diff --git a/ChangeLog.d/dtls-cid-null.txt b/ChangeLog.d/dtls-cid-null.txt new file mode 100644 index 0000000000..b0206164f3 --- /dev/null +++ b/ChangeLog.d/dtls-cid-null.txt @@ -0,0 +1,5 @@ +Bugfix + * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but not + MBEDTLS_DEBUG_C, DTLS handshakes using CID would crash due to a null + pointer dereference. Fix this. Fixes #3998. + The fix was released, but not announced, in Mbed TLS 3.1.0. diff --git a/configs/config-ccm-psk-dtls1_2.h b/configs/config-ccm-psk-dtls1_2.h new file mode 100644 index 0000000000..183815deca --- /dev/null +++ b/configs/config-ccm-psk-dtls1_2.h @@ -0,0 +1,108 @@ +/** + * \file config-ccm-psk-dtls1_2.h + * + * \brief Small configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * Minimal configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites + * + * Distinguishing features: + * - Optimized for small code size, low bandwidth (on an unreliable transport), + * and low RAM usage. + * - No asymmetric cryptography (no certificates, no Diffie-Hellman key + * exchange). + * - Fully modern and secure (provided the pre-shared keys are generated and + * stored securely). + * - Very low record overhead with CCM-8. + * - Includes several optional DTLS features typically used in IoT. + * + * See README.txt for usage instructions. + */ + +/* System support */ +//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ +/* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ + +/* Mbed TLS modules */ +#define MBEDTLS_AES_C +#define MBEDTLS_CCM_C +#define MBEDTLS_CIPHER_C +#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_ENTROPY_C +#define MBEDTLS_MD_C +#define MBEDTLS_NET_C +/* The library does not currently support enabling SHA-224 without SHA-256. + * A future version of the library will have this option disabled + * by default. */ +#define MBEDTLS_SHA224_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_SSL_CLI_C +#define MBEDTLS_SSL_COOKIE_C +#define MBEDTLS_SSL_SRV_C +#define MBEDTLS_SSL_TLS_C +#define MBEDTLS_TIMING_C + +/* TLS protocol feature support */ +#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +#define MBEDTLS_SSL_PROTO_TLS1_2 +#define MBEDTLS_SSL_PROTO_DTLS +#define MBEDTLS_SSL_DTLS_ANTI_REPLAY +#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE +#define MBEDTLS_SSL_DTLS_CONNECTION_ID +#define MBEDTLS_SSL_DTLS_HELLO_VERIFY +#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH + +/* + * Use only CCM_8 ciphersuites, and + * save ROM and a few bytes of RAM by specifying our own ciphersuite list + */ +#define MBEDTLS_SSL_CIPHERSUITES \ + MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \ + MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 + +/* + * Save RAM at the expense of interoperability: do this only if you control + * both ends of the connection! (See comments in "mbedtls/ssl.h".) + * The optimal size here depends on the typical size of records. + */ +#define MBEDTLS_SSL_IN_CONTENT_LEN 256 +#define MBEDTLS_SSL_OUT_CONTENT_LEN 256 + +/* Save RAM at the expense of ROM */ +#define MBEDTLS_AES_ROM_TABLES + +/* Save some RAM by adjusting to your exact needs */ +#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ + +/* + * You should adjust this to the exact number of sources you're using: default + * is the "platform_entropy_poll" source, but you may want to add other ones + * Minimum is 2 for the entropy test suite. + */ +#define MBEDTLS_ENTROPY_MAX_SOURCES 2 + +/* These defines are present so that the config modifying scripts can enable + * them during tests/scripts/test-ref-configs.pl */ +//#define MBEDTLS_USE_PSA_CRYPTO +//#define MBEDTLS_PSA_CRYPTO_C + +/* Error messages and TLS debugging traces + * (huge code size increase, needed for tests/ssl-opt.sh) */ +//#define MBEDTLS_DEBUG_C +//#define MBEDTLS_ERROR_C diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h index 475883702e..f935a33f25 100644 --- a/configs/config-ccm-psk-tls1_2.h +++ b/configs/config-ccm-psk-tls1_2.h @@ -21,11 +21,15 @@ */ /* * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites + * * Distinguishing features: - * - no bignum, no PK, no X509 - * - fully modern and secure (provided the pre-shared keys have high entropy) - * - very low record overhead with CCM-8 - * - optimized for low RAM usage + * - Optimized for small code size, low bandwidth (on a reliable transport), + * and low RAM usage. + * - No asymmetric cryptography (no certificates, no Diffie-Hellman key + * exchange). + * - Fully modern and secure (provided the pre-shared keys are generated and + * stored securely). + * - Very low record overhead with CCM-8. * * See README.txt for usage instructions. */ @@ -34,11 +38,7 @@ //#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ /* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ -/* mbed TLS feature support */ -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#define MBEDTLS_SSL_PROTO_TLS1_2 - -/* mbed TLS modules */ +/* Mbed TLS modules */ #define MBEDTLS_AES_C #define MBEDTLS_CCM_C #define MBEDTLS_CIPHER_C @@ -55,18 +55,9 @@ #define MBEDTLS_SSL_SRV_C #define MBEDTLS_SSL_TLS_C -/* Save RAM at the expense of ROM */ -#define MBEDTLS_AES_ROM_TABLES - -/* Save some RAM by adjusting to your exact needs */ -#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ - -/* - * You should adjust this to the exact number of sources you're using: default - * is the "platform_entropy_poll" source, but you may want to add other ones - * Minimum is 2 for the entropy test suite. - */ -#define MBEDTLS_ENTROPY_MAX_SOURCES 2 +/* TLS protocol feature support */ +#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +#define MBEDTLS_SSL_PROTO_TLS1_2 /* * Use only CCM_8 ciphersuites, and @@ -81,10 +72,28 @@ * both ends of the connection! (See comments in "mbedtls/ssl.h".) * The optimal size here depends on the typical size of records. */ -#define MBEDTLS_SSL_IN_CONTENT_LEN 1024 +#define MBEDTLS_SSL_IN_CONTENT_LEN 1024 #define MBEDTLS_SSL_OUT_CONTENT_LEN 1024 +/* Save RAM at the expense of ROM */ +#define MBEDTLS_AES_ROM_TABLES + +/* Save some RAM by adjusting to your exact needs */ +#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ + +/* + * You should adjust this to the exact number of sources you're using: default + * is the "platform_entropy_poll" source, but you may want to add other ones + * Minimum is 2 for the entropy test suite. + */ +#define MBEDTLS_ENTROPY_MAX_SOURCES 2 + /* These defines are present so that the config modifying scripts can enable * them during tests/scripts/test-ref-configs.pl */ //#define MBEDTLS_USE_PSA_CRYPTO //#define MBEDTLS_PSA_CRYPTO_C + +/* Error messages and TLS debugging traces + * (huge code size increase, needed for tests/ssl-opt.sh) */ +//#define MBEDTLS_DEBUG_C +//#define MBEDTLS_ERROR_C diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 95c40875f7..68ccf10cf1 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -115,3 +115,8 @@ * them during tests/scripts/test-ref-configs.pl */ //#define MBEDTLS_USE_PSA_CRYPTO //#define MBEDTLS_PSA_CRYPTO_C + +/* Error messages and TLS debugging traces + * (huge code size increase, needed for tests/ssl-opt.sh) */ +//#define MBEDTLS_DEBUG_C +//#define MBEDTLS_ERROR_C diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 948d2e016e..b0213f0270 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -169,9 +169,6 @@ int main( void ) /* * Size of the basic I/O buffer. Able to hold our default response. - * - * You will need to adapt the mbedtls_ssl_get_bytes_avail() test in ssl-opt.sh - * if you change this value to something outside the range <= 100 or > 500 */ #define DFL_IO_BUF_LEN 200 @@ -2113,10 +2110,26 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold( opt.debug_level ); #endif - buf = mbedtls_calloc( 1, opt.buffer_size + 1 ); + + /* buf will alternatively contain the input read from the client and the + * response that's about to be sent, plus a null byte in each case. */ + size_t buf_content_size = opt.buffer_size; + /* The default response contains the ciphersuite name. Leave enough + * room for that plus some margin. */ + if( buf_content_size < strlen( HTTP_RESPONSE ) + 80 ) + { + buf_content_size = strlen( HTTP_RESPONSE ) + 80; + } + if( opt.response_size != DFL_RESPONSE_SIZE && + buf_content_size < (size_t) opt.response_size ) + { + buf_content_size = opt.response_size; + } + buf = mbedtls_calloc( 1, buf_content_size + 1 ); if( buf == NULL ) { - mbedtls_printf( "Could not allocate %u bytes\n", opt.buffer_size ); + mbedtls_printf( "Could not allocate %lu bytes\n", + (unsigned long) buf_content_size + 1 ); ret = 3; goto exit; } @@ -3550,7 +3563,7 @@ data_exchange: do { int terminated = 0; - len = opt.buffer_size - 1; + len = opt.buffer_size; memset( buf, 0, opt.buffer_size ); ret = mbedtls_ssl_read( &ssl, buf, len ); @@ -3651,7 +3664,7 @@ data_exchange: } else /* Not stream, so datagram */ { - len = opt.buffer_size - 1; + len = opt.buffer_size; memset( buf, 0, opt.buffer_size ); do @@ -3753,6 +3766,8 @@ data_exchange: mbedtls_printf( " > Write to client:" ); fflush( stdout ); + /* If the format of the response changes, make sure there is enough + * room in buf (buf_content_size calculation above). */ len = sprintf( (char *) buf, HTTP_RESPONSE, mbedtls_ssl_get_ciphersuite( &ssl ) ); diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index 3b88df4cf3..c0836046a3 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -19,8 +19,9 @@ #include "mbedtls/build_info.h" +#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#if !defined(MBEDTLS_PLATFORM_C) +#else #include #include #define mbedtls_fprintf fprintf diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 55806fd3ac..8528a4f013 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2326,18 +2326,6 @@ component_test_variable_ssl_in_out_buffer_len_CID () { tests/compat.sh } -component_test_CID_no_debug() { - msg "build: Connection ID enabled, debug disabled" - scripts/config.py unset MBEDTLS_DEBUG_C - scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID - - CC=gcc cmake . - make - - msg "test: Connection ID enabled, debug disabled" - make test -} - component_test_ssl_alloc_buffer_and_mfl () { msg "build: default config with memory buffer allocator and MFL extension" scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C @@ -2978,16 +2966,17 @@ component_test_cmake_out_of_source () { msg "test: cmake 'out-of-source' build" make test - # Test an SSL option that requires an auxiliary script in test/scripts/. + # Check that ssl-opt.sh can find the test programs. # Also ensure that there are no error messages such as # "No such file or directory", which would indicate that some required # file is missing (ssl-opt.sh tolerates the absence of some files so # may exit with status 0 but emit errors). - ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err + ./tests/ssl-opt.sh -f 'Default' >ssl-opt.out 2>ssl-opt.err + grep PASS ssl-opt.out cat ssl-opt.err >&2 # If ssl-opt.err is non-empty, record an error and keep going. [ ! -s ssl-opt.err ] - rm ssl-opt.err + rm ssl-opt.out ssl-opt.err cd "$MBEDTLS_ROOT_DIR" rm -rf "$OUT_OF_SOURCE_DIR" } diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index dc0f120e44..15209b4a0d 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -32,11 +32,19 @@ my %configs = ( 'compat' => '-m tls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'', 'test_again_with_use_psa' => 1 }, + 'config-ccm-psk-dtls1_2.h' => { + 'compat' => '-m dtls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'', + 'opt' => ' ', + 'opt_needs_debug' => 1, + 'test_again_with_use_psa' => 1 + }, 'config-no-entropy.h' => { }, 'config-suite-b.h' => { 'compat' => "-m tls12 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS", 'test_again_with_use_psa' => 1, + 'opt' => ' ', + 'opt_needs_debug' => 1, }, 'config-symmetric-only.h' => { 'test_again_with_use_psa' => 0, # Uses PSA by default, no need to test it twice @@ -49,17 +57,14 @@ my %configs = ( # If no config-name is provided, use all known configs. # Otherwise, use the provided names only. +my @configs_to_test = sort keys %configs; if ($#ARGV >= 0) { - my %configs_ori = ( %configs ); - %configs = (); - - foreach my $conf_name (@ARGV) { - if( ! exists $configs_ori{$conf_name} ) { + foreach my $conf_name ( @ARGV ) { + if( ! exists $configs{$conf_name} ) { die "Unknown configuration: $conf_name\n"; - } else { - $configs{$conf_name} = $configs_ori{$conf_name}; } } + @configs_to_test = @ARGV; } -d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n"; @@ -84,25 +89,27 @@ if (!-e "tests/seedfile" || -s "tests/seedfile" < 64) { } sub perform_test { - my $conf = $_[0]; + my $conf_file = $_[0]; my $data = $_[1]; my $test_with_psa = $_[2]; + my $conf_name = $conf_file; + if ( $test_with_psa ) + { + $conf_name .= "+PSA"; + } + system( "cp $config_h.bak $config_h" ) and die; system( "make clean" ) and die; print "\n******************************************\n"; - print "* Testing configuration: $conf\n"; - if ( $test_with_psa ) - { - print "* ENABLING MBEDTLS_PSA_CRYPTO_C and MBEDTLS_USE_PSA_CRYPTO \n"; - } + print "* Testing configuration: $conf_name\n"; print "******************************************\n"; - $ENV{MBEDTLS_TEST_CONFIGURATION} = $conf; + $ENV{MBEDTLS_TEST_CONFIGURATION} = $conf_name; - system( "cp configs/$conf $config_h" ) - and abort "Failed to activate $conf\n"; + system( "cp configs/$conf_file $config_h" ) + and abort "Failed to activate $conf_file\n"; if ( $test_with_psa ) { @@ -110,41 +117,52 @@ sub perform_test { system( "scripts/config.py set MBEDTLS_USE_PSA_CRYPTO" ); } - system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf\n"; - system( "make test" ) and abort "Failed test suite: $conf\n"; + system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf_name\n"; + system( "make test" ) and abort "Failed test suite: $conf_name\n"; my $compat = $data->{'compat'}; if( $compat ) { - print "\nrunning compat.sh $compat\n"; + print "\nrunning compat.sh $compat ($conf_name)\n"; system( "tests/compat.sh $compat" ) - and abort "Failed compat.sh: $conf\n"; + and abort "Failed compat.sh: $conf_name\n"; } else { - print "\nskipping compat.sh\n"; + print "\nskipping compat.sh ($conf_name)\n"; } my $opt = $data->{'opt'}; if( $opt ) { - print "\nrunning ssl-opt.sh $opt\n"; + if( $data->{'opt_needs_debug'} ) + { + print "\nrebuilding with debug traces for ssl-opt ($conf_name)\n"; + $conf_name .= '+DEBUG'; + $ENV{MBEDTLS_TEST_CONFIGURATION} = $conf_name; + system( "make clean" ); + system( "scripts/config.py set MBEDTLS_DEBUG_C" ); + system( "scripts/config.py set MBEDTLS_ERROR_C" ); + system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf_name\n"; + } + + print "\nrunning ssl-opt.sh $opt ($conf_name)\n"; system( "tests/ssl-opt.sh $opt" ) - and abort "Failed ssl-opt.sh: $conf\n"; + and abort "Failed ssl-opt.sh: $conf_name\n"; } else { - print "\nskipping ssl-opt.sh\n"; + print "\nskipping ssl-opt.sh ($conf_name)\n"; } } -while( my ($conf, $data) = each %configs ) { - my $test_with_psa = $data->{'test_again_with_use_psa'}; +foreach my $conf ( @configs_to_test ) { + my $test_with_psa = $configs{$conf}{'test_again_with_use_psa'}; if ( $test_with_psa ) { - perform_test( $conf, $data, $test_with_psa ); + perform_test( $conf, $configs{$conf}, $test_with_psa ); } - perform_test( $conf, $data, 0 ); + perform_test( $conf, $configs{$conf}, 0 ); } system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6693c5f206..aa4604546e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -263,6 +263,19 @@ requires_config_value_equals() { fi } +# Require Mbed TLS to support the given protocol version. +# +# Inputs: +# * $1: protocol version in mbedtls syntax (argument to force_version=) +requires_protocol_version() { + # Support for DTLS is detected separately in detect_dtls(). + case "$1" in + tls12|dtls12) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2;; + tls13|dtls13) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3;; + *) echo "Unknown required protocol version: $1"; exit 1;; + esac +} + # Space-separated list of ciphersuites supported by this build of # Mbed TLS. P_CIPHERSUITES=" $($P_CLI --help 2>/dev/null | @@ -275,24 +288,105 @@ requires_ciphersuite_enabled() { esac } -# maybe_requires_ciphersuite_enabled CMD [RUN_TEST_OPTION...] -# If CMD (call to a TLS client or server program) requires a specific -# ciphersuite, arrange to only run the test case if this ciphersuite is -# enabled. -maybe_requires_ciphersuite_enabled() { +# detect_required_features CMD [RUN_TEST_OPTION...] +# If CMD (call to a TLS client or server program) requires certain features, +# arrange to only run the following test case if those features are enabled. +detect_required_features() { case "$1" in - *\ force_ciphersuite=*) :;; - *) return;; # No specific required ciphersuite + *\ force_version=*) + tmp="${1##*\ force_version=}" + tmp="${tmp%%[!-0-9A-Z_a-z]*}" + requires_protocol_version "$tmp";; esac - ciphersuite="${1##*\ force_ciphersuite=}" - ciphersuite="${ciphersuite%%[!-0-9A-Z_a-z]*}" - shift - requires_ciphersuite_enabled "$ciphersuite" + case "$1" in + *\ force_ciphersuite=*) + tmp="${1##*\ force_ciphersuite=}" + tmp="${tmp%%[!-0-9A-Z_a-z]*}" + requires_ciphersuite_enabled "$tmp";; + esac - unset ciphersuite + case " $1 " in + *[-_\ =]tickets=[^0]*) + requires_config_enabled MBEDTLS_SSL_TICKET_C;; + esac + case " $1 " in + *[-_\ =]alpn=*) + requires_config_enabled MBEDTLS_SSL_ALPN;; + esac + + unset tmp } +requires_certificate_authentication () { + if [ "$PSK_ONLY" = "YES" ]; then + SKIP_NEXT="YES" + fi +} + +adapt_cmd_for_psk () { + case "$2" in + *openssl*) s='-psk abc123 -nocert';; + *gnutls-*) s='--pskkey=abc123';; + *) s='psk=abc123';; + esac + eval $1='"$2 $s"' + unset s +} + +# maybe_adapt_for_psk [RUN_TEST_OPTION...] +# If running in a PSK-only build, maybe adapt the test to use a pre-shared key. +# +# If not running in a PSK-only build, do nothing. +# If the test looks like it doesn't use a pre-shared key but can run with a +# pre-shared key, pass a pre-shared key. If the test looks like it can't run +# with a pre-shared key, skip it. If the test looks like it's already using +# a pre-shared key, do nothing. +# +# This code does not consider builds with ECDHE-PSK or RSA-PSK. +# +# Inputs: +# * $CLI_CMD, $SRV_CMD, $PXY_CMD: client/server/proxy commands. +# * $PSK_ONLY: YES if running in a PSK-only build (no asymmetric key exchanges). +# * "$@": options passed to run_test. +# +# Outputs: +# * $CLI_CMD, $SRV_CMD: may be modified to add PSK-relevant arguments. +# * $SKIP_NEXT: set to YES if the test can't run with PSK. +maybe_adapt_for_psk() { + if [ "$PSK_ONLY" != "YES" ]; then + return + fi + if [ "$SKIP_NEXT" = "YES" ]; then + return + fi + case "$CLI_CMD $SRV_CMD" in + *[-_\ =]psk*|*[-_\ =]PSK*) + return;; + *force_ciphersuite*) + # The test case forces a non-PSK cipher suite. In some cases, a + # PSK cipher suite could be substituted, but we're not ready for + # that yet. + SKIP_NEXT="YES" + return;; + *\ auth_mode=*|*[-_\ =]crt[_=]*) + # The test case involves certificates. PSK won't do. + SKIP_NEXT="YES" + return;; + esac + adapt_cmd_for_psk CLI_CMD "$CLI_CMD" + adapt_cmd_for_psk SRV_CMD "$SRV_CMD" +} + +case " $CONFIGS_ENABLED " in + *\ MBEDTLS_KEY_EXCHANGE_[^P]*) PSK_ONLY="NO";; + *\ MBEDTLS_KEY_EXCHANGE_P[^S]*) PSK_ONLY="NO";; + *\ MBEDTLS_KEY_EXCHANGE_PS[^K]*) PSK_ONLY="NO";; + *\ MBEDTLS_KEY_EXCHANGE_PSK[^_]*) PSK_ONLY="NO";; + *\ MBEDTLS_KEY_EXCHANGE_PSK_ENABLED\ *) PSK_ONLY="YES";; + *) PSK_ONLY="NO";; +esac + # skip next test if OpenSSL doesn't support FALLBACK_SCSV requires_openssl_with_fallback_scsv() { if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then @@ -666,13 +760,11 @@ if type lsof >/dev/null 2>/dev/null; then fi # Make a tight loop, server normally takes less than 1s to start. while true; do - SERVER_PIDS=$(lsof -a -n -b -i "$proto:$1" -F p) + SERVER_PIDS=$(lsof -a -n -b -i "$proto:$1" -t) # When we use a proxy, it will be listening on the same port we # are checking for as well as the server and lsof will list both. - # If multiple PIDs are returned, each one will be on a separate - # line, each prepended with 'p'. case ${newline}${SERVER_PIDS}${newline} in - *${newline}p${2}${newline}*) break;; + *${newline}${2}${newline}*) break;; esac if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then echo "$3 START TIMEOUT" @@ -813,6 +905,39 @@ is_gnutls() { esac } +# Determine what calc_verify trace is to be expected, if any. +# +# calc_verify is only called for two things: to calculate the +# extended master secret, and to process client authentication. +# +# Warning: the current implementation assumes that extended_ms is not +# disabled on the client or on the server. +# +# Inputs: +# * $1: the value of the server auth_mode parameter. +# 'required' if client authentication is expected, +# 'none' or absent if not. +# * $CONFIGS_ENABLED +# +# Outputs: +# * $maybe_calc_verify: set to a trace expected in the debug logs +set_maybe_calc_verify() { + maybe_calc_verify= + case $CONFIGS_ENABLED in + *\ MBEDTLS_SSL_EXTENDED_MASTER_SECRET\ *) :;; + *) + case ${1-} in + ''|none) return;; + required) :;; + *) echo "Bad parameter 1 to set_maybe_calc_verify: $1"; exit 1;; + esac + esac + case $CONFIGS_ENABLED in + *\ MBEDTLS_USE_PSA_CRYPTO\ *) maybe_calc_verify="PSA calc verify";; + *) maybe_calc_verify="<= calc verify";; + esac +} + # Compare file content # Usage: find_in_both pattern file1 file2 # extract from file1 the first line matching the pattern @@ -839,11 +964,15 @@ skip_handshake_stage_check() { # # Analyze and possibly instrument $PXY_CMD, $CLI_CMD, $SRV_CMD to pass # extra arguments or go through wrappers. -# Set $DTLS (0=TLS, 1=DTLS). +# +# Inputs: +# * $@: supplemental options to run_test() (after the mandatory arguments). +# * $CLI_CMD, $PXY_CMD, $SRV_CMD: the client, proxy and server commands. +# * $DTLS: 1 if DTLS, otherwise 0. +# +# Outputs: +# * $CLI_CMD, $PXY_CMD, $SRV_CMD: may be tweaked. analyze_test_commands() { - # update DTLS variable - detect_dtls "$SRV_CMD" - # if the test uses DTLS but no custom proxy, add a simple proxy # as it provides timing info that's useful to debug failures if [ -z "$PXY_CMD" ] && [ "$DTLS" -eq 1 ]; then @@ -1150,9 +1279,19 @@ run_test() { requires_config_enabled MBEDTLS_FS_IO;; esac - # If the client or serve requires a ciphersuite, check that it's enabled. - maybe_requires_ciphersuite_enabled "$SRV_CMD" "$@" - maybe_requires_ciphersuite_enabled "$CLI_CMD" "$@" + # Check if the test uses DTLS. + detect_dtls "$SRV_CMD" + if [ "$DTLS" -eq 1 ]; then + requires_config_enabled MBEDTLS_SSL_PROTO_DTLS + fi + + # If the client or server requires certain features that can be detected + # from their command-line arguments, check that they're enabled. + detect_required_features "$SRV_CMD" "$@" + detect_required_features "$CLI_CMD" "$@" + + # If we're in a PSK-only build and the test can be adapted to PSK, do that. + maybe_adapt_for_psk "$@" # should we skip? if [ "X$SKIP_NEXT" = "XYES" ]; then @@ -1193,43 +1332,41 @@ run_test() { } run_test_psa() { - requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO + set_maybe_calc_verify none run_test "PSA-supported ciphersuite: $1" \ "$P_SRV debug_level=3 force_version=tls12" \ "$P_CLI debug_level=3 force_ciphersuite=$1" \ 0 \ - -c "PSA calc verify" \ + -c "$maybe_calc_verify" \ -c "calc PSA finished" \ - -s "PSA calc verify" \ + -s "$maybe_calc_verify" \ -s "calc PSA finished" \ - -C "Failed to setup PSA-based cipher context"\ - -S "Failed to setup PSA-based cipher context"\ -s "Protocol is TLSv1.2" \ -c "Perform PSA-based ECDH computation."\ -c "Perform PSA-based computation of digest of ServerKeyExchange" \ -S "error" \ -C "error" + unset maybe_calc_verify } run_test_psa_force_curve() { - requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO + set_maybe_calc_verify none run_test "PSA - ECDH with $1" \ "$P_SRV debug_level=4 force_version=tls12 curves=$1" \ "$P_CLI debug_level=4 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \ 0 \ - -c "PSA calc verify" \ + -c "$maybe_calc_verify" \ -c "calc PSA finished" \ - -s "PSA calc verify" \ + -s "$maybe_calc_verify" \ -s "calc PSA finished" \ - -C "Failed to setup PSA-based cipher context"\ - -S "Failed to setup PSA-based cipher context"\ -s "Protocol is TLSv1.2" \ -c "Perform PSA-based ECDH computation."\ -c "Perform PSA-based computation of digest of ServerKeyExchange" \ -S "error" \ -C "error" + unset maybe_calc_verify } # Test that the server's memory usage after a handshake is reduced when a client specifies @@ -1447,8 +1584,10 @@ trap cleanup INT TERM HUP # Checks that: # - things work with all ciphersuites active (used with config-full in all.sh) # - the expected parameters are selected -# ("signature_algorithm ext: 6" means SHA-512 (highest common hash)) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 +requires_config_enabled MBEDTLS_SHA512_C # "signature_algorithm ext: 6" +requires_config_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED run_test "Default" \ "$P_SRV debug_level=3" \ "$P_CLI" \ @@ -1461,6 +1600,7 @@ run_test "Default" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 run_test "Default, DTLS" \ "$P_SRV dtls=1" \ "$P_CLI dtls=1" \ @@ -2734,6 +2874,7 @@ run_test "Encrypt then MAC: client disabled, server enabled" \ # Tests for Extended Master Secret extension requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET run_test "Extended Master Secret: default" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ @@ -2746,6 +2887,7 @@ run_test "Extended Master Secret: default" \ -s "session hash for extended master secret" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET run_test "Extended Master Secret: client enabled, server disabled" \ "$P_SRV debug_level=3 extended_ms=0" \ "$P_CLI debug_level=3 extended_ms=1" \ @@ -2758,6 +2900,7 @@ run_test "Extended Master Secret: client enabled, server disabled" \ -S "session hash for extended master secret" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET run_test "Extended Master Secret: client disabled, server enabled" \ "$P_SRV debug_level=3 extended_ms=1" \ "$P_CLI debug_level=3 extended_ms=0" \ @@ -2807,7 +2950,6 @@ run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \ # Tests for CBC 1/n-1 record splitting -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "CBC Record splitting: TLS 1.2, no splitting" \ "$P_SRV force_version=tls12" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ @@ -3233,6 +3375,7 @@ run_test "Session resume using tickets, DTLS: openssl client" \ # Tests for Session Resume based on session-ID and cache requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache: tickets enabled on client" \ "$P_SRV debug_level=3 tickets=0" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -3248,6 +3391,7 @@ run_test "Session resume using cache: tickets enabled on client" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache: tickets enabled on server" \ "$P_SRV debug_level=3 tickets=1" \ "$P_CLI debug_level=3 tickets=0 reconnect=1" \ @@ -3263,6 +3407,7 @@ run_test "Session resume using cache: tickets enabled on server" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache: cache_max=0" \ "$P_SRV debug_level=3 tickets=0 cache_max=0" \ "$P_CLI debug_level=3 tickets=0 reconnect=1" \ @@ -3273,6 +3418,7 @@ run_test "Session resume using cache: cache_max=0" \ -C "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache: cache_max=1" \ "$P_SRV debug_level=3 tickets=0 cache_max=1" \ "$P_CLI debug_level=3 tickets=0 reconnect=1" \ @@ -3283,6 +3429,7 @@ run_test "Session resume using cache: cache_max=1" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache: timeout > delay" \ "$P_SRV debug_level=3 tickets=0" \ "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=0" \ @@ -3293,6 +3440,7 @@ run_test "Session resume using cache: timeout > delay" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache: timeout < delay" \ "$P_SRV debug_level=3 tickets=0 cache_timeout=1" \ "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ @@ -3303,6 +3451,7 @@ run_test "Session resume using cache: timeout < delay" \ -C "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache: no timeout" \ "$P_SRV debug_level=3 tickets=0 cache_timeout=0" \ "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ @@ -3313,6 +3462,7 @@ run_test "Session resume using cache: no timeout" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache: session copy" \ "$P_SRV debug_level=3 tickets=0" \ "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_mode=0" \ @@ -3323,6 +3473,7 @@ run_test "Session resume using cache: session copy" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache: openssl client" \ "$P_SRV debug_level=3 tickets=0" \ "( $O_CLI -sess_out $SESSION; \ @@ -3336,6 +3487,7 @@ run_test "Session resume using cache: openssl client" \ -s "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache: openssl server" \ "$O_SRV -tls1_2" \ "$P_CLI debug_level=3 tickets=0 reconnect=1" \ @@ -3347,6 +3499,7 @@ run_test "Session resume using cache: openssl server" \ # Tests for Session Resume based on session-ID and cache, DTLS requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache, DTLS: tickets enabled on client" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1 skip_close_notify=1" \ @@ -3362,6 +3515,7 @@ run_test "Session resume using cache, DTLS: tickets enabled on client" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache, DTLS: tickets enabled on server" \ "$P_SRV dtls=1 debug_level=3 tickets=1" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ @@ -3377,6 +3531,7 @@ run_test "Session resume using cache, DTLS: tickets enabled on server" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache, DTLS: cache_max=0" \ "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ @@ -3387,6 +3542,7 @@ run_test "Session resume using cache, DTLS: cache_max=0" \ -C "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache, DTLS: cache_max=1" \ "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ @@ -3397,6 +3553,7 @@ run_test "Session resume using cache, DTLS: cache_max=1" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache, DTLS: timeout > delay" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=0" \ @@ -3407,6 +3564,7 @@ run_test "Session resume using cache, DTLS: timeout > delay" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache, DTLS: timeout < delay" \ "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \ @@ -3417,6 +3575,7 @@ run_test "Session resume using cache, DTLS: timeout < delay" \ -C "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache, DTLS: no timeout" \ "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \ @@ -3427,6 +3586,7 @@ run_test "Session resume using cache, DTLS: no timeout" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache, DTLS: session copy" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_mode=0" \ @@ -3440,6 +3600,7 @@ run_test "Session resume using cache, DTLS: session copy" \ # probability with OpenSSL 1.0.2g on the CI, see #5012. requires_openssl_next requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache, DTLS: openssl client" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ "( $O_NEXT_CLI -dtls -sess_out $SESSION; \ @@ -3453,6 +3614,7 @@ run_test "Session resume using cache, DTLS: openssl client" \ -s "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "Session resume using cache, DTLS: openssl server" \ "$O_SRV -dtls" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ @@ -5038,7 +5200,6 @@ run_test "Authentication, CA callback: client max_int chain, server required" # Tests for certificate selection based on SHA verson requires_config_disabled MBEDTLS_X509_REMOVE_INFO -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ "$P_SRV force_version=tls12 crt_file=data_files/server5.crt \ key_file=data_files/server5.key \ @@ -6536,23 +6697,38 @@ run_test "ClientHello without extensions" \ # Tests for mbedtls_ssl_get_bytes_avail() +# The server first reads buffer_size-1 bytes, then reads the remainder. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "mbedtls_ssl_get_bytes_avail: no extra data" \ - "$P_SRV" \ + "$P_SRV buffer_size=100" \ "$P_CLI request_size=100" \ 0 \ -s "Read from client: 100 bytes read$" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "mbedtls_ssl_get_bytes_avail: extra data" \ - "$P_SRV" \ - "$P_CLI request_size=500" \ +run_test "mbedtls_ssl_get_bytes_avail: extra data (+1)" \ + "$P_SRV buffer_size=100" \ + "$P_CLI request_size=101" \ 0 \ - -s "Read from client: 500 bytes read (.*+.*)" + -s "Read from client: 101 bytes read (100 + 1)" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_max_content_len 200 +run_test "mbedtls_ssl_get_bytes_avail: extra data (*2)" \ + "$P_SRV buffer_size=100" \ + "$P_CLI request_size=200" \ + 0 \ + -s "Read from client: 200 bytes read (100 + 100)" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "mbedtls_ssl_get_bytes_avail: extra data (max)" \ + "$P_SRV buffer_size=100" \ + "$P_CLI request_size=$MAX_CONTENT_LEN" \ + 0 \ + -s "Read from client: $MAX_CONTENT_LEN bytes read (100 + $((MAX_CONTENT_LEN - 100)))" # Tests for small client packets -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet TLS 1.2 BlockCipher" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=1 \ @@ -6560,7 +6736,6 @@ run_test "Small client packet TLS 1.2 BlockCipher" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=1 \ @@ -6568,7 +6743,6 @@ run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=1 \ @@ -6576,7 +6750,6 @@ run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet TLS 1.2 AEAD" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=1 \ @@ -6584,7 +6757,6 @@ run_test "Small client packet TLS 1.2 AEAD" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet TLS 1.2 AEAD shorter tag" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=1 \ @@ -6595,7 +6767,6 @@ run_test "Small client packet TLS 1.2 AEAD shorter tag" \ # Tests for small client packets in DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet DTLS 1.2" \ "$P_SRV dtls=1 force_version=dtls12" \ "$P_CLI dtls=1 request_size=1 \ @@ -6604,7 +6775,6 @@ run_test "Small client packet DTLS 1.2" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet DTLS 1.2, without EtM" \ "$P_SRV dtls=1 force_version=dtls12 etm=0" \ "$P_CLI dtls=1 request_size=1 \ @@ -6614,35 +6784,30 @@ run_test "Small client packet DTLS 1.2, without EtM" \ # Tests for small server packets -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet TLS 1.2 BlockCipher" \ "$P_SRV response_size=1 force_version=tls12" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -c "Read from server: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV response_size=1 force_version=tls12" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 0 \ -c "Read from server: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ "$P_SRV response_size=1 force_version=tls12" \ "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 0 \ -c "Read from server: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet TLS 1.2 AEAD" \ "$P_SRV response_size=1 force_version=tls12" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 0 \ -c "Read from server: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet TLS 1.2 AEAD shorter tag" \ "$P_SRV response_size=1 force_version=tls12" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ @@ -6652,7 +6817,6 @@ run_test "Small server packet TLS 1.2 AEAD shorter tag" \ # Tests for small server packets in DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet DTLS 1.2" \ "$P_SRV dtls=1 response_size=1 force_version=dtls12" \ "$P_CLI dtls=1 \ @@ -6661,7 +6825,6 @@ run_test "Small server packet DTLS 1.2" \ -c "Read from server: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet DTLS 1.2, without EtM" \ "$P_SRV dtls=1 response_size=1 force_version=dtls12 etm=0" \ "$P_CLI dtls=1 \ @@ -6676,7 +6839,6 @@ fragments_for_write() { echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))" } -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large client packet TLS 1.2 BlockCipher" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=16384 \ @@ -6685,7 +6847,6 @@ run_test "Large client packet TLS 1.2 BlockCipher" \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=16384 etm=0 \ @@ -6693,7 +6854,6 @@ run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \ 0 \ -s "Read from client: $MAX_CONTENT_LEN bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=16384 \ @@ -6702,7 +6862,6 @@ run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large client packet TLS 1.2 AEAD" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=16384 \ @@ -6711,7 +6870,6 @@ run_test "Large client packet TLS 1.2 AEAD" \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large client packet TLS 1.2 AEAD shorter tag" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=16384 \ @@ -6721,14 +6879,12 @@ run_test "Large client packet TLS 1.2 AEAD shorter tag" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" # The tests below fail when the server's OUT_CONTENT_LEN is less than 16384. -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 BlockCipher" \ "$P_SRV response_size=16384 force_version=tls12" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -c "Read from server: 16384 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV response_size=16384 force_version=tls12" \ "$P_CLI etm=0 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -6736,14 +6892,12 @@ run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \ -s "16384 bytes written in 1 fragments" \ -c "Read from server: 16384 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ "$P_SRV response_size=16384 force_version=tls12" \ "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 0 \ -c "Read from server: 16384 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ "$P_SRV response_size=16384 trunc_hmac=1 force_version=tls12" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ @@ -6751,14 +6905,12 @@ run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC -s "16384 bytes written in 1 fragments" \ -c "Read from server: 16384 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 AEAD" \ "$P_SRV response_size=16384 force_version=tls12" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 0 \ -c "Read from server: 16384 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 AEAD shorter tag" \ "$P_SRV response_size=16384 force_version=tls12" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ @@ -8329,10 +8481,8 @@ run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_gnutls requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ "$G_SRV -u" \ "$P_CLI dtls=1 debug_level=2 \ @@ -8353,11 +8503,9 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_gnutls requires_not_i686 requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ "$P_SRV dtls=1 debug_level=2 \ crt_file=data_files/server7_int-ca.crt \ @@ -8370,9 +8518,7 @@ run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ "$O_SRV -dtls1_2 -verify 10" \ "$P_CLI dtls=1 debug_level=2 \ @@ -8386,9 +8532,7 @@ run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ "$P_SRV dtls=1 debug_level=2 \ crt_file=data_files/server7_int-ca.crt \ @@ -8406,10 +8550,8 @@ requires_gnutls_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 client_needs_more_time 4 requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$G_NEXT_SRV -u" \ @@ -8425,10 +8567,8 @@ requires_gnutls_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 client_needs_more_time 4 requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$P_SRV dtls=1 debug_level=2 \ @@ -8448,10 +8588,8 @@ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 client_needs_more_time 4 requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$O_SRV -dtls1_2 -verify 10" \ @@ -8467,10 +8605,8 @@ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 client_needs_more_time 4 requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$P_SRV dtls=1 debug_level=2 \ @@ -9186,6 +9322,7 @@ run_test "DTLS proxy: delay ChangeCipherSpec" \ # Tests for reordering support with DTLS +requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ -p "$P_PXY delay_srv=ServerHello" \ @@ -9203,6 +9340,7 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ -S "Injecting buffered CCS message" \ -S "Remember CCS message" +requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \ -p "$P_PXY delay_srv=ServerHello" \ @@ -9226,6 +9364,7 @@ run_test "DTLS reordering: Buffer out-of-order handshake message fragment on # Certificate message; at the time of writing, together these are aroudn 1200b # in size, so that the bound below ensures that the certificate can be reassembled # while keeping the ServerKeyExchange. +requires_certificate_authentication requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \ @@ -9248,6 +9387,7 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex # The size constraints ensure that the delayed certificate message can't # be reassembled while keeping the ServerKeyExchange message, but it can # when dropping it first. +requires_certificate_authentication requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900 requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -9268,6 +9408,7 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex -S "Injecting buffered CCS message" \ -S "Remember CCS message" +requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ -p "$P_PXY delay_cli=Certificate" \ @@ -9285,6 +9426,7 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ -S "Injecting buffered CCS message" \ -S "Remember CCS message" +requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ -p "$P_PXY delay_srv=NewSessionTicket" \ @@ -9302,6 +9444,7 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ -S "Injecting buffered CCS message" \ -S "Remember CCS message" +requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ -p "$P_PXY delay_cli=ClientKeyExchange" \ @@ -9439,6 +9582,7 @@ run_test "DTLS proxy: 3d, max handshake, nbio" \ client_needs_more_time 4 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "DTLS proxy: 3d, min handshake, resumption" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ @@ -9454,6 +9598,7 @@ run_test "DTLS proxy: 3d, min handshake, resumption" \ client_needs_more_time 4 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ @@ -10184,9 +10329,9 @@ run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \ -c "Protocol is TLSv1.3" \ -c "HTTP/1.0 200 ok" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C @@ -10200,9 +10345,9 @@ run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \ -c "Protocol is TLSv1.3" \ -c "HTTP/1.0 200 OK" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C