mirror of
https://github.com/ARMmbed/mbedtls.git
synced 2025-06-12 01:29:52 +08:00
Merge pull request #9989 from minosgalanakis/issue9887_add_basic_defragmentation_tests
Add basic handshake defragmentation tests in ssl-opt
This commit is contained in:
commit
6eabe58c84
@ -3,3 +3,10 @@ Bugfix
|
||||
by the spec. Lack of support was causing handshake failures with some
|
||||
servers, especially with TLS 1.3 in practice (though both protocol
|
||||
version could be affected in principle, and both are fixed now).
|
||||
The initial fragment for each handshake message must be at least 4 bytes.
|
||||
|
||||
Server-side, defragmentation of the ClientHello message is only
|
||||
supported if the server accepts TLS 1.3 (regardless of whether the
|
||||
ClientHello is 1.3 or 1.2). That is, servers configured (either
|
||||
at compile time or at runtime) to only accept TLS 1.2 will
|
||||
still fail the handshake if the ClientHello message is fragmented.
|
||||
|
@ -50,6 +50,11 @@ class CoverageTask(outcome_analysis.CoverageTask):
|
||||
# TLS doesn't use restartable ECDH yet.
|
||||
# https://github.com/Mbed-TLS/mbedtls/issues/7294
|
||||
re.compile(r'EC restart:.*no USE_PSA.*'),
|
||||
# Temporary disable Handshake defragmentation tests until mbedtls
|
||||
# pr #10011 has been merged.
|
||||
'Handshake defragmentation on client: len=4, TLS 1.2',
|
||||
'Handshake defragmentation on client: len=5, TLS 1.2',
|
||||
'Handshake defragmentation on client: len=13, TLS 1.2'
|
||||
],
|
||||
'test_suite_config.mbedtls_boolean': [
|
||||
# Missing coverage of test configurations.
|
||||
|
532
tests/ssl-opt.sh
532
tests/ssl-opt.sh
@ -13872,6 +13872,538 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth
|
||||
-c "Handshake was completed" \
|
||||
-s "dumping .client hello, compression. (2 bytes)"
|
||||
|
||||
# Handshake defragmentation testing
|
||||
|
||||
# To guarantee that the handhake messages are large enough and need to be split
|
||||
# into fragments, the tests require certificate authentication. The party in control
|
||||
# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes).
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on client (no fragmentation, for reference)" \
|
||||
"$O_NEXT_SRV" \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-C "reassembled record" \
|
||||
-C "waiting for more fragments"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on client: len=512, TLS 1.3" \
|
||||
"$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
|
||||
-c "waiting for more fragments (512 of [0-9]\\+"
|
||||
|
||||
#The server uses an ECDSA cert, so make sure we have a compatible key exchange
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_certificate_authentication
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
run_test "Handshake defragmentation on client: len=512, TLS 1.2" \
|
||||
"$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
|
||||
-c "waiting for more fragments (512 of [0-9]\\+"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on client: len=513, TLS 1.3" \
|
||||
"$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
|
||||
-c "waiting for more fragments (513 of [0-9]\\+"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_certificate_authentication
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
run_test "Handshake defragmentation on client: len=513, TLS 1.2" \
|
||||
"$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
|
||||
-c "waiting for more fragments (513 of [0-9]\\+"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on client: len=256, TLS 1.3" \
|
||||
"$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
|
||||
-c "waiting for more fragments (256 of [0-9]\\+"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_certificate_authentication
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
run_test "Handshake defragmentation on client: len=256, TLS 1.2" \
|
||||
"$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
|
||||
-c "waiting for more fragments (256 of [0-9]\\+"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on client: len=128, TLS 1.3" \
|
||||
"$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
|
||||
-c "waiting for more fragments (128"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_certificate_authentication
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
run_test "Handshake defragmentation on client: len=128, TLS 1.2" \
|
||||
"$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
|
||||
-c "waiting for more fragments (128"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on client: len=64, TLS 1.3" \
|
||||
"$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
|
||||
-c "waiting for more fragments (64"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_certificate_authentication
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
run_test "Handshake defragmentation on client: len=64, TLS 1.2" \
|
||||
"$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
|
||||
-c "waiting for more fragments (64"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on client: len=36, TLS 1.3" \
|
||||
"$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
|
||||
-c "waiting for more fragments (36"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_certificate_authentication
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
run_test "Handshake defragmentation on client: len=36, TLS 1.2" \
|
||||
"$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
|
||||
-c "waiting for more fragments (36"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on client: len=32, TLS 1.3" \
|
||||
"$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
|
||||
-c "waiting for more fragments (32"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_certificate_authentication
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
run_test "Handshake defragmentation on client: len=32, TLS 1.2" \
|
||||
"$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
|
||||
-c "waiting for more fragments (32"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on client: len=16, TLS 1.3" \
|
||||
"$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
|
||||
-c "waiting for more fragments (16"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_certificate_authentication
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
run_test "Handshake defragmentation on client: len=16, TLS 1.2" \
|
||||
"$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
|
||||
-c "waiting for more fragments (16"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on client: len=13, TLS 1.3" \
|
||||
"$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
|
||||
-c "waiting for more fragments (13"
|
||||
|
||||
skip_next_test
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on client: len=13, TLS 1.2" \
|
||||
"$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
|
||||
-c "waiting for more fragments (13"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on client: len=5, TLS 1.3" \
|
||||
"$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
|
||||
-c "waiting for more fragments (5"
|
||||
|
||||
skip_next_test
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on client: len=5, TLS 1.2" \
|
||||
"$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
|
||||
-c "waiting for more fragments (5"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on client: len=4, TLS 1.3" \
|
||||
"$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
|
||||
-c "waiting for more fragments (4"
|
||||
|
||||
skip_next_test
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on client: len=4, TLS 1.2" \
|
||||
"$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
0 \
|
||||
-c "reassembled record" \
|
||||
-c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
|
||||
-c "waiting for more fragments (4"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on client: len=3, TLS 1.3" \
|
||||
"$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
1 \
|
||||
-c "=> ssl_tls13_process_server_hello" \
|
||||
-c "handshake message too short: 3" \
|
||||
-c "SSL - An invalid SSL record was received"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Handshake defragmentation on client: len=3, TLS 1.2" \
|
||||
"$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \
|
||||
"$P_CLI debug_level=4 " \
|
||||
1 \
|
||||
-c "handshake message too short: 3" \
|
||||
-c "SSL - An invalid SSL record was received"
|
||||
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server (no fragmentation, for reference)." \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-S "reassembled record" \
|
||||
-S "waiting for more fragments"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=512, TLS 1.3" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_3 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
|
||||
-s "waiting for more fragments (512"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=512, TLS 1.2" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
|
||||
-s "waiting for more fragments (512"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=513, TLS 1.3" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_3 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
|
||||
-s "waiting for more fragments (513"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=513, TLS 1.2" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_2 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
|
||||
-s "waiting for more fragments (513"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=256, TLS 1.3" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
|
||||
-s "waiting for more fragments (256"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=256, TLS 1.2" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
|
||||
-s "waiting for more fragments (256"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=128, TLS 1.3" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_3 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
|
||||
-s "waiting for more fragments (128"
|
||||
|
||||
# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing
|
||||
# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello.
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
|
||||
-s "waiting for more fragments (128"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=64, TLS 1.3" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_3 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
|
||||
-s "waiting for more fragments (64"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
|
||||
-s "waiting for more fragments (64"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=36, TLS 1.3" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_3 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
|
||||
-s "waiting for more fragments (36"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
|
||||
-s "waiting for more fragments (36"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=32, TLS 1.3" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_3 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
|
||||
-s "waiting for more fragments (32"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
|
||||
-s "waiting for more fragments (32"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=16, TLS 1.3" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_3 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
|
||||
-s "waiting for more fragments (16"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
|
||||
-s "waiting for more fragments (16"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=13, TLS 1.3" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_3 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
|
||||
-s "waiting for more fragments (13"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
|
||||
-s "waiting for more fragments (13"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=5, TLS 1.3" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_3 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
|
||||
-s "waiting for more fragments (5"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
|
||||
-s "waiting for more fragments (5"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=4, TLS 1.3" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_3 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
|
||||
-s "waiting for more fragments (4"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
0 \
|
||||
-s "reassembled record" \
|
||||
-s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
|
||||
-s "waiting for more fragments (4"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=3, TLS 1.3" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
1 \
|
||||
-s "<= parse client hello" \
|
||||
-s "handshake message too short: 3" \
|
||||
-s "SSL - An invalid SSL record was received"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \
|
||||
"$P_SRV debug_level=4 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
1 \
|
||||
-s "<= parse client hello" \
|
||||
-s "handshake message too short: 3" \
|
||||
-s "SSL - An invalid SSL record was received"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_certificate_authentication
|
||||
run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello" \
|
||||
"$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \
|
||||
"$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
|
||||
1 \
|
||||
-s "The SSL configuration is tls12 only" \
|
||||
-s "bad client hello message" \
|
||||
-s "SSL - A message could not be parsed due to a syntactic error"
|
||||
|
||||
# Test heap memory usage after handshake
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_MEMORY_DEBUG
|
||||
|
Loading…
x
Reference in New Issue
Block a user