From 48aa2deb0bc93737d3dd3fbefa7df059b76ca336 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sun, 9 Feb 2025 23:37:34 +0000 Subject: [PATCH] ssl-opt: Added tls 1.2 tests for HS defragmentation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 221 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 221 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1de5776ecb..f460ccebf1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14470,6 +14470,17 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -c "waiting for more fragments (512 of [0-9]\\+" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -max_send_frag 512 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -c "waiting for more fragments (512 of [0-9]\\+" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14481,6 +14492,17 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -c "waiting for more fragments (513 of [0-9]\\+" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -max_send_frag 513 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -c "waiting for more fragments (513 of [0-9]\\+" + # OpenSSL does not allow max_send_frag to be less than 512 # so we use split_send_frag instead for tests lower than 512 below. @@ -14498,6 +14520,17 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -c "waiting for more fragments (256 of [0-9]\\+" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -c "waiting for more fragments (256 of [0-9]\\+" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14509,6 +14542,17 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -c "waiting for more fragments (128" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -c "waiting for more fragments (128" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14520,6 +14564,17 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -c "waiting for more fragments (64" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -c "waiting for more fragments (64" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14531,6 +14586,17 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -c "waiting for more fragments (36" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -c "waiting for more fragments (36" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14542,6 +14608,17 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -c "waiting for more fragments (32" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -c "waiting for more fragments (32" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14553,6 +14630,17 @@ run_test "Handshake defragmentation on client: len=14, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -c "waiting for more fragments (16" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=14, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -c "waiting for more fragments (16" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14564,6 +14652,17 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -c "waiting for more fragments (13" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -c "waiting for more fragments (13" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14575,6 +14674,17 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -c "waiting for more fragments (5" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14586,6 +14696,17 @@ run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -s "waiting for more fragments (512" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -s "waiting for more fragments (512" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14597,6 +14718,17 @@ run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -s "waiting for more fragments (513" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -s "waiting for more fragments (513" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14608,6 +14740,18 @@ run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -s "waiting for more fragments (256" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -s "waiting for more fragments (256" + + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14619,6 +14763,17 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -s "waiting for more fragments (128" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=128, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -s "waiting for more fragments (128" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14630,6 +14785,17 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -s "waiting for more fragments (64" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=64, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -s "waiting for more fragments (64" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14641,6 +14807,17 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -s "waiting for more fragments (36" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=36, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -s "waiting for more fragments (36" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14652,6 +14829,17 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -s "waiting for more fragments (32" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=32, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -s "waiting for more fragments (32" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14663,6 +14851,17 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -s "waiting for more fragments (16" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=16, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -s "waiting for more fragments (16" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14674,6 +14873,17 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -s "waiting for more fragments (13" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=13, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -s "waiting for more fragments (13" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14685,6 +14895,17 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -s "waiting for more fragments (5" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=5, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -s "waiting for more fragments (5" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG