mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-26 21:39:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #5230 from ronald-cron-arm/tls13_ccs_client

Browse Source 
Add initial support for "Middlebox Compatibility Mode"
This commit is contained in:
Ronald Cron 2021-12-10 11:58:05 +01:00 committed by GitHub
commit 6b07916e40
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 695 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
include/mbedtls/mbedtls_config.h
View File

@ -1505,6 +1505,28 @@
*/
//#define MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
/**
* \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
*
* Enable TLS 1.3 middlebox compatibility mode.
*
* As specified in Section D.4 of RFC 8446, TLS 1.3 offers a compatibility
* mode to make a TLS 1.3 connection more likely to pass through middle boxes
* expecting TLS 1.2 traffic.
*
* Turning on the compatibility mode comes at the cost of a few added bytes
* on the wire, but it doesn't affect compatibility with TLS 1.3 implementations
* that don't use it. Therefore, unless transmission bandwidth is critical and
* you know that middlebox compatibility issues won't occur, it is therefore
* recommended to set this option.
*
* Comment to disable compatibility mode for TLS 1.3. If
* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL is not enabled, this option does not
* have any effect on the build.
*
*/
//#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
/**
* \def MBEDTLS_SSL_PROTO_DTLS
*

3
include/mbedtls/ssl.h
View File

@ -641,6 +641,9 @@ typedef enum
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
MBEDTLS_SSL_ENCRYPTED_EXTENSIONS,
MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY,
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED,
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
}
mbedtls_ssl_states;

5
library/ssl_misc.h
View File

@ -1676,6 +1676,11 @@ int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl );
*/
int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl );
/*
* Write of dummy-CCS's for middlebox compatibility
*/
int mbedtls_ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl );
/*
* Write TLS 1.3 handshake message tail
*/

29
library/ssl_msg.c
View File

@ -3335,6 +3335,20 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network",
rec->buf, rec->buf_len );
/*
* In TLS 1.3, always treat ChangeCipherSpec records
* as unencrypted. The only thing we do with them is
* check the length and content and ignore them.
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
if( ssl->transform_in != NULL &&
ssl->transform_in->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{
if( rec->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
done = 1;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
if( !done && ssl->transform_in != NULL )
{
unsigned char const old_msg_type = rec->type;
@ -4385,6 +4399,21 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
}
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
MBEDTLS_SSL_DEBUG_MSG( 1,
( "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" ) );
return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
#else
MBEDTLS_SSL_DEBUG_MSG( 1,
( "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
}
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )

66
library/ssl_tls13_client.c
View File

@ -723,8 +723,18 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
* ( also known as ossification ). Otherwise, it MUST be set as a zero-length
* vector ( i.e., a zero-valued single byte length field ).
*/
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
MBEDTLS_SSL_CHK_BUF_PTR( p, end, ssl->session_negotiate->id_len + 1 );
*p++ = (unsigned char)ssl->session_negotiate->id_len;
memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
p += ssl->session_negotiate->id_len;
MBEDTLS_SSL_DEBUG_BUF( 3, "session id", ssl->session_negotiate->id,
ssl->session_negotiate->id_len );
#else
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 );
*p++ = 0; /* session id length set to zero */
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
/* Write cipher_suites */
ret = ssl_tls13_write_client_hello_cipher_suites( ssl, p, end, &output_len );
@ -843,6 +853,24 @@ static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl )
return( ret );
}
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
/*
* Create a session identifier for the purpose of middlebox compatibility
* only if one has not been created already.
*/
if( ssl->session_negotiate->id_len == 0 )
{
/* Creating a session id with 32 byte length */
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng,
ssl->session_negotiate->id, 32 ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "creating session id failed", ret );
return( ret );
}
ssl->session_negotiate->id_len = 32;
}
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
return( 0 );
}
@ -1600,6 +1628,7 @@ static int ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
return( 0 );
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
/*
* Handler for MBEDTLS_SSL_SERVER_FINISHED
*/
@ -1611,11 +1640,35 @@ static int ssl_tls13_process_server_finished( mbedtls_ssl_context *ssl )
if( ret != 0 )
return( ret );
mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake );
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
mbedtls_ssl_handshake_set_state(
ssl,
MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED );
#else
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
#endif
return( 0 );
}
/*
* Handler for MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED
*/
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
static int ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl )
{
int ret;
ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl );
if( ret != 0 )
return( ret );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
return( 0 );
}
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
/*
* Handler for MBEDTLS_SSL_CLIENT_FINISHED
*/
@ -1623,6 +1676,8 @@ static int ssl_tls13_write_client_finished( mbedtls_ssl_context *ssl )
{
int ret;
mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake );
ret = mbedtls_ssl_tls13_write_finished_message( ssl );
if( ret != 0 )
return( ret );
@ -1713,6 +1768,15 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
ret = ssl_tls13_handshake_wrapup( ssl );
break;
/*
* Injection of dummy-CCS's for middlebox compatibility
*/
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
ret = ssl_tls13_write_change_cipher_spec( ssl );
break;
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
default:
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );

48
library/ssl_tls13_generic.c
View File

@ -1148,6 +1148,54 @@ void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) );
}
/*
*
* STATE HANDLING: Write ChangeCipherSpec
*
*/
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
static int ssl_tls13_write_change_cipher_spec_body( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
size_t *olen )
{
((void) ssl);
MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 1 );
buf[0] = 1;
*olen = 1;
return( 0 );
}
int mbedtls_ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_flush_output( ssl ) );
/* Write CCS message */
MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_change_cipher_spec_body(
ssl, ssl->out_msg,
ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN,
&ssl->out_msglen ) );
ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
/* Dispatch message */
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_record( ssl, 1 ) );
cleanup:
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) );
return( ret );
}
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif /* MBEDTLS_SSL_TLS_C */

600
tests/opt-testcases/tls13-compat.sh
View File

File diff suppressed because it is too large Load Diff

25
tests/scripts/all.sh
View File

@ -2725,8 +2725,22 @@ component_build_armcc () {
component_test_tls13_experimental () {
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding"
scripts/config.pl set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
scripts/config.pl set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding"
make test
msg "ssl-opt.sh (TLS 1.3 experimental)"
if_build_succeeded tests/ssl-opt.sh
}
component_test_tls13_experimental_no_compatibility_mode () {
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding"
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding"
@ -2737,8 +2751,9 @@ component_test_tls13_experimental () {
component_test_tls13_experimental_with_padding () {
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with padding"
scripts/config.pl set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
scripts/config.pl set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with padding"
@ -2750,6 +2765,7 @@ component_test_tls13_experimental_with_padding () {
component_test_tls13_experimental_with_ecp_restartable () {
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with ecp_restartable"
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
scripts/config.py set MBEDTLS_ECP_RESTARTABLE
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@ -2762,6 +2778,7 @@ component_test_tls13_experimental_with_ecp_restartable () {
component_test_tls13_experimental_with_everest () {
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with Everest"
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .

17
tests/scripts/generate_tls13_compat_tests.py
View File

@ -76,13 +76,14 @@ class TLSProgram(metaclass=abc.ABCMeta):
Base class for generate server/client command.
"""
def __init__(self, ciphersuite, signature_algorithm, named_group):
def __init__(self, ciphersuite, signature_algorithm, named_group, compat_mode=True):
self._ciphers = []
self._sig_algs = []
self._named_groups = []
self.add_ciphersuites(ciphersuite)
self.add_named_groups(named_group)
self.add_signature_algorithms(signature_algorithm)
self._compat_mode = compat_mode
# add_ciphersuites should not override by sub class
def add_ciphersuites(self, *ciphersuites):
@ -138,7 +139,10 @@ class OpenSSLServ(TLSProgram):
"-sigalgs {signature_algorithms}".format(
signature_algorithms=signature_algorithms),
"-groups {named_groups}".format(named_groups=named_groups)]
ret += ['-msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache']
ret += ['-msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache']
if not self._compat_mode:
ret += ['-no_middlebox']
return ' '.join(ret)
def pre_checks(self):
@ -221,7 +225,10 @@ class GnuTLSServ(TLSProgram):
priority_string_list = ['NONE'] + sorted(priority_string_list) + ['VERS-TLS1.3']
priority_string = ':+'.join(priority_string_list)
priority_string += ':%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE'
priority_string += ':%NO_TICKETS'
if not self._compat_mode:
priority_string += [':%DISABLE_TLS13_COMPAT_MODE']
ret += ['--priority={priority_string}'.format(
priority_string=priority_string)]
ret = ' '.join(ret)
@ -273,6 +280,10 @@ class MbedTLSCli(TLSProgram):
'requires_config_enabled MBEDTLS_SSL_CLI_C',
'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL',
'requires_config_disabled MBEDTLS_USE_PSA_CRYPTO']
if self._compat_mode:
ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE']
if 'rsa_pss_rsae_sha256' in self._sig_algs:
ret.append(
'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')

99
tests/ssl-opt.sh
View File

@ -8769,7 +8769,6 @@ run_test "export keys functionality" \
# openssl feature tests: check if tls1.3 exists.
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
run_test "TLS 1.3: Test openssl tls1_3 feature" \
"$O_NEXT_SRV -tls1_3 -msg" \
"$O_NEXT_CLI -tls1_3 -msg" \
@ -8781,7 +8780,6 @@ run_test "TLS 1.3: Test openssl tls1_3 feature" \
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
run_test "TLS 1.3: Test gnutls tls1_3 feature" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert " \
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
@ -8814,9 +8812,12 @@ run_test "TLS 1.3: handshake dispatch test: tls13 only" \
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3: minimal feature sets - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \
0 \
-c "tls13 client state: 0" \
@ -8843,11 +8844,13 @@ run_test "TLS 1.3: minimal feature sets - openssl" \
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3: minimal feature sets - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \
0 \
-s "SERVER HELLO was queued" \
@ -8874,6 +8877,8 @@ run_test "TLS 1.3: minimal feature sets - gnutls" \
-c "HTTP/1.0 200 OK"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check
requires_gnutls_tls1_3
run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.0" \
@ -8886,6 +8891,8 @@ run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.0" \
-C "Protocol is TLSv1.0"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check
requires_gnutls_tls1_3
run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.1" \
@ -8898,6 +8905,8 @@ run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.1" \
-C "Protocol is TLSv1.1"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check
requires_gnutls_tls1_3
run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.2" \
@ -8910,6 +8919,8 @@ run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.2" \
-C "Protocol is TLSv1.2"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check
requires_openssl_next
run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.0" \
@ -8922,6 +8933,8 @@ run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.0" \
-C "Protocol : TLSv1.0"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check
requires_openssl_next
run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.1" \
@ -8934,6 +8947,8 @@ run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.1" \
-C "Protocol : TLSv1.1"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check
requires_openssl_next
run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.2" \
@ -8947,29 +8962,37 @@ run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.2" \
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3: CertificateRequest check - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 force_version=tls13 " \
1 \
-c "CertificateRequest not supported"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3: CertificateRequest check - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \
1 \
-c "CertificateRequest not supported"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_openssl_tls1_3
run_test "TLS 1.3: HelloRetryRequest check - openssl" \
"$O_NEXT_SRV -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$O_NEXT_SRV -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=4 force_version=tls13" \
1 \
-c "received HelloRetryRequest message" \
@ -8978,22 +9001,76 @@ run_test "TLS 1.3: HelloRetryRequest check - openssl" \
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3: HelloRetryRequest check - gnutls" \
"$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
"$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI debug_level=4 force_version=tls13" \
1 \
-c "received HelloRetryRequest message" \
-c "HRR not supported" \
-c "Last error was: -0x6E00 - SSL - The handshake negotiation failed" \
-s "HELLO RETRY REQUEST was queued"
for i in $(ls opt-testcases/*.sh)
do
. $i
done
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3 m->O both peers do not support middlebox compatibility" \
"$O_NEXT_SRV -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \
0 \
-c "HTTP/1.0 200 ok"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3 m->O server with middlebox compat support, not client" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \
1 \
-c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3 m->G both peers do not support middlebox compatibility" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \
"$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \
0 \
-c "HTTP/1.0 200 OK"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3 m->G server with middlebox compat support, not client" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \
1 \
-c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
# Test heap memory usage after handshake
requires_config_enabled MBEDTLS_MEMORY_DEBUG
requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C