
+         * incomplete) in the same record; if so, we leave them after the
+         * current record, and ssl_consume_current_message() will take
+         * care of consuming the next handshake message. */
+        const size_t hs_this_fragment_len =
+            ssl->in_msglen > hs_remain ? hs_remain : ssl->in_msglen;
 
         if (ssl->badmac_seen_or_in_hsfraglen != 0) {
             /* We already had a handshake fragment. Prepare to append
@@ -3324,21 +3333,9 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
                                    ssl->in_msglen,
                                    ssl->badmac_seen_or_in_hsfraglen,
                                    ssl->badmac_seen_or_in_hsfraglen +
-                                   (unsigned) ssl->in_msglen,
+                                   (unsigned) hs_this_fragment_len,
                                    ssl->in_hslen));
-
-            const size_t hs_remain = ssl->in_hslen - ssl->badmac_seen_or_in_hsfraglen;
-            if (ssl->in_msglen > hs_remain) {
-                MBEDTLS_SSL_DEBUG_MSG(1, ("Handshake fragment too long: %"
-                                          MBEDTLS_PRINTF_SIZET " but only %"
-                                          MBEDTLS_PRINTF_SIZET " of %"
-                                          MBEDTLS_PRINTF_SIZET " remain",
-                                          ssl->in_msglen,
-                                          hs_remain,
-                                          ssl->in_hslen));
-                return MBEDTLS_ERR_SSL_INVALID_RECORD;
-            }
-        } else if (ssl->in_msglen == ssl->in_hslen) {
+        } else if (hs_this_fragment_len == ssl->in_hslen) {
             /* This is the sole fragment. */
             /* Emit a log message in the same format as when there are
              * multiple fragments, for ease of matching. */
@@ -3348,7 +3345,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
                                    ssl->in_msglen,
                                    ssl->badmac_seen_or_in_hsfraglen,
                                    ssl->badmac_seen_or_in_hsfraglen +
-                                   (unsigned) ssl->in_msglen,
+                                   (unsigned) hs_this_fragment_len,
                                    ssl->in_hslen));
         } else {
             /* This is the first fragment of many. */
@@ -3358,7 +3355,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
                                    ssl->in_msglen,
                                    ssl->badmac_seen_or_in_hsfraglen,
                                    ssl->badmac_seen_or_in_hsfraglen +
-                                   (unsigned) ssl->in_msglen,
+                                   (unsigned) hs_this_fragment_len,
                                    ssl->in_hslen));
         }
 
@@ -3409,16 +3406,24 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
             /* Update the record length in the fully reassembled record */
             if (ssl->in_msglen > 0xffff) {
                 MBEDTLS_SSL_DEBUG_MSG(1,
-                                      ("Shouldn't happen: in_msglen=%"
+                                      ("Shouldn't happen: in_hslen=%"
                                        MBEDTLS_PRINTF_SIZET " > 0xffff",
                                        ssl->in_msglen));
                 return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
             }
             MBEDTLS_PUT_UINT16_BE(ssl->in_msglen, ssl->in_len, 0);
 
+            size_t record_len = mbedtls_ssl_in_hdr_len(ssl) + ssl->in_msglen;
             MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record",
-                                  ssl->in_hdr,
-                                  mbedtls_ssl_in_hdr_len(ssl) + ssl->in_msglen);
+                                  ssl->in_hdr, record_len);
+            if (ssl->in_hslen < ssl->in_msglen) {
+                MBEDTLS_SSL_DEBUG_MSG(3,
+                                      ("More handshake messages in the record: "
+                                       "%" MBEDTLS_PRINTF_SIZET " + "
+                                       "%" MBEDTLS_PRINTF_SIZET,
+                                       ssl->in_hslen,
+                                       ssl->in_msglen - ssl->in_hslen));
+            }
         }
     }
 

From 0a467ccd2435bbf1e67a977e92a7992183a7a3d3 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 6 Mar 2025 19:22:52 +0100
Subject: [PATCH 69/80] Unify handshake fragment log messages

There is no longer any different processing at this point, just
near-identical log messages.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/ssl_msg.c | 47 +++++++++++++----------------------------------
 1 file changed, 13 insertions(+), 34 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 6cd0f41377..b63533d19d 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3324,40 +3324,19 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
         const size_t hs_this_fragment_len =
             ssl->in_msglen > hs_remain ? hs_remain : ssl->in_msglen;
 
-        if (ssl->badmac_seen_or_in_hsfraglen != 0) {
-            /* We already had a handshake fragment. Prepare to append
-             * to the initial segment. */
-            MBEDTLS_SSL_DEBUG_MSG(3,
-                                  ("subsequent handshake fragment: %" MBEDTLS_PRINTF_SIZET
-                                   ", %u..%u of %" MBEDTLS_PRINTF_SIZET,
-                                   ssl->in_msglen,
-                                   ssl->badmac_seen_or_in_hsfraglen,
-                                   ssl->badmac_seen_or_in_hsfraglen +
-                                   (unsigned) hs_this_fragment_len,
-                                   ssl->in_hslen));
-        } else if (hs_this_fragment_len == ssl->in_hslen) {
-            /* This is the sole fragment. */
-            /* Emit a log message in the same format as when there are
-             * multiple fragments, for ease of matching. */
-            MBEDTLS_SSL_DEBUG_MSG(3,
-                                  ("sole handshake fragment: %" MBEDTLS_PRINTF_SIZET
-                                   ", %u..%u of %" MBEDTLS_PRINTF_SIZET,
-                                   ssl->in_msglen,
-                                   ssl->badmac_seen_or_in_hsfraglen,
-                                   ssl->badmac_seen_or_in_hsfraglen +
-                                   (unsigned) hs_this_fragment_len,
-                                   ssl->in_hslen));
-        } else {
-            /* This is the first fragment of many. */
-            MBEDTLS_SSL_DEBUG_MSG(3,
-                                  ("initial handshake fragment: %" MBEDTLS_PRINTF_SIZET
-                                   ", %u..%u of %" MBEDTLS_PRINTF_SIZET,
-                                   ssl->in_msglen,
-                                   ssl->badmac_seen_or_in_hsfraglen,
-                                   ssl->badmac_seen_or_in_hsfraglen +
-                                   (unsigned) hs_this_fragment_len,
-                                   ssl->in_hslen));
-        }
+        MBEDTLS_SSL_DEBUG_MSG(3,
+                              ("%s handshake fragment: %" MBEDTLS_PRINTF_SIZET
+                               ", %u..%u of %" MBEDTLS_PRINTF_SIZET,
+                               (ssl->badmac_seen_or_in_hsfraglen != 0 ?
+                                "subsequent" :
+                                hs_this_fragment_len == ssl->in_hslen ?
+                                "sole" :
+                                "initial"),
+                               ssl->in_msglen,
+                               ssl->badmac_seen_or_in_hsfraglen,
+                               ssl->badmac_seen_or_in_hsfraglen +
+                               (unsigned) hs_this_fragment_len,
+                               ssl->in_hslen));
 
         /* Move the received handshake fragment to have the whole message
          * (at least the part received so far) in a single segment at a

From dee926359ca8d351c97e0a9086aea244fda4f64c Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 6 Mar 2025 21:32:08 +0100
Subject: [PATCH 70/80] Pacify uncrustify

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/ssl_msg.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index b63533d19d..fd3cb2f1d5 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3398,8 +3398,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
             if (ssl->in_hslen < ssl->in_msglen) {
                 MBEDTLS_SSL_DEBUG_MSG(3,
                                       ("More handshake messages in the record: "
-                                       "%" MBEDTLS_PRINTF_SIZET " + "
-                                       "%" MBEDTLS_PRINTF_SIZET,
+                                       "%" MBEDTLS_PRINTF_SIZET " + %" MBEDTLS_PRINTF_SIZET,
                                        ssl->in_hslen,
                                        ssl->in_msglen - ssl->in_hslen));
             }

From 229e200cb4cbbfdc449f711301201c5cf067f161 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 6 Mar 2025 21:30:23 +0100
Subject: [PATCH 71/80] Note unused variables when debugging is disabled

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/ssl_msg.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index fd3cb2f1d5..ef842b06b3 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3323,6 +3323,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
          * care of consuming the next handshake message. */
         const size_t hs_this_fragment_len =
             ssl->in_msglen > hs_remain ? hs_remain : ssl->in_msglen;
+        (void) hs_this_fragment_len;
 
         MBEDTLS_SSL_DEBUG_MSG(3,
                               ("%s handshake fragment: %" MBEDTLS_PRINTF_SIZET
@@ -3393,6 +3394,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
             MBEDTLS_PUT_UINT16_BE(ssl->in_msglen, ssl->in_len, 0);
 
             size_t record_len = mbedtls_ssl_in_hdr_len(ssl) + ssl->in_msglen;
+            (void) record_len;
             MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record",
                                   ssl->in_hdr, record_len);
             if (ssl->in_hslen < ssl->in_msglen) {

From c22e31508677fed2cd41af7bb899a1ef8953f233 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 7 Mar 2025 10:43:39 +0100
Subject: [PATCH 72/80] Fix a log message

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/ssl_msg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index ef842b06b3..0a8f4a3c60 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3386,7 +3386,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
             /* Update the record length in the fully reassembled record */
             if (ssl->in_msglen > 0xffff) {
                 MBEDTLS_SSL_DEBUG_MSG(1,
-                                      ("Shouldn't happen: in_hslen=%"
+                                      ("Shouldn't happen: in_msglen=%"
                                        MBEDTLS_PRINTF_SIZET " > 0xffff",
                                        ssl->in_msglen));
                 return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;

From 8a4ec49671a66c20f09789d0fbee7ee8dcdafcfd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 5 Mar 2025 12:52:18 +0100
Subject: [PATCH 73/80] Cleanly reject non-HS in-between HS fragments
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 library/ssl_msg.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 0a8f4a3c60..4adaf7dc6f 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5148,6 +5148,18 @@ int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
+    /* If we're in the middle of a fragmented TLS handshake message,
+     * we don't accept any other message type. For TLS 1.3, the spec forbids
+     * interleaving other message types between handshake fragments. For TLS
+     * 1.2, the spec does not forbid it but we do. */
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM &&
+        ssl->badmac_seen_or_in_hsfraglen != 0 &&
+        ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("non-handshake message in the middle"
+                                  " of a fragmented handshake message"));
+        return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
+    }
+
     /*
      * Handle particular types of records
      */

From b5ccd32390d6e31388a01979640d7603b6be33ea Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 5 Mar 2025 17:41:59 +0100
Subject: [PATCH 74/80] Document the limitations of TLS handshake message
 defragmentation

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/ssl.h | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 597da2571f..e34e3af6af 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -4449,6 +4449,24 @@ void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf,
  *                 with \c mbedtls_ssl_read()), not handshake messages.
  *                 With DTLS, this affects both ApplicationData and handshake.
  *
+ * \note           Defragmentation of incoming handshake messages in TLS
+ *                 (excluding DTLS) is supported with some limitations:
+ *                 - On an Mbed TLS server that only accepts TLS 1.2,
+ *                   the initial ClientHello message must not be fragmented.
+ *                   A TLS 1.2 ClientHello may be fragmented if the server
+ *                   also accepts TLS 1.3 connections (meaning
+ *                   that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the
+ *                   accepted versions have not been restricted with
+ *                   mbedtls_ssl_conf_max_tls_version() or the like).
+ *                 - A ClientHello message that initiates a renegotiation
+ *                   must not be fragmented.
+ *                 - The first fragment of a handshake message must be
+ *                   at least 4 bytes long.
+ *                 - Non-handshake records must not be interleaved between
+ *                   the fragments of a handshake message. (This is permitted
+ *                   in TLS 1.2 but not in TLS 1.3, but Mbed TLS rejects it
+ *                   even in TLS 1.2.)
+ *
  * \note           This sets the maximum length for a record's payload,
  *                 excluding record overhead that will be added to it, see
  *                 \c mbedtls_ssl_get_record_expansion().

From 1933932e553b53a8844da0a93c1052de5f0d227b Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 5 Mar 2025 17:44:20 +0100
Subject: [PATCH 75/80] Refer to the API documentation for details

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/tls-hs-defrag-in.txt | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt
index 4fd4a4e372..748f95c104 100644
--- a/ChangeLog.d/tls-hs-defrag-in.txt
+++ b/ChangeLog.d/tls-hs-defrag-in.txt
@@ -1,12 +1,7 @@
 Bugfix
-   * Support re-assembly of fragmented handshake messages in TLS, as mandated
-     by the spec. Lack of support was causing handshake failures with some
-     servers, especially with TLS 1.3 in practice (though both protocol
-     version could be affected in principle, and both are fixed now).
-     The initial fragment for each handshake message must be at least 4 bytes.
-
-     Server-side, defragmentation of the ClientHello message is only
-     supported if the server accepts TLS 1.3 (regardless of whether the
-     ClientHello is 1.3 or 1.2). That is, servers configured (either
-     at compile time or at runtime) to only accept TLS 1.2 will
-     still fail the handshake if the ClientHello message is fragmented.
+   * Support re-assembly of fragmented handshake messages in TLS (both
+     1.2 and 1.3). The lack of support was causing handshake failures with
+     some servers, especially with TLS 1.3 in practice. There are a few
+     limitations, notably a fragmented ClientHello is only supported when
+     TLS 1.3 support is enabled. See the documentation of
+     mbedtls_ssl_conf_max_frag_len() for details.

From 494e4943b539c070374d97af6328bdd251133bbc Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 11 Mar 2025 13:45:27 +0100
Subject: [PATCH 76/80] Move the defragmentation documentation to
 mbedtls_ssl_handshake

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/ssl.h | 38 +++++++++++++++++++++-----------------
 1 file changed, 21 insertions(+), 17 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index e34e3af6af..26b1fd4cdd 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -4449,23 +4449,9 @@ void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf,
  *                 with \c mbedtls_ssl_read()), not handshake messages.
  *                 With DTLS, this affects both ApplicationData and handshake.
  *
- * \note           Defragmentation of incoming handshake messages in TLS
- *                 (excluding DTLS) is supported with some limitations:
- *                 - On an Mbed TLS server that only accepts TLS 1.2,
- *                   the initial ClientHello message must not be fragmented.
- *                   A TLS 1.2 ClientHello may be fragmented if the server
- *                   also accepts TLS 1.3 connections (meaning
- *                   that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the
- *                   accepted versions have not been restricted with
- *                   mbedtls_ssl_conf_max_tls_version() or the like).
- *                 - A ClientHello message that initiates a renegotiation
- *                   must not be fragmented.
- *                 - The first fragment of a handshake message must be
- *                   at least 4 bytes long.
- *                 - Non-handshake records must not be interleaved between
- *                   the fragments of a handshake message. (This is permitted
- *                   in TLS 1.2 but not in TLS 1.3, but Mbed TLS rejects it
- *                   even in TLS 1.2.)
+ * \note           Defragmentation of TLS handshake messages is supported
+ *                 with some limitations. See the documentation of
+ *                 mbedtls_ssl_handshake() for details.
  *
  * \note           This sets the maximum length for a record's payload,
  *                 excluding record overhead that will be added to it, see
@@ -4997,6 +4983,24 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
  *                 if a negotiation involving TLS 1.3 takes place (this may
  *                 be the case even if TLS 1.3 is offered but eventually
  *                 not selected).
+ *
+ * \note           Defragmentation of incoming handshake messages in TLS
+ *                 (excluding DTLS) is supported with some limitations:
+ *                 - On an Mbed TLS server that only accepts TLS 1.2,
+ *                   the initial ClientHello message must not be fragmented.
+ *                   A TLS 1.2 ClientHello may be fragmented if the server
+ *                   also accepts TLS 1.3 connections (meaning
+ *                   that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the
+ *                   accepted versions have not been restricted with
+ *                   mbedtls_ssl_conf_max_tls_version() or the like).
+ *                 - A ClientHello message that initiates a renegotiation
+ *                   must not be fragmented.
+ *                 - The first fragment of a handshake message must be
+ *                   at least 4 bytes long.
+ *                 - Non-handshake records must not be interleaved between
+ *                   the fragments of a handshake message. (This is permitted
+ *                   in TLS 1.2 but not in TLS 1.3, but Mbed TLS rejects it
+ *                   even in TLS 1.2.)
  */
 int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl);
 

From c3af2f48c4aa63df3b077a26990ea83c8c6f81b1 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 11 Mar 2025 13:47:14 +0100
Subject: [PATCH 77/80] ClientHello may be fragmented in renegotiation

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/ssl.h | 2 --
 1 file changed, 2 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 26b1fd4cdd..4d2410e778 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -4993,8 +4993,6 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
  *                   that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the
  *                   accepted versions have not been restricted with
  *                   mbedtls_ssl_conf_max_tls_version() or the like).
- *                 - A ClientHello message that initiates a renegotiation
- *                   must not be fragmented.
  *                 - The first fragment of a handshake message must be
  *                   at least 4 bytes long.
  *                 - Non-handshake records must not be interleaved between

From bc0255592fed525ac19459f6bf7f1f68540b680d Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 11 Mar 2025 13:47:49 +0100
Subject: [PATCH 78/80] Clarify DTLS

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/ssl.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 4d2410e778..8fdf6a689d 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -4985,7 +4985,7 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
  *                 not selected).
  *
  * \note           Defragmentation of incoming handshake messages in TLS
- *                 (excluding DTLS) is supported with some limitations:
+ *                 is supported with some limitations:
  *                 - On an Mbed TLS server that only accepts TLS 1.2,
  *                   the initial ClientHello message must not be fragmented.
  *                   A TLS 1.2 ClientHello may be fragmented if the server
@@ -4993,6 +4993,7 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
  *                   that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the
  *                   accepted versions have not been restricted with
  *                   mbedtls_ssl_conf_max_tls_version() or the like).
+ *                   This limitation does not apply to DTLS.
  *                 - The first fragment of a handshake message must be
  *                   at least 4 bytes long.
  *                 - Non-handshake records must not be interleaved between

From 858900656eb36c7ad8b70e9104a7420529bd36ed Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 12 Mar 2025 10:07:33 +0100
Subject: [PATCH 79/80] State globally that the limitations don't apply to DTLS

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/ssl.h | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 8fdf6a689d..97b0dcb380 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -4984,8 +4984,10 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
  *                 be the case even if TLS 1.3 is offered but eventually
  *                 not selected).
  *
- * \note           Defragmentation of incoming handshake messages in TLS
- *                 is supported with some limitations:
+ * \note           In TLS, reception of fragmented handshake messages is
+ *                 supported with some limitations (those limitations do
+ *                 not apply to DTLS, where defragmentation is fully
+ *                 supported):
  *                 - On an Mbed TLS server that only accepts TLS 1.2,
  *                   the initial ClientHello message must not be fragmented.
  *                   A TLS 1.2 ClientHello may be fragmented if the server
@@ -4993,7 +4995,6 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
  *                   that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the
  *                   accepted versions have not been restricted with
  *                   mbedtls_ssl_conf_max_tls_version() or the like).
- *                   This limitation does not apply to DTLS.
  *                 - The first fragment of a handshake message must be
  *                   at least 4 bytes long.
  *                 - Non-handshake records must not be interleaved between

From a7c020d6cbe5fadfe0126e90c077f01223b6e968 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 12 Mar 2025 10:08:14 +0100
Subject: [PATCH 80/80] Update the location of defragmentation limitations

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/tls-hs-defrag-in.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt
index 748f95c104..6bab02a029 100644
--- a/ChangeLog.d/tls-hs-defrag-in.txt
+++ b/ChangeLog.d/tls-hs-defrag-in.txt
@@ -4,4 +4,4 @@ Bugfix
      some servers, especially with TLS 1.3 in practice. There are a few
      limitations, notably a fragmented ClientHello is only supported when
      TLS 1.3 support is enabled. See the documentation of
-     mbedtls_ssl_conf_max_frag_len() for details.
+     mbedtls_ssl_handshake() for details.