mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-06 01:13:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #10021 from gilles-peskine-arm/tls-defragment-generate-tests-dev

Browse Source 
Generate TLS handshake defragmentation tests
This commit is contained in:
Gilles Peskine 2025-03-05 16:49:32 +01:00 committed by GitHub
commit 6811978045
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 37 additions and 525 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
framework

@ -1 +1 @@
Subproject commit 523a12d05b91301b020e2aa560d9774135e3a801
Subproject commit 4a009d4b3cf6c55a558d90c92c1aa2d1ea2bb99b

1
scripts/make_generated_files.bat
View File

@ -32,4 +32,5 @@ python framework\scripts\generate_psa_tests.py --directory tf-psa-crypto\tests\s
python framework\scripts\generate_test_keys.py --output framework\tests\include\test\test_keys.h || exit /b 1
python tf-psa-crypto\framework\scripts\generate_test_keys.py --output tf-psa-crypto\framework\tests\include\test\test_keys.h || exit /b 1
python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1
python framework\scripts\generate_tls_handshake_tests.py || exit /b 1
python framework\scripts\generate_tls13_compat_tests.py || exit /b 1

1
tests/.gitignore vendored
View File

@ -18,6 +18,7 @@
###START_GENERATED_FILES###
# Generated source files
/opt-testcases/handshake-generated.sh
/opt-testcases/tls13-compat.sh
/suites/*.generated.data
/suites/test_suite_config.mbedtls_boolean.data

18
tests/CMakeLists.txt
View File

@ -57,6 +57,24 @@ if(GEN_FILES)
# change too often in ways that don't affect the result
# ((un)commenting some options).
)
add_custom_command(
OUTPUT
${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
COMMAND
"${MBEDTLS_PYTHON_EXECUTABLE}"
"${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py"
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/tls_test_case.py
${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py
)
add_custom_target(handshake-generated.sh
DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh)
set_target_properties(handshake-generated.sh PROPERTIES EXCLUDE_FROM_ALL NO)
add_dependencies(${ssl_opt_target} handshake-generated.sh)
add_custom_command(
OUTPUT
${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/tls13-compat.sh

7
tests/Makefile
View File

@ -64,6 +64,13 @@ GENERATED_FILES += ../framework/tests/include/test/test_keys.h \
# Generated files needed to (fully) run ssl-opt.sh
.PHONY: ssl-opt
opt-testcases/handshake-generated.sh: ../framework/scripts/mbedtls_framework/tls_test_case.py
opt-testcases/handshake-generated.sh: ../framework/scripts/generate_tls_handshake_tests.py
echo " Gen $@"
$(PYTHON) ../framework/scripts/generate_tls_handshake_tests.py -o $@
GENERATED_FILES += opt-testcases/handshake-generated.sh
ssl-opt: opt-testcases/handshake-generated.sh
opt-testcases/tls13-compat.sh: ../framework/scripts/generate_tls13_compat_tests.py
echo " Gen $@"
$(PYTHON) ../framework/scripts/generate_tls13_compat_tests.py -o $@

12
tests/scripts/analyze_outcomes.py
View File

@ -34,6 +34,13 @@ class CoverageTask(outcome_analysis.CoverageTask):
re.DOTALL)
IGNORED_TESTS = {
'handshake-generated': [
# Temporary disable Handshake defragmentation tests until mbedtls
# pr #10011 has been merged.
'Handshake defragmentation on client: len=4, TLS 1.2',
'Handshake defragmentation on client: len=5, TLS 1.2',
'Handshake defragmentation on client: len=13, TLS 1.2'
],
'ssl-opt': [
# We don't run ssl-opt.sh with Valgrind on the CI because
# it's extremely slow. We don't intend to change this.
@ -50,11 +57,6 @@ class CoverageTask(outcome_analysis.CoverageTask):
# TLS doesn't use restartable ECDH yet.
# https://github.com/Mbed-TLS/mbedtls/issues/7294
re.compile(r'EC restart:.*no USE_PSA.*'),
# Temporary disable Handshake defragmentation tests until mbedtls
# pr #10011 has been merged.
'Handshake defragmentation on client: len=4, TLS 1.2',
'Handshake defragmentation on client: len=5, TLS 1.2',
'Handshake defragmentation on client: len=13, TLS 1.2'
],
'test_suite_config.mbedtls_boolean': [
# Missing coverage of test configurations.

1
tests/scripts/check-generated-files.sh
View File

@ -179,6 +179,7 @@ if in_mbedtls_repo; then
check scripts/generate_query_config.pl programs/test/query_config.c
check scripts/generate_features.pl library/version_features.c
check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
check framework/scripts/generate_tls_handshake_tests.py tests/opt-testcases/handshake-generated.sh
check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh
check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h
# generate_visualc_files enumerates source files (library/*.c). It doesn't

520
tests/ssl-opt.sh
View File

@ -13874,525 +13874,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth
# Handshake defragmentation testing
# To guarantee that the handhake messages are large enough and need to be split
# into fragments, the tests require certificate authentication. The party in control
# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes).
requires_certificate_authentication
run_test "Handshake defragmentation on client (no fragmentation, for reference)" \
"$O_NEXT_SRV" \
"$P_CLI debug_level=4 " \
0 \
-C "reassembled record" \
-C "waiting for more fragments"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=512, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-c "waiting for more fragments (512 of [0-9]\\+"
#The server uses an ECDSA cert, so make sure we have a compatible key exchange
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
run_test "Handshake defragmentation on client: len=512, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-c "waiting for more fragments (512 of [0-9]\\+"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=513, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-c "waiting for more fragments (513 of [0-9]\\+"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
run_test "Handshake defragmentation on client: len=513, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-c "waiting for more fragments (513 of [0-9]\\+"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=256, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-c "waiting for more fragments (256 of [0-9]\\+"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
run_test "Handshake defragmentation on client: len=256, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-c "waiting for more fragments (256 of [0-9]\\+"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=128, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-c "waiting for more fragments (128"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
run_test "Handshake defragmentation on client: len=128, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-c "waiting for more fragments (128"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=64, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-c "waiting for more fragments (64"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
run_test "Handshake defragmentation on client: len=64, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-c "waiting for more fragments (64"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=36, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-c "waiting for more fragments (36"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
run_test "Handshake defragmentation on client: len=36, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-c "waiting for more fragments (36"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=32, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-c "waiting for more fragments (32"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
run_test "Handshake defragmentation on client: len=32, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-c "waiting for more fragments (32"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=16, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-c "waiting for more fragments (16"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
run_test "Handshake defragmentation on client: len=16, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-c "waiting for more fragments (16"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=13, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-c "waiting for more fragments (13"
skip_next_test
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=13, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-c "waiting for more fragments (13"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=5, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-c "waiting for more fragments (5"
skip_next_test
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=5, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-c "waiting for more fragments (5"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=4, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-c "waiting for more fragments (4"
skip_next_test
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=4, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \
"$P_CLI debug_level=4 " \
0 \
-c "reassembled record" \
-c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-c "waiting for more fragments (4"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on client: len=3, TLS 1.3" \
"$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \
"$P_CLI debug_level=4 " \
1 \
-c "=> ssl_tls13_process_server_hello" \
-c "handshake message too short: 3" \
-c "SSL - An invalid SSL record was received"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Handshake defragmentation on client: len=3, TLS 1.2" \
"$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \
"$P_CLI debug_level=4 " \
1 \
-c "handshake message too short: 3" \
-c "SSL - An invalid SSL record was received"
requires_certificate_authentication
run_test "Handshake defragmentation on server (no fragmentation, for reference)." \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-S "reassembled record" \
-S "waiting for more fragments"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=512, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-s "waiting for more fragments (512"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=512, TLS 1.2" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-s "waiting for more fragments (512"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=513, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-s "waiting for more fragments (513"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=513, TLS 1.2" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-s "waiting for more fragments (513"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=256, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-s "waiting for more fragments (256"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=256, TLS 1.2" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-s "waiting for more fragments (256"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=128, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-s "waiting for more fragments (128"
# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing
# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello.
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-s "waiting for more fragments (128"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=64, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-s "waiting for more fragments (64"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-s "waiting for more fragments (64"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=36, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-s "waiting for more fragments (36"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-s "waiting for more fragments (36"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=32, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-s "waiting for more fragments (32"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-s "waiting for more fragments (32"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=16, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-s "waiting for more fragments (16"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-s "waiting for more fragments (16"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=13, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-s "waiting for more fragments (13"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-s "waiting for more fragments (13"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=5, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-s "waiting for more fragments (5"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-s "waiting for more fragments (5"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=4, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-s "waiting for more fragments (4"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
0 \
-s "reassembled record" \
-s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-s "waiting for more fragments (4"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=3, TLS 1.3" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
1 \
-s "<= parse client hello" \
-s "handshake message too short: 3" \
-s "SSL - An invalid SSL record was received"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \
"$P_SRV debug_level=4 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
1 \
-s "<= parse client hello" \
-s "handshake message too short: 3" \
-s "SSL - An invalid SSL record was received"
# Most test cases are in opt-testcases/handshake-generated.sh
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication