TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10576 from ronald-cron-arm/dtls-client-hello-defragmentation

Browse Source 
Add support for (D)TLS 1.2 client hello defragmentation
This commit is contained in:
Ronald Cron
2026-03-10 14:46:07 +00:00
committed by GitHub
parent 11d1f51631 09210ea54f
commit b5749b88f6
11 changed files with 530 additions and 241 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog.d/dtls-client-hello-defragmentation.txt Normal file
View File

@@ -0,0 +1,5 @@
Bugfix
* Support re-assembly of fragmented DTLS 1.2 ClientHello in Mbed TLS server.
* Support re-assembly of fragmented TLS 1.2 ClientHello in Mbed TLS server
even if TLS 1.3 support is disabled. This removes the main limitation on
support for re-assembly of fragmented handshake messages in TLS 1.2.

7
include/mbedtls/ssl.h
View File

@@ -4788,13 +4788,6 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
* supported with some limitations (those limitations do * supported with some limitations (those limitations do
* not apply to DTLS, where defragmentation is fully * not apply to DTLS, where defragmentation is fully
* supported): * supported):
* - On an Mbed TLS server that only accepts TLS 1.2,
* the initial ClientHello message must not be fragmented.
* A TLS 1.2 ClientHello may be fragmented if the server
* also accepts TLS 1.3 connections (meaning
* that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the
* accepted versions have not been restricted with
* mbedtls_ssl_conf_max_tls_version() or the like).
* - The first fragment of a handshake message must be * - The first fragment of a handshake message must be
* at least 4 bytes long. * at least 4 bytes long.
* - Non-handshake records must not be interleaved between * - Non-handshake records must not be interleaved between

55
library/ssl_msg.c
View File

@@ -2967,6 +2967,49 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
return MBEDTLS_ERR_SSL_INVALID_RECORD; return MBEDTLS_ERR_SSL_INVALID_RECORD;
} }
if (ssl->in_msg[0] == MBEDTLS_SSL_HS_CLIENT_HELLO &&
ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
if (ssl->state == MBEDTLS_SSL_CLIENT_HELLO
#if defined(MBEDTLS_SSL_RENEGOTIATION)
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
#endif
) {
/*
* When establishing the connection, the client may go through
* a series of ClientHello and HelloVerifyRequest requests and
* responses. The server intentionally does not keep trace of
* these initial round trips: minimum allocated ressources as
* long as the reachability of the client has not been
* confirmed. When receiving the "first ClientHello" from
* server perspective, we may thus need to adapt the next
* expected `message_seq` for the incoming and outgoing
* handshake messages.
*/
ssl->handshake->in_msg_seq = recv_msg_seq;
ssl->handshake->out_msg_seq = recv_msg_seq;
/* Epoch should be 0 for initial handshakes */
if (ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
}
memcpy(&ssl->cur_out_ctr[2], ssl->in_ctr + 2,
sizeof(ssl->cur_out_ctr) - 2);
} else if (mbedtls_ssl_is_handshake_over(ssl) == 1) {
/* In case of a post-handshake ClientHello that initiates a
* renegotiation check that the handshake message sequence
* number is zero.
*/
if (recv_msg_seq != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message_seq: "
"%u (expected 0)",
recv_msg_seq));
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
}
}
if (ssl->handshake != NULL && if (ssl->handshake != NULL &&
((mbedtls_ssl_is_handshake_over(ssl) == 0 && ((mbedtls_ssl_is_handshake_over(ssl) == 0 &&
recv_msg_seq != ssl->handshake->in_msg_seq) || recv_msg_seq != ssl->handshake->in_msg_seq) ||
@@ -4843,14 +4886,9 @@ static int ssl_get_next_record(mbedtls_ssl_context *ssl)
/* The record content type may change during decryption, /* The record content type may change during decryption,
* so re-read it. */ * so re-read it. */
ssl->in_msgtype = rec.type; ssl->in_msgtype = rec.type;
/* Also update the input buffer, because unfortunately
* the server-side ssl_parse_client_hello() reparses the
* record header when receiving a ClientHello initiating
* a renegotiation. */
ssl->in_hdr[0] = rec.type;
ssl->in_msg = rec.buf + rec.data_offset; ssl->in_msg = rec.buf + rec.data_offset;
ssl->in_msglen = rec.data_len; ssl->in_msglen = rec.data_len;
MBEDTLS_PUT_UINT16_BE(rec.data_len, ssl->in_len, 0);
return 0; return 0;
} }
@@ -5504,6 +5542,11 @@ static int ssl_tls12_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl)
ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
} }
#endif #endif
/* Keep the ClientHello message for ssl_parse_client_hello() */
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
ssl->keep_current_message = 1;
}
ret = mbedtls_ssl_start_renegotiation(ssl); ret = mbedtls_ssl_start_renegotiation(ssl);
if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
ret != 0) { ret != 0) {

7
library/ssl_tls.c
View File

@@ -2892,13 +2892,6 @@ size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl)
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
size_t mbedtls_ssl_get_current_mtu(const mbedtls_ssl_context *ssl) size_t mbedtls_ssl_get_current_mtu(const mbedtls_ssl_context *ssl)
{ {
/* Return unlimited mtu for client hello messages to avoid fragmentation. */
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
(ssl->state == MBEDTLS_SSL_CLIENT_HELLO ||
ssl->state == MBEDTLS_SSL_SERVER_HELLO)) {
return 0;
}
if (ssl->handshake == NULL || ssl->handshake->mtu == 0) { if (ssl->handshake == NULL || ssl->handshake->mtu == 0) {
return ssl->mtu; return ssl->mtu;
} }

196
library/ssl_tls12_server.c
View File

@@ -869,131 +869,35 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl)
MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client hello")); MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client hello"));
int renegotiating;
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
read_record_header:
#endif
/* /*
* If renegotiating, then the input was read with mbedtls_ssl_read_record(), * Fetch the expected ClientHello handshake message. Do not ask
* otherwise read it ourselves manually in order to support SSLv2 * mbedtls_ssl_read_record() to update the handshake digest, because the
* ClientHello, which doesn't use the same record layer format. * ClientHello may already have been read in ssl_tls13_process_client_hello()
* Otherwise in a scenario of TLS 1.3/TLS 1.2 version negotiation, the * or as a post-handshake message (renegotiation). In those cases we need
* ClientHello has been already fully fetched by the TLS 1.3 code and the * to update the digest ourselves, and it is simpler to do so
* flag ssl->keep_current_message is raised. * unconditionally than to track whether it is needed.
*/ */
renegotiating = 0; if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) {
#if defined(MBEDTLS_SSL_RENEGOTIATION) MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record ", ret);
renegotiating = (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE); return ret;
#endif
if (!renegotiating && !ssl->keep_current_message) {
if ((ret = mbedtls_ssl_fetch_input(ssl, 5)) != 0) {
/* No alert on a read error. */
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret);
return ret;
}
} }
buf = ssl->in_hdr;
MBEDTLS_SSL_DEBUG_BUF(4, "record header", buf, mbedtls_ssl_in_hdr_len(ssl));
/* /*
* TLS Client Hello * Update the handshake checksum.
* *
* Record layer: * Note that the checksum must be updated before parsing the extensions
* 0 . 0 message type * because ssl_parse_session_ticket_ext() may decrypt the ticket in place
* 1 . 2 protocol version * and therefore modify the ClientHello message. This occurs when using
* 3 . 11 DTLS: epoch + record sequence number * the Mbed TLS ssl_ticket.c implementation.
* 3 . 4 message length
*/ */
MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, message type: %d", ret = mbedtls_ssl_update_handshake_status(ssl);
buf[0])); if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_update_handshake_status"), ret);
if (buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE) { return ret;
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
}
MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, message len.: %d",
MBEDTLS_GET_UINT16_BE(ssl->in_len, 0)));
MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, protocol version: [%d:%d]",
buf[1], buf[2]));
/* For DTLS if this is the initial handshake, remember the client sequence
* number to use it in our next message (RFC 6347 4.2.1) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM
#if defined(MBEDTLS_SSL_RENEGOTIATION)
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
#endif
) {
/* Epoch should be 0 for initial handshakes */
if (ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
}
memcpy(&ssl->cur_out_ctr[2], ssl->in_ctr + 2,
sizeof(ssl->cur_out_ctr) - 2);
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
if (mbedtls_ssl_dtls_replay_check(ssl) != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("replayed record, discarding"));
ssl->next_record_offset = 0;
ssl->in_left = 0;
goto read_record_header;
}
/* No MAC to check yet, so we can update right now */
mbedtls_ssl_dtls_replay_update(ssl);
#endif
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
msg_len = MBEDTLS_GET_UINT16_BE(ssl->in_len, 0);
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
/* Set by mbedtls_ssl_read_record() */
msg_len = ssl->in_hslen;
} else
#endif
{
if (ssl->keep_current_message) {
ssl->keep_current_message = 0;
} else {
if (msg_len > MBEDTLS_SSL_IN_CONTENT_LEN) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
}
if ((ret = mbedtls_ssl_fetch_input(ssl,
mbedtls_ssl_in_hdr_len(ssl) + msg_len)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret);
return ret;
}
/* Done reading this record, get ready for the next one */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len(ssl);
} else
#endif
ssl->in_left = 0;
}
} }
buf = ssl->in_msg; buf = ssl->in_msg;
msg_len = ssl->in_hslen;
MBEDTLS_SSL_DEBUG_BUF(4, "record contents", buf, msg_len);
ret = ssl->handshake->update_checksum(ssl, buf, msg_len);
if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
return ret;
}
/* /*
* Handshake layer: * Handshake layer:
@@ -1003,64 +907,12 @@ read_record_header:
* 6 . 8 DTLS only: fragment offset * 6 . 8 DTLS only: fragment offset
* 9 . 11 DTLS only: fragment length * 9 . 11 DTLS only: fragment length
*/ */
if (msg_len < mbedtls_ssl_hs_hdr_len(ssl)) { if ((ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) ||
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); (buf[0] != MBEDTLS_SSL_HS_CLIENT_HELLO)) {
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake type: %d", buf[0]));
if (buf[0] != MBEDTLS_SSL_HS_CLIENT_HELLO) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
} }
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
/*
* Copy the client's handshake message_seq on initial handshakes,
* check sequence number on renego.
*/
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
/* This couldn't be done in ssl_prepare_handshake_record() */
unsigned int cli_msg_seq = (unsigned int) MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4);
if (cli_msg_seq != ssl->handshake->in_msg_seq) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message_seq: "
"%u (expected %u)", cli_msg_seq,
ssl->handshake->in_msg_seq));
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
ssl->handshake->in_msg_seq++;
} else
#endif
{
unsigned int cli_msg_seq = (unsigned int) MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4);
ssl->handshake->out_msg_seq = cli_msg_seq;
ssl->handshake->in_msg_seq = cli_msg_seq + 1;
}
{
/*
* For now we don't support fragmentation, so make sure
* fragment_offset == 0 and fragment_length == length
*/
size_t fragment_offset, fragment_length, length;
fragment_offset = MBEDTLS_GET_UINT24_BE(ssl->in_msg, 6);
fragment_length = MBEDTLS_GET_UINT24_BE(ssl->in_msg, 9);
length = MBEDTLS_GET_UINT24_BE(ssl->in_msg, 1);
MBEDTLS_SSL_DEBUG_MSG(
4, ("fragment_offset=%u fragment_length=%u length=%u",
(unsigned) fragment_offset, (unsigned) fragment_length,
(unsigned) length));
if (fragment_offset != 0 || length != fragment_length) {
MBEDTLS_SSL_DEBUG_MSG(1, ("ClientHello fragmentation not supported"));
return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
}
}
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
buf += mbedtls_ssl_hs_hdr_len(ssl); buf += mbedtls_ssl_hs_hdr_len(ssl);
msg_len -= mbedtls_ssl_hs_hdr_len(ssl); msg_len -= mbedtls_ssl_hs_hdr_len(ssl);
@@ -1390,7 +1242,11 @@ read_record_header:
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
case MBEDTLS_TLS_EXT_SESSION_TICKET: case MBEDTLS_TLS_EXT_SESSION_TICKET:
MBEDTLS_SSL_DEBUG_MSG(3, ("found session ticket extension")); MBEDTLS_SSL_DEBUG_MSG(3, ("found session ticket extension"));
/*
* If the Mbed TLS ssl_ticket.c implementation is used, the
* ticket is decrypted in place. This modifies the ClientHello
* message in the input buffer.
*/
ret = ssl_parse_session_ticket_ext(ssl, ext + 4, ext_size); ret = ssl_parse_session_ticket_ext(ssl, ext + 4, ext_size);
if (ret != 0) { if (ret != 0) {
return ret; return ret;

50
programs/ssl/ssl_server2.c
View File

@@ -4131,7 +4131,55 @@ close_notify:
} while (ret == MBEDTLS_ERR_SSL_WANT_WRITE); } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE);
ret = 0; ret = 0;
mbedtls_printf(" done\n"); /*
* In the DTLS case, attempt to read a possible response to the close
* notification. This avoids reconnecting to the same client when we
* reset and later receive its close-notification response during
* step 3 (waiting for a client to connect).
*
* Stop waiting for the response if the connection has already ended.
*
* The waiting loop below relies on mbedtls_ssl_read() returning regularly
* in order to keep the total waiting time approximately bounded to 1s. If
* no read timeout is configured (see the read_timeout option), or if the
* configured timeout is close to or larger than 1s, the total waiting time
* may exceed 1s by a significant margin.
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_HAVE_TIME)
if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
mbedtls_ms_time_t start = mbedtls_ms_time();
for (;;) {
ret = mbedtls_ssl_read(&ssl, buf, opt.buffer_size);
/*
* mbedtls_ssl_read() returned some data or timed out, loop if we
* have not spent already too much time, quite arbitrarily 1s.
*/
if ((ret > 0) || (ret == MBEDTLS_ERR_SSL_TIMEOUT)) {
if ((mbedtls_ms_time() - start) < 1000) {
continue;
}
}
if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
mbedtls_printf(" done, received client close notification.\n");
} else {
/* ret = 0, silent transport EOF or ret < 0 except
* MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY. Note that we do not
* handle specifically the non-fatal error codes like
* MBEDTLS_ERR_SSL_WANT_READ as we do not really expect them
* here.
*/
mbedtls_printf(" done\n");
}
break;
}
ret = 0;
} else
#endif /* MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_HAVE_TIME */
{
mbedtls_printf(" done\n");
}
fflush(stdout);
#if defined(MBEDTLS_SSL_CACHE_C) #if defined(MBEDTLS_SSL_CACHE_C)
if (opt.cache_remove > 0) { if (opt.cache_remove > 0) {

3
scripts/generate_tls_handshake_tests.py
View File

@@ -6,12 +6,9 @@ Generate miscellaneous TLS test cases relating to the handshake.
# Copyright The Mbed TLS Contributors # Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
import sys
import framework_scripts_path # pylint: disable=unused-import import framework_scripts_path # pylint: disable=unused-import
from mbedtls_framework import tls_handshake_tests from mbedtls_framework import tls_handshake_tests
if __name__ == '__main__': if __name__ == '__main__':
sys.argv[1:1] = ["--no-tls12-client-hello-defragmentation-support"]
tls_handshake_tests.main() tls_handshake_tests.main()

1
tests/compat.sh
View File

@@ -557,6 +557,7 @@ setup_arguments()
# with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes
if is_dtls "$MODE"; then if is_dtls "$MODE"; then
O_SERVER_ARGS="$O_SERVER_ARGS" O_SERVER_ARGS="$O_SERVER_ARGS"
M_SERVER_ARGS="$M_SERVER_ARGS read_timeout=1000"
else else
O_SERVER_ARGS="$O_SERVER_ARGS -www" O_SERVER_ARGS="$O_SERVER_ARGS -www"
fi fi

2
tests/scripts/analyze_outcomes.py
View File

@@ -43,7 +43,7 @@ class CoverageTask(outcome_analysis.CoverageTask):
'DTLS cookie: enabled, IPv6', 'DTLS cookie: enabled, IPv6',
# Disabled due to OpenSSL bug. # Disabled due to OpenSSL bug.
# https://github.com/openssl/openssl/issues/18887 # https://github.com/openssl/openssl/issues/18887
'DTLS fragmenting: 3d, openssl client, DTLS 1.2', 'DTLS fragmenting: 3d, MTU=512, openssl client, DTLS 1.2',
# We don't run ssl-opt.sh with Valgrind on the CI because # We don't run ssl-opt.sh with Valgrind on the CI because
# it's extremely slow. We don't intend to change this. # it's extremely slow. We don't intend to change this.
'DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)', 'DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)',

1
tests/scripts/components-configuration-tls.sh
View File

@@ -165,6 +165,7 @@ component_test_tls1_2_ccm_psk_dtls () {
msg "build: configs/config-ccm-psk-dtls1_2.h" msg "build: configs/config-ccm-psk-dtls1_2.h"
MBEDTLS_CONFIG="configs/config-ccm-psk-dtls1_2.h" MBEDTLS_CONFIG="configs/config-ccm-psk-dtls1_2.h"
CRYPTO_CONFIG="configs/crypto-config-ccm-psk-tls1_2.h" CRYPTO_CONFIG="configs/crypto-config-ccm-psk-tls1_2.h"
tf-psa-crypto/scripts/config.py -f "$CRYPTO_CONFIG" set MBEDTLS_HAVE_TIME
CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
make make

444
tests/ssl-opt.sh
View File

@@ -9931,7 +9931,7 @@ run_test "DTLS reassembly: more fragmentation (gnutls server)" \
requires_gnutls requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \
"$G_SRV -u --mtu 128" \ "$G_SRV -u --mtu 109" \
"$P_CLI dtls=1 nbio=2 debug_level=2" \ "$P_CLI dtls=1 nbio=2 debug_level=2" \
0 \ 0 \
-c "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \
@@ -9943,7 +9943,7 @@ requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \
"$G_SRV -u --mtu 256" \ "$G_SRV -u --mtu 241" \
"$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \ "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \
0 \ 0 \
-c "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \
@@ -9971,6 +9971,52 @@ run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \
-C "error" \ -C "error" \
-s "Extra-header:" -s "Extra-header:"
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: no fragmentation (gnutls client)" \
"$P_SRV debug_level=2 dtls=1" \
"$G_NEXT_CLI -u --mtu 2048 --insecure 127.0.0.1" \
0 \
-S "found fragmented DTLS handshake message" \
-S "error"
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: some fragmentation (gnutls client)" \
"$P_SRV debug_level=2 dtls=1 auth_mode=required" \
"$G_NEXT_CLI -u --mtu 211 --insecure 127.0.0.1 --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key" \
0 \
-s "found fragmented DTLS handshake message" \
-s "Certificate handshake message has been buffered and reassembled" \
-S "error"
# Set the MTU to 128 bytes. The minimum size of a DTLS 1.2 record
# containing a ClientHello handshake message is 69 bytes, without any cookie,
# ciphersuite, or extension. With an MTU of 128 bytes, the ClientHello handshake
# message is therefore very likely to be fragmented, regardless of the
# GnuTLS client version. For example, the ClientHello sent by the GnuTLS 3.7.2
# client is 206 bytes in this test.
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: more fragmentation (gnutls client)" \
"$P_SRV debug_level=2 dtls=1" \
"$G_NEXT_CLI -u --mtu 103 --insecure 127.0.0.1" \
0 \
-s "ClientHello handshake message has been buffered and reassembled" \
-S "error"
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: more fragmentation, nbio (gnutls client)" \
"$P_SRV debug_level=2 dtls=1 nbio=2" \
"$G_NEXT_CLI -u --mtu 103 --insecure 127.0.0.1" \
0 \
-s "ClientHello handshake message has been buffered and reassembled" \
-S "error"
# No fragmentation and renegotiation tests with GnuTLS client as the feature
# does not work properly.
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: no fragmentation (openssl server)" \ run_test "DTLS reassembly: no fragmentation (openssl server)" \
"$O_SRV -dtls -mtu 2048" \ "$O_SRV -dtls -mtu 2048" \
@@ -9994,13 +10040,45 @@ run_test "DTLS reassembly: fragmentation (openssl server)" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \
"$O_SRV -dtls -mtu 256" \ "$O_SRV -dtls -mtu 273" \
"$P_CLI dtls=1 nbio=2 debug_level=2" \ "$P_CLI dtls=1 nbio=2 debug_level=2" \
0 \ 0 \
-c "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \
-c "Certificate handshake message has been buffered and reassembled" \ -c "Certificate handshake message has been buffered and reassembled" \
-C "error" -C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: no fragmentation (openssl client)" \
"$P_SRV debug_level=2 dtls=1 auth_mode=required" \
"$O_NEXT_CLI -dtls -mtu 2048 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-S "found fragmented DTLS handshake message" \
-S "error"
# Minimum possible MTU for OpenSSL server: 256 bytes.
# We expect the client Certificate handshake message to be fragmented and
# verify that this is the case. With OpenSSL 3.0.13, the ClientHello handshake
# message is 224 bytes and also fragmented. However, it may not hold across
# OpenSSL version updates. Therefore, we do not verify that the ClientHello is
# reassembled by the server.
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: some fragmentation (openssl client)" \
"$P_SRV debug_level=2 dtls=1 auth_mode=required" \
"$O_NEXT_CLI -dtls -mtu 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "found fragmented DTLS handshake message" \
-s "Certificate handshake message has been buffered and reassembled" \
-S "error"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: fragmentation, nbio (openssl client)" \
"$P_SRV debug_level=2 dtls=1 auth_mode=required nbio=2" \
"$O_NEXT_CLI -dtls -mtu 269 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "found fragmented DTLS handshake message" \
-s "Certificate handshake message has been buffered and reassembled" \
-S "error"
# Tests for sending fragmented handshake messages with DTLS # Tests for sending fragmented handshake messages with DTLS
# #
# Use client auth when we need the client to send large messages, # Use client auth when we need the client to send large messages,
@@ -10242,20 +10320,20 @@ run_test "DTLS fragmenting: server (MTU)" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048 requires_max_content_len 1038
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: both (MTU=1024)" \ run_test "DTLS fragmenting: both (MTU=1038)" \
-p "$P_PXY mtu=1024" \ -p "$P_PXY mtu=1038" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=2500-60000 \ hs_timeout=2500-60000 \
mtu=1024" \ mtu=1038" \
"$P_CLI dtls=1 debug_level=2 \ "$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=2500-60000 \ hs_timeout=2500-60000 \
mtu=1024" \ mtu=1038" \
0 \ 0 \
-s "found fragmented DTLS handshake message" \ -s "found fragmented DTLS handshake message" \
-c "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \
@@ -10265,25 +10343,108 @@ run_test "DTLS fragmenting: both (MTU=1024)" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_hash_alg SHA_256 requires_hash_alg SHA_256
requires_max_content_len 2048 requires_max_content_len 509
run_test "DTLS fragmenting: both (MTU=512)" \ run_test "DTLS fragmenting: both (MTU=509)" \
-p "$P_PXY mtu=512" \ -p "$P_PXY mtu=509" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=2500-60000 \ hs_timeout=2500-60000 \
mtu=512" \ mtu=509" \
"$P_CLI dtls=1 debug_level=2 \ "$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \ key_file=$DATA_FILES_PATH/server8.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
hs_timeout=2500-60000 \ hs_timeout=2500-60000 \
mtu=512" \ mtu=509" \
0 \ 0 \
-s "found fragmented DTLS handshake message" \ -s "found fragmented DTLS handshake message" \
-c "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \
-C "error" -C "error"
# Depending on the ciphersuite selected to encrypt the application data, the
# maximum application data payload per record may be small with an MTU of 128.
# For example, with TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, this maximum is
# 35 bytes. We therefore reduce the size of the client request and the server
# response in this test and the two following tests.
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_max_content_len 128
run_test "DTLS fragmenting: both (MTU=128)" \
-p "$P_PXY mtu=128" \
"$P_SRV dtls=1 debug_level=5 auth_mode=required \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \
response_size=8 \
hs_timeout=2500-60000 \
mtu=128" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
request_size=8 \
hs_timeout=2500-60000 \
mtu=128" \
0 \
-s "found fragmented DTLS handshake message" \
-s "fragmenting Certificate handshake message" \
-s "fragmenting ServerKeyExchange handshake message" \
-c "found fragmented DTLS handshake message" \
-c "fragmenting ClientHello handshake message" \
-c "fragmenting Certificate handshake message" \
-c "fragmenting CertificateVerify handshake message" \
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_max_content_len 2048
run_test "DTLS fragmenting: both (MTU=107)" \
-p "$P_PXY mtu=107" \
"$P_SRV dtls=1 debug_level=5 auth_mode=required \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \
response_size=8 \
hs_timeout=2500-60000 \
mtu=107" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
request_size=8 \
hs_timeout=2500-60000 \
mtu=107" \
0 \
-s "found fragmented DTLS handshake message" \
-s "fragmenting Certificate handshake message" \
-s "fragmenting ServerKeyExchange handshake message" \
-c "found fragmented DTLS handshake message" \
-c "fragmenting ClientHello handshake message" \
-c "fragmenting Certificate handshake message" \
-c "fragmenting CertificateVerify handshake message" \
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_max_content_len 2048
run_test "DTLS fragmenting: both (MTU=133)" \
-p "$P_PXY mtu=133" \
"$P_SRV dtls=1 debug_level=5 auth_mode=required \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \
response_size=8 \
hs_timeout=2500-60000 \
mtu=133" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
request_size=8 \
hs_timeout=2500-60000 \
mtu=133" \
0 \
-s "found fragmented DTLS handshake message" \
-s "fragmenting Certificate handshake message" \
-s "fragmenting ServerKeyExchange handshake message" \
-c "found fragmented DTLS handshake message" \
-c "fragmenting ClientHello handshake message" \
-c "fragmenting Certificate handshake message" \
-c "fragmenting CertificateVerify handshake message" \
-C "error"
# Test for automatic MTU reduction on repeated resend. # Test for automatic MTU reduction on repeated resend.
# Forcing ciphersuite for this test to fit the MTU of 508 with full config. # Forcing ciphersuite for this test to fit the MTU of 508 with full config.
# The ratio of max/min timeout should ideally equal 4 to accept two # The ratio of max/min timeout should ideally equal 4 to accept two
@@ -10337,7 +10498,7 @@ run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \
not_with_valgrind # spurious autoreduction due to timeout not_with_valgrind # spurious autoreduction due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048 requires_max_content_len 1024
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \
-p "$P_PXY mtu=1024" \ -p "$P_PXY mtu=1024" \
@@ -10364,7 +10525,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \
not_with_valgrind # spurious autoreduction due to timeout not_with_valgrind # spurious autoreduction due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048 requires_max_content_len 512
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \
-p "$P_PXY mtu=512" \ -p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -10387,7 +10548,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \
not_with_valgrind # spurious autoreduction due to timeout not_with_valgrind # spurious autoreduction due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048 requires_max_content_len 1024
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \
-p "$P_PXY mtu=1024" \ -p "$P_PXY mtu=1024" \
@@ -10411,7 +10572,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \
not_with_valgrind # spurious autoreduction due to timeout not_with_valgrind # spurious autoreduction due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048 requires_max_content_len 512
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \
-p "$P_PXY mtu=512" \ -p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -10444,7 +10605,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \
not_with_valgrind # spurious autoreduction due to timeout not_with_valgrind # spurious autoreduction due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048 requires_max_content_len 1450
run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
-p "$P_PXY mtu=1450" \ -p "$P_PXY mtu=1450" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -10471,7 +10632,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_hash_alg SHA_256 requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_max_content_len 2048 requires_max_content_len 512
run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
-p "$P_PXY mtu=512" \ -p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -10500,7 +10661,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_hash_alg SHA_256 requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_max_content_len 2048 requires_max_content_len 512
run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \
-p "$P_PXY mtu=512" \ -p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -10529,7 +10690,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_hash_alg SHA_256 requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_max_content_len 2048 requires_max_content_len 1024
run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \
-p "$P_PXY mtu=1024" \ -p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -10559,7 +10720,7 @@ requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_hash_alg SHA_256 requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC
requires_max_content_len 2048 requires_max_content_len 1024
run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
-p "$P_PXY mtu=1024" \ -p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -10588,7 +10749,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_hash_alg SHA_256 requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_max_content_len 2048 requires_max_content_len 1024
run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
-p "$P_PXY mtu=1024" \ -p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -10614,7 +10775,7 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 2 client_needs_more_time 2
requires_max_content_len 2048 requires_max_content_len 512
run_test "DTLS fragmenting: proxy MTU + 3d" \ run_test "DTLS fragmenting: proxy MTU + 3d" \
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
"$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \ "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \
@@ -10635,7 +10796,7 @@ run_test "DTLS fragmenting: proxy MTU + 3d" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 2 client_needs_more_time 2
requires_max_content_len 2048 requires_max_content_len 512
run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -10660,16 +10821,32 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_gnutls requires_gnutls
requires_max_content_len 2048 requires_max_content_len 2048
run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ run_test "DTLS fragmenting: MTU=501, gnutls server, DTLS 1.2" \
"$G_SRV -u" \ "$G_SRV -u" \
"$P_CLI dtls=1 debug_level=2 \ "$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \ key_file=$DATA_FILES_PATH/server8.key \
mtu=512 force_version=dtls12" \ mtu=501 force_version=dtls12" \
0 \ 0 \
-c "fragmenting Certificate handshake message" \ -c "fragmenting Certificate handshake message" \
-C "error" -C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_gnutls
requires_max_content_len 2048
run_test "DTLS fragmenting: MTU=110, gnutls server, DTLS 1.2" \
"$G_NEXT_SRV -u" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
request_size=35 \
mtu=110 force_version=dtls12" \
0 \
-c "fragmenting ClientHello handshake message" \
-c "fragmenting Certificate handshake message" \
-C "error"
# We use --insecure for the GnuTLS client because it expects # We use --insecure for the GnuTLS client because it expects
# the hostname / IP it connects to to be the name used in the # the hostname / IP it connects to to be the name used in the
# certificate obtained from the server. Here, however, it # certificate obtained from the server. Here, however, it
@@ -10682,11 +10859,25 @@ requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_gnutls requires_gnutls
requires_not_i686 requires_not_i686
requires_max_content_len 2048 requires_max_content_len 2048
run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ run_test "DTLS fragmenting: MTU=536, gnutls client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \ "$P_SRV dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \ key_file=$DATA_FILES_PATH/server7.key \
mtu=512 force_version=dtls12" \ mtu=536 force_version=dtls12" \
"$G_CLI -u --insecure 127.0.0.1" \
0 \
-s "fragmenting Certificate handshake message"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_gnutls
requires_not_i686
requires_max_content_len 2048
run_test "DTLS fragmenting: MTU=149, gnutls client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \
mtu=149 force_version=dtls12" \
"$G_CLI -u --insecure 127.0.0.1" \ "$G_CLI -u --insecure 127.0.0.1" \
0 \ 0 \
-s "fragmenting Certificate handshake message" -s "fragmenting Certificate handshake message"
@@ -10694,20 +10885,39 @@ run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048 requires_max_content_len 2048
run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ run_test "DTLS fragmenting: MTU=525, openssl server, DTLS 1.2" \
"$O_SRV -dtls1_2 -verify 10" \ "$O_SRV -dtls1_2 -verify 10" \
"$P_CLI dtls=1 debug_level=2 \ "$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \ key_file=$DATA_FILES_PATH/server8.key \
mtu=512 force_version=dtls12" \ mtu=525 force_version=dtls12" \
0 \ 0 \
-c "fragmenting Certificate handshake message" \ -c "fragmenting Certificate handshake message" \
-C "error" -C "error"
# Depending on the ciphersuite selected to encrypt the application data, the
# maximum application data payload per record may be small with an MTU of 128.
# For example, with TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, this maximum is
# 35 bytes. We therefore reduce the size of the client request in this test.
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048
run_test "DTLS fragmenting: MTU=130, openssl server, DTLS 1.2" \
"$O_NEXT_SRV -dtls1_2 -verify 10" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
request_size=8 \
mtu=130 force_version=dtls12" \
0 \
-c "fragmenting ClientHello handshake message" \
-c "fragmenting Certificate handshake message" \
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048 requires_max_content_len 2048
run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ run_test "DTLS fragmenting: MTU=512, openssl client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \ "$P_SRV dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \ key_file=$DATA_FILES_PATH/server7.key \
@@ -10716,6 +10926,18 @@ run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
0 \ 0 \
-s "fragmenting Certificate handshake message" -s "fragmenting Certificate handshake message"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048
run_test "DTLS fragmenting: MTU=131, openssl client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \
mtu=131 force_version=dtls12" \
"$O_CLI -dtls1_2" \
0 \
-s "fragmenting Certificate handshake message"
# interop tests for DTLS fragmentating with unreliable connection # interop tests for DTLS fragmentating with unreliable connection
# #
# again we just want to test that the we fragment in a way that # again we just want to test that the we fragment in a way that
@@ -10725,28 +10947,61 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 4 client_needs_more_time 4
requires_max_content_len 2048 requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ run_test "DTLS fragmenting: 3d, MTU=434, gnutls server, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \
"$G_NEXT_SRV -u" \ "$G_NEXT_SRV -u" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \ hs_timeout=250-60000 mtu=434 force_version=dtls12" \
0 \ 0 \
-c "fragmenting Certificate handshake message" \ -c "fragmenting Certificate handshake message" \
-C "error" -C "error"
requires_gnutls_next
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 6
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, MTU=103, gnutls server, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$G_NEXT_SRV -u" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
request_size=35 \
hs_timeout=250-60000 mtu=103 force_version=dtls12" \
0 \
-c "fragmenting ClientHello handshake message" \
-c "fragmenting Certificate handshake message" \
-C "error"
requires_gnutls_next requires_gnutls_next
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 4 client_needs_more_time 4
requires_max_content_len 2048 requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ run_test "DTLS fragmenting: 3d, MTU=614, gnutls client, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 \ "$P_SRV dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \ hs_timeout=250-60000 mtu=614 force_version=dtls12" \
"$G_NEXT_CLI -u --insecure 127.0.0.1" \
0 \
-s "fragmenting Certificate handshake message"
requires_gnutls_next
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, MTU=116, gnutls client, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=250-60000 mtu=116 force_version=dtls12" \
"$G_NEXT_CLI -u --insecure 127.0.0.1" \ "$G_NEXT_CLI -u --insecure 127.0.0.1" \
0 \ 0 \
-s "fragmenting Certificate handshake message" -s "fragmenting Certificate handshake message"
@@ -10758,17 +11013,39 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 4 client_needs_more_time 4
requires_max_content_len 2048 requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ run_test "DTLS fragmenting: 3d, MTU=541, openssl server, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \
"$O_NEXT_SRV -dtls1_2 -verify 10" \ "$O_NEXT_SRV -dtls1_2 -verify 10" \
"$P_CLI dtls=1 debug_level=2 \ "$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \ hs_timeout=250-60000 mtu=541 force_version=dtls12" \
0 \ 0 \
-c "fragmenting Certificate handshake message" \ -c "fragmenting Certificate handshake message" \
-C "error" -C "error"
# Depending on the ciphersuite selected to encrypt the application data, the
# maximum application data payload per record may be small with an MTU of 128.
# For example, with TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, this maximum is
# 35 bytes. We therefore reduce the size of the client request in this test.
requires_openssl_next
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, MTU=108, openssl server, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$O_NEXT_SRV -dtls1_2 -verify 10" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
key_file=$DATA_FILES_PATH/server8.key \
request_size=8 \
hs_timeout=250-60000 mtu=108 force_version=dtls12" \
0 \
-c "fragmenting ClientHello handshake message" \
-c "fragmenting Certificate handshake message" \
-C "error"
## the test below will time out with certain seed. ## the test below will time out with certain seed.
## The cause is an openssl bug (https://github.com/openssl/openssl/issues/18887) ## The cause is an openssl bug (https://github.com/openssl/openssl/issues/18887)
skip_next_test skip_next_test
@@ -10776,7 +11053,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 4 client_needs_more_time 4
requires_max_content_len 2048 requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ run_test "DTLS fragmenting: 3d, MTU=512, openssl client, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 \ "$P_SRV dtls=1 debug_level=2 \
crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
@@ -11863,7 +12140,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl server, fragmentation" \ run_test "DTLS proxy: 3d, openssl server, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_NEXT_SRV -dtls1_2 -mtu 256" \ "$O_NEXT_SRV -dtls1_2 -mtu 277" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 tickets=0" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 tickets=0" \
0 \ 0 \
-c "HTTP/1.0 200 OK" \ -c "HTTP/1.0 200 OK" \
@@ -11875,12 +12152,49 @@ not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_NEXT_SRV -dtls1_2 -mtu 256" \ "$O_NEXT_SRV -dtls1_2 -mtu 268" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2 tickets=0" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2 tickets=0" \
0 \ 0 \
-c "HTTP/1.0 200 OK" \ -c "HTTP/1.0 200 OK" \
-c "Certificate handshake message has been buffered and reassembled" -c "Certificate handshake message has been buffered and reassembled"
requires_openssl_next
client_needs_more_time 6
not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl client" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \
"$O_NEXT_CLI -dtls1_2 -mtu 2048" \
0 \
-s "HTTP/1.0 200 OK"
requires_openssl_next
client_needs_more_time 8
not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl client, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV debug_level=2 dgram_packing=0 auth_mode=required dtls=1 hs_timeout=500-60000 tickets=0" \
"$O_NEXT_CLI -dtls1_2 -mtu 260 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "HTTP/1.0 200 OK" \
-s "found fragmented DTLS handshake message" \
-s "Certificate handshake message has been buffered and reassembled"
requires_openssl_next
client_needs_more_time 8
not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl client, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV debug_level=2 dgram_packing=0 auth_mode=required dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \
"$O_NEXT_CLI -dtls1_2 -mtu 259 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "HTTP/1.0 200 OK" \
-s "found fragmented DTLS handshake message" \
-s "Certificate handshake message has been buffered and reassembled"
requires_gnutls requires_gnutls
client_needs_more_time 6 client_needs_more_time 6
not_with_valgrind # risk of non-mbedtls peer timing out not_with_valgrind # risk of non-mbedtls peer timing out
@@ -11899,7 +12213,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ run_test "DTLS proxy: 3d, gnutls server, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_NEXT_SRV -u --mtu 512" \ "$G_NEXT_SRV -u --mtu 499" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000" \
0 \ 0 \
-s "Extra-header:" \ -s "Extra-header:" \
@@ -11912,13 +12226,54 @@ not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_NEXT_SRV -u --mtu 512" \ "$G_NEXT_SRV -u --mtu 528" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2" \
0 \ 0 \
-s "Extra-header:" \ -s "Extra-header:" \
-c "Extra-header:" \ -c "Extra-header:" \
-c "Certificate handshake message has been buffered and reassembled" -c "Certificate handshake message has been buffered and reassembled"
requires_gnutls
client_needs_more_time 6
not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls client" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dgram_packing=0 dtls=1" \
"$G_NEXT_CLI -u --mtu 2048 --insecure 127.0.0.1" \
0 \
-s "HTTP/1.0 200 OK"
# Set the MTU to 131 bytes. The ClientHello is not guaranteed to be surely
# fragmented but it is very likely. For example, the ClientHello sent by the
# GnuTLS 3.7.2 client is 206 bytes in this test. We expect ClientHello
# fragmentation to remain the case across GnuTLS version updates. Avoid using a
# smaller MTU, as the smaller the MTU, the more likely the handshake is to fail
# in this very unreliable connection emulation.
requires_gnutls
client_needs_more_time 8
not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls client, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dgram_packing=0 dtls=1 debug_level=2" \
"$G_NEXT_CLI -u --mtu 131 --insecure 127.0.0.1" \
0 \
-s "HTTP/1.0 200 OK" \
-s "ClientHello handshake message has been buffered and reassembled"
requires_gnutls
client_needs_more_time 8
not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls client, fragmentation, nbio=2" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dgram_packing=0 dtls=1 debug_level=2 nbio=2" \
"$G_NEXT_CLI -u --mtu 135 --insecure 127.0.0.1" \
0 \
-s "HTTP/1.0 200 OK" \
-s "ClientHello handshake message has been buffered and reassembled"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "export keys functionality" \ run_test "export keys functionality" \
"$P_SRV eap_tls=1 debug_level=3" \ "$P_SRV eap_tls=1 debug_level=3" \
@@ -13826,7 +14181,6 @@ run_test "Handshake defragmentation on server: len=256, client-initiated rene
-s "Consume: waiting for more handshake fragments 256/" \ -s "Consume: waiting for more handshake fragments 256/" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Handshake defragmentation on server: len=128, client-initiated renegotiation" \ run_test "Handshake defragmentation on server: len=128, client-initiated renegotiation" \
"$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \
@@ -13843,7 +14197,6 @@ run_test "Handshake defragmentation on server: len=128, client-initiated rene
-s "Consume: waiting for more handshake fragments 128/" \ -s "Consume: waiting for more handshake fragments 128/" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Handshake defragmentation on server: len=4, client-initiated renegotiation" \ run_test "Handshake defragmentation on server: len=4, client-initiated renegotiation" \
"$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \
@@ -13860,7 +14213,6 @@ run_test "Handshake defragmentation on server: len=4, client-initiated renego
-s "Consume: waiting for more handshake fragments 4/" \ -s "Consume: waiting for more handshake fragments 4/" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Handshake defragmentation on server: len=4, client-initiated server-rejected renegotiation" \ run_test "Handshake defragmentation on server: len=4, client-initiated server-rejected renegotiation" \
"$P_SRV debug_level=4 exchanges=2 renegotiation=0 auth_mode=required" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=0 auth_mode=required" \