1#!/bin/sh 2 3# ssl-opt.sh 4# 5# This file is part of mbed TLS (https://tls.mbed.org) 6# 7# Copyright (c) 2016, ARM Limited, All Rights Reserved 8# 9# Purpose 10# 11# Executes tests to prove various TLS/SSL options and extensions. 12# 13# The goal is not to cover every ciphersuite/version, but instead to cover 14# specific options (max fragment length, truncated hmac, etc) or procedures 15# (session resumption from cache or ticket, renego, etc). 16# 17# The tests assume a build with default options, with exceptions expressed 18# with a dependency. The tests focus on functionality and do not consider 19# performance. 20# 21 22set -u 23 24if cd $( dirname $0 ); then :; else 25 echo "cd $( dirname $0 ) failed" >&2 26 exit 1 27fi 28 29# default values, can be overriden by the environment 30: ${P_SRV:=../programs/ssl/ssl_server2} 31: ${P_CLI:=../programs/ssl/ssl_client2} 32: ${P_PXY:=../programs/test/udp_proxy} 33: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system 34: ${GNUTLS_CLI:=gnutls-cli} 35: ${GNUTLS_SERV:=gnutls-serv} 36: ${PERL:=perl} 37 38O_SRV="$OPENSSL_CMD s_server -www -cert data_files/server5.crt -key data_files/server5.key" 39O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_CMD s_client" 40G_SRV="$GNUTLS_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key" 41G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile data_files/test-ca_cat12.crt" 42TCP_CLIENT="$PERL scripts/tcp_client.pl" 43 44# alternative versions of OpenSSL and GnuTLS (no default path) 45 46if [ -n "${OPENSSL_LEGACY:-}" ]; then 47 O_LEGACY_SRV="$OPENSSL_LEGACY s_server -www -cert data_files/server5.crt -key data_files/server5.key" 48 O_LEGACY_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_LEGACY s_client" 49else 50 O_LEGACY_SRV=false 51 O_LEGACY_CLI=false 52fi 53 54if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then 55 G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key" 56else 57 G_NEXT_SRV=false 58fi 59 60if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then 61 G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile data_files/test-ca_cat12.crt" 62else 63 G_NEXT_CLI=false 64fi 65 66TESTS=0 67FAILS=0 68SKIPS=0 69 70CONFIG_H='../include/mbedtls/config.h' 71 72MEMCHECK=0 73FILTER='.*' 74EXCLUDE='^$' 75 76SHOW_TEST_NUMBER=0 77RUN_TEST_NUMBER='' 78 79PRESERVE_LOGS=0 80 81# Pick a "unique" server port in the range 10000-19999, and a proxy 82# port which is this plus 10000. Each port number may be independently 83# overridden by a command line option. 84SRV_PORT=$(($$ % 10000 + 10000)) 85PXY_PORT=$((SRV_PORT + 10000)) 86 87print_usage() { 88 echo "Usage: $0 [options]" 89 printf " -h|--help\tPrint this help.\n" 90 printf " -m|--memcheck\tCheck memory leaks and errors.\n" 91 printf " -f|--filter\tOnly matching tests are executed (BRE; default: '$FILTER')\n" 92 printf " -e|--exclude\tMatching tests are excluded (BRE; default: '$EXCLUDE')\n" 93 printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" 94 printf " -s|--show-numbers\tShow test numbers in front of test names\n" 95 printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" 96 printf " --port\tTCP/UDP port (default: randomish 1xxxx)\n" 97 printf " --proxy-port\tTCP/UDP proxy port (default: randomish 2xxxx)\n" 98 printf " --seed\tInteger seed value to use for this test run\n" 99} 100 101get_options() { 102 while [ $# -gt 0 ]; do 103 case "$1" in 104 -f|--filter) 105 shift; FILTER=$1 106 ;; 107 -e|--exclude) 108 shift; EXCLUDE=$1 109 ;; 110 -m|--memcheck) 111 MEMCHECK=1 112 ;; 113 -n|--number) 114 shift; RUN_TEST_NUMBER=$1 115 ;; 116 -s|--show-numbers) 117 SHOW_TEST_NUMBER=1 118 ;; 119 -p|--preserve-logs) 120 PRESERVE_LOGS=1 121 ;; 122 --port) 123 shift; SRV_PORT=$1 124 ;; 125 --proxy-port) 126 shift; PXY_PORT=$1 127 ;; 128 --seed) 129 shift; SEED="$1" 130 ;; 131 -h|--help) 132 print_usage 133 exit 0 134 ;; 135 *) 136 echo "Unknown argument: '$1'" 137 print_usage 138 exit 1 139 ;; 140 esac 141 shift 142 done 143} 144 145# Skip next test; use this macro to skip tests which are legitimate 146# in theory and expected to be re-introduced at some point, but 147# aren't expected to succeed at the moment due to problems outside 148# our control (such as bugs in other TLS implementations). 149skip_next_test() { 150 SKIP_NEXT="YES" 151} 152 153# skip next test if the flag is not enabled in config.h 154requires_config_enabled() { 155 if grep "^#define $1" $CONFIG_H > /dev/null; then :; else 156 SKIP_NEXT="YES" 157 fi 158} 159 160# skip next test if the flag is enabled in config.h 161requires_config_disabled() { 162 if grep "^#define $1" $CONFIG_H > /dev/null; then 163 SKIP_NEXT="YES" 164 fi 165} 166 167get_config_value_or_default() { 168 # This function uses the query_config command line option to query the 169 # required Mbed TLS compile time configuration from the ssl_server2 170 # program. The command will always return a success value if the 171 # configuration is defined and the value will be printed to stdout. 172 # 173 # Note that if the configuration is not defined or is defined to nothing, 174 # the output of this function will be an empty string. 175 ${P_SRV} "query_config=${1}" 176} 177 178requires_config_value_at_least() { 179 VAL="$( get_config_value_or_default "$1" )" 180 if [ -z "$VAL" ]; then 181 # Should never happen 182 echo "Mbed TLS configuration $1 is not defined" 183 exit 1 184 elif [ "$VAL" -lt "$2" ]; then 185 SKIP_NEXT="YES" 186 fi 187} 188 189requires_config_value_at_most() { 190 VAL=$( get_config_value_or_default "$1" ) 191 if [ -z "$VAL" ]; then 192 # Should never happen 193 echo "Mbed TLS configuration $1 is not defined" 194 exit 1 195 elif [ "$VAL" -gt "$2" ]; then 196 SKIP_NEXT="YES" 197 fi 198} 199 200# skip next test if OpenSSL doesn't support FALLBACK_SCSV 201requires_openssl_with_fallback_scsv() { 202 if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then 203 if $OPENSSL_CMD s_client -help 2>&1 | grep fallback_scsv >/dev/null 204 then 205 OPENSSL_HAS_FBSCSV="YES" 206 else 207 OPENSSL_HAS_FBSCSV="NO" 208 fi 209 fi 210 if [ "$OPENSSL_HAS_FBSCSV" = "NO" ]; then 211 SKIP_NEXT="YES" 212 fi 213} 214 215# skip next test if GnuTLS isn't available 216requires_gnutls() { 217 if [ -z "${GNUTLS_AVAILABLE:-}" ]; then 218 if ( which "$GNUTLS_CLI" && which "$GNUTLS_SERV" ) >/dev/null 2>&1; then 219 GNUTLS_AVAILABLE="YES" 220 else 221 GNUTLS_AVAILABLE="NO" 222 fi 223 fi 224 if [ "$GNUTLS_AVAILABLE" = "NO" ]; then 225 SKIP_NEXT="YES" 226 fi 227} 228 229# skip next test if GnuTLS-next isn't available 230requires_gnutls_next() { 231 if [ -z "${GNUTLS_NEXT_AVAILABLE:-}" ]; then 232 if ( which "${GNUTLS_NEXT_CLI:-}" && which "${GNUTLS_NEXT_SERV:-}" ) >/dev/null 2>&1; then 233 GNUTLS_NEXT_AVAILABLE="YES" 234 else 235 GNUTLS_NEXT_AVAILABLE="NO" 236 fi 237 fi 238 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then 239 SKIP_NEXT="YES" 240 fi 241} 242 243# skip next test if OpenSSL-legacy isn't available 244requires_openssl_legacy() { 245 if [ -z "${OPENSSL_LEGACY_AVAILABLE:-}" ]; then 246 if which "${OPENSSL_LEGACY:-}" >/dev/null 2>&1; then 247 OPENSSL_LEGACY_AVAILABLE="YES" 248 else 249 OPENSSL_LEGACY_AVAILABLE="NO" 250 fi 251 fi 252 if [ "$OPENSSL_LEGACY_AVAILABLE" = "NO" ]; then 253 SKIP_NEXT="YES" 254 fi 255} 256 257# skip next test if IPv6 isn't available on this host 258requires_ipv6() { 259 if [ -z "${HAS_IPV6:-}" ]; then 260 $P_SRV server_addr='::1' > $SRV_OUT 2>&1 & 261 SRV_PID=$! 262 sleep 1 263 kill $SRV_PID >/dev/null 2>&1 264 if grep "NET - Binding of the socket failed" $SRV_OUT >/dev/null; then 265 HAS_IPV6="NO" 266 else 267 HAS_IPV6="YES" 268 fi 269 rm -r $SRV_OUT 270 fi 271 272 if [ "$HAS_IPV6" = "NO" ]; then 273 SKIP_NEXT="YES" 274 fi 275} 276 277# skip next test if it's i686 or uname is not available 278requires_not_i686() { 279 if [ -z "${IS_I686:-}" ]; then 280 IS_I686="YES" 281 if which "uname" >/dev/null 2>&1; then 282 if [ -z "$(uname -a | grep i686)" ]; then 283 IS_I686="NO" 284 fi 285 fi 286 fi 287 if [ "$IS_I686" = "YES" ]; then 288 SKIP_NEXT="YES" 289 fi 290} 291 292# Calculate the input & output maximum content lengths set in the config 293MAX_CONTENT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN || echo "16384") 294MAX_IN_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_IN_CONTENT_LEN || echo "$MAX_CONTENT_LEN") 295MAX_OUT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_OUT_CONTENT_LEN || echo "$MAX_CONTENT_LEN") 296 297if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then 298 MAX_CONTENT_LEN="$MAX_IN_LEN" 299fi 300if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then 301 MAX_CONTENT_LEN="$MAX_OUT_LEN" 302fi 303 304# skip the next test if the SSL output buffer is less than 16KB 305requires_full_size_output_buffer() { 306 if [ "$MAX_OUT_LEN" -ne 16384 ]; then 307 SKIP_NEXT="YES" 308 fi 309} 310 311# skip the next test if valgrind is in use 312not_with_valgrind() { 313 if [ "$MEMCHECK" -gt 0 ]; then 314 SKIP_NEXT="YES" 315 fi 316} 317 318# skip the next test if valgrind is NOT in use 319only_with_valgrind() { 320 if [ "$MEMCHECK" -eq 0 ]; then 321 SKIP_NEXT="YES" 322 fi 323} 324 325# multiply the client timeout delay by the given factor for the next test 326client_needs_more_time() { 327 CLI_DELAY_FACTOR=$1 328} 329 330# wait for the given seconds after the client finished in the next test 331server_needs_more_time() { 332 SRV_DELAY_SECONDS=$1 333} 334 335# print_name <name> 336print_name() { 337 TESTS=$(( $TESTS + 1 )) 338 LINE="" 339 340 if [ "$SHOW_TEST_NUMBER" -gt 0 ]; then 341 LINE="$TESTS " 342 fi 343 344 LINE="$LINE$1" 345 printf "$LINE " 346 LEN=$(( 72 - `echo "$LINE" | wc -c` )) 347 for i in `seq 1 $LEN`; do printf '.'; done 348 printf ' ' 349 350} 351 352# fail <message> 353fail() { 354 echo "FAIL" 355 echo " ! $1" 356 357 mv $SRV_OUT o-srv-${TESTS}.log 358 mv $CLI_OUT o-cli-${TESTS}.log 359 if [ -n "$PXY_CMD" ]; then 360 mv $PXY_OUT o-pxy-${TESTS}.log 361 fi 362 echo " ! outputs saved to o-XXX-${TESTS}.log" 363 364 if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot -o "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then 365 echo " ! server output:" 366 cat o-srv-${TESTS}.log 367 echo " ! ========================================================" 368 echo " ! client output:" 369 cat o-cli-${TESTS}.log 370 if [ -n "$PXY_CMD" ]; then 371 echo " ! ========================================================" 372 echo " ! proxy output:" 373 cat o-pxy-${TESTS}.log 374 fi 375 echo "" 376 fi 377 378 FAILS=$(( $FAILS + 1 )) 379} 380 381# is_polar <cmd_line> 382is_polar() { 383 echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null 384} 385 386# openssl s_server doesn't have -www with DTLS 387check_osrv_dtls() { 388 if echo "$SRV_CMD" | grep 's_server.*-dtls' >/dev/null; then 389 NEEDS_INPUT=1 390 SRV_CMD="$( echo $SRV_CMD | sed s/-www// )" 391 else 392 NEEDS_INPUT=0 393 fi 394} 395 396# provide input to commands that need it 397provide_input() { 398 if [ $NEEDS_INPUT -eq 0 ]; then 399 return 400 fi 401 402 while true; do 403 echo "HTTP/1.0 200 OK" 404 sleep 1 405 done 406} 407 408# has_mem_err <log_file_name> 409has_mem_err() { 410 if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" && 411 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null 412 then 413 return 1 # false: does not have errors 414 else 415 return 0 # true: has errors 416 fi 417} 418 419# Wait for process $2 to be listening on port $1 420if type lsof >/dev/null 2>/dev/null; then 421 wait_server_start() { 422 START_TIME=$(date +%s) 423 if [ "$DTLS" -eq 1 ]; then 424 proto=UDP 425 else 426 proto=TCP 427 fi 428 # Make a tight loop, server normally takes less than 1s to start. 429 while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do 430 if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then 431 echo "SERVERSTART TIMEOUT" 432 echo "SERVERSTART TIMEOUT" >> $SRV_OUT 433 break 434 fi 435 # Linux and *BSD support decimal arguments to sleep. On other 436 # OSes this may be a tight loop. 437 sleep 0.1 2>/dev/null || true 438 done 439 } 440else 441 echo "Warning: lsof not available, wait_server_start = sleep" 442 wait_server_start() { 443 sleep "$START_DELAY" 444 } 445fi 446 447# Given the client or server debug output, parse the unix timestamp that is 448# included in the first 4 bytes of the random bytes and check that it's within 449# acceptable bounds 450check_server_hello_time() { 451 # Extract the time from the debug (lvl 3) output of the client 452 SERVER_HELLO_TIME="$(sed -n 's/.*server hello, current time: //p' < "$1")" 453 # Get the Unix timestamp for now 454 CUR_TIME=$(date +'%s') 455 THRESHOLD_IN_SECS=300 456 457 # Check if the ServerHello time was printed 458 if [ -z "$SERVER_HELLO_TIME" ]; then 459 return 1 460 fi 461 462 # Check the time in ServerHello is within acceptable bounds 463 if [ $SERVER_HELLO_TIME -lt $(( $CUR_TIME - $THRESHOLD_IN_SECS )) ]; then 464 # The time in ServerHello is at least 5 minutes before now 465 return 1 466 elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then 467 # The time in ServerHello is at least 5 minutes later than now 468 return 1 469 else 470 return 0 471 fi 472} 473 474# wait for client to terminate and set CLI_EXIT 475# must be called right after starting the client 476wait_client_done() { 477 CLI_PID=$! 478 479 CLI_DELAY=$(( $DOG_DELAY * $CLI_DELAY_FACTOR )) 480 CLI_DELAY_FACTOR=1 481 482 ( sleep $CLI_DELAY; echo "===CLIENT_TIMEOUT===" >> $CLI_OUT; kill $CLI_PID ) & 483 DOG_PID=$! 484 485 wait $CLI_PID 486 CLI_EXIT=$? 487 488 kill $DOG_PID >/dev/null 2>&1 489 wait $DOG_PID 490 491 echo "EXIT: $CLI_EXIT" >> $CLI_OUT 492 493 sleep $SRV_DELAY_SECONDS 494 SRV_DELAY_SECONDS=0 495} 496 497# check if the given command uses dtls and sets global variable DTLS 498detect_dtls() { 499 if echo "$1" | grep 'dtls=1\|-dtls1\|-u' >/dev/null; then 500 DTLS=1 501 else 502 DTLS=0 503 fi 504} 505 506# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] 507# Options: -s pattern pattern that must be present in server output 508# -c pattern pattern that must be present in client output 509# -u pattern lines after pattern must be unique in client output 510# -f call shell function on client output 511# -S pattern pattern that must be absent in server output 512# -C pattern pattern that must be absent in client output 513# -U pattern lines after pattern must be unique in server output 514# -F call shell function on server output 515run_test() { 516 NAME="$1" 517 shift 1 518 519 if echo "$NAME" | grep "$FILTER" | grep -v "$EXCLUDE" >/dev/null; then : 520 else 521 SKIP_NEXT="NO" 522 return 523 fi 524 525 print_name "$NAME" 526 527 # Do we only run numbered tests? 528 if [ "X$RUN_TEST_NUMBER" = "X" ]; then : 529 elif echo ",$RUN_TEST_NUMBER," | grep ",$TESTS," >/dev/null; then : 530 else 531 SKIP_NEXT="YES" 532 fi 533 534 # should we skip? 535 if [ "X$SKIP_NEXT" = "XYES" ]; then 536 SKIP_NEXT="NO" 537 echo "SKIP" 538 SKIPS=$(( $SKIPS + 1 )) 539 return 540 fi 541 542 # does this test use a proxy? 543 if [ "X$1" = "X-p" ]; then 544 PXY_CMD="$2" 545 shift 2 546 else 547 PXY_CMD="" 548 fi 549 550 # get commands and client output 551 SRV_CMD="$1" 552 CLI_CMD="$2" 553 CLI_EXPECT="$3" 554 shift 3 555 556 # Check if test uses files 557 TEST_USES_FILES=$(echo "$SRV_CMD $CLI_CMD" | grep "\.\(key\|crt\|pem\)" ) 558 if [ ! -z "$TEST_USES_FILES" ]; then 559 requires_config_enabled MBEDTLS_FS_IO 560 fi 561 562 # should we skip? 563 if [ "X$SKIP_NEXT" = "XYES" ]; then 564 SKIP_NEXT="NO" 565 echo "SKIP" 566 SKIPS=$(( $SKIPS + 1 )) 567 return 568 fi 569 570 # fix client port 571 if [ -n "$PXY_CMD" ]; then 572 CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g ) 573 else 574 CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$SRV_PORT/g ) 575 fi 576 577 # update DTLS variable 578 detect_dtls "$SRV_CMD" 579 580 # prepend valgrind to our commands if active 581 if [ "$MEMCHECK" -gt 0 ]; then 582 if is_polar "$SRV_CMD"; then 583 SRV_CMD="valgrind --leak-check=full $SRV_CMD" 584 fi 585 if is_polar "$CLI_CMD"; then 586 CLI_CMD="valgrind --leak-check=full $CLI_CMD" 587 fi 588 fi 589 590 TIMES_LEFT=2 591 while [ $TIMES_LEFT -gt 0 ]; do 592 TIMES_LEFT=$(( $TIMES_LEFT - 1 )) 593 594 # run the commands 595 if [ -n "$PXY_CMD" ]; then 596 echo "$PXY_CMD" > $PXY_OUT 597 $PXY_CMD >> $PXY_OUT 2>&1 & 598 PXY_PID=$! 599 # assume proxy starts faster than server 600 fi 601 602 check_osrv_dtls 603 echo "$SRV_CMD" > $SRV_OUT 604 provide_input | $SRV_CMD >> $SRV_OUT 2>&1 & 605 SRV_PID=$! 606 wait_server_start "$SRV_PORT" "$SRV_PID" 607 608 echo "$CLI_CMD" > $CLI_OUT 609 eval "$CLI_CMD" >> $CLI_OUT 2>&1 & 610 wait_client_done 611 612 sleep 0.05 613 614 # terminate the server (and the proxy) 615 kill $SRV_PID 616 wait $SRV_PID 617 618 if [ -n "$PXY_CMD" ]; then 619 kill $PXY_PID >/dev/null 2>&1 620 wait $PXY_PID 621 fi 622 623 # retry only on timeouts 624 if grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null; then 625 printf "RETRY " 626 else 627 TIMES_LEFT=0 628 fi 629 done 630 631 # check if the client and server went at least to the handshake stage 632 # (useful to avoid tests with only negative assertions and non-zero 633 # expected client exit to incorrectly succeed in case of catastrophic 634 # failure) 635 if is_polar "$SRV_CMD"; then 636 if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :; 637 else 638 fail "server or client failed to reach handshake stage" 639 return 640 fi 641 fi 642 if is_polar "$CLI_CMD"; then 643 if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :; 644 else 645 fail "server or client failed to reach handshake stage" 646 return 647 fi 648 fi 649 650 # check server exit code 651 if [ $? != 0 ]; then 652 fail "server fail" 653 return 654 fi 655 656 # check client exit code 657 if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \ 658 \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ] 659 then 660 fail "bad client exit code (expected $CLI_EXPECT, got $CLI_EXIT)" 661 return 662 fi 663 664 # check other assertions 665 # lines beginning with == are added by valgrind, ignore them 666 # lines with 'Serious error when reading debug info', are valgrind issues as well 667 while [ $# -gt 0 ] 668 do 669 case $1 in 670 "-s") 671 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else 672 fail "pattern '$2' MUST be present in the Server output" 673 return 674 fi 675 ;; 676 677 "-c") 678 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else 679 fail "pattern '$2' MUST be present in the Client output" 680 return 681 fi 682 ;; 683 684 "-S") 685 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then 686 fail "pattern '$2' MUST NOT be present in the Server output" 687 return 688 fi 689 ;; 690 691 "-C") 692 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then 693 fail "pattern '$2' MUST NOT be present in the Client output" 694 return 695 fi 696 ;; 697 698 # The filtering in the following two options (-u and -U) do the following 699 # - ignore valgrind output 700 # - filter out everything but lines right after the pattern occurances 701 # - keep one of each non-unique line 702 # - count how many lines remain 703 # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1 704 # if there were no duplicates. 705 "-U") 706 if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then 707 fail "lines following pattern '$2' must be unique in Server output" 708 return 709 fi 710 ;; 711 712 "-u") 713 if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then 714 fail "lines following pattern '$2' must be unique in Client output" 715 return 716 fi 717 ;; 718 "-F") 719 if ! $2 "$SRV_OUT"; then 720 fail "function call to '$2' failed on Server output" 721 return 722 fi 723 ;; 724 "-f") 725 if ! $2 "$CLI_OUT"; then 726 fail "function call to '$2' failed on Client output" 727 return 728 fi 729 ;; 730 731 *) 732 echo "Unknown test: $1" >&2 733 exit 1 734 esac 735 shift 2 736 done 737 738 # check valgrind's results 739 if [ "$MEMCHECK" -gt 0 ]; then 740 if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then 741 fail "Server has memory errors" 742 return 743 fi 744 if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then 745 fail "Client has memory errors" 746 return 747 fi 748 fi 749 750 # if we're here, everything is ok 751 echo "PASS" 752 if [ "$PRESERVE_LOGS" -gt 0 ]; then 753 mv $SRV_OUT o-srv-${TESTS}.log 754 mv $CLI_OUT o-cli-${TESTS}.log 755 if [ -n "$PXY_CMD" ]; then 756 mv $PXY_OUT o-pxy-${TESTS}.log 757 fi 758 fi 759 760 rm -f $SRV_OUT $CLI_OUT $PXY_OUT 761} 762 763cleanup() { 764 rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION 765 test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1 766 test -n "${PXY_PID:-}" && kill $PXY_PID >/dev/null 2>&1 767 test -n "${CLI_PID:-}" && kill $CLI_PID >/dev/null 2>&1 768 test -n "${DOG_PID:-}" && kill $DOG_PID >/dev/null 2>&1 769 exit 1 770} 771 772# 773# MAIN 774# 775 776get_options "$@" 777 778# sanity checks, avoid an avalanche of errors 779P_SRV_BIN="${P_SRV%%[ ]*}" 780P_CLI_BIN="${P_CLI%%[ ]*}" 781P_PXY_BIN="${P_PXY%%[ ]*}" 782if [ ! -x "$P_SRV_BIN" ]; then 783 echo "Command '$P_SRV_BIN' is not an executable file" 784 exit 1 785fi 786if [ ! -x "$P_CLI_BIN" ]; then 787 echo "Command '$P_CLI_BIN' is not an executable file" 788 exit 1 789fi 790if [ ! -x "$P_PXY_BIN" ]; then 791 echo "Command '$P_PXY_BIN' is not an executable file" 792 exit 1 793fi 794if [ "$MEMCHECK" -gt 0 ]; then 795 if which valgrind >/dev/null 2>&1; then :; else 796 echo "Memcheck not possible. Valgrind not found" 797 exit 1 798 fi 799fi 800if which $OPENSSL_CMD >/dev/null 2>&1; then :; else 801 echo "Command '$OPENSSL_CMD' not found" 802 exit 1 803fi 804 805# used by watchdog 806MAIN_PID="$$" 807 808# We use somewhat arbitrary delays for tests: 809# - how long do we wait for the server to start (when lsof not available)? 810# - how long do we allow for the client to finish? 811# (not to check performance, just to avoid waiting indefinitely) 812# Things are slower with valgrind, so give extra time here. 813# 814# Note: without lsof, there is a trade-off between the running time of this 815# script and the risk of spurious errors because we didn't wait long enough. 816# The watchdog delay on the other hand doesn't affect normal running time of 817# the script, only the case where a client or server gets stuck. 818if [ "$MEMCHECK" -gt 0 ]; then 819 START_DELAY=6 820 DOG_DELAY=60 821else 822 START_DELAY=2 823 DOG_DELAY=20 824fi 825 826# some particular tests need more time: 827# - for the client, we multiply the usual watchdog limit by a factor 828# - for the server, we sleep for a number of seconds after the client exits 829# see client_need_more_time() and server_needs_more_time() 830CLI_DELAY_FACTOR=1 831SRV_DELAY_SECONDS=0 832 833# fix commands to use this port, force IPv4 while at it 834# +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later 835P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" 836P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" 837P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" 838O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem" 839O_CLI="$O_CLI -connect localhost:+SRV_PORT" 840G_SRV="$G_SRV -p $SRV_PORT" 841G_CLI="$G_CLI -p +SRV_PORT" 842 843if [ -n "${OPENSSL_LEGACY:-}" ]; then 844 O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem" 845 O_LEGACY_CLI="$O_LEGACY_CLI -connect localhost:+SRV_PORT" 846fi 847 848if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then 849 G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT" 850fi 851 852if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then 853 G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT" 854fi 855 856# Allow SHA-1, because many of our test certificates use it 857P_SRV="$P_SRV allow_sha1=1" 858P_CLI="$P_CLI allow_sha1=1" 859 860# Also pick a unique name for intermediate files 861SRV_OUT="srv_out.$$" 862CLI_OUT="cli_out.$$" 863PXY_OUT="pxy_out.$$" 864SESSION="session.$$" 865 866SKIP_NEXT="NO" 867 868trap cleanup INT TERM HUP 869 870# Basic test 871 872# Checks that: 873# - things work with all ciphersuites active (used with config-full in all.sh) 874# - the expected (highest security) parameters are selected 875# ("signature_algorithm ext: 6" means SHA-512 (highest common hash)) 876run_test "Default" \ 877 "$P_SRV debug_level=3" \ 878 "$P_CLI" \ 879 0 \ 880 -s "Protocol is TLSv1.2" \ 881 -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \ 882 -s "client hello v3, signature_algorithm ext: 6" \ 883 -s "ECDHE curve: secp521r1" \ 884 -S "error" \ 885 -C "error" 886 887run_test "Default, DTLS" \ 888 "$P_SRV dtls=1" \ 889 "$P_CLI dtls=1" \ 890 0 \ 891 -s "Protocol is DTLSv1.2" \ 892 -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" 893 894# Test current time in ServerHello 895requires_config_enabled MBEDTLS_HAVE_TIME 896run_test "ServerHello contains gmt_unix_time" \ 897 "$P_SRV debug_level=3" \ 898 "$P_CLI debug_level=3" \ 899 0 \ 900 -f "check_server_hello_time" \ 901 -F "check_server_hello_time" 902 903# Test for uniqueness of IVs in AEAD ciphersuites 904run_test "Unique IV in GCM" \ 905 "$P_SRV exchanges=20 debug_level=4" \ 906 "$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ 907 0 \ 908 -u "IV used" \ 909 -U "IV used" 910 911# Tests for rc4 option 912 913requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES 914run_test "RC4: server disabled, client enabled" \ 915 "$P_SRV" \ 916 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 917 1 \ 918 -s "SSL - The server has no ciphersuites in common" 919 920requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES 921run_test "RC4: server half, client enabled" \ 922 "$P_SRV arc4=1" \ 923 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 924 1 \ 925 -s "SSL - The server has no ciphersuites in common" 926 927run_test "RC4: server enabled, client disabled" \ 928 "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 929 "$P_CLI" \ 930 1 \ 931 -s "SSL - The server has no ciphersuites in common" 932 933run_test "RC4: both enabled" \ 934 "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 935 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 936 0 \ 937 -S "SSL - None of the common ciphersuites is usable" \ 938 -S "SSL - The server has no ciphersuites in common" 939 940# Test empty CA list in CertificateRequest in TLS 1.1 and earlier 941 942requires_gnutls 943requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 944run_test "CertificateRequest with empty CA list, TLS 1.1 (GnuTLS server)" \ 945 "$G_SRV"\ 946 "$P_CLI force_version=tls1_1" \ 947 0 948 949requires_gnutls 950requires_config_enabled MBEDTLS_SSL_PROTO_TLS1 951run_test "CertificateRequest with empty CA list, TLS 1.0 (GnuTLS server)" \ 952 "$G_SRV"\ 953 "$P_CLI force_version=tls1" \ 954 0 955 956# Tests for SHA-1 support 957 958requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES 959run_test "SHA-1 forbidden by default in server certificate" \ 960 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ 961 "$P_CLI debug_level=2 allow_sha1=0" \ 962 1 \ 963 -c "The certificate is signed with an unacceptable hash" 964 965requires_config_enabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES 966run_test "SHA-1 forbidden by default in server certificate" \ 967 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ 968 "$P_CLI debug_level=2 allow_sha1=0" \ 969 0 970 971run_test "SHA-1 explicitly allowed in server certificate" \ 972 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ 973 "$P_CLI allow_sha1=1" \ 974 0 975 976run_test "SHA-256 allowed by default in server certificate" \ 977 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2-sha256.crt" \ 978 "$P_CLI allow_sha1=0" \ 979 0 980 981requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES 982run_test "SHA-1 forbidden by default in client certificate" \ 983 "$P_SRV auth_mode=required allow_sha1=0" \ 984 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ 985 1 \ 986 -s "The certificate is signed with an unacceptable hash" 987 988requires_config_enabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES 989run_test "SHA-1 forbidden by default in client certificate" \ 990 "$P_SRV auth_mode=required allow_sha1=0" \ 991 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ 992 0 993 994run_test "SHA-1 explicitly allowed in client certificate" \ 995 "$P_SRV auth_mode=required allow_sha1=1" \ 996 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ 997 0 998 999run_test "SHA-256 allowed by default in client certificate" \ 1000 "$P_SRV auth_mode=required allow_sha1=0" \ 1001 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \ 1002 0 1003 1004# Tests for datagram packing 1005run_test "DTLS: multiple records in same datagram, client and server" \ 1006 "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ 1007 "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ 1008 0 \ 1009 -c "next record in same datagram" \ 1010 -s "next record in same datagram" 1011 1012run_test "DTLS: multiple records in same datagram, client only" \ 1013 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 1014 "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ 1015 0 \ 1016 -s "next record in same datagram" \ 1017 -C "next record in same datagram" 1018 1019run_test "DTLS: multiple records in same datagram, server only" \ 1020 "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ 1021 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 1022 0 \ 1023 -S "next record in same datagram" \ 1024 -c "next record in same datagram" 1025 1026run_test "DTLS: multiple records in same datagram, neither client nor server" \ 1027 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 1028 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 1029 0 \ 1030 -S "next record in same datagram" \ 1031 -C "next record in same datagram" 1032 1033# Tests for Truncated HMAC extension 1034 1035run_test "Truncated HMAC: client default, server default" \ 1036 "$P_SRV debug_level=4" \ 1037 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1038 0 \ 1039 -s "dumping 'expected mac' (20 bytes)" \ 1040 -S "dumping 'expected mac' (10 bytes)" 1041 1042requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1043run_test "Truncated HMAC: client disabled, server default" \ 1044 "$P_SRV debug_level=4" \ 1045 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ 1046 0 \ 1047 -s "dumping 'expected mac' (20 bytes)" \ 1048 -S "dumping 'expected mac' (10 bytes)" 1049 1050requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1051run_test "Truncated HMAC: client enabled, server default" \ 1052 "$P_SRV debug_level=4" \ 1053 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 1054 0 \ 1055 -s "dumping 'expected mac' (20 bytes)" \ 1056 -S "dumping 'expected mac' (10 bytes)" 1057 1058requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1059run_test "Truncated HMAC: client enabled, server disabled" \ 1060 "$P_SRV debug_level=4 trunc_hmac=0" \ 1061 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 1062 0 \ 1063 -s "dumping 'expected mac' (20 bytes)" \ 1064 -S "dumping 'expected mac' (10 bytes)" 1065 1066requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1067run_test "Truncated HMAC: client disabled, server enabled" \ 1068 "$P_SRV debug_level=4 trunc_hmac=1" \ 1069 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ 1070 0 \ 1071 -s "dumping 'expected mac' (20 bytes)" \ 1072 -S "dumping 'expected mac' (10 bytes)" 1073 1074requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1075run_test "Truncated HMAC: client enabled, server enabled" \ 1076 "$P_SRV debug_level=4 trunc_hmac=1" \ 1077 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 1078 0 \ 1079 -S "dumping 'expected mac' (20 bytes)" \ 1080 -s "dumping 'expected mac' (10 bytes)" 1081 1082run_test "Truncated HMAC, DTLS: client default, server default" \ 1083 "$P_SRV dtls=1 debug_level=4" \ 1084 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1085 0 \ 1086 -s "dumping 'expected mac' (20 bytes)" \ 1087 -S "dumping 'expected mac' (10 bytes)" 1088 1089requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1090run_test "Truncated HMAC, DTLS: client disabled, server default" \ 1091 "$P_SRV dtls=1 debug_level=4" \ 1092 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ 1093 0 \ 1094 -s "dumping 'expected mac' (20 bytes)" \ 1095 -S "dumping 'expected mac' (10 bytes)" 1096 1097requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1098run_test "Truncated HMAC, DTLS: client enabled, server default" \ 1099 "$P_SRV dtls=1 debug_level=4" \ 1100 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 1101 0 \ 1102 -s "dumping 'expected mac' (20 bytes)" \ 1103 -S "dumping 'expected mac' (10 bytes)" 1104 1105requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1106run_test "Truncated HMAC, DTLS: client enabled, server disabled" \ 1107 "$P_SRV dtls=1 debug_level=4 trunc_hmac=0" \ 1108 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 1109 0 \ 1110 -s "dumping 'expected mac' (20 bytes)" \ 1111 -S "dumping 'expected mac' (10 bytes)" 1112 1113requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1114run_test "Truncated HMAC, DTLS: client disabled, server enabled" \ 1115 "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \ 1116 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ 1117 0 \ 1118 -s "dumping 'expected mac' (20 bytes)" \ 1119 -S "dumping 'expected mac' (10 bytes)" 1120 1121requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1122run_test "Truncated HMAC, DTLS: client enabled, server enabled" \ 1123 "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \ 1124 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 1125 0 \ 1126 -S "dumping 'expected mac' (20 bytes)" \ 1127 -s "dumping 'expected mac' (10 bytes)" 1128 1129# Tests for Encrypt-then-MAC extension 1130 1131run_test "Encrypt then MAC: default" \ 1132 "$P_SRV debug_level=3 \ 1133 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1134 "$P_CLI debug_level=3" \ 1135 0 \ 1136 -c "client hello, adding encrypt_then_mac extension" \ 1137 -s "found encrypt then mac extension" \ 1138 -s "server hello, adding encrypt then mac extension" \ 1139 -c "found encrypt_then_mac extension" \ 1140 -c "using encrypt then mac" \ 1141 -s "using encrypt then mac" 1142 1143run_test "Encrypt then MAC: client enabled, server disabled" \ 1144 "$P_SRV debug_level=3 etm=0 \ 1145 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1146 "$P_CLI debug_level=3 etm=1" \ 1147 0 \ 1148 -c "client hello, adding encrypt_then_mac extension" \ 1149 -s "found encrypt then mac extension" \ 1150 -S "server hello, adding encrypt then mac extension" \ 1151 -C "found encrypt_then_mac extension" \ 1152 -C "using encrypt then mac" \ 1153 -S "using encrypt then mac" 1154 1155run_test "Encrypt then MAC: client enabled, aead cipher" \ 1156 "$P_SRV debug_level=3 etm=1 \ 1157 force_ciphersuite=TLS-RSA-WITH-AES-128-GCM-SHA256" \ 1158 "$P_CLI debug_level=3 etm=1" \ 1159 0 \ 1160 -c "client hello, adding encrypt_then_mac extension" \ 1161 -s "found encrypt then mac extension" \ 1162 -S "server hello, adding encrypt then mac extension" \ 1163 -C "found encrypt_then_mac extension" \ 1164 -C "using encrypt then mac" \ 1165 -S "using encrypt then mac" 1166 1167run_test "Encrypt then MAC: client enabled, stream cipher" \ 1168 "$P_SRV debug_level=3 etm=1 \ 1169 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1170 "$P_CLI debug_level=3 etm=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1171 0 \ 1172 -c "client hello, adding encrypt_then_mac extension" \ 1173 -s "found encrypt then mac extension" \ 1174 -S "server hello, adding encrypt then mac extension" \ 1175 -C "found encrypt_then_mac extension" \ 1176 -C "using encrypt then mac" \ 1177 -S "using encrypt then mac" 1178 1179run_test "Encrypt then MAC: client disabled, server enabled" \ 1180 "$P_SRV debug_level=3 etm=1 \ 1181 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1182 "$P_CLI debug_level=3 etm=0" \ 1183 0 \ 1184 -C "client hello, adding encrypt_then_mac extension" \ 1185 -S "found encrypt then mac extension" \ 1186 -S "server hello, adding encrypt then mac extension" \ 1187 -C "found encrypt_then_mac extension" \ 1188 -C "using encrypt then mac" \ 1189 -S "using encrypt then mac" 1190 1191requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 1192run_test "Encrypt then MAC: client SSLv3, server enabled" \ 1193 "$P_SRV debug_level=3 min_version=ssl3 \ 1194 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1195 "$P_CLI debug_level=3 force_version=ssl3" \ 1196 0 \ 1197 -C "client hello, adding encrypt_then_mac extension" \ 1198 -S "found encrypt then mac extension" \ 1199 -S "server hello, adding encrypt then mac extension" \ 1200 -C "found encrypt_then_mac extension" \ 1201 -C "using encrypt then mac" \ 1202 -S "using encrypt then mac" 1203 1204requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 1205run_test "Encrypt then MAC: client enabled, server SSLv3" \ 1206 "$P_SRV debug_level=3 force_version=ssl3 \ 1207 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1208 "$P_CLI debug_level=3 min_version=ssl3" \ 1209 0 \ 1210 -c "client hello, adding encrypt_then_mac extension" \ 1211 -S "found encrypt then mac extension" \ 1212 -S "server hello, adding encrypt then mac extension" \ 1213 -C "found encrypt_then_mac extension" \ 1214 -C "using encrypt then mac" \ 1215 -S "using encrypt then mac" 1216 1217# Tests for Extended Master Secret extension 1218 1219run_test "Extended Master Secret: default" \ 1220 "$P_SRV debug_level=3" \ 1221 "$P_CLI debug_level=3" \ 1222 0 \ 1223 -c "client hello, adding extended_master_secret extension" \ 1224 -s "found extended master secret extension" \ 1225 -s "server hello, adding extended master secret extension" \ 1226 -c "found extended_master_secret extension" \ 1227 -c "using extended master secret" \ 1228 -s "using extended master secret" 1229 1230run_test "Extended Master Secret: client enabled, server disabled" \ 1231 "$P_SRV debug_level=3 extended_ms=0" \ 1232 "$P_CLI debug_level=3 extended_ms=1" \ 1233 0 \ 1234 -c "client hello, adding extended_master_secret extension" \ 1235 -s "found extended master secret extension" \ 1236 -S "server hello, adding extended master secret extension" \ 1237 -C "found extended_master_secret extension" \ 1238 -C "using extended master secret" \ 1239 -S "using extended master secret" 1240 1241run_test "Extended Master Secret: client disabled, server enabled" \ 1242 "$P_SRV debug_level=3 extended_ms=1" \ 1243 "$P_CLI debug_level=3 extended_ms=0" \ 1244 0 \ 1245 -C "client hello, adding extended_master_secret extension" \ 1246 -S "found extended master secret extension" \ 1247 -S "server hello, adding extended master secret extension" \ 1248 -C "found extended_master_secret extension" \ 1249 -C "using extended master secret" \ 1250 -S "using extended master secret" 1251 1252requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 1253run_test "Extended Master Secret: client SSLv3, server enabled" \ 1254 "$P_SRV debug_level=3 min_version=ssl3" \ 1255 "$P_CLI debug_level=3 force_version=ssl3" \ 1256 0 \ 1257 -C "client hello, adding extended_master_secret extension" \ 1258 -S "found extended master secret extension" \ 1259 -S "server hello, adding extended master secret extension" \ 1260 -C "found extended_master_secret extension" \ 1261 -C "using extended master secret" \ 1262 -S "using extended master secret" 1263 1264requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 1265run_test "Extended Master Secret: client enabled, server SSLv3" \ 1266 "$P_SRV debug_level=3 force_version=ssl3" \ 1267 "$P_CLI debug_level=3 min_version=ssl3" \ 1268 0 \ 1269 -c "client hello, adding extended_master_secret extension" \ 1270 -S "found extended master secret extension" \ 1271 -S "server hello, adding extended master secret extension" \ 1272 -C "found extended_master_secret extension" \ 1273 -C "using extended master secret" \ 1274 -S "using extended master secret" 1275 1276# Tests for FALLBACK_SCSV 1277 1278run_test "Fallback SCSV: default" \ 1279 "$P_SRV debug_level=2" \ 1280 "$P_CLI debug_level=3 force_version=tls1_1" \ 1281 0 \ 1282 -C "adding FALLBACK_SCSV" \ 1283 -S "received FALLBACK_SCSV" \ 1284 -S "inapropriate fallback" \ 1285 -C "is a fatal alert message (msg 86)" 1286 1287run_test "Fallback SCSV: explicitly disabled" \ 1288 "$P_SRV debug_level=2" \ 1289 "$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \ 1290 0 \ 1291 -C "adding FALLBACK_SCSV" \ 1292 -S "received FALLBACK_SCSV" \ 1293 -S "inapropriate fallback" \ 1294 -C "is a fatal alert message (msg 86)" 1295 1296run_test "Fallback SCSV: enabled" \ 1297 "$P_SRV debug_level=2" \ 1298 "$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \ 1299 1 \ 1300 -c "adding FALLBACK_SCSV" \ 1301 -s "received FALLBACK_SCSV" \ 1302 -s "inapropriate fallback" \ 1303 -c "is a fatal alert message (msg 86)" 1304 1305run_test "Fallback SCSV: enabled, max version" \ 1306 "$P_SRV debug_level=2" \ 1307 "$P_CLI debug_level=3 fallback=1" \ 1308 0 \ 1309 -c "adding FALLBACK_SCSV" \ 1310 -s "received FALLBACK_SCSV" \ 1311 -S "inapropriate fallback" \ 1312 -C "is a fatal alert message (msg 86)" 1313 1314requires_openssl_with_fallback_scsv 1315run_test "Fallback SCSV: default, openssl server" \ 1316 "$O_SRV" \ 1317 "$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \ 1318 0 \ 1319 -C "adding FALLBACK_SCSV" \ 1320 -C "is a fatal alert message (msg 86)" 1321 1322requires_openssl_with_fallback_scsv 1323run_test "Fallback SCSV: enabled, openssl server" \ 1324 "$O_SRV" \ 1325 "$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \ 1326 1 \ 1327 -c "adding FALLBACK_SCSV" \ 1328 -c "is a fatal alert message (msg 86)" 1329 1330requires_openssl_with_fallback_scsv 1331run_test "Fallback SCSV: disabled, openssl client" \ 1332 "$P_SRV debug_level=2" \ 1333 "$O_CLI -tls1_1" \ 1334 0 \ 1335 -S "received FALLBACK_SCSV" \ 1336 -S "inapropriate fallback" 1337 1338requires_openssl_with_fallback_scsv 1339run_test "Fallback SCSV: enabled, openssl client" \ 1340 "$P_SRV debug_level=2" \ 1341 "$O_CLI -tls1_1 -fallback_scsv" \ 1342 1 \ 1343 -s "received FALLBACK_SCSV" \ 1344 -s "inapropriate fallback" 1345 1346requires_openssl_with_fallback_scsv 1347run_test "Fallback SCSV: enabled, max version, openssl client" \ 1348 "$P_SRV debug_level=2" \ 1349 "$O_CLI -fallback_scsv" \ 1350 0 \ 1351 -s "received FALLBACK_SCSV" \ 1352 -S "inapropriate fallback" 1353 1354# Test sending and receiving empty application data records 1355 1356run_test "Encrypt then MAC: empty application data record" \ 1357 "$P_SRV auth_mode=none debug_level=4 etm=1" \ 1358 "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 1359 0 \ 1360 -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \ 1361 -s "dumping 'input payload after decrypt' (0 bytes)" \ 1362 -c "0 bytes written in 1 fragments" 1363 1364run_test "Default, no Encrypt then MAC: empty application data record" \ 1365 "$P_SRV auth_mode=none debug_level=4 etm=0" \ 1366 "$P_CLI auth_mode=none etm=0 request_size=0" \ 1367 0 \ 1368 -s "dumping 'input payload after decrypt' (0 bytes)" \ 1369 -c "0 bytes written in 1 fragments" 1370 1371run_test "Encrypt then MAC, DTLS: empty application data record" \ 1372 "$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \ 1373 "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \ 1374 0 \ 1375 -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \ 1376 -s "dumping 'input payload after decrypt' (0 bytes)" \ 1377 -c "0 bytes written in 1 fragments" 1378 1379run_test "Default, no Encrypt then MAC, DTLS: empty application data record" \ 1380 "$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \ 1381 "$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \ 1382 0 \ 1383 -s "dumping 'input payload after decrypt' (0 bytes)" \ 1384 -c "0 bytes written in 1 fragments" 1385 1386## ClientHello generated with 1387## "openssl s_client -CAfile tests/data_files/test-ca.crt -tls1_1 -connect localhost:4433 -cipher ..." 1388## then manually twiddling the ciphersuite list. 1389## The ClientHello content is spelled out below as a hex string as 1390## "prefix ciphersuite1 ciphersuite2 ciphersuite3 ciphersuite4 suffix". 1391## The expected response is an inappropriate_fallback alert. 1392requires_openssl_with_fallback_scsv 1393run_test "Fallback SCSV: beginning of list" \ 1394 "$P_SRV debug_level=2" \ 1395 "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 5600 0031 0032 0033 0100000900230000000f000101' '15030200020256'" \ 1396 0 \ 1397 -s "received FALLBACK_SCSV" \ 1398 -s "inapropriate fallback" 1399 1400requires_openssl_with_fallback_scsv 1401run_test "Fallback SCSV: end of list" \ 1402 "$P_SRV debug_level=2" \ 1403 "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0031 0032 0033 5600 0100000900230000000f000101' '15030200020256'" \ 1404 0 \ 1405 -s "received FALLBACK_SCSV" \ 1406 -s "inapropriate fallback" 1407 1408## Here the expected response is a valid ServerHello prefix, up to the random. 1409requires_openssl_with_fallback_scsv 1410run_test "Fallback SCSV: not in list" \ 1411 "$P_SRV debug_level=2" \ 1412 "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0056 0031 0032 0033 0100000900230000000f000101' '16030200300200002c0302'" \ 1413 0 \ 1414 -S "received FALLBACK_SCSV" \ 1415 -S "inapropriate fallback" 1416 1417# Tests for CBC 1/n-1 record splitting 1418 1419run_test "CBC Record splitting: TLS 1.2, no splitting" \ 1420 "$P_SRV" \ 1421 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 1422 request_size=123 force_version=tls1_2" \ 1423 0 \ 1424 -s "Read from client: 123 bytes read" \ 1425 -S "Read from client: 1 bytes read" \ 1426 -S "122 bytes read" 1427 1428run_test "CBC Record splitting: TLS 1.1, no splitting" \ 1429 "$P_SRV" \ 1430 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 1431 request_size=123 force_version=tls1_1" \ 1432 0 \ 1433 -s "Read from client: 123 bytes read" \ 1434 -S "Read from client: 1 bytes read" \ 1435 -S "122 bytes read" 1436 1437run_test "CBC Record splitting: TLS 1.0, splitting" \ 1438 "$P_SRV" \ 1439 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 1440 request_size=123 force_version=tls1" \ 1441 0 \ 1442 -S "Read from client: 123 bytes read" \ 1443 -s "Read from client: 1 bytes read" \ 1444 -s "122 bytes read" 1445 1446requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 1447run_test "CBC Record splitting: SSLv3, splitting" \ 1448 "$P_SRV min_version=ssl3" \ 1449 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 1450 request_size=123 force_version=ssl3" \ 1451 0 \ 1452 -S "Read from client: 123 bytes read" \ 1453 -s "Read from client: 1 bytes read" \ 1454 -s "122 bytes read" 1455 1456run_test "CBC Record splitting: TLS 1.0 RC4, no splitting" \ 1457 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1458 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ 1459 request_size=123 force_version=tls1" \ 1460 0 \ 1461 -s "Read from client: 123 bytes read" \ 1462 -S "Read from client: 1 bytes read" \ 1463 -S "122 bytes read" 1464 1465run_test "CBC Record splitting: TLS 1.0, splitting disabled" \ 1466 "$P_SRV" \ 1467 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 1468 request_size=123 force_version=tls1 recsplit=0" \ 1469 0 \ 1470 -s "Read from client: 123 bytes read" \ 1471 -S "Read from client: 1 bytes read" \ 1472 -S "122 bytes read" 1473 1474run_test "CBC Record splitting: TLS 1.0, splitting, nbio" \ 1475 "$P_SRV nbio=2" \ 1476 "$P_CLI nbio=2 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 1477 request_size=123 force_version=tls1" \ 1478 0 \ 1479 -S "Read from client: 123 bytes read" \ 1480 -s "Read from client: 1 bytes read" \ 1481 -s "122 bytes read" 1482 1483# Tests for Session Tickets 1484 1485run_test "Session resume using tickets: basic" \ 1486 "$P_SRV debug_level=3 tickets=1" \ 1487 "$P_CLI debug_level=3 tickets=1 reconnect=1" \ 1488 0 \ 1489 -c "client hello, adding session ticket extension" \ 1490 -s "found session ticket extension" \ 1491 -s "server hello, adding session ticket extension" \ 1492 -c "found session_ticket extension" \ 1493 -c "parse new session ticket" \ 1494 -S "session successfully restored from cache" \ 1495 -s "session successfully restored from ticket" \ 1496 -s "a session has been resumed" \ 1497 -c "a session has been resumed" 1498 1499run_test "Session resume using tickets: cache disabled" \ 1500 "$P_SRV debug_level=3 tickets=1 cache_max=0" \ 1501 "$P_CLI debug_level=3 tickets=1 reconnect=1" \ 1502 0 \ 1503 -c "client hello, adding session ticket extension" \ 1504 -s "found session ticket extension" \ 1505 -s "server hello, adding session ticket extension" \ 1506 -c "found session_ticket extension" \ 1507 -c "parse new session ticket" \ 1508 -S "session successfully restored from cache" \ 1509 -s "session successfully restored from ticket" \ 1510 -s "a session has been resumed" \ 1511 -c "a session has been resumed" 1512 1513run_test "Session resume using tickets: timeout" \ 1514 "$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \ 1515 "$P_CLI debug_level=3 tickets=1 reconnect=1 reco_delay=2" \ 1516 0 \ 1517 -c "client hello, adding session ticket extension" \ 1518 -s "found session ticket extension" \ 1519 -s "server hello, adding session ticket extension" \ 1520 -c "found session_ticket extension" \ 1521 -c "parse new session ticket" \ 1522 -S "session successfully restored from cache" \ 1523 -S "session successfully restored from ticket" \ 1524 -S "a session has been resumed" \ 1525 -C "a session has been resumed" 1526 1527run_test "Session resume using tickets: openssl server" \ 1528 "$O_SRV" \ 1529 "$P_CLI debug_level=3 tickets=1 reconnect=1" \ 1530 0 \ 1531 -c "client hello, adding session ticket extension" \ 1532 -c "found session_ticket extension" \ 1533 -c "parse new session ticket" \ 1534 -c "a session has been resumed" 1535 1536run_test "Session resume using tickets: openssl client" \ 1537 "$P_SRV debug_level=3 tickets=1" \ 1538 "( $O_CLI -sess_out $SESSION; \ 1539 $O_CLI -sess_in $SESSION; \ 1540 rm -f $SESSION )" \ 1541 0 \ 1542 -s "found session ticket extension" \ 1543 -s "server hello, adding session ticket extension" \ 1544 -S "session successfully restored from cache" \ 1545 -s "session successfully restored from ticket" \ 1546 -s "a session has been resumed" 1547 1548# Tests for Session Tickets with DTLS 1549 1550run_test "Session resume using tickets, DTLS: basic" \ 1551 "$P_SRV debug_level=3 dtls=1 tickets=1" \ 1552 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1" \ 1553 0 \ 1554 -c "client hello, adding session ticket extension" \ 1555 -s "found session ticket extension" \ 1556 -s "server hello, adding session ticket extension" \ 1557 -c "found session_ticket extension" \ 1558 -c "parse new session ticket" \ 1559 -S "session successfully restored from cache" \ 1560 -s "session successfully restored from ticket" \ 1561 -s "a session has been resumed" \ 1562 -c "a session has been resumed" 1563 1564run_test "Session resume using tickets, DTLS: cache disabled" \ 1565 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ 1566 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1" \ 1567 0 \ 1568 -c "client hello, adding session ticket extension" \ 1569 -s "found session ticket extension" \ 1570 -s "server hello, adding session ticket extension" \ 1571 -c "found session_ticket extension" \ 1572 -c "parse new session ticket" \ 1573 -S "session successfully restored from cache" \ 1574 -s "session successfully restored from ticket" \ 1575 -s "a session has been resumed" \ 1576 -c "a session has been resumed" 1577 1578run_test "Session resume using tickets, DTLS: timeout" \ 1579 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \ 1580 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 reco_delay=2" \ 1581 0 \ 1582 -c "client hello, adding session ticket extension" \ 1583 -s "found session ticket extension" \ 1584 -s "server hello, adding session ticket extension" \ 1585 -c "found session_ticket extension" \ 1586 -c "parse new session ticket" \ 1587 -S "session successfully restored from cache" \ 1588 -S "session successfully restored from ticket" \ 1589 -S "a session has been resumed" \ 1590 -C "a session has been resumed" 1591 1592run_test "Session resume using tickets, DTLS: openssl server" \ 1593 "$O_SRV -dtls1" \ 1594 "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \ 1595 0 \ 1596 -c "client hello, adding session ticket extension" \ 1597 -c "found session_ticket extension" \ 1598 -c "parse new session ticket" \ 1599 -c "a session has been resumed" 1600 1601run_test "Session resume using tickets, DTLS: openssl client" \ 1602 "$P_SRV dtls=1 debug_level=3 tickets=1" \ 1603 "( $O_CLI -dtls1 -sess_out $SESSION; \ 1604 $O_CLI -dtls1 -sess_in $SESSION; \ 1605 rm -f $SESSION )" \ 1606 0 \ 1607 -s "found session ticket extension" \ 1608 -s "server hello, adding session ticket extension" \ 1609 -S "session successfully restored from cache" \ 1610 -s "session successfully restored from ticket" \ 1611 -s "a session has been resumed" 1612 1613# Tests for Session Resume based on session-ID and cache 1614 1615run_test "Session resume using cache: tickets enabled on client" \ 1616 "$P_SRV debug_level=3 tickets=0" \ 1617 "$P_CLI debug_level=3 tickets=1 reconnect=1" \ 1618 0 \ 1619 -c "client hello, adding session ticket extension" \ 1620 -s "found session ticket extension" \ 1621 -S "server hello, adding session ticket extension" \ 1622 -C "found session_ticket extension" \ 1623 -C "parse new session ticket" \ 1624 -s "session successfully restored from cache" \ 1625 -S "session successfully restored from ticket" \ 1626 -s "a session has been resumed" \ 1627 -c "a session has been resumed" 1628 1629run_test "Session resume using cache: tickets enabled on server" \ 1630 "$P_SRV debug_level=3 tickets=1" \ 1631 "$P_CLI debug_level=3 tickets=0 reconnect=1" \ 1632 0 \ 1633 -C "client hello, adding session ticket extension" \ 1634 -S "found session ticket extension" \ 1635 -S "server hello, adding session ticket extension" \ 1636 -C "found session_ticket extension" \ 1637 -C "parse new session ticket" \ 1638 -s "session successfully restored from cache" \ 1639 -S "session successfully restored from ticket" \ 1640 -s "a session has been resumed" \ 1641 -c "a session has been resumed" 1642 1643run_test "Session resume using cache: cache_max=0" \ 1644 "$P_SRV debug_level=3 tickets=0 cache_max=0" \ 1645 "$P_CLI debug_level=3 tickets=0 reconnect=1" \ 1646 0 \ 1647 -S "session successfully restored from cache" \ 1648 -S "session successfully restored from ticket" \ 1649 -S "a session has been resumed" \ 1650 -C "a session has been resumed" 1651 1652run_test "Session resume using cache: cache_max=1" \ 1653 "$P_SRV debug_level=3 tickets=0 cache_max=1" \ 1654 "$P_CLI debug_level=3 tickets=0 reconnect=1" \ 1655 0 \ 1656 -s "session successfully restored from cache" \ 1657 -S "session successfully restored from ticket" \ 1658 -s "a session has been resumed" \ 1659 -c "a session has been resumed" 1660 1661run_test "Session resume using cache: timeout > delay" \ 1662 "$P_SRV debug_level=3 tickets=0" \ 1663 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=0" \ 1664 0 \ 1665 -s "session successfully restored from cache" \ 1666 -S "session successfully restored from ticket" \ 1667 -s "a session has been resumed" \ 1668 -c "a session has been resumed" 1669 1670run_test "Session resume using cache: timeout < delay" \ 1671 "$P_SRV debug_level=3 tickets=0 cache_timeout=1" \ 1672 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ 1673 0 \ 1674 -S "session successfully restored from cache" \ 1675 -S "session successfully restored from ticket" \ 1676 -S "a session has been resumed" \ 1677 -C "a session has been resumed" 1678 1679run_test "Session resume using cache: no timeout" \ 1680 "$P_SRV debug_level=3 tickets=0 cache_timeout=0" \ 1681 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ 1682 0 \ 1683 -s "session successfully restored from cache" \ 1684 -S "session successfully restored from ticket" \ 1685 -s "a session has been resumed" \ 1686 -c "a session has been resumed" 1687 1688run_test "Session resume using cache: openssl client" \ 1689 "$P_SRV debug_level=3 tickets=0" \ 1690 "( $O_CLI -sess_out $SESSION; \ 1691 $O_CLI -sess_in $SESSION; \ 1692 rm -f $SESSION )" \ 1693 0 \ 1694 -s "found session ticket extension" \ 1695 -S "server hello, adding session ticket extension" \ 1696 -s "session successfully restored from cache" \ 1697 -S "session successfully restored from ticket" \ 1698 -s "a session has been resumed" 1699 1700run_test "Session resume using cache: openssl server" \ 1701 "$O_SRV" \ 1702 "$P_CLI debug_level=3 tickets=0 reconnect=1" \ 1703 0 \ 1704 -C "found session_ticket extension" \ 1705 -C "parse new session ticket" \ 1706 -c "a session has been resumed" 1707 1708# Tests for Session Resume based on session-ID and cache, DTLS 1709 1710run_test "Session resume using cache, DTLS: tickets enabled on client" \ 1711 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 1712 "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \ 1713 0 \ 1714 -c "client hello, adding session ticket extension" \ 1715 -s "found session ticket extension" \ 1716 -S "server hello, adding session ticket extension" \ 1717 -C "found session_ticket extension" \ 1718 -C "parse new session ticket" \ 1719 -s "session successfully restored from cache" \ 1720 -S "session successfully restored from ticket" \ 1721 -s "a session has been resumed" \ 1722 -c "a session has been resumed" 1723 1724run_test "Session resume using cache, DTLS: tickets enabled on server" \ 1725 "$P_SRV dtls=1 debug_level=3 tickets=1" \ 1726 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ 1727 0 \ 1728 -C "client hello, adding session ticket extension" \ 1729 -S "found session ticket extension" \ 1730 -S "server hello, adding session ticket extension" \ 1731 -C "found session_ticket extension" \ 1732 -C "parse new session ticket" \ 1733 -s "session successfully restored from cache" \ 1734 -S "session successfully restored from ticket" \ 1735 -s "a session has been resumed" \ 1736 -c "a session has been resumed" 1737 1738run_test "Session resume using cache, DTLS: cache_max=0" \ 1739 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \ 1740 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ 1741 0 \ 1742 -S "session successfully restored from cache" \ 1743 -S "session successfully restored from ticket" \ 1744 -S "a session has been resumed" \ 1745 -C "a session has been resumed" 1746 1747run_test "Session resume using cache, DTLS: cache_max=1" \ 1748 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \ 1749 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ 1750 0 \ 1751 -s "session successfully restored from cache" \ 1752 -S "session successfully restored from ticket" \ 1753 -s "a session has been resumed" \ 1754 -c "a session has been resumed" 1755 1756run_test "Session resume using cache, DTLS: timeout > delay" \ 1757 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 1758 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=0" \ 1759 0 \ 1760 -s "session successfully restored from cache" \ 1761 -S "session successfully restored from ticket" \ 1762 -s "a session has been resumed" \ 1763 -c "a session has been resumed" 1764 1765run_test "Session resume using cache, DTLS: timeout < delay" \ 1766 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \ 1767 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ 1768 0 \ 1769 -S "session successfully restored from cache" \ 1770 -S "session successfully restored from ticket" \ 1771 -S "a session has been resumed" \ 1772 -C "a session has been resumed" 1773 1774run_test "Session resume using cache, DTLS: no timeout" \ 1775 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \ 1776 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ 1777 0 \ 1778 -s "session successfully restored from cache" \ 1779 -S "session successfully restored from ticket" \ 1780 -s "a session has been resumed" \ 1781 -c "a session has been resumed" 1782 1783run_test "Session resume using cache, DTLS: openssl client" \ 1784 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 1785 "( $O_CLI -dtls1 -sess_out $SESSION; \ 1786 $O_CLI -dtls1 -sess_in $SESSION; \ 1787 rm -f $SESSION )" \ 1788 0 \ 1789 -s "found session ticket extension" \ 1790 -S "server hello, adding session ticket extension" \ 1791 -s "session successfully restored from cache" \ 1792 -S "session successfully restored from ticket" \ 1793 -s "a session has been resumed" 1794 1795run_test "Session resume using cache, DTLS: openssl server" \ 1796 "$O_SRV -dtls1" \ 1797 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ 1798 0 \ 1799 -C "found session_ticket extension" \ 1800 -C "parse new session ticket" \ 1801 -c "a session has been resumed" 1802 1803# Tests for Max Fragment Length extension 1804 1805if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then 1806 printf "${CONFIG_H} defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n" 1807 exit 1 1808fi 1809 1810if [ $MAX_CONTENT_LEN -ne 16384 ]; then 1811 printf "Using non-default maximum content length $MAX_CONTENT_LEN\n" 1812fi 1813 1814requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1815run_test "Max fragment length: enabled, default" \ 1816 "$P_SRV debug_level=3" \ 1817 "$P_CLI debug_level=3" \ 1818 0 \ 1819 -c "Maximum fragment length is $MAX_CONTENT_LEN" \ 1820 -s "Maximum fragment length is $MAX_CONTENT_LEN" \ 1821 -C "client hello, adding max_fragment_length extension" \ 1822 -S "found max fragment length extension" \ 1823 -S "server hello, max_fragment_length extension" \ 1824 -C "found max_fragment_length extension" 1825 1826requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1827run_test "Max fragment length: enabled, default, larger message" \ 1828 "$P_SRV debug_level=3" \ 1829 "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 1830 0 \ 1831 -c "Maximum fragment length is $MAX_CONTENT_LEN" \ 1832 -s "Maximum fragment length is $MAX_CONTENT_LEN" \ 1833 -C "client hello, adding max_fragment_length extension" \ 1834 -S "found max fragment length extension" \ 1835 -S "server hello, max_fragment_length extension" \ 1836 -C "found max_fragment_length extension" \ 1837 -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \ 1838 -s "$MAX_CONTENT_LEN bytes read" \ 1839 -s "1 bytes read" 1840 1841requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1842run_test "Max fragment length, DTLS: enabled, default, larger message" \ 1843 "$P_SRV debug_level=3 dtls=1" \ 1844 "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 1845 1 \ 1846 -c "Maximum fragment length is $MAX_CONTENT_LEN" \ 1847 -s "Maximum fragment length is $MAX_CONTENT_LEN" \ 1848 -C "client hello, adding max_fragment_length extension" \ 1849 -S "found max fragment length extension" \ 1850 -S "server hello, max_fragment_length extension" \ 1851 -C "found max_fragment_length extension" \ 1852 -c "fragment larger than.*maximum " 1853 1854# Run some tests with MBEDTLS_SSL_MAX_FRAGMENT_LENGTH disabled 1855# (session fragment length will be 16384 regardless of mbedtls 1856# content length configuration.) 1857 1858requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1859run_test "Max fragment length: disabled, larger message" \ 1860 "$P_SRV debug_level=3" \ 1861 "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 1862 0 \ 1863 -C "Maximum fragment length is 16384" \ 1864 -S "Maximum fragment length is 16384" \ 1865 -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \ 1866 -s "$MAX_CONTENT_LEN bytes read" \ 1867 -s "1 bytes read" 1868 1869requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1870run_test "Max fragment length DTLS: disabled, larger message" \ 1871 "$P_SRV debug_level=3 dtls=1" \ 1872 "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 1873 1 \ 1874 -C "Maximum fragment length is 16384" \ 1875 -S "Maximum fragment length is 16384" \ 1876 -c "fragment larger than.*maximum " 1877 1878requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1879run_test "Max fragment length: used by client" \ 1880 "$P_SRV debug_level=3" \ 1881 "$P_CLI debug_level=3 max_frag_len=4096" \ 1882 0 \ 1883 -c "Maximum fragment length is 4096" \ 1884 -s "Maximum fragment length is 4096" \ 1885 -c "client hello, adding max_fragment_length extension" \ 1886 -s "found max fragment length extension" \ 1887 -s "server hello, max_fragment_length extension" \ 1888 -c "found max_fragment_length extension" 1889 1890requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1891run_test "Max fragment length: used by server" \ 1892 "$P_SRV debug_level=3 max_frag_len=4096" \ 1893 "$P_CLI debug_level=3" \ 1894 0 \ 1895 -c "Maximum fragment length is $MAX_CONTENT_LEN" \ 1896 -s "Maximum fragment length is 4096" \ 1897 -C "client hello, adding max_fragment_length extension" \ 1898 -S "found max fragment length extension" \ 1899 -S "server hello, max_fragment_length extension" \ 1900 -C "found max_fragment_length extension" 1901 1902requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1903requires_gnutls 1904run_test "Max fragment length: gnutls server" \ 1905 "$G_SRV" \ 1906 "$P_CLI debug_level=3 max_frag_len=4096" \ 1907 0 \ 1908 -c "Maximum fragment length is 4096" \ 1909 -c "client hello, adding max_fragment_length extension" \ 1910 -c "found max_fragment_length extension" 1911 1912requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1913run_test "Max fragment length: client, message just fits" \ 1914 "$P_SRV debug_level=3" \ 1915 "$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \ 1916 0 \ 1917 -c "Maximum fragment length is 2048" \ 1918 -s "Maximum fragment length is 2048" \ 1919 -c "client hello, adding max_fragment_length extension" \ 1920 -s "found max fragment length extension" \ 1921 -s "server hello, max_fragment_length extension" \ 1922 -c "found max_fragment_length extension" \ 1923 -c "2048 bytes written in 1 fragments" \ 1924 -s "2048 bytes read" 1925 1926requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1927run_test "Max fragment length: client, larger message" \ 1928 "$P_SRV debug_level=3" \ 1929 "$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \ 1930 0 \ 1931 -c "Maximum fragment length is 2048" \ 1932 -s "Maximum fragment length is 2048" \ 1933 -c "client hello, adding max_fragment_length extension" \ 1934 -s "found max fragment length extension" \ 1935 -s "server hello, max_fragment_length extension" \ 1936 -c "found max_fragment_length extension" \ 1937 -c "2345 bytes written in 2 fragments" \ 1938 -s "2048 bytes read" \ 1939 -s "297 bytes read" 1940 1941requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1942run_test "Max fragment length: DTLS client, larger message" \ 1943 "$P_SRV debug_level=3 dtls=1" \ 1944 "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \ 1945 1 \ 1946 -c "Maximum fragment length is 2048" \ 1947 -s "Maximum fragment length is 2048" \ 1948 -c "client hello, adding max_fragment_length extension" \ 1949 -s "found max fragment length extension" \ 1950 -s "server hello, max_fragment_length extension" \ 1951 -c "found max_fragment_length extension" \ 1952 -c "fragment larger than.*maximum" 1953 1954# Tests for renegotiation 1955 1956# Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION 1957run_test "Renegotiation: none, for reference" \ 1958 "$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \ 1959 "$P_CLI debug_level=3 exchanges=2" \ 1960 0 \ 1961 -C "client hello, adding renegotiation extension" \ 1962 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 1963 -S "found renegotiation extension" \ 1964 -s "server hello, secure renegotiation extension" \ 1965 -c "found renegotiation extension" \ 1966 -C "=> renegotiate" \ 1967 -S "=> renegotiate" \ 1968 -S "write hello request" 1969 1970requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 1971run_test "Renegotiation: client-initiated" \ 1972 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ 1973 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 1974 0 \ 1975 -c "client hello, adding renegotiation extension" \ 1976 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 1977 -s "found renegotiation extension" \ 1978 -s "server hello, secure renegotiation extension" \ 1979 -c "found renegotiation extension" \ 1980 -c "=> renegotiate" \ 1981 -s "=> renegotiate" \ 1982 -S "write hello request" 1983 1984requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 1985run_test "Renegotiation: server-initiated" \ 1986 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ 1987 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 1988 0 \ 1989 -c "client hello, adding renegotiation extension" \ 1990 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 1991 -s "found renegotiation extension" \ 1992 -s "server hello, secure renegotiation extension" \ 1993 -c "found renegotiation extension" \ 1994 -c "=> renegotiate" \ 1995 -s "=> renegotiate" \ 1996 -s "write hello request" 1997 1998# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that 1999# the server did not parse the Signature Algorithm extension. This test is valid only if an MD 2000# algorithm stronger than SHA-1 is enabled in config.h 2001requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2002run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \ 2003 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ 2004 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 2005 0 \ 2006 -c "client hello, adding renegotiation extension" \ 2007 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2008 -s "found renegotiation extension" \ 2009 -s "server hello, secure renegotiation extension" \ 2010 -c "found renegotiation extension" \ 2011 -c "=> renegotiate" \ 2012 -s "=> renegotiate" \ 2013 -S "write hello request" \ 2014 -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? 2015 2016# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that 2017# the server did not parse the Signature Algorithm extension. This test is valid only if an MD 2018# algorithm stronger than SHA-1 is enabled in config.h 2019requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2020run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \ 2021 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ 2022 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 2023 0 \ 2024 -c "client hello, adding renegotiation extension" \ 2025 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2026 -s "found renegotiation extension" \ 2027 -s "server hello, secure renegotiation extension" \ 2028 -c "found renegotiation extension" \ 2029 -c "=> renegotiate" \ 2030 -s "=> renegotiate" \ 2031 -s "write hello request" \ 2032 -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? 2033 2034requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2035run_test "Renegotiation: double" \ 2036 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ 2037 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 2038 0 \ 2039 -c "client hello, adding renegotiation extension" \ 2040 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2041 -s "found renegotiation extension" \ 2042 -s "server hello, secure renegotiation extension" \ 2043 -c "found renegotiation extension" \ 2044 -c "=> renegotiate" \ 2045 -s "=> renegotiate" \ 2046 -s "write hello request" 2047 2048requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2049run_test "Renegotiation: client-initiated, server-rejected" \ 2050 "$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \ 2051 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 2052 1 \ 2053 -c "client hello, adding renegotiation extension" \ 2054 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2055 -S "found renegotiation extension" \ 2056 -s "server hello, secure renegotiation extension" \ 2057 -c "found renegotiation extension" \ 2058 -c "=> renegotiate" \ 2059 -S "=> renegotiate" \ 2060 -S "write hello request" \ 2061 -c "SSL - Unexpected message at ServerHello in renegotiation" \ 2062 -c "failed" 2063 2064requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2065run_test "Renegotiation: server-initiated, client-rejected, default" \ 2066 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ 2067 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 2068 0 \ 2069 -C "client hello, adding renegotiation extension" \ 2070 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2071 -S "found renegotiation extension" \ 2072 -s "server hello, secure renegotiation extension" \ 2073 -c "found renegotiation extension" \ 2074 -C "=> renegotiate" \ 2075 -S "=> renegotiate" \ 2076 -s "write hello request" \ 2077 -S "SSL - An unexpected message was received from our peer" \ 2078 -S "failed" 2079 2080requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2081run_test "Renegotiation: server-initiated, client-rejected, not enforced" \ 2082 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 2083 renego_delay=-1 auth_mode=optional" \ 2084 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 2085 0 \ 2086 -C "client hello, adding renegotiation extension" \ 2087 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2088 -S "found renegotiation extension" \ 2089 -s "server hello, secure renegotiation extension" \ 2090 -c "found renegotiation extension" \ 2091 -C "=> renegotiate" \ 2092 -S "=> renegotiate" \ 2093 -s "write hello request" \ 2094 -S "SSL - An unexpected message was received from our peer" \ 2095 -S "failed" 2096 2097# delay 2 for 1 alert record + 1 application data record 2098requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2099run_test "Renegotiation: server-initiated, client-rejected, delay 2" \ 2100 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 2101 renego_delay=2 auth_mode=optional" \ 2102 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 2103 0 \ 2104 -C "client hello, adding renegotiation extension" \ 2105 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2106 -S "found renegotiation extension" \ 2107 -s "server hello, secure renegotiation extension" \ 2108 -c "found renegotiation extension" \ 2109 -C "=> renegotiate" \ 2110 -S "=> renegotiate" \ 2111 -s "write hello request" \ 2112 -S "SSL - An unexpected message was received from our peer" \ 2113 -S "failed" 2114 2115requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2116run_test "Renegotiation: server-initiated, client-rejected, delay 0" \ 2117 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 2118 renego_delay=0 auth_mode=optional" \ 2119 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 2120 0 \ 2121 -C "client hello, adding renegotiation extension" \ 2122 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2123 -S "found renegotiation extension" \ 2124 -s "server hello, secure renegotiation extension" \ 2125 -c "found renegotiation extension" \ 2126 -C "=> renegotiate" \ 2127 -S "=> renegotiate" \ 2128 -s "write hello request" \ 2129 -s "SSL - An unexpected message was received from our peer" 2130 2131requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2132run_test "Renegotiation: server-initiated, client-accepted, delay 0" \ 2133 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 2134 renego_delay=0 auth_mode=optional" \ 2135 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 2136 0 \ 2137 -c "client hello, adding renegotiation extension" \ 2138 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2139 -s "found renegotiation extension" \ 2140 -s "server hello, secure renegotiation extension" \ 2141 -c "found renegotiation extension" \ 2142 -c "=> renegotiate" \ 2143 -s "=> renegotiate" \ 2144 -s "write hello request" \ 2145 -S "SSL - An unexpected message was received from our peer" \ 2146 -S "failed" 2147 2148requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2149run_test "Renegotiation: periodic, just below period" \ 2150 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ 2151 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 2152 0 \ 2153 -C "client hello, adding renegotiation extension" \ 2154 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2155 -S "found renegotiation extension" \ 2156 -s "server hello, secure renegotiation extension" \ 2157 -c "found renegotiation extension" \ 2158 -S "record counter limit reached: renegotiate" \ 2159 -C "=> renegotiate" \ 2160 -S "=> renegotiate" \ 2161 -S "write hello request" \ 2162 -S "SSL - An unexpected message was received from our peer" \ 2163 -S "failed" 2164 2165# one extra exchange to be able to complete renego 2166requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2167run_test "Renegotiation: periodic, just above period" \ 2168 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ 2169 "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ 2170 0 \ 2171 -c "client hello, adding renegotiation extension" \ 2172 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2173 -s "found renegotiation extension" \ 2174 -s "server hello, secure renegotiation extension" \ 2175 -c "found renegotiation extension" \ 2176 -s "record counter limit reached: renegotiate" \ 2177 -c "=> renegotiate" \ 2178 -s "=> renegotiate" \ 2179 -s "write hello request" \ 2180 -S "SSL - An unexpected message was received from our peer" \ 2181 -S "failed" 2182 2183requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2184run_test "Renegotiation: periodic, two times period" \ 2185 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ 2186 "$P_CLI debug_level=3 exchanges=7 renegotiation=1" \ 2187 0 \ 2188 -c "client hello, adding renegotiation extension" \ 2189 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2190 -s "found renegotiation extension" \ 2191 -s "server hello, secure renegotiation extension" \ 2192 -c "found renegotiation extension" \ 2193 -s "record counter limit reached: renegotiate" \ 2194 -c "=> renegotiate" \ 2195 -s "=> renegotiate" \ 2196 -s "write hello request" \ 2197 -S "SSL - An unexpected message was received from our peer" \ 2198 -S "failed" 2199 2200requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2201run_test "Renegotiation: periodic, above period, disabled" \ 2202 "$P_SRV debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \ 2203 "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ 2204 0 \ 2205 -C "client hello, adding renegotiation extension" \ 2206 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2207 -S "found renegotiation extension" \ 2208 -s "server hello, secure renegotiation extension" \ 2209 -c "found renegotiation extension" \ 2210 -S "record counter limit reached: renegotiate" \ 2211 -C "=> renegotiate" \ 2212 -S "=> renegotiate" \ 2213 -S "write hello request" \ 2214 -S "SSL - An unexpected message was received from our peer" \ 2215 -S "failed" 2216 2217requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2218run_test "Renegotiation: nbio, client-initiated" \ 2219 "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \ 2220 "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \ 2221 0 \ 2222 -c "client hello, adding renegotiation extension" \ 2223 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2224 -s "found renegotiation extension" \ 2225 -s "server hello, secure renegotiation extension" \ 2226 -c "found renegotiation extension" \ 2227 -c "=> renegotiate" \ 2228 -s "=> renegotiate" \ 2229 -S "write hello request" 2230 2231requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2232run_test "Renegotiation: nbio, server-initiated" \ 2233 "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ 2234 "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \ 2235 0 \ 2236 -c "client hello, adding renegotiation extension" \ 2237 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2238 -s "found renegotiation extension" \ 2239 -s "server hello, secure renegotiation extension" \ 2240 -c "found renegotiation extension" \ 2241 -c "=> renegotiate" \ 2242 -s "=> renegotiate" \ 2243 -s "write hello request" 2244 2245requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2246run_test "Renegotiation: openssl server, client-initiated" \ 2247 "$O_SRV -www" \ 2248 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 2249 0 \ 2250 -c "client hello, adding renegotiation extension" \ 2251 -c "found renegotiation extension" \ 2252 -c "=> renegotiate" \ 2253 -C "ssl_hanshake() returned" \ 2254 -C "error" \ 2255 -c "HTTP/1.0 200 [Oo][Kk]" 2256 2257requires_gnutls 2258requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2259run_test "Renegotiation: gnutls server strict, client-initiated" \ 2260 "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \ 2261 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 2262 0 \ 2263 -c "client hello, adding renegotiation extension" \ 2264 -c "found renegotiation extension" \ 2265 -c "=> renegotiate" \ 2266 -C "ssl_hanshake() returned" \ 2267 -C "error" \ 2268 -c "HTTP/1.0 200 [Oo][Kk]" 2269 2270requires_gnutls 2271requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2272run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ 2273 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ 2274 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 2275 1 \ 2276 -c "client hello, adding renegotiation extension" \ 2277 -C "found renegotiation extension" \ 2278 -c "=> renegotiate" \ 2279 -c "mbedtls_ssl_handshake() returned" \ 2280 -c "error" \ 2281 -C "HTTP/1.0 200 [Oo][Kk]" 2282 2283requires_gnutls 2284requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2285run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ 2286 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ 2287 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ 2288 allow_legacy=0" \ 2289 1 \ 2290 -c "client hello, adding renegotiation extension" \ 2291 -C "found renegotiation extension" \ 2292 -c "=> renegotiate" \ 2293 -c "mbedtls_ssl_handshake() returned" \ 2294 -c "error" \ 2295 -C "HTTP/1.0 200 [Oo][Kk]" 2296 2297requires_gnutls 2298requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2299run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \ 2300 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ 2301 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ 2302 allow_legacy=1" \ 2303 0 \ 2304 -c "client hello, adding renegotiation extension" \ 2305 -C "found renegotiation extension" \ 2306 -c "=> renegotiate" \ 2307 -C "ssl_hanshake() returned" \ 2308 -C "error" \ 2309 -c "HTTP/1.0 200 [Oo][Kk]" 2310 2311requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2312run_test "Renegotiation: DTLS, client-initiated" \ 2313 "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \ 2314 "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ 2315 0 \ 2316 -c "client hello, adding renegotiation extension" \ 2317 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2318 -s "found renegotiation extension" \ 2319 -s "server hello, secure renegotiation extension" \ 2320 -c "found renegotiation extension" \ 2321 -c "=> renegotiate" \ 2322 -s "=> renegotiate" \ 2323 -S "write hello request" 2324 2325requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2326run_test "Renegotiation: DTLS, server-initiated" \ 2327 "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ 2328 "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \ 2329 read_timeout=1000 max_resend=2" \ 2330 0 \ 2331 -c "client hello, adding renegotiation extension" \ 2332 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2333 -s "found renegotiation extension" \ 2334 -s "server hello, secure renegotiation extension" \ 2335 -c "found renegotiation extension" \ 2336 -c "=> renegotiate" \ 2337 -s "=> renegotiate" \ 2338 -s "write hello request" 2339 2340requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2341run_test "Renegotiation: DTLS, renego_period overflow" \ 2342 "$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \ 2343 "$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \ 2344 0 \ 2345 -c "client hello, adding renegotiation extension" \ 2346 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2347 -s "found renegotiation extension" \ 2348 -s "server hello, secure renegotiation extension" \ 2349 -s "record counter limit reached: renegotiate" \ 2350 -c "=> renegotiate" \ 2351 -s "=> renegotiate" \ 2352 -s "write hello request" 2353 2354requires_gnutls 2355requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2356run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ 2357 "$G_SRV -u --mtu 4096" \ 2358 "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \ 2359 0 \ 2360 -c "client hello, adding renegotiation extension" \ 2361 -c "found renegotiation extension" \ 2362 -c "=> renegotiate" \ 2363 -C "mbedtls_ssl_handshake returned" \ 2364 -C "error" \ 2365 -s "Extra-header:" 2366 2367# Test for the "secure renegotation" extension only (no actual renegotiation) 2368 2369requires_gnutls 2370run_test "Renego ext: gnutls server strict, client default" \ 2371 "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \ 2372 "$P_CLI debug_level=3" \ 2373 0 \ 2374 -c "found renegotiation extension" \ 2375 -C "error" \ 2376 -c "HTTP/1.0 200 [Oo][Kk]" 2377 2378requires_gnutls 2379run_test "Renego ext: gnutls server unsafe, client default" \ 2380 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ 2381 "$P_CLI debug_level=3" \ 2382 0 \ 2383 -C "found renegotiation extension" \ 2384 -C "error" \ 2385 -c "HTTP/1.0 200 [Oo][Kk]" 2386 2387requires_gnutls 2388run_test "Renego ext: gnutls server unsafe, client break legacy" \ 2389 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ 2390 "$P_CLI debug_level=3 allow_legacy=-1" \ 2391 1 \ 2392 -C "found renegotiation extension" \ 2393 -c "error" \ 2394 -C "HTTP/1.0 200 [Oo][Kk]" 2395 2396requires_gnutls 2397run_test "Renego ext: gnutls client strict, server default" \ 2398 "$P_SRV debug_level=3" \ 2399 "$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \ 2400 0 \ 2401 -s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ 2402 -s "server hello, secure renegotiation extension" 2403 2404requires_gnutls 2405run_test "Renego ext: gnutls client unsafe, server default" \ 2406 "$P_SRV debug_level=3" \ 2407 "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \ 2408 0 \ 2409 -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ 2410 -S "server hello, secure renegotiation extension" 2411 2412requires_gnutls 2413run_test "Renego ext: gnutls client unsafe, server break legacy" \ 2414 "$P_SRV debug_level=3 allow_legacy=-1" \ 2415 "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \ 2416 1 \ 2417 -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ 2418 -S "server hello, secure renegotiation extension" 2419 2420# Tests for silently dropping trailing extra bytes in .der certificates 2421 2422requires_gnutls 2423run_test "DER format: no trailing bytes" \ 2424 "$P_SRV crt_file=data_files/server5-der0.crt \ 2425 key_file=data_files/server5.key" \ 2426 "$G_CLI localhost" \ 2427 0 \ 2428 -c "Handshake was completed" \ 2429 2430requires_gnutls 2431run_test "DER format: with a trailing zero byte" \ 2432 "$P_SRV crt_file=data_files/server5-der1a.crt \ 2433 key_file=data_files/server5.key" \ 2434 "$G_CLI localhost" \ 2435 0 \ 2436 -c "Handshake was completed" \ 2437 2438requires_gnutls 2439run_test "DER format: with a trailing random byte" \ 2440 "$P_SRV crt_file=data_files/server5-der1b.crt \ 2441 key_file=data_files/server5.key" \ 2442 "$G_CLI localhost" \ 2443 0 \ 2444 -c "Handshake was completed" \ 2445 2446requires_gnutls 2447run_test "DER format: with 2 trailing random bytes" \ 2448 "$P_SRV crt_file=data_files/server5-der2.crt \ 2449 key_file=data_files/server5.key" \ 2450 "$G_CLI localhost" \ 2451 0 \ 2452 -c "Handshake was completed" \ 2453 2454requires_gnutls 2455run_test "DER format: with 4 trailing random bytes" \ 2456 "$P_SRV crt_file=data_files/server5-der4.crt \ 2457 key_file=data_files/server5.key" \ 2458 "$G_CLI localhost" \ 2459 0 \ 2460 -c "Handshake was completed" \ 2461 2462requires_gnutls 2463run_test "DER format: with 8 trailing random bytes" \ 2464 "$P_SRV crt_file=data_files/server5-der8.crt \ 2465 key_file=data_files/server5.key" \ 2466 "$G_CLI localhost" \ 2467 0 \ 2468 -c "Handshake was completed" \ 2469 2470requires_gnutls 2471run_test "DER format: with 9 trailing random bytes" \ 2472 "$P_SRV crt_file=data_files/server5-der9.crt \ 2473 key_file=data_files/server5.key" \ 2474 "$G_CLI localhost" \ 2475 0 \ 2476 -c "Handshake was completed" \ 2477 2478# Tests for auth_mode 2479 2480run_test "Authentication: server badcert, client required" \ 2481 "$P_SRV crt_file=data_files/server5-badsign.crt \ 2482 key_file=data_files/server5.key" \ 2483 "$P_CLI debug_level=1 auth_mode=required" \ 2484 1 \ 2485 -c "x509_verify_cert() returned" \ 2486 -c "! The certificate is not correctly signed by the trusted CA" \ 2487 -c "! mbedtls_ssl_handshake returned" \ 2488 -c "X509 - Certificate verification failed" 2489 2490run_test "Authentication: server badcert, client optional" \ 2491 "$P_SRV crt_file=data_files/server5-badsign.crt \ 2492 key_file=data_files/server5.key" \ 2493 "$P_CLI debug_level=1 auth_mode=optional" \ 2494 0 \ 2495 -c "x509_verify_cert() returned" \ 2496 -c "! The certificate is not correctly signed by the trusted CA" \ 2497 -C "! mbedtls_ssl_handshake returned" \ 2498 -C "X509 - Certificate verification failed" 2499 2500run_test "Authentication: server goodcert, client optional, no trusted CA" \ 2501 "$P_SRV" \ 2502 "$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \ 2503 0 \ 2504 -c "x509_verify_cert() returned" \ 2505 -c "! The certificate is not correctly signed by the trusted CA" \ 2506 -c "! Certificate verification flags"\ 2507 -C "! mbedtls_ssl_handshake returned" \ 2508 -C "X509 - Certificate verification failed" \ 2509 -C "SSL - No CA Chain is set, but required to operate" 2510 2511run_test "Authentication: server goodcert, client required, no trusted CA" \ 2512 "$P_SRV" \ 2513 "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \ 2514 1 \ 2515 -c "x509_verify_cert() returned" \ 2516 -c "! The certificate is not correctly signed by the trusted CA" \ 2517 -c "! Certificate verification flags"\ 2518 -c "! mbedtls_ssl_handshake returned" \ 2519 -c "SSL - No CA Chain is set, but required to operate" 2520 2521# The purpose of the next two tests is to test the client's behaviour when receiving a server 2522# certificate with an unsupported elliptic curve. This should usually not happen because 2523# the client informs the server about the supported curves - it does, though, in the 2524# corner case of a static ECDH suite, because the server doesn't check the curve on that 2525# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a 2526# different means to have the server ignoring the client's supported curve list. 2527 2528requires_config_enabled MBEDTLS_ECP_C 2529run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \ 2530 "$P_SRV debug_level=1 key_file=data_files/server5.key \ 2531 crt_file=data_files/server5.ku-ka.crt" \ 2532 "$P_CLI debug_level=3 auth_mode=required curves=secp521r1" \ 2533 1 \ 2534 -c "bad certificate (EC key curve)"\ 2535 -c "! Certificate verification flags"\ 2536 -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage 2537 2538requires_config_enabled MBEDTLS_ECP_C 2539run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \ 2540 "$P_SRV debug_level=1 key_file=data_files/server5.key \ 2541 crt_file=data_files/server5.ku-ka.crt" \ 2542 "$P_CLI debug_level=3 auth_mode=optional curves=secp521r1" \ 2543 1 \ 2544 -c "bad certificate (EC key curve)"\ 2545 -c "! Certificate verification flags"\ 2546 -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check 2547 2548run_test "Authentication: server badcert, client none" \ 2549 "$P_SRV crt_file=data_files/server5-badsign.crt \ 2550 key_file=data_files/server5.key" \ 2551 "$P_CLI debug_level=1 auth_mode=none" \ 2552 0 \ 2553 -C "x509_verify_cert() returned" \ 2554 -C "! The certificate is not correctly signed by the trusted CA" \ 2555 -C "! mbedtls_ssl_handshake returned" \ 2556 -C "X509 - Certificate verification failed" 2557 2558run_test "Authentication: client SHA256, server required" \ 2559 "$P_SRV auth_mode=required" \ 2560 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ 2561 key_file=data_files/server6.key \ 2562 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ 2563 0 \ 2564 -c "Supported Signature Algorithm found: 4," \ 2565 -c "Supported Signature Algorithm found: 5," 2566 2567run_test "Authentication: client SHA384, server required" \ 2568 "$P_SRV auth_mode=required" \ 2569 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ 2570 key_file=data_files/server6.key \ 2571 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 2572 0 \ 2573 -c "Supported Signature Algorithm found: 4," \ 2574 -c "Supported Signature Algorithm found: 5," 2575 2576requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 2577run_test "Authentication: client has no cert, server required (SSLv3)" \ 2578 "$P_SRV debug_level=3 min_version=ssl3 auth_mode=required" \ 2579 "$P_CLI debug_level=3 force_version=ssl3 crt_file=none \ 2580 key_file=data_files/server5.key" \ 2581 1 \ 2582 -S "skip write certificate request" \ 2583 -C "skip parse certificate request" \ 2584 -c "got a certificate request" \ 2585 -c "got no certificate to send" \ 2586 -S "x509_verify_cert() returned" \ 2587 -s "client has no certificate" \ 2588 -s "! mbedtls_ssl_handshake returned" \ 2589 -c "! mbedtls_ssl_handshake returned" \ 2590 -s "No client certification received from the client, but required by the authentication mode" 2591 2592run_test "Authentication: client has no cert, server required (TLS)" \ 2593 "$P_SRV debug_level=3 auth_mode=required" \ 2594 "$P_CLI debug_level=3 crt_file=none \ 2595 key_file=data_files/server5.key" \ 2596 1 \ 2597 -S "skip write certificate request" \ 2598 -C "skip parse certificate request" \ 2599 -c "got a certificate request" \ 2600 -c "= write certificate$" \ 2601 -C "skip write certificate$" \ 2602 -S "x509_verify_cert() returned" \ 2603 -s "client has no certificate" \ 2604 -s "! mbedtls_ssl_handshake returned" \ 2605 -c "! mbedtls_ssl_handshake returned" \ 2606 -s "No client certification received from the client, but required by the authentication mode" 2607 2608run_test "Authentication: client badcert, server required" \ 2609 "$P_SRV debug_level=3 auth_mode=required" \ 2610 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ 2611 key_file=data_files/server5.key" \ 2612 1 \ 2613 -S "skip write certificate request" \ 2614 -C "skip parse certificate request" \ 2615 -c "got a certificate request" \ 2616 -C "skip write certificate" \ 2617 -C "skip write certificate verify" \ 2618 -S "skip parse certificate verify" \ 2619 -s "x509_verify_cert() returned" \ 2620 -s "! The certificate is not correctly signed by the trusted CA" \ 2621 -s "! mbedtls_ssl_handshake returned" \ 2622 -s "send alert level=2 message=48" \ 2623 -c "! mbedtls_ssl_handshake returned" \ 2624 -s "X509 - Certificate verification failed" 2625# We don't check that the client receives the alert because it might 2626# detect that its write end of the connection is closed and abort 2627# before reading the alert message. 2628 2629run_test "Authentication: client cert not trusted, server required" \ 2630 "$P_SRV debug_level=3 auth_mode=required" \ 2631 "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ 2632 key_file=data_files/server5.key" \ 2633 1 \ 2634 -S "skip write certificate request" \ 2635 -C "skip parse certificate request" \ 2636 -c "got a certificate request" \ 2637 -C "skip write certificate" \ 2638 -C "skip write certificate verify" \ 2639 -S "skip parse certificate verify" \ 2640 -s "x509_verify_cert() returned" \ 2641 -s "! The certificate is not correctly signed by the trusted CA" \ 2642 -s "! mbedtls_ssl_handshake returned" \ 2643 -c "! mbedtls_ssl_handshake returned" \ 2644 -s "X509 - Certificate verification failed" 2645 2646run_test "Authentication: client badcert, server optional" \ 2647 "$P_SRV debug_level=3 auth_mode=optional" \ 2648 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ 2649 key_file=data_files/server5.key" \ 2650 0 \ 2651 -S "skip write certificate request" \ 2652 -C "skip parse certificate request" \ 2653 -c "got a certificate request" \ 2654 -C "skip write certificate" \ 2655 -C "skip write certificate verify" \ 2656 -S "skip parse certificate verify" \ 2657 -s "x509_verify_cert() returned" \ 2658 -s "! The certificate is not correctly signed by the trusted CA" \ 2659 -S "! mbedtls_ssl_handshake returned" \ 2660 -C "! mbedtls_ssl_handshake returned" \ 2661 -S "X509 - Certificate verification failed" 2662 2663run_test "Authentication: client badcert, server none" \ 2664 "$P_SRV debug_level=3 auth_mode=none" \ 2665 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ 2666 key_file=data_files/server5.key" \ 2667 0 \ 2668 -s "skip write certificate request" \ 2669 -C "skip parse certificate request" \ 2670 -c "got no certificate request" \ 2671 -c "skip write certificate" \ 2672 -c "skip write certificate verify" \ 2673 -s "skip parse certificate verify" \ 2674 -S "x509_verify_cert() returned" \ 2675 -S "! The certificate is not correctly signed by the trusted CA" \ 2676 -S "! mbedtls_ssl_handshake returned" \ 2677 -C "! mbedtls_ssl_handshake returned" \ 2678 -S "X509 - Certificate verification failed" 2679 2680run_test "Authentication: client no cert, server optional" \ 2681 "$P_SRV debug_level=3 auth_mode=optional" \ 2682 "$P_CLI debug_level=3 crt_file=none key_file=none" \ 2683 0 \ 2684 -S "skip write certificate request" \ 2685 -C "skip parse certificate request" \ 2686 -c "got a certificate request" \ 2687 -C "skip write certificate$" \ 2688 -C "got no certificate to send" \ 2689 -S "SSLv3 client has no certificate" \ 2690 -c "skip write certificate verify" \ 2691 -s "skip parse certificate verify" \ 2692 -s "! Certificate was missing" \ 2693 -S "! mbedtls_ssl_handshake returned" \ 2694 -C "! mbedtls_ssl_handshake returned" \ 2695 -S "X509 - Certificate verification failed" 2696 2697run_test "Authentication: openssl client no cert, server optional" \ 2698 "$P_SRV debug_level=3 auth_mode=optional" \ 2699 "$O_CLI" \ 2700 0 \ 2701 -S "skip write certificate request" \ 2702 -s "skip parse certificate verify" \ 2703 -s "! Certificate was missing" \ 2704 -S "! mbedtls_ssl_handshake returned" \ 2705 -S "X509 - Certificate verification failed" 2706 2707run_test "Authentication: client no cert, openssl server optional" \ 2708 "$O_SRV -verify 10" \ 2709 "$P_CLI debug_level=3 crt_file=none key_file=none" \ 2710 0 \ 2711 -C "skip parse certificate request" \ 2712 -c "got a certificate request" \ 2713 -C "skip write certificate$" \ 2714 -c "skip write certificate verify" \ 2715 -C "! mbedtls_ssl_handshake returned" 2716 2717run_test "Authentication: client no cert, openssl server required" \ 2718 "$O_SRV -Verify 10" \ 2719 "$P_CLI debug_level=3 crt_file=none key_file=none" \ 2720 1 \ 2721 -C "skip parse certificate request" \ 2722 -c "got a certificate request" \ 2723 -C "skip write certificate$" \ 2724 -c "skip write certificate verify" \ 2725 -c "! mbedtls_ssl_handshake returned" 2726 2727requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 2728run_test "Authentication: client no cert, ssl3" \ 2729 "$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \ 2730 "$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \ 2731 0 \ 2732 -S "skip write certificate request" \ 2733 -C "skip parse certificate request" \ 2734 -c "got a certificate request" \ 2735 -C "skip write certificate$" \ 2736 -c "skip write certificate verify" \ 2737 -c "got no certificate to send" \ 2738 -s "SSLv3 client has no certificate" \ 2739 -s "skip parse certificate verify" \ 2740 -s "! Certificate was missing" \ 2741 -S "! mbedtls_ssl_handshake returned" \ 2742 -C "! mbedtls_ssl_handshake returned" \ 2743 -S "X509 - Certificate verification failed" 2744 2745# The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its 2746# default value (8) 2747 2748MAX_IM_CA='8' 2749MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA) 2750 2751if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then 2752 printf "The ${CONFIG_H} file contains a value for the configuration of\n" 2753 printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script’s\n" 2754 printf "test value of ${MAX_IM_CA}. \n" 2755 printf "\n" 2756 printf "The tests assume this value and if it changes, the tests in this\n" 2757 printf "script should also be adjusted.\n" 2758 printf "\n" 2759 2760 exit 1 2761fi 2762 2763requires_full_size_output_buffer 2764run_test "Authentication: server max_int chain, client default" \ 2765 "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ 2766 key_file=data_files/dir-maxpath/09.key" \ 2767 "$P_CLI server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \ 2768 0 \ 2769 -C "X509 - A fatal error occured" 2770 2771requires_full_size_output_buffer 2772run_test "Authentication: server max_int+1 chain, client default" \ 2773 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ 2774 key_file=data_files/dir-maxpath/10.key" \ 2775 "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \ 2776 1 \ 2777 -c "X509 - A fatal error occured" 2778 2779requires_full_size_output_buffer 2780run_test "Authentication: server max_int+1 chain, client optional" \ 2781 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ 2782 key_file=data_files/dir-maxpath/10.key" \ 2783 "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ 2784 auth_mode=optional" \ 2785 1 \ 2786 -c "X509 - A fatal error occured" 2787 2788requires_full_size_output_buffer 2789run_test "Authentication: server max_int+1 chain, client none" \ 2790 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ 2791 key_file=data_files/dir-maxpath/10.key" \ 2792 "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ 2793 auth_mode=none" \ 2794 0 \ 2795 -C "X509 - A fatal error occured" 2796 2797requires_full_size_output_buffer 2798run_test "Authentication: client max_int+1 chain, server default" \ 2799 "$P_SRV ca_file=data_files/dir-maxpath/00.crt" \ 2800 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ 2801 key_file=data_files/dir-maxpath/10.key" \ 2802 0 \ 2803 -S "X509 - A fatal error occured" 2804 2805requires_full_size_output_buffer 2806run_test "Authentication: client max_int+1 chain, server optional" \ 2807 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \ 2808 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ 2809 key_file=data_files/dir-maxpath/10.key" \ 2810 1 \ 2811 -s "X509 - A fatal error occured" 2812 2813requires_full_size_output_buffer 2814run_test "Authentication: client max_int+1 chain, server required" \ 2815 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ 2816 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ 2817 key_file=data_files/dir-maxpath/10.key" \ 2818 1 \ 2819 -s "X509 - A fatal error occured" 2820 2821requires_full_size_output_buffer 2822run_test "Authentication: client max_int chain, server required" \ 2823 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ 2824 "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \ 2825 key_file=data_files/dir-maxpath/09.key" \ 2826 0 \ 2827 -S "X509 - A fatal error occured" 2828 2829# Tests for CA list in CertificateRequest messages 2830 2831run_test "Authentication: send CA list in CertificateRequest (default)" \ 2832 "$P_SRV debug_level=3 auth_mode=required" \ 2833 "$P_CLI crt_file=data_files/server6.crt \ 2834 key_file=data_files/server6.key" \ 2835 0 \ 2836 -s "requested DN" 2837 2838run_test "Authentication: do not send CA list in CertificateRequest" \ 2839 "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \ 2840 "$P_CLI crt_file=data_files/server6.crt \ 2841 key_file=data_files/server6.key" \ 2842 0 \ 2843 -S "requested DN" 2844 2845run_test "Authentication: send CA list in CertificateRequest, client self signed" \ 2846 "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \ 2847 "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ 2848 key_file=data_files/server5.key" \ 2849 1 \ 2850 -S "requested DN" \ 2851 -s "x509_verify_cert() returned" \ 2852 -s "! The certificate is not correctly signed by the trusted CA" \ 2853 -s "! mbedtls_ssl_handshake returned" \ 2854 -c "! mbedtls_ssl_handshake returned" \ 2855 -s "X509 - Certificate verification failed" 2856 2857# Tests for certificate selection based on SHA verson 2858 2859run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ 2860 "$P_SRV crt_file=data_files/server5.crt \ 2861 key_file=data_files/server5.key \ 2862 crt_file2=data_files/server5-sha1.crt \ 2863 key_file2=data_files/server5.key" \ 2864 "$P_CLI force_version=tls1_2" \ 2865 0 \ 2866 -c "signed using.*ECDSA with SHA256" \ 2867 -C "signed using.*ECDSA with SHA1" 2868 2869run_test "Certificate hash: client TLS 1.1 -> SHA-1" \ 2870 "$P_SRV crt_file=data_files/server5.crt \ 2871 key_file=data_files/server5.key \ 2872 crt_file2=data_files/server5-sha1.crt \ 2873 key_file2=data_files/server5.key" \ 2874 "$P_CLI force_version=tls1_1" \ 2875 0 \ 2876 -C "signed using.*ECDSA with SHA256" \ 2877 -c "signed using.*ECDSA with SHA1" 2878 2879run_test "Certificate hash: client TLS 1.0 -> SHA-1" \ 2880 "$P_SRV crt_file=data_files/server5.crt \ 2881 key_file=data_files/server5.key \ 2882 crt_file2=data_files/server5-sha1.crt \ 2883 key_file2=data_files/server5.key" \ 2884 "$P_CLI force_version=tls1" \ 2885 0 \ 2886 -C "signed using.*ECDSA with SHA256" \ 2887 -c "signed using.*ECDSA with SHA1" 2888 2889run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \ 2890 "$P_SRV crt_file=data_files/server5.crt \ 2891 key_file=data_files/server5.key \ 2892 crt_file2=data_files/server6.crt \ 2893 key_file2=data_files/server6.key" \ 2894 "$P_CLI force_version=tls1_1" \ 2895 0 \ 2896 -c "serial number.*09" \ 2897 -c "signed using.*ECDSA with SHA256" \ 2898 -C "signed using.*ECDSA with SHA1" 2899 2900run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \ 2901 "$P_SRV crt_file=data_files/server6.crt \ 2902 key_file=data_files/server6.key \ 2903 crt_file2=data_files/server5.crt \ 2904 key_file2=data_files/server5.key" \ 2905 "$P_CLI force_version=tls1_1" \ 2906 0 \ 2907 -c "serial number.*0A" \ 2908 -c "signed using.*ECDSA with SHA256" \ 2909 -C "signed using.*ECDSA with SHA1" 2910 2911# tests for SNI 2912 2913run_test "SNI: no SNI callback" \ 2914 "$P_SRV debug_level=3 \ 2915 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 2916 "$P_CLI server_name=localhost" \ 2917 0 \ 2918 -S "parse ServerName extension" \ 2919 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ 2920 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 2921 2922run_test "SNI: matching cert 1" \ 2923 "$P_SRV debug_level=3 \ 2924 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 2925 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 2926 "$P_CLI server_name=localhost" \ 2927 0 \ 2928 -s "parse ServerName extension" \ 2929 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 2930 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 2931 2932run_test "SNI: matching cert 2" \ 2933 "$P_SRV debug_level=3 \ 2934 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 2935 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 2936 "$P_CLI server_name=polarssl.example" \ 2937 0 \ 2938 -s "parse ServerName extension" \ 2939 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 2940 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" 2941 2942run_test "SNI: no matching cert" \ 2943 "$P_SRV debug_level=3 \ 2944 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 2945 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 2946 "$P_CLI server_name=nonesuch.example" \ 2947 1 \ 2948 -s "parse ServerName extension" \ 2949 -s "ssl_sni_wrapper() returned" \ 2950 -s "mbedtls_ssl_handshake returned" \ 2951 -c "mbedtls_ssl_handshake returned" \ 2952 -c "SSL - A fatal alert message was received from our peer" 2953 2954run_test "SNI: client auth no override: optional" \ 2955 "$P_SRV debug_level=3 auth_mode=optional \ 2956 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 2957 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \ 2958 "$P_CLI debug_level=3 server_name=localhost" \ 2959 0 \ 2960 -S "skip write certificate request" \ 2961 -C "skip parse certificate request" \ 2962 -c "got a certificate request" \ 2963 -C "skip write certificate" \ 2964 -C "skip write certificate verify" \ 2965 -S "skip parse certificate verify" 2966 2967run_test "SNI: client auth override: none -> optional" \ 2968 "$P_SRV debug_level=3 auth_mode=none \ 2969 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 2970 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \ 2971 "$P_CLI debug_level=3 server_name=localhost" \ 2972 0 \ 2973 -S "skip write certificate request" \ 2974 -C "skip parse certificate request" \ 2975 -c "got a certificate request" \ 2976 -C "skip write certificate" \ 2977 -C "skip write certificate verify" \ 2978 -S "skip parse certificate verify" 2979 2980run_test "SNI: client auth override: optional -> none" \ 2981 "$P_SRV debug_level=3 auth_mode=optional \ 2982 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 2983 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \ 2984 "$P_CLI debug_level=3 server_name=localhost" \ 2985 0 \ 2986 -s "skip write certificate request" \ 2987 -C "skip parse certificate request" \ 2988 -c "got no certificate request" \ 2989 -c "skip write certificate" \ 2990 -c "skip write certificate verify" \ 2991 -s "skip parse certificate verify" 2992 2993run_test "SNI: CA no override" \ 2994 "$P_SRV debug_level=3 auth_mode=optional \ 2995 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 2996 ca_file=data_files/test-ca.crt \ 2997 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \ 2998 "$P_CLI debug_level=3 server_name=localhost \ 2999 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 3000 1 \ 3001 -S "skip write certificate request" \ 3002 -C "skip parse certificate request" \ 3003 -c "got a certificate request" \ 3004 -C "skip write certificate" \ 3005 -C "skip write certificate verify" \ 3006 -S "skip parse certificate verify" \ 3007 -s "x509_verify_cert() returned" \ 3008 -s "! The certificate is not correctly signed by the trusted CA" \ 3009 -S "The certificate has been revoked (is on a CRL)" 3010 3011run_test "SNI: CA override" \ 3012 "$P_SRV debug_level=3 auth_mode=optional \ 3013 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3014 ca_file=data_files/test-ca.crt \ 3015 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \ 3016 "$P_CLI debug_level=3 server_name=localhost \ 3017 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 3018 0 \ 3019 -S "skip write certificate request" \ 3020 -C "skip parse certificate request" \ 3021 -c "got a certificate request" \ 3022 -C "skip write certificate" \ 3023 -C "skip write certificate verify" \ 3024 -S "skip parse certificate verify" \ 3025 -S "x509_verify_cert() returned" \ 3026 -S "! The certificate is not correctly signed by the trusted CA" \ 3027 -S "The certificate has been revoked (is on a CRL)" 3028 3029run_test "SNI: CA override with CRL" \ 3030 "$P_SRV debug_level=3 auth_mode=optional \ 3031 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3032 ca_file=data_files/test-ca.crt \ 3033 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \ 3034 "$P_CLI debug_level=3 server_name=localhost \ 3035 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 3036 1 \ 3037 -S "skip write certificate request" \ 3038 -C "skip parse certificate request" \ 3039 -c "got a certificate request" \ 3040 -C "skip write certificate" \ 3041 -C "skip write certificate verify" \ 3042 -S "skip parse certificate verify" \ 3043 -s "x509_verify_cert() returned" \ 3044 -S "! The certificate is not correctly signed by the trusted CA" \ 3045 -s "The certificate has been revoked (is on a CRL)" 3046 3047# Tests for SNI and DTLS 3048 3049run_test "SNI: DTLS, no SNI callback" \ 3050 "$P_SRV debug_level=3 dtls=1 \ 3051 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 3052 "$P_CLI server_name=localhost dtls=1" \ 3053 0 \ 3054 -S "parse ServerName extension" \ 3055 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ 3056 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 3057 3058run_test "SNI: DTLS, matching cert 1" \ 3059 "$P_SRV debug_level=3 dtls=1 \ 3060 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3061 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 3062 "$P_CLI server_name=localhost dtls=1" \ 3063 0 \ 3064 -s "parse ServerName extension" \ 3065 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 3066 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 3067 3068run_test "SNI: DTLS, matching cert 2" \ 3069 "$P_SRV debug_level=3 dtls=1 \ 3070 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3071 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 3072 "$P_CLI server_name=polarssl.example dtls=1" \ 3073 0 \ 3074 -s "parse ServerName extension" \ 3075 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 3076 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" 3077 3078run_test "SNI: DTLS, no matching cert" \ 3079 "$P_SRV debug_level=3 dtls=1 \ 3080 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3081 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 3082 "$P_CLI server_name=nonesuch.example dtls=1" \ 3083 1 \ 3084 -s "parse ServerName extension" \ 3085 -s "ssl_sni_wrapper() returned" \ 3086 -s "mbedtls_ssl_handshake returned" \ 3087 -c "mbedtls_ssl_handshake returned" \ 3088 -c "SSL - A fatal alert message was received from our peer" 3089 3090run_test "SNI: DTLS, client auth no override: optional" \ 3091 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 3092 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3093 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \ 3094 "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 3095 0 \ 3096 -S "skip write certificate request" \ 3097 -C "skip parse certificate request" \ 3098 -c "got a certificate request" \ 3099 -C "skip write certificate" \ 3100 -C "skip write certificate verify" \ 3101 -S "skip parse certificate verify" 3102 3103run_test "SNI: DTLS, client auth override: none -> optional" \ 3104 "$P_SRV debug_level=3 auth_mode=none dtls=1 \ 3105 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3106 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \ 3107 "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 3108 0 \ 3109 -S "skip write certificate request" \ 3110 -C "skip parse certificate request" \ 3111 -c "got a certificate request" \ 3112 -C "skip write certificate" \ 3113 -C "skip write certificate verify" \ 3114 -S "skip parse certificate verify" 3115 3116run_test "SNI: DTLS, client auth override: optional -> none" \ 3117 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 3118 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3119 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \ 3120 "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 3121 0 \ 3122 -s "skip write certificate request" \ 3123 -C "skip parse certificate request" \ 3124 -c "got no certificate request" \ 3125 -c "skip write certificate" \ 3126 -c "skip write certificate verify" \ 3127 -s "skip parse certificate verify" 3128 3129run_test "SNI: DTLS, CA no override" \ 3130 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 3131 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3132 ca_file=data_files/test-ca.crt \ 3133 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \ 3134 "$P_CLI debug_level=3 server_name=localhost dtls=1 \ 3135 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 3136 1 \ 3137 -S "skip write certificate request" \ 3138 -C "skip parse certificate request" \ 3139 -c "got a certificate request" \ 3140 -C "skip write certificate" \ 3141 -C "skip write certificate verify" \ 3142 -S "skip parse certificate verify" \ 3143 -s "x509_verify_cert() returned" \ 3144 -s "! The certificate is not correctly signed by the trusted CA" \ 3145 -S "The certificate has been revoked (is on a CRL)" 3146 3147run_test "SNI: DTLS, CA override" \ 3148 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 3149 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3150 ca_file=data_files/test-ca.crt \ 3151 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \ 3152 "$P_CLI debug_level=3 server_name=localhost dtls=1 \ 3153 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 3154 0 \ 3155 -S "skip write certificate request" \ 3156 -C "skip parse certificate request" \ 3157 -c "got a certificate request" \ 3158 -C "skip write certificate" \ 3159 -C "skip write certificate verify" \ 3160 -S "skip parse certificate verify" \ 3161 -S "x509_verify_cert() returned" \ 3162 -S "! The certificate is not correctly signed by the trusted CA" \ 3163 -S "The certificate has been revoked (is on a CRL)" 3164 3165run_test "SNI: DTLS, CA override with CRL" \ 3166 "$P_SRV debug_level=3 auth_mode=optional \ 3167 crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \ 3168 ca_file=data_files/test-ca.crt \ 3169 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \ 3170 "$P_CLI debug_level=3 server_name=localhost dtls=1 \ 3171 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 3172 1 \ 3173 -S "skip write certificate request" \ 3174 -C "skip parse certificate request" \ 3175 -c "got a certificate request" \ 3176 -C "skip write certificate" \ 3177 -C "skip write certificate verify" \ 3178 -S "skip parse certificate verify" \ 3179 -s "x509_verify_cert() returned" \ 3180 -S "! The certificate is not correctly signed by the trusted CA" \ 3181 -s "The certificate has been revoked (is on a CRL)" 3182 3183# Tests for non-blocking I/O: exercise a variety of handshake flows 3184 3185run_test "Non-blocking I/O: basic handshake" \ 3186 "$P_SRV nbio=2 tickets=0 auth_mode=none" \ 3187 "$P_CLI nbio=2 tickets=0" \ 3188 0 \ 3189 -S "mbedtls_ssl_handshake returned" \ 3190 -C "mbedtls_ssl_handshake returned" \ 3191 -c "Read from server: .* bytes read" 3192 3193run_test "Non-blocking I/O: client auth" \ 3194 "$P_SRV nbio=2 tickets=0 auth_mode=required" \ 3195 "$P_CLI nbio=2 tickets=0" \ 3196 0 \ 3197 -S "mbedtls_ssl_handshake returned" \ 3198 -C "mbedtls_ssl_handshake returned" \ 3199 -c "Read from server: .* bytes read" 3200 3201run_test "Non-blocking I/O: ticket" \ 3202 "$P_SRV nbio=2 tickets=1 auth_mode=none" \ 3203 "$P_CLI nbio=2 tickets=1" \ 3204 0 \ 3205 -S "mbedtls_ssl_handshake returned" \ 3206 -C "mbedtls_ssl_handshake returned" \ 3207 -c "Read from server: .* bytes read" 3208 3209run_test "Non-blocking I/O: ticket + client auth" \ 3210 "$P_SRV nbio=2 tickets=1 auth_mode=required" \ 3211 "$P_CLI nbio=2 tickets=1" \ 3212 0 \ 3213 -S "mbedtls_ssl_handshake returned" \ 3214 -C "mbedtls_ssl_handshake returned" \ 3215 -c "Read from server: .* bytes read" 3216 3217run_test "Non-blocking I/O: ticket + client auth + resume" \ 3218 "$P_SRV nbio=2 tickets=1 auth_mode=required" \ 3219 "$P_CLI nbio=2 tickets=1 reconnect=1" \ 3220 0 \ 3221 -S "mbedtls_ssl_handshake returned" \ 3222 -C "mbedtls_ssl_handshake returned" \ 3223 -c "Read from server: .* bytes read" 3224 3225run_test "Non-blocking I/O: ticket + resume" \ 3226 "$P_SRV nbio=2 tickets=1 auth_mode=none" \ 3227 "$P_CLI nbio=2 tickets=1 reconnect=1" \ 3228 0 \ 3229 -S "mbedtls_ssl_handshake returned" \ 3230 -C "mbedtls_ssl_handshake returned" \ 3231 -c "Read from server: .* bytes read" 3232 3233run_test "Non-blocking I/O: session-id resume" \ 3234 "$P_SRV nbio=2 tickets=0 auth_mode=none" \ 3235 "$P_CLI nbio=2 tickets=0 reconnect=1" \ 3236 0 \ 3237 -S "mbedtls_ssl_handshake returned" \ 3238 -C "mbedtls_ssl_handshake returned" \ 3239 -c "Read from server: .* bytes read" 3240 3241# Tests for event-driven I/O: exercise a variety of handshake flows 3242 3243run_test "Event-driven I/O: basic handshake" \ 3244 "$P_SRV event=1 tickets=0 auth_mode=none" \ 3245 "$P_CLI event=1 tickets=0" \ 3246 0 \ 3247 -S "mbedtls_ssl_handshake returned" \ 3248 -C "mbedtls_ssl_handshake returned" \ 3249 -c "Read from server: .* bytes read" 3250 3251run_test "Event-driven I/O: client auth" \ 3252 "$P_SRV event=1 tickets=0 auth_mode=required" \ 3253 "$P_CLI event=1 tickets=0" \ 3254 0 \ 3255 -S "mbedtls_ssl_handshake returned" \ 3256 -C "mbedtls_ssl_handshake returned" \ 3257 -c "Read from server: .* bytes read" 3258 3259run_test "Event-driven I/O: ticket" \ 3260 "$P_SRV event=1 tickets=1 auth_mode=none" \ 3261 "$P_CLI event=1 tickets=1" \ 3262 0 \ 3263 -S "mbedtls_ssl_handshake returned" \ 3264 -C "mbedtls_ssl_handshake returned" \ 3265 -c "Read from server: .* bytes read" 3266 3267run_test "Event-driven I/O: ticket + client auth" \ 3268 "$P_SRV event=1 tickets=1 auth_mode=required" \ 3269 "$P_CLI event=1 tickets=1" \ 3270 0 \ 3271 -S "mbedtls_ssl_handshake returned" \ 3272 -C "mbedtls_ssl_handshake returned" \ 3273 -c "Read from server: .* bytes read" 3274 3275run_test "Event-driven I/O: ticket + client auth + resume" \ 3276 "$P_SRV event=1 tickets=1 auth_mode=required" \ 3277 "$P_CLI event=1 tickets=1 reconnect=1" \ 3278 0 \ 3279 -S "mbedtls_ssl_handshake returned" \ 3280 -C "mbedtls_ssl_handshake returned" \ 3281 -c "Read from server: .* bytes read" 3282 3283run_test "Event-driven I/O: ticket + resume" \ 3284 "$P_SRV event=1 tickets=1 auth_mode=none" \ 3285 "$P_CLI event=1 tickets=1 reconnect=1" \ 3286 0 \ 3287 -S "mbedtls_ssl_handshake returned" \ 3288 -C "mbedtls_ssl_handshake returned" \ 3289 -c "Read from server: .* bytes read" 3290 3291run_test "Event-driven I/O: session-id resume" \ 3292 "$P_SRV event=1 tickets=0 auth_mode=none" \ 3293 "$P_CLI event=1 tickets=0 reconnect=1" \ 3294 0 \ 3295 -S "mbedtls_ssl_handshake returned" \ 3296 -C "mbedtls_ssl_handshake returned" \ 3297 -c "Read from server: .* bytes read" 3298 3299run_test "Event-driven I/O, DTLS: basic handshake" \ 3300 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ 3301 "$P_CLI dtls=1 event=1 tickets=0" \ 3302 0 \ 3303 -c "Read from server: .* bytes read" 3304 3305run_test "Event-driven I/O, DTLS: client auth" \ 3306 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ 3307 "$P_CLI dtls=1 event=1 tickets=0" \ 3308 0 \ 3309 -c "Read from server: .* bytes read" 3310 3311run_test "Event-driven I/O, DTLS: ticket" \ 3312 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ 3313 "$P_CLI dtls=1 event=1 tickets=1" \ 3314 0 \ 3315 -c "Read from server: .* bytes read" 3316 3317run_test "Event-driven I/O, DTLS: ticket + client auth" \ 3318 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ 3319 "$P_CLI dtls=1 event=1 tickets=1" \ 3320 0 \ 3321 -c "Read from server: .* bytes read" 3322 3323run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \ 3324 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ 3325 "$P_CLI dtls=1 event=1 tickets=1 reconnect=1" \ 3326 0 \ 3327 -c "Read from server: .* bytes read" 3328 3329run_test "Event-driven I/O, DTLS: ticket + resume" \ 3330 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ 3331 "$P_CLI dtls=1 event=1 tickets=1 reconnect=1" \ 3332 0 \ 3333 -c "Read from server: .* bytes read" 3334 3335run_test "Event-driven I/O, DTLS: session-id resume" \ 3336 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ 3337 "$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \ 3338 0 \ 3339 -c "Read from server: .* bytes read" 3340 3341# This test demonstrates the need for the mbedtls_ssl_check_pending function. 3342# During session resumption, the client will send its ApplicationData record 3343# within the same datagram as the Finished messages. In this situation, the 3344# server MUST NOT idle on the underlying transport after handshake completion, 3345# because the ApplicationData request has already been queued internally. 3346run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \ 3347 -p "$P_PXY pack=50" \ 3348 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ 3349 "$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \ 3350 0 \ 3351 -c "Read from server: .* bytes read" 3352 3353# Tests for version negotiation 3354 3355run_test "Version check: all -> 1.2" \ 3356 "$P_SRV" \ 3357 "$P_CLI" \ 3358 0 \ 3359 -S "mbedtls_ssl_handshake returned" \ 3360 -C "mbedtls_ssl_handshake returned" \ 3361 -s "Protocol is TLSv1.2" \ 3362 -c "Protocol is TLSv1.2" 3363 3364run_test "Version check: cli max 1.1 -> 1.1" \ 3365 "$P_SRV" \ 3366 "$P_CLI max_version=tls1_1" \ 3367 0 \ 3368 -S "mbedtls_ssl_handshake returned" \ 3369 -C "mbedtls_ssl_handshake returned" \ 3370 -s "Protocol is TLSv1.1" \ 3371 -c "Protocol is TLSv1.1" 3372 3373run_test "Version check: srv max 1.1 -> 1.1" \ 3374 "$P_SRV max_version=tls1_1" \ 3375 "$P_CLI" \ 3376 0 \ 3377 -S "mbedtls_ssl_handshake returned" \ 3378 -C "mbedtls_ssl_handshake returned" \ 3379 -s "Protocol is TLSv1.1" \ 3380 -c "Protocol is TLSv1.1" 3381 3382run_test "Version check: cli+srv max 1.1 -> 1.1" \ 3383 "$P_SRV max_version=tls1_1" \ 3384 "$P_CLI max_version=tls1_1" \ 3385 0 \ 3386 -S "mbedtls_ssl_handshake returned" \ 3387 -C "mbedtls_ssl_handshake returned" \ 3388 -s "Protocol is TLSv1.1" \ 3389 -c "Protocol is TLSv1.1" 3390 3391run_test "Version check: cli max 1.1, srv min 1.1 -> 1.1" \ 3392 "$P_SRV min_version=tls1_1" \ 3393 "$P_CLI max_version=tls1_1" \ 3394 0 \ 3395 -S "mbedtls_ssl_handshake returned" \ 3396 -C "mbedtls_ssl_handshake returned" \ 3397 -s "Protocol is TLSv1.1" \ 3398 -c "Protocol is TLSv1.1" 3399 3400run_test "Version check: cli min 1.1, srv max 1.1 -> 1.1" \ 3401 "$P_SRV max_version=tls1_1" \ 3402 "$P_CLI min_version=tls1_1" \ 3403 0 \ 3404 -S "mbedtls_ssl_handshake returned" \ 3405 -C "mbedtls_ssl_handshake returned" \ 3406 -s "Protocol is TLSv1.1" \ 3407 -c "Protocol is TLSv1.1" 3408 3409run_test "Version check: cli min 1.2, srv max 1.1 -> fail" \ 3410 "$P_SRV max_version=tls1_1" \ 3411 "$P_CLI min_version=tls1_2" \ 3412 1 \ 3413 -s "mbedtls_ssl_handshake returned" \ 3414 -c "mbedtls_ssl_handshake returned" \ 3415 -c "SSL - Handshake protocol not within min/max boundaries" 3416 3417run_test "Version check: srv min 1.2, cli max 1.1 -> fail" \ 3418 "$P_SRV min_version=tls1_2" \ 3419 "$P_CLI max_version=tls1_1" \ 3420 1 \ 3421 -s "mbedtls_ssl_handshake returned" \ 3422 -c "mbedtls_ssl_handshake returned" \ 3423 -s "SSL - Handshake protocol not within min/max boundaries" 3424 3425# Tests for ALPN extension 3426 3427run_test "ALPN: none" \ 3428 "$P_SRV debug_level=3" \ 3429 "$P_CLI debug_level=3" \ 3430 0 \ 3431 -C "client hello, adding alpn extension" \ 3432 -S "found alpn extension" \ 3433 -C "got an alert message, type: \\[2:120]" \ 3434 -S "server hello, adding alpn extension" \ 3435 -C "found alpn extension " \ 3436 -C "Application Layer Protocol is" \ 3437 -S "Application Layer Protocol is" 3438 3439run_test "ALPN: client only" \ 3440 "$P_SRV debug_level=3" \ 3441 "$P_CLI debug_level=3 alpn=abc,1234" \ 3442 0 \ 3443 -c "client hello, adding alpn extension" \ 3444 -s "found alpn extension" \ 3445 -C "got an alert message, type: \\[2:120]" \ 3446 -S "server hello, adding alpn extension" \ 3447 -C "found alpn extension " \ 3448 -c "Application Layer Protocol is (none)" \ 3449 -S "Application Layer Protocol is" 3450 3451run_test "ALPN: server only" \ 3452 "$P_SRV debug_level=3 alpn=abc,1234" \ 3453 "$P_CLI debug_level=3" \ 3454 0 \ 3455 -C "client hello, adding alpn extension" \ 3456 -S "found alpn extension" \ 3457 -C "got an alert message, type: \\[2:120]" \ 3458 -S "server hello, adding alpn extension" \ 3459 -C "found alpn extension " \ 3460 -C "Application Layer Protocol is" \ 3461 -s "Application Layer Protocol is (none)" 3462 3463run_test "ALPN: both, common cli1-srv1" \ 3464 "$P_SRV debug_level=3 alpn=abc,1234" \ 3465 "$P_CLI debug_level=3 alpn=abc,1234" \ 3466 0 \ 3467 -c "client hello, adding alpn extension" \ 3468 -s "found alpn extension" \ 3469 -C "got an alert message, type: \\[2:120]" \ 3470 -s "server hello, adding alpn extension" \ 3471 -c "found alpn extension" \ 3472 -c "Application Layer Protocol is abc" \ 3473 -s "Application Layer Protocol is abc" 3474 3475run_test "ALPN: both, common cli2-srv1" \ 3476 "$P_SRV debug_level=3 alpn=abc,1234" \ 3477 "$P_CLI debug_level=3 alpn=1234,abc" \ 3478 0 \ 3479 -c "client hello, adding alpn extension" \ 3480 -s "found alpn extension" \ 3481 -C "got an alert message, type: \\[2:120]" \ 3482 -s "server hello, adding alpn extension" \ 3483 -c "found alpn extension" \ 3484 -c "Application Layer Protocol is abc" \ 3485 -s "Application Layer Protocol is abc" 3486 3487run_test "ALPN: both, common cli1-srv2" \ 3488 "$P_SRV debug_level=3 alpn=abc,1234" \ 3489 "$P_CLI debug_level=3 alpn=1234,abcde" \ 3490 0 \ 3491 -c "client hello, adding alpn extension" \ 3492 -s "found alpn extension" \ 3493 -C "got an alert message, type: \\[2:120]" \ 3494 -s "server hello, adding alpn extension" \ 3495 -c "found alpn extension" \ 3496 -c "Application Layer Protocol is 1234" \ 3497 -s "Application Layer Protocol is 1234" 3498 3499run_test "ALPN: both, no common" \ 3500 "$P_SRV debug_level=3 alpn=abc,123" \ 3501 "$P_CLI debug_level=3 alpn=1234,abcde" \ 3502 1 \ 3503 -c "client hello, adding alpn extension" \ 3504 -s "found alpn extension" \ 3505 -c "got an alert message, type: \\[2:120]" \ 3506 -S "server hello, adding alpn extension" \ 3507 -C "found alpn extension" \ 3508 -C "Application Layer Protocol is 1234" \ 3509 -S "Application Layer Protocol is 1234" 3510 3511 3512# Tests for keyUsage in leaf certificates, part 1: 3513# server-side certificate/suite selection 3514 3515run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \ 3516 "$P_SRV key_file=data_files/server2.key \ 3517 crt_file=data_files/server2.ku-ds.crt" \ 3518 "$P_CLI" \ 3519 0 \ 3520 -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-" 3521 3522 3523run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \ 3524 "$P_SRV key_file=data_files/server2.key \ 3525 crt_file=data_files/server2.ku-ke.crt" \ 3526 "$P_CLI" \ 3527 0 \ 3528 -c "Ciphersuite is TLS-RSA-WITH-" 3529 3530run_test "keyUsage srv: RSA, keyAgreement -> fail" \ 3531 "$P_SRV key_file=data_files/server2.key \ 3532 crt_file=data_files/server2.ku-ka.crt" \ 3533 "$P_CLI" \ 3534 1 \ 3535 -C "Ciphersuite is " 3536 3537run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \ 3538 "$P_SRV key_file=data_files/server5.key \ 3539 crt_file=data_files/server5.ku-ds.crt" \ 3540 "$P_CLI" \ 3541 0 \ 3542 -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-" 3543 3544 3545run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \ 3546 "$P_SRV key_file=data_files/server5.key \ 3547 crt_file=data_files/server5.ku-ka.crt" \ 3548 "$P_CLI" \ 3549 0 \ 3550 -c "Ciphersuite is TLS-ECDH-" 3551 3552run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \ 3553 "$P_SRV key_file=data_files/server5.key \ 3554 crt_file=data_files/server5.ku-ke.crt" \ 3555 "$P_CLI" \ 3556 1 \ 3557 -C "Ciphersuite is " 3558 3559# Tests for keyUsage in leaf certificates, part 2: 3560# client-side checking of server cert 3561 3562run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \ 3563 "$O_SRV -key data_files/server2.key \ 3564 -cert data_files/server2.ku-ds_ke.crt" \ 3565 "$P_CLI debug_level=1 \ 3566 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 3567 0 \ 3568 -C "bad certificate (usage extensions)" \ 3569 -C "Processing of the Certificate handshake message failed" \ 3570 -c "Ciphersuite is TLS-" 3571 3572run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \ 3573 "$O_SRV -key data_files/server2.key \ 3574 -cert data_files/server2.ku-ds_ke.crt" \ 3575 "$P_CLI debug_level=1 \ 3576 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 3577 0 \ 3578 -C "bad certificate (usage extensions)" \ 3579 -C "Processing of the Certificate handshake message failed" \ 3580 -c "Ciphersuite is TLS-" 3581 3582run_test "keyUsage cli: KeyEncipherment, RSA: OK" \ 3583 "$O_SRV -key data_files/server2.key \ 3584 -cert data_files/server2.ku-ke.crt" \ 3585 "$P_CLI debug_level=1 \ 3586 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 3587 0 \ 3588 -C "bad certificate (usage extensions)" \ 3589 -C "Processing of the Certificate handshake message failed" \ 3590 -c "Ciphersuite is TLS-" 3591 3592run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \ 3593 "$O_SRV -key data_files/server2.key \ 3594 -cert data_files/server2.ku-ke.crt" \ 3595 "$P_CLI debug_level=1 \ 3596 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 3597 1 \ 3598 -c "bad certificate (usage extensions)" \ 3599 -c "Processing of the Certificate handshake message failed" \ 3600 -C "Ciphersuite is TLS-" 3601 3602run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \ 3603 "$O_SRV -key data_files/server2.key \ 3604 -cert data_files/server2.ku-ke.crt" \ 3605 "$P_CLI debug_level=1 auth_mode=optional \ 3606 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 3607 0 \ 3608 -c "bad certificate (usage extensions)" \ 3609 -C "Processing of the Certificate handshake message failed" \ 3610 -c "Ciphersuite is TLS-" \ 3611 -c "! Usage does not match the keyUsage extension" 3612 3613run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \ 3614 "$O_SRV -key data_files/server2.key \ 3615 -cert data_files/server2.ku-ds.crt" \ 3616 "$P_CLI debug_level=1 \ 3617 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 3618 0 \ 3619 -C "bad certificate (usage extensions)" \ 3620 -C "Processing of the Certificate handshake message failed" \ 3621 -c "Ciphersuite is TLS-" 3622 3623run_test "keyUsage cli: DigitalSignature, RSA: fail" \ 3624 "$O_SRV -key data_files/server2.key \ 3625 -cert data_files/server2.ku-ds.crt" \ 3626 "$P_CLI debug_level=1 \ 3627 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 3628 1 \ 3629 -c "bad certificate (usage extensions)" \ 3630 -c "Processing of the Certificate handshake message failed" \ 3631 -C "Ciphersuite is TLS-" 3632 3633run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \ 3634 "$O_SRV -key data_files/server2.key \ 3635 -cert data_files/server2.ku-ds.crt" \ 3636 "$P_CLI debug_level=1 auth_mode=optional \ 3637 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 3638 0 \ 3639 -c "bad certificate (usage extensions)" \ 3640 -C "Processing of the Certificate handshake message failed" \ 3641 -c "Ciphersuite is TLS-" \ 3642 -c "! Usage does not match the keyUsage extension" 3643 3644# Tests for keyUsage in leaf certificates, part 3: 3645# server-side checking of client cert 3646 3647run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \ 3648 "$P_SRV debug_level=1 auth_mode=optional" \ 3649 "$O_CLI -key data_files/server2.key \ 3650 -cert data_files/server2.ku-ds.crt" \ 3651 0 \ 3652 -S "bad certificate (usage extensions)" \ 3653 -S "Processing of the Certificate handshake message failed" 3654 3655run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \ 3656 "$P_SRV debug_level=1 auth_mode=optional" \ 3657 "$O_CLI -key data_files/server2.key \ 3658 -cert data_files/server2.ku-ke.crt" \ 3659 0 \ 3660 -s "bad certificate (usage extensions)" \ 3661 -S "Processing of the Certificate handshake message failed" 3662 3663run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \ 3664 "$P_SRV debug_level=1 auth_mode=required" \ 3665 "$O_CLI -key data_files/server2.key \ 3666 -cert data_files/server2.ku-ke.crt" \ 3667 1 \ 3668 -s "bad certificate (usage extensions)" \ 3669 -s "Processing of the Certificate handshake message failed" 3670 3671run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \ 3672 "$P_SRV debug_level=1 auth_mode=optional" \ 3673 "$O_CLI -key data_files/server5.key \ 3674 -cert data_files/server5.ku-ds.crt" \ 3675 0 \ 3676 -S "bad certificate (usage extensions)" \ 3677 -S "Processing of the Certificate handshake message failed" 3678 3679run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \ 3680 "$P_SRV debug_level=1 auth_mode=optional" \ 3681 "$O_CLI -key data_files/server5.key \ 3682 -cert data_files/server5.ku-ka.crt" \ 3683 0 \ 3684 -s "bad certificate (usage extensions)" \ 3685 -S "Processing of the Certificate handshake message failed" 3686 3687# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection 3688 3689run_test "extKeyUsage srv: serverAuth -> OK" \ 3690 "$P_SRV key_file=data_files/server5.key \ 3691 crt_file=data_files/server5.eku-srv.crt" \ 3692 "$P_CLI" \ 3693 0 3694 3695run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \ 3696 "$P_SRV key_file=data_files/server5.key \ 3697 crt_file=data_files/server5.eku-srv.crt" \ 3698 "$P_CLI" \ 3699 0 3700 3701run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \ 3702 "$P_SRV key_file=data_files/server5.key \ 3703 crt_file=data_files/server5.eku-cs_any.crt" \ 3704 "$P_CLI" \ 3705 0 3706 3707run_test "extKeyUsage srv: codeSign -> fail" \ 3708 "$P_SRV key_file=data_files/server5.key \ 3709 crt_file=data_files/server5.eku-cli.crt" \ 3710 "$P_CLI" \ 3711 1 3712 3713# Tests for extendedKeyUsage, part 2: client-side checking of server cert 3714 3715run_test "extKeyUsage cli: serverAuth -> OK" \ 3716 "$O_SRV -key data_files/server5.key \ 3717 -cert data_files/server5.eku-srv.crt" \ 3718 "$P_CLI debug_level=1" \ 3719 0 \ 3720 -C "bad certificate (usage extensions)" \ 3721 -C "Processing of the Certificate handshake message failed" \ 3722 -c "Ciphersuite is TLS-" 3723 3724run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \ 3725 "$O_SRV -key data_files/server5.key \ 3726 -cert data_files/server5.eku-srv_cli.crt" \ 3727 "$P_CLI debug_level=1" \ 3728 0 \ 3729 -C "bad certificate (usage extensions)" \ 3730 -C "Processing of the Certificate handshake message failed" \ 3731 -c "Ciphersuite is TLS-" 3732 3733run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \ 3734 "$O_SRV -key data_files/server5.key \ 3735 -cert data_files/server5.eku-cs_any.crt" \ 3736 "$P_CLI debug_level=1" \ 3737 0 \ 3738 -C "bad certificate (usage extensions)" \ 3739 -C "Processing of the Certificate handshake message failed" \ 3740 -c "Ciphersuite is TLS-" 3741 3742run_test "extKeyUsage cli: codeSign -> fail" \ 3743 "$O_SRV -key data_files/server5.key \ 3744 -cert data_files/server5.eku-cs.crt" \ 3745 "$P_CLI debug_level=1" \ 3746 1 \ 3747 -c "bad certificate (usage extensions)" \ 3748 -c "Processing of the Certificate handshake message failed" \ 3749 -C "Ciphersuite is TLS-" 3750 3751# Tests for extendedKeyUsage, part 3: server-side checking of client cert 3752 3753run_test "extKeyUsage cli-auth: clientAuth -> OK" \ 3754 "$P_SRV debug_level=1 auth_mode=optional" \ 3755 "$O_CLI -key data_files/server5.key \ 3756 -cert data_files/server5.eku-cli.crt" \ 3757 0 \ 3758 -S "bad certificate (usage extensions)" \ 3759 -S "Processing of the Certificate handshake message failed" 3760 3761run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \ 3762 "$P_SRV debug_level=1 auth_mode=optional" \ 3763 "$O_CLI -key data_files/server5.key \ 3764 -cert data_files/server5.eku-srv_cli.crt" \ 3765 0 \ 3766 -S "bad certificate (usage extensions)" \ 3767 -S "Processing of the Certificate handshake message failed" 3768 3769run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \ 3770 "$P_SRV debug_level=1 auth_mode=optional" \ 3771 "$O_CLI -key data_files/server5.key \ 3772 -cert data_files/server5.eku-cs_any.crt" \ 3773 0 \ 3774 -S "bad certificate (usage extensions)" \ 3775 -S "Processing of the Certificate handshake message failed" 3776 3777run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ 3778 "$P_SRV debug_level=1 auth_mode=optional" \ 3779 "$O_CLI -key data_files/server5.key \ 3780 -cert data_files/server5.eku-cs.crt" \ 3781 0 \ 3782 -s "bad certificate (usage extensions)" \ 3783 -S "Processing of the Certificate handshake message failed" 3784 3785run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \ 3786 "$P_SRV debug_level=1 auth_mode=required" \ 3787 "$O_CLI -key data_files/server5.key \ 3788 -cert data_files/server5.eku-cs.crt" \ 3789 1 \ 3790 -s "bad certificate (usage extensions)" \ 3791 -s "Processing of the Certificate handshake message failed" 3792 3793# Tests for DHM parameters loading 3794 3795run_test "DHM parameters: reference" \ 3796 "$P_SRV" \ 3797 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 3798 debug_level=3" \ 3799 0 \ 3800 -c "value of 'DHM: P ' (2048 bits)" \ 3801 -c "value of 'DHM: G ' (2 bits)" 3802 3803run_test "DHM parameters: other parameters" \ 3804 "$P_SRV dhm_file=data_files/dhparams.pem" \ 3805 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 3806 debug_level=3" \ 3807 0 \ 3808 -c "value of 'DHM: P ' (1024 bits)" \ 3809 -c "value of 'DHM: G ' (2 bits)" 3810 3811# Tests for DHM client-side size checking 3812 3813run_test "DHM size: server default, client default, OK" \ 3814 "$P_SRV" \ 3815 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 3816 debug_level=1" \ 3817 0 \ 3818 -C "DHM prime too short:" 3819 3820run_test "DHM size: server default, client 2048, OK" \ 3821 "$P_SRV" \ 3822 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 3823 debug_level=1 dhmlen=2048" \ 3824 0 \ 3825 -C "DHM prime too short:" 3826 3827run_test "DHM size: server 1024, client default, OK" \ 3828 "$P_SRV dhm_file=data_files/dhparams.pem" \ 3829 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 3830 debug_level=1" \ 3831 0 \ 3832 -C "DHM prime too short:" 3833 3834run_test "DHM size: server 1000, client default, rejected" \ 3835 "$P_SRV dhm_file=data_files/dh.1000.pem" \ 3836 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 3837 debug_level=1" \ 3838 1 \ 3839 -c "DHM prime too short:" 3840 3841run_test "DHM size: server default, client 2049, rejected" \ 3842 "$P_SRV" \ 3843 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 3844 debug_level=1 dhmlen=2049" \ 3845 1 \ 3846 -c "DHM prime too short:" 3847 3848# Tests for PSK callback 3849 3850run_test "PSK callback: psk, no callback" \ 3851 "$P_SRV psk=abc123 psk_identity=foo" \ 3852 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 3853 psk_identity=foo psk=abc123" \ 3854 0 \ 3855 -S "SSL - None of the common ciphersuites is usable" \ 3856 -S "SSL - Unknown identity received" \ 3857 -S "SSL - Verification of the message MAC failed" 3858 3859run_test "PSK callback: no psk, no callback" \ 3860 "$P_SRV" \ 3861 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 3862 psk_identity=foo psk=abc123" \ 3863 1 \ 3864 -s "SSL - None of the common ciphersuites is usable" \ 3865 -S "SSL - Unknown identity received" \ 3866 -S "SSL - Verification of the message MAC failed" 3867 3868run_test "PSK callback: callback overrides other settings" \ 3869 "$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \ 3870 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 3871 psk_identity=foo psk=abc123" \ 3872 1 \ 3873 -S "SSL - None of the common ciphersuites is usable" \ 3874 -s "SSL - Unknown identity received" \ 3875 -S "SSL - Verification of the message MAC failed" 3876 3877run_test "PSK callback: first id matches" \ 3878 "$P_SRV psk_list=abc,dead,def,beef" \ 3879 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 3880 psk_identity=abc psk=dead" \ 3881 0 \ 3882 -S "SSL - None of the common ciphersuites is usable" \ 3883 -S "SSL - Unknown identity received" \ 3884 -S "SSL - Verification of the message MAC failed" 3885 3886run_test "PSK callback: second id matches" \ 3887 "$P_SRV psk_list=abc,dead,def,beef" \ 3888 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 3889 psk_identity=def psk=beef" \ 3890 0 \ 3891 -S "SSL - None of the common ciphersuites is usable" \ 3892 -S "SSL - Unknown identity received" \ 3893 -S "SSL - Verification of the message MAC failed" 3894 3895run_test "PSK callback: no match" \ 3896 "$P_SRV psk_list=abc,dead,def,beef" \ 3897 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 3898 psk_identity=ghi psk=beef" \ 3899 1 \ 3900 -S "SSL - None of the common ciphersuites is usable" \ 3901 -s "SSL - Unknown identity received" \ 3902 -S "SSL - Verification of the message MAC failed" 3903 3904run_test "PSK callback: wrong key" \ 3905 "$P_SRV psk_list=abc,dead,def,beef" \ 3906 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 3907 psk_identity=abc psk=beef" \ 3908 1 \ 3909 -S "SSL - None of the common ciphersuites is usable" \ 3910 -S "SSL - Unknown identity received" \ 3911 -s "SSL - Verification of the message MAC failed" 3912 3913# Tests for EC J-PAKE 3914 3915requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE 3916run_test "ECJPAKE: client not configured" \ 3917 "$P_SRV debug_level=3" \ 3918 "$P_CLI debug_level=3" \ 3919 0 \ 3920 -C "add ciphersuite: c0ff" \ 3921 -C "adding ecjpake_kkpp extension" \ 3922 -S "found ecjpake kkpp extension" \ 3923 -S "skip ecjpake kkpp extension" \ 3924 -S "ciphersuite mismatch: ecjpake not configured" \ 3925 -S "server hello, ecjpake kkpp extension" \ 3926 -C "found ecjpake_kkpp extension" \ 3927 -S "None of the common ciphersuites is usable" 3928 3929requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE 3930run_test "ECJPAKE: server not configured" \ 3931 "$P_SRV debug_level=3" \ 3932 "$P_CLI debug_level=3 ecjpake_pw=bla \ 3933 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 3934 1 \ 3935 -c "add ciphersuite: c0ff" \ 3936 -c "adding ecjpake_kkpp extension" \ 3937 -s "found ecjpake kkpp extension" \ 3938 -s "skip ecjpake kkpp extension" \ 3939 -s "ciphersuite mismatch: ecjpake not configured" \ 3940 -S "server hello, ecjpake kkpp extension" \ 3941 -C "found ecjpake_kkpp extension" \ 3942 -s "None of the common ciphersuites is usable" 3943 3944requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE 3945run_test "ECJPAKE: working, TLS" \ 3946 "$P_SRV debug_level=3 ecjpake_pw=bla" \ 3947 "$P_CLI debug_level=3 ecjpake_pw=bla \ 3948 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 3949 0 \ 3950 -c "add ciphersuite: c0ff" \ 3951 -c "adding ecjpake_kkpp extension" \ 3952 -C "re-using cached ecjpake parameters" \ 3953 -s "found ecjpake kkpp extension" \ 3954 -S "skip ecjpake kkpp extension" \ 3955 -S "ciphersuite mismatch: ecjpake not configured" \ 3956 -s "server hello, ecjpake kkpp extension" \ 3957 -c "found ecjpake_kkpp extension" \ 3958 -S "None of the common ciphersuites is usable" \ 3959 -S "SSL - Verification of the message MAC failed" 3960 3961server_needs_more_time 1 3962requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE 3963run_test "ECJPAKE: password mismatch, TLS" \ 3964 "$P_SRV debug_level=3 ecjpake_pw=bla" \ 3965 "$P_CLI debug_level=3 ecjpake_pw=bad \ 3966 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 3967 1 \ 3968 -C "re-using cached ecjpake parameters" \ 3969 -s "SSL - Verification of the message MAC failed" 3970 3971requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE 3972run_test "ECJPAKE: working, DTLS" \ 3973 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ 3974 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ 3975 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 3976 0 \ 3977 -c "re-using cached ecjpake parameters" \ 3978 -S "SSL - Verification of the message MAC failed" 3979 3980requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE 3981run_test "ECJPAKE: working, DTLS, no cookie" \ 3982 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \ 3983 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ 3984 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 3985 0 \ 3986 -C "re-using cached ecjpake parameters" \ 3987 -S "SSL - Verification of the message MAC failed" 3988 3989server_needs_more_time 1 3990requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE 3991run_test "ECJPAKE: password mismatch, DTLS" \ 3992 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ 3993 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \ 3994 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 3995 1 \ 3996 -c "re-using cached ecjpake parameters" \ 3997 -s "SSL - Verification of the message MAC failed" 3998 3999# for tests with configs/config-thread.h 4000requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE 4001run_test "ECJPAKE: working, DTLS, nolog" \ 4002 "$P_SRV dtls=1 ecjpake_pw=bla" \ 4003 "$P_CLI dtls=1 ecjpake_pw=bla \ 4004 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 4005 0 4006 4007# Tests for ciphersuites per version 4008 4009requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4010requires_config_enabled MBEDTLS_CAMELLIA_C 4011requires_config_enabled MBEDTLS_AES_C 4012run_test "Per-version suites: SSL3" \ 4013 "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ 4014 "$P_CLI force_version=ssl3" \ 4015 0 \ 4016 -c "Ciphersuite is TLS-RSA-WITH-CAMELLIA-128-CBC-SHA" 4017 4018requires_config_enabled MBEDTLS_SSL_PROTO_TLS1 4019requires_config_enabled MBEDTLS_CAMELLIA_C 4020requires_config_enabled MBEDTLS_AES_C 4021run_test "Per-version suites: TLS 1.0" \ 4022 "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ 4023 "$P_CLI force_version=tls1 arc4=1" \ 4024 0 \ 4025 -c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA" 4026 4027requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 4028requires_config_enabled MBEDTLS_CAMELLIA_C 4029requires_config_enabled MBEDTLS_AES_C 4030run_test "Per-version suites: TLS 1.1" \ 4031 "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ 4032 "$P_CLI force_version=tls1_1" \ 4033 0 \ 4034 -c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA" 4035 4036requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4037requires_config_enabled MBEDTLS_CAMELLIA_C 4038requires_config_enabled MBEDTLS_AES_C 4039run_test "Per-version suites: TLS 1.2" \ 4040 "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ 4041 "$P_CLI force_version=tls1_2" \ 4042 0 \ 4043 -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256" 4044 4045# Test for ClientHello without extensions 4046 4047requires_gnutls 4048run_test "ClientHello without extensions, SHA-1 allowed" \ 4049 "$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt" \ 4050 "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \ 4051 0 \ 4052 -s "dumping 'client hello extensions' (0 bytes)" 4053 4054requires_gnutls 4055run_test "ClientHello without extensions, SHA-1 forbidden in certificates on server" \ 4056 "$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt allow_sha1=0" \ 4057 "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \ 4058 0 \ 4059 -s "dumping 'client hello extensions' (0 bytes)" 4060 4061# Tests for mbedtls_ssl_get_bytes_avail() 4062 4063run_test "mbedtls_ssl_get_bytes_avail: no extra data" \ 4064 "$P_SRV" \ 4065 "$P_CLI request_size=100" \ 4066 0 \ 4067 -s "Read from client: 100 bytes read$" 4068 4069run_test "mbedtls_ssl_get_bytes_avail: extra data" \ 4070 "$P_SRV" \ 4071 "$P_CLI request_size=500" \ 4072 0 \ 4073 -s "Read from client: 500 bytes read (.*+.*)" 4074 4075# Tests for small client packets 4076 4077requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4078run_test "Small client packet SSLv3 BlockCipher" \ 4079 "$P_SRV min_version=ssl3" \ 4080 "$P_CLI request_size=1 force_version=ssl3 \ 4081 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4082 0 \ 4083 -s "Read from client: 1 bytes read" 4084 4085requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4086run_test "Small client packet SSLv3 StreamCipher" \ 4087 "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4088 "$P_CLI request_size=1 force_version=ssl3 \ 4089 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4090 0 \ 4091 -s "Read from client: 1 bytes read" 4092 4093run_test "Small client packet TLS 1.0 BlockCipher" \ 4094 "$P_SRV" \ 4095 "$P_CLI request_size=1 force_version=tls1 \ 4096 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4097 0 \ 4098 -s "Read from client: 1 bytes read" 4099 4100run_test "Small client packet TLS 1.0 BlockCipher, without EtM" \ 4101 "$P_SRV" \ 4102 "$P_CLI request_size=1 force_version=tls1 etm=0 \ 4103 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4104 0 \ 4105 -s "Read from client: 1 bytes read" 4106 4107requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4108run_test "Small client packet TLS 1.0 BlockCipher, truncated MAC" \ 4109 "$P_SRV trunc_hmac=1" \ 4110 "$P_CLI request_size=1 force_version=tls1 \ 4111 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4112 0 \ 4113 -s "Read from client: 1 bytes read" 4114 4115requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4116run_test "Small client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ 4117 "$P_SRV trunc_hmac=1" \ 4118 "$P_CLI request_size=1 force_version=tls1 \ 4119 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4120 0 \ 4121 -s "Read from client: 1 bytes read" 4122 4123run_test "Small client packet TLS 1.0 StreamCipher" \ 4124 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4125 "$P_CLI request_size=1 force_version=tls1 \ 4126 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4127 0 \ 4128 -s "Read from client: 1 bytes read" 4129 4130run_test "Small client packet TLS 1.0 StreamCipher, without EtM" \ 4131 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4132 "$P_CLI request_size=1 force_version=tls1 \ 4133 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4134 0 \ 4135 -s "Read from client: 1 bytes read" 4136 4137requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4138run_test "Small client packet TLS 1.0 StreamCipher, truncated MAC" \ 4139 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4140 "$P_CLI request_size=1 force_version=tls1 \ 4141 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4142 0 \ 4143 -s "Read from client: 1 bytes read" 4144 4145requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4146run_test "Small client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ 4147 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4148 "$P_CLI request_size=1 force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ 4149 trunc_hmac=1 etm=0" \ 4150 0 \ 4151 -s "Read from client: 1 bytes read" 4152 4153run_test "Small client packet TLS 1.1 BlockCipher" \ 4154 "$P_SRV" \ 4155 "$P_CLI request_size=1 force_version=tls1_1 \ 4156 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4157 0 \ 4158 -s "Read from client: 1 bytes read" 4159 4160run_test "Small client packet TLS 1.1 BlockCipher, without EtM" \ 4161 "$P_SRV" \ 4162 "$P_CLI request_size=1 force_version=tls1_1 \ 4163 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 4164 0 \ 4165 -s "Read from client: 1 bytes read" 4166 4167requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4168run_test "Small client packet TLS 1.1 BlockCipher, truncated MAC" \ 4169 "$P_SRV trunc_hmac=1" \ 4170 "$P_CLI request_size=1 force_version=tls1_1 \ 4171 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4172 0 \ 4173 -s "Read from client: 1 bytes read" 4174 4175requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4176run_test "Small client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ 4177 "$P_SRV trunc_hmac=1" \ 4178 "$P_CLI request_size=1 force_version=tls1_1 \ 4179 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4180 0 \ 4181 -s "Read from client: 1 bytes read" 4182 4183run_test "Small client packet TLS 1.1 StreamCipher" \ 4184 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4185 "$P_CLI request_size=1 force_version=tls1_1 \ 4186 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4187 0 \ 4188 -s "Read from client: 1 bytes read" 4189 4190run_test "Small client packet TLS 1.1 StreamCipher, without EtM" \ 4191 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4192 "$P_CLI request_size=1 force_version=tls1_1 \ 4193 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4194 0 \ 4195 -s "Read from client: 1 bytes read" 4196 4197requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4198run_test "Small client packet TLS 1.1 StreamCipher, truncated MAC" \ 4199 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4200 "$P_CLI request_size=1 force_version=tls1_1 \ 4201 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4202 0 \ 4203 -s "Read from client: 1 bytes read" 4204 4205requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4206run_test "Small client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ 4207 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4208 "$P_CLI request_size=1 force_version=tls1_1 \ 4209 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 4210 0 \ 4211 -s "Read from client: 1 bytes read" 4212 4213run_test "Small client packet TLS 1.2 BlockCipher" \ 4214 "$P_SRV" \ 4215 "$P_CLI request_size=1 force_version=tls1_2 \ 4216 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4217 0 \ 4218 -s "Read from client: 1 bytes read" 4219 4220run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \ 4221 "$P_SRV" \ 4222 "$P_CLI request_size=1 force_version=tls1_2 \ 4223 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 4224 0 \ 4225 -s "Read from client: 1 bytes read" 4226 4227run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ 4228 "$P_SRV" \ 4229 "$P_CLI request_size=1 force_version=tls1_2 \ 4230 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 4231 0 \ 4232 -s "Read from client: 1 bytes read" 4233 4234requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4235run_test "Small client packet TLS 1.2 BlockCipher, truncated MAC" \ 4236 "$P_SRV trunc_hmac=1" \ 4237 "$P_CLI request_size=1 force_version=tls1_2 \ 4238 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4239 0 \ 4240 -s "Read from client: 1 bytes read" 4241 4242requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4243run_test "Small client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ 4244 "$P_SRV trunc_hmac=1" \ 4245 "$P_CLI request_size=1 force_version=tls1_2 \ 4246 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4247 0 \ 4248 -s "Read from client: 1 bytes read" 4249 4250run_test "Small client packet TLS 1.2 StreamCipher" \ 4251 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4252 "$P_CLI request_size=1 force_version=tls1_2 \ 4253 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4254 0 \ 4255 -s "Read from client: 1 bytes read" 4256 4257run_test "Small client packet TLS 1.2 StreamCipher, without EtM" \ 4258 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4259 "$P_CLI request_size=1 force_version=tls1_2 \ 4260 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4261 0 \ 4262 -s "Read from client: 1 bytes read" 4263 4264requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4265run_test "Small client packet TLS 1.2 StreamCipher, truncated MAC" \ 4266 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4267 "$P_CLI request_size=1 force_version=tls1_2 \ 4268 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4269 0 \ 4270 -s "Read from client: 1 bytes read" 4271 4272requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4273run_test "Small client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ 4274 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4275 "$P_CLI request_size=1 force_version=tls1_2 \ 4276 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 4277 0 \ 4278 -s "Read from client: 1 bytes read" 4279 4280run_test "Small client packet TLS 1.2 AEAD" \ 4281 "$P_SRV" \ 4282 "$P_CLI request_size=1 force_version=tls1_2 \ 4283 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 4284 0 \ 4285 -s "Read from client: 1 bytes read" 4286 4287run_test "Small client packet TLS 1.2 AEAD shorter tag" \ 4288 "$P_SRV" \ 4289 "$P_CLI request_size=1 force_version=tls1_2 \ 4290 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 4291 0 \ 4292 -s "Read from client: 1 bytes read" 4293 4294# Tests for small client packets in DTLS 4295 4296requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4297run_test "Small client packet DTLS 1.0" \ 4298 "$P_SRV dtls=1 force_version=dtls1" \ 4299 "$P_CLI dtls=1 request_size=1 \ 4300 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4301 0 \ 4302 -s "Read from client: 1 bytes read" 4303 4304requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4305run_test "Small client packet DTLS 1.0, without EtM" \ 4306 "$P_SRV dtls=1 force_version=dtls1 etm=0" \ 4307 "$P_CLI dtls=1 request_size=1 \ 4308 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4309 0 \ 4310 -s "Read from client: 1 bytes read" 4311 4312requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4313requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4314run_test "Small client packet DTLS 1.0, truncated hmac" \ 4315 "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1" \ 4316 "$P_CLI dtls=1 request_size=1 trunc_hmac=1 \ 4317 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4318 0 \ 4319 -s "Read from client: 1 bytes read" 4320 4321requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4322requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4323run_test "Small client packet DTLS 1.0, without EtM, truncated MAC" \ 4324 "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1 etm=0" \ 4325 "$P_CLI dtls=1 request_size=1 \ 4326 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ 4327 0 \ 4328 -s "Read from client: 1 bytes read" 4329 4330requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4331run_test "Small client packet DTLS 1.2" \ 4332 "$P_SRV dtls=1 force_version=dtls1_2" \ 4333 "$P_CLI dtls=1 request_size=1 \ 4334 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4335 0 \ 4336 -s "Read from client: 1 bytes read" 4337 4338requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4339run_test "Small client packet DTLS 1.2, without EtM" \ 4340 "$P_SRV dtls=1 force_version=dtls1_2 etm=0" \ 4341 "$P_CLI dtls=1 request_size=1 \ 4342 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4343 0 \ 4344 -s "Read from client: 1 bytes read" 4345 4346requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4347requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4348run_test "Small client packet DTLS 1.2, truncated hmac" \ 4349 "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1" \ 4350 "$P_CLI dtls=1 request_size=1 \ 4351 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4352 0 \ 4353 -s "Read from client: 1 bytes read" 4354 4355requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4356requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4357run_test "Small client packet DTLS 1.2, without EtM, truncated MAC" \ 4358 "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \ 4359 "$P_CLI dtls=1 request_size=1 \ 4360 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ 4361 0 \ 4362 -s "Read from client: 1 bytes read" 4363 4364# Tests for small server packets 4365 4366requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4367run_test "Small server packet SSLv3 BlockCipher" \ 4368 "$P_SRV response_size=1 min_version=ssl3" \ 4369 "$P_CLI force_version=ssl3 \ 4370 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4371 0 \ 4372 -c "Read from server: 1 bytes read" 4373 4374requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4375run_test "Small server packet SSLv3 StreamCipher" \ 4376 "$P_SRV response_size=1 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4377 "$P_CLI force_version=ssl3 \ 4378 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4379 0 \ 4380 -c "Read from server: 1 bytes read" 4381 4382run_test "Small server packet TLS 1.0 BlockCipher" \ 4383 "$P_SRV response_size=1" \ 4384 "$P_CLI force_version=tls1 \ 4385 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4386 0 \ 4387 -c "Read from server: 1 bytes read" 4388 4389run_test "Small server packet TLS 1.0 BlockCipher, without EtM" \ 4390 "$P_SRV response_size=1" \ 4391 "$P_CLI force_version=tls1 etm=0 \ 4392 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4393 0 \ 4394 -c "Read from server: 1 bytes read" 4395 4396requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4397run_test "Small server packet TLS 1.0 BlockCipher, truncated MAC" \ 4398 "$P_SRV response_size=1 trunc_hmac=1" \ 4399 "$P_CLI force_version=tls1 \ 4400 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4401 0 \ 4402 -c "Read from server: 1 bytes read" 4403 4404requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4405run_test "Small server packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ 4406 "$P_SRV response_size=1 trunc_hmac=1" \ 4407 "$P_CLI force_version=tls1 \ 4408 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4409 0 \ 4410 -c "Read from server: 1 bytes read" 4411 4412run_test "Small server packet TLS 1.0 StreamCipher" \ 4413 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4414 "$P_CLI force_version=tls1 \ 4415 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4416 0 \ 4417 -c "Read from server: 1 bytes read" 4418 4419run_test "Small server packet TLS 1.0 StreamCipher, without EtM" \ 4420 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4421 "$P_CLI force_version=tls1 \ 4422 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4423 0 \ 4424 -c "Read from server: 1 bytes read" 4425 4426requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4427run_test "Small server packet TLS 1.0 StreamCipher, truncated MAC" \ 4428 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4429 "$P_CLI force_version=tls1 \ 4430 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4431 0 \ 4432 -c "Read from server: 1 bytes read" 4433 4434requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4435run_test "Small server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ 4436 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4437 "$P_CLI force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ 4438 trunc_hmac=1 etm=0" \ 4439 0 \ 4440 -c "Read from server: 1 bytes read" 4441 4442run_test "Small server packet TLS 1.1 BlockCipher" \ 4443 "$P_SRV response_size=1" \ 4444 "$P_CLI force_version=tls1_1 \ 4445 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4446 0 \ 4447 -c "Read from server: 1 bytes read" 4448 4449run_test "Small server packet TLS 1.1 BlockCipher, without EtM" \ 4450 "$P_SRV response_size=1" \ 4451 "$P_CLI force_version=tls1_1 \ 4452 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 4453 0 \ 4454 -c "Read from server: 1 bytes read" 4455 4456requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4457run_test "Small server packet TLS 1.1 BlockCipher, truncated MAC" \ 4458 "$P_SRV response_size=1 trunc_hmac=1" \ 4459 "$P_CLI force_version=tls1_1 \ 4460 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4461 0 \ 4462 -c "Read from server: 1 bytes read" 4463 4464requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4465run_test "Small server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ 4466 "$P_SRV response_size=1 trunc_hmac=1" \ 4467 "$P_CLI force_version=tls1_1 \ 4468 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4469 0 \ 4470 -c "Read from server: 1 bytes read" 4471 4472run_test "Small server packet TLS 1.1 StreamCipher" \ 4473 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4474 "$P_CLI force_version=tls1_1 \ 4475 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4476 0 \ 4477 -c "Read from server: 1 bytes read" 4478 4479run_test "Small server packet TLS 1.1 StreamCipher, without EtM" \ 4480 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4481 "$P_CLI force_version=tls1_1 \ 4482 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4483 0 \ 4484 -c "Read from server: 1 bytes read" 4485 4486requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4487run_test "Small server packet TLS 1.1 StreamCipher, truncated MAC" \ 4488 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4489 "$P_CLI force_version=tls1_1 \ 4490 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4491 0 \ 4492 -c "Read from server: 1 bytes read" 4493 4494requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4495run_test "Small server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ 4496 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4497 "$P_CLI force_version=tls1_1 \ 4498 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 4499 0 \ 4500 -c "Read from server: 1 bytes read" 4501 4502run_test "Small server packet TLS 1.2 BlockCipher" \ 4503 "$P_SRV response_size=1" \ 4504 "$P_CLI force_version=tls1_2 \ 4505 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4506 0 \ 4507 -c "Read from server: 1 bytes read" 4508 4509run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \ 4510 "$P_SRV response_size=1" \ 4511 "$P_CLI force_version=tls1_2 \ 4512 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 4513 0 \ 4514 -c "Read from server: 1 bytes read" 4515 4516run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ 4517 "$P_SRV response_size=1" \ 4518 "$P_CLI force_version=tls1_2 \ 4519 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 4520 0 \ 4521 -c "Read from server: 1 bytes read" 4522 4523requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4524run_test "Small server packet TLS 1.2 BlockCipher, truncated MAC" \ 4525 "$P_SRV response_size=1 trunc_hmac=1" \ 4526 "$P_CLI force_version=tls1_2 \ 4527 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4528 0 \ 4529 -c "Read from server: 1 bytes read" 4530 4531requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4532run_test "Small server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ 4533 "$P_SRV response_size=1 trunc_hmac=1" \ 4534 "$P_CLI force_version=tls1_2 \ 4535 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4536 0 \ 4537 -c "Read from server: 1 bytes read" 4538 4539run_test "Small server packet TLS 1.2 StreamCipher" \ 4540 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4541 "$P_CLI force_version=tls1_2 \ 4542 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4543 0 \ 4544 -c "Read from server: 1 bytes read" 4545 4546run_test "Small server packet TLS 1.2 StreamCipher, without EtM" \ 4547 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4548 "$P_CLI force_version=tls1_2 \ 4549 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4550 0 \ 4551 -c "Read from server: 1 bytes read" 4552 4553requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4554run_test "Small server packet TLS 1.2 StreamCipher, truncated MAC" \ 4555 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4556 "$P_CLI force_version=tls1_2 \ 4557 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4558 0 \ 4559 -c "Read from server: 1 bytes read" 4560 4561requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4562run_test "Small server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ 4563 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4564 "$P_CLI force_version=tls1_2 \ 4565 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 4566 0 \ 4567 -c "Read from server: 1 bytes read" 4568 4569run_test "Small server packet TLS 1.2 AEAD" \ 4570 "$P_SRV response_size=1" \ 4571 "$P_CLI force_version=tls1_2 \ 4572 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 4573 0 \ 4574 -c "Read from server: 1 bytes read" 4575 4576run_test "Small server packet TLS 1.2 AEAD shorter tag" \ 4577 "$P_SRV response_size=1" \ 4578 "$P_CLI force_version=tls1_2 \ 4579 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 4580 0 \ 4581 -c "Read from server: 1 bytes read" 4582 4583# Tests for small server packets in DTLS 4584 4585requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4586run_test "Small server packet DTLS 1.0" \ 4587 "$P_SRV dtls=1 response_size=1 force_version=dtls1" \ 4588 "$P_CLI dtls=1 \ 4589 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4590 0 \ 4591 -c "Read from server: 1 bytes read" 4592 4593requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4594run_test "Small server packet DTLS 1.0, without EtM" \ 4595 "$P_SRV dtls=1 response_size=1 force_version=dtls1 etm=0" \ 4596 "$P_CLI dtls=1 \ 4597 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4598 0 \ 4599 -c "Read from server: 1 bytes read" 4600 4601requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4602requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4603run_test "Small server packet DTLS 1.0, truncated hmac" \ 4604 "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1" \ 4605 "$P_CLI dtls=1 trunc_hmac=1 \ 4606 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4607 0 \ 4608 -c "Read from server: 1 bytes read" 4609 4610requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4611requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4612run_test "Small server packet DTLS 1.0, without EtM, truncated MAC" \ 4613 "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1 etm=0" \ 4614 "$P_CLI dtls=1 \ 4615 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ 4616 0 \ 4617 -c "Read from server: 1 bytes read" 4618 4619requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4620run_test "Small server packet DTLS 1.2" \ 4621 "$P_SRV dtls=1 response_size=1 force_version=dtls1_2" \ 4622 "$P_CLI dtls=1 \ 4623 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4624 0 \ 4625 -c "Read from server: 1 bytes read" 4626 4627requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4628run_test "Small server packet DTLS 1.2, without EtM" \ 4629 "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 etm=0" \ 4630 "$P_CLI dtls=1 \ 4631 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4632 0 \ 4633 -c "Read from server: 1 bytes read" 4634 4635requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4636requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4637run_test "Small server packet DTLS 1.2, truncated hmac" \ 4638 "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1" \ 4639 "$P_CLI dtls=1 \ 4640 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4641 0 \ 4642 -c "Read from server: 1 bytes read" 4643 4644requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4645requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4646run_test "Small server packet DTLS 1.2, without EtM, truncated MAC" \ 4647 "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \ 4648 "$P_CLI dtls=1 \ 4649 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ 4650 0 \ 4651 -c "Read from server: 1 bytes read" 4652 4653# A test for extensions in SSLv3 4654 4655requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4656run_test "SSLv3 with extensions, server side" \ 4657 "$P_SRV min_version=ssl3 debug_level=3" \ 4658 "$P_CLI force_version=ssl3 tickets=1 max_frag_len=4096 alpn=abc,1234" \ 4659 0 \ 4660 -S "dumping 'client hello extensions'" \ 4661 -S "server hello, total extension length:" 4662 4663# Test for large client packets 4664 4665# How many fragments do we expect to write $1 bytes? 4666fragments_for_write() { 4667 echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))" 4668} 4669 4670requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4671run_test "Large client packet SSLv3 BlockCipher" \ 4672 "$P_SRV min_version=ssl3" \ 4673 "$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \ 4674 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4675 0 \ 4676 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4677 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4678 4679requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4680run_test "Large client packet SSLv3 StreamCipher" \ 4681 "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4682 "$P_CLI request_size=16384 force_version=ssl3 \ 4683 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4684 0 \ 4685 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4686 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4687 4688run_test "Large client packet TLS 1.0 BlockCipher" \ 4689 "$P_SRV" \ 4690 "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \ 4691 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4692 0 \ 4693 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4694 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4695 4696run_test "Large client packet TLS 1.0 BlockCipher, without EtM" \ 4697 "$P_SRV" \ 4698 "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \ 4699 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4700 0 \ 4701 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4702 4703requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4704run_test "Large client packet TLS 1.0 BlockCipher, truncated MAC" \ 4705 "$P_SRV trunc_hmac=1" \ 4706 "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \ 4707 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4708 0 \ 4709 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4710 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4711 4712requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4713run_test "Large client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ 4714 "$P_SRV trunc_hmac=1" \ 4715 "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \ 4716 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4717 0 \ 4718 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4719 4720run_test "Large client packet TLS 1.0 StreamCipher" \ 4721 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4722 "$P_CLI request_size=16384 force_version=tls1 \ 4723 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4724 0 \ 4725 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4726 4727run_test "Large client packet TLS 1.0 StreamCipher, without EtM" \ 4728 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4729 "$P_CLI request_size=16384 force_version=tls1 \ 4730 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4731 0 \ 4732 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4733 4734requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4735run_test "Large client packet TLS 1.0 StreamCipher, truncated MAC" \ 4736 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4737 "$P_CLI request_size=16384 force_version=tls1 \ 4738 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4739 0 \ 4740 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4741 4742requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4743run_test "Large client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ 4744 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4745 "$P_CLI request_size=16384 force_version=tls1 \ 4746 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 4747 0 \ 4748 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4749 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4750 4751run_test "Large client packet TLS 1.1 BlockCipher" \ 4752 "$P_SRV" \ 4753 "$P_CLI request_size=16384 force_version=tls1_1 \ 4754 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4755 0 \ 4756 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4757 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4758 4759run_test "Large client packet TLS 1.1 BlockCipher, without EtM" \ 4760 "$P_SRV" \ 4761 "$P_CLI request_size=16384 force_version=tls1_1 etm=0 \ 4762 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4763 0 \ 4764 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4765 4766requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4767run_test "Large client packet TLS 1.1 BlockCipher, truncated MAC" \ 4768 "$P_SRV trunc_hmac=1" \ 4769 "$P_CLI request_size=16384 force_version=tls1_1 \ 4770 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4771 0 \ 4772 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4773 4774requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4775run_test "Large client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ 4776 "$P_SRV trunc_hmac=1" \ 4777 "$P_CLI request_size=16384 force_version=tls1_1 \ 4778 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4779 0 \ 4780 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4781 4782run_test "Large client packet TLS 1.1 StreamCipher" \ 4783 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4784 "$P_CLI request_size=16384 force_version=tls1_1 \ 4785 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4786 0 \ 4787 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4788 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4789 4790run_test "Large client packet TLS 1.1 StreamCipher, without EtM" \ 4791 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4792 "$P_CLI request_size=16384 force_version=tls1_1 \ 4793 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4794 0 \ 4795 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4796 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4797 4798requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4799run_test "Large client packet TLS 1.1 StreamCipher, truncated MAC" \ 4800 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4801 "$P_CLI request_size=16384 force_version=tls1_1 \ 4802 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4803 0 \ 4804 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4805 4806requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4807run_test "Large client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ 4808 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4809 "$P_CLI request_size=16384 force_version=tls1_1 \ 4810 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 4811 0 \ 4812 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4813 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4814 4815run_test "Large client packet TLS 1.2 BlockCipher" \ 4816 "$P_SRV" \ 4817 "$P_CLI request_size=16384 force_version=tls1_2 \ 4818 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4819 0 \ 4820 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4821 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4822 4823run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \ 4824 "$P_SRV" \ 4825 "$P_CLI request_size=16384 force_version=tls1_2 etm=0 \ 4826 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4827 0 \ 4828 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4829 4830run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ 4831 "$P_SRV" \ 4832 "$P_CLI request_size=16384 force_version=tls1_2 \ 4833 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 4834 0 \ 4835 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4836 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4837 4838requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4839run_test "Large client packet TLS 1.2 BlockCipher, truncated MAC" \ 4840 "$P_SRV trunc_hmac=1" \ 4841 "$P_CLI request_size=16384 force_version=tls1_2 \ 4842 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4843 0 \ 4844 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4845 4846requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4847run_test "Large client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ 4848 "$P_SRV trunc_hmac=1" \ 4849 "$P_CLI request_size=16384 force_version=tls1_2 \ 4850 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4851 0 \ 4852 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4853 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4854 4855run_test "Large client packet TLS 1.2 StreamCipher" \ 4856 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4857 "$P_CLI request_size=16384 force_version=tls1_2 \ 4858 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4859 0 \ 4860 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4861 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4862 4863run_test "Large client packet TLS 1.2 StreamCipher, without EtM" \ 4864 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4865 "$P_CLI request_size=16384 force_version=tls1_2 \ 4866 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4867 0 \ 4868 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4869 4870requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4871run_test "Large client packet TLS 1.2 StreamCipher, truncated MAC" \ 4872 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4873 "$P_CLI request_size=16384 force_version=tls1_2 \ 4874 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4875 0 \ 4876 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4877 4878requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4879run_test "Large client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ 4880 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4881 "$P_CLI request_size=16384 force_version=tls1_2 \ 4882 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 4883 0 \ 4884 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4885 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4886 4887run_test "Large client packet TLS 1.2 AEAD" \ 4888 "$P_SRV" \ 4889 "$P_CLI request_size=16384 force_version=tls1_2 \ 4890 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 4891 0 \ 4892 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4893 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4894 4895run_test "Large client packet TLS 1.2 AEAD shorter tag" \ 4896 "$P_SRV" \ 4897 "$P_CLI request_size=16384 force_version=tls1_2 \ 4898 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 4899 0 \ 4900 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4901 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4902 4903# Test for large server packets 4904requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4905run_test "Large server packet SSLv3 StreamCipher" \ 4906 "$P_SRV response_size=16384 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4907 "$P_CLI force_version=ssl3 \ 4908 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4909 0 \ 4910 -c "Read from server: 16384 bytes read" 4911 4912# Checking next 4 tests logs for 1n-1 split against BEAST too 4913requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4914run_test "Large server packet SSLv3 BlockCipher" \ 4915 "$P_SRV response_size=16384 min_version=ssl3" \ 4916 "$P_CLI force_version=ssl3 recsplit=0 \ 4917 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4918 0 \ 4919 -c "Read from server: 1 bytes read"\ 4920 -c "16383 bytes read"\ 4921 -C "Read from server: 16384 bytes read" 4922 4923run_test "Large server packet TLS 1.0 BlockCipher" \ 4924 "$P_SRV response_size=16384" \ 4925 "$P_CLI force_version=tls1 recsplit=0 \ 4926 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4927 0 \ 4928 -c "Read from server: 1 bytes read"\ 4929 -c "16383 bytes read"\ 4930 -C "Read from server: 16384 bytes read" 4931 4932run_test "Large server packet TLS 1.0 BlockCipher, without EtM" \ 4933 "$P_SRV response_size=16384" \ 4934 "$P_CLI force_version=tls1 etm=0 recsplit=0 \ 4935 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4936 0 \ 4937 -c "Read from server: 1 bytes read"\ 4938 -c "16383 bytes read"\ 4939 -C "Read from server: 16384 bytes read" 4940 4941requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4942run_test "Large server packet TLS 1.0 BlockCipher truncated MAC" \ 4943 "$P_SRV response_size=16384" \ 4944 "$P_CLI force_version=tls1 recsplit=0 \ 4945 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ 4946 trunc_hmac=1" \ 4947 0 \ 4948 -c "Read from server: 1 bytes read"\ 4949 -c "16383 bytes read"\ 4950 -C "Read from server: 16384 bytes read" 4951 4952requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4953run_test "Large server packet TLS 1.0 StreamCipher truncated MAC" \ 4954 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4955 "$P_CLI force_version=tls1 \ 4956 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ 4957 trunc_hmac=1" \ 4958 0 \ 4959 -s "16384 bytes written in 1 fragments" \ 4960 -c "Read from server: 16384 bytes read" 4961 4962run_test "Large server packet TLS 1.0 StreamCipher" \ 4963 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4964 "$P_CLI force_version=tls1 \ 4965 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4966 0 \ 4967 -s "16384 bytes written in 1 fragments" \ 4968 -c "Read from server: 16384 bytes read" 4969 4970run_test "Large server packet TLS 1.0 StreamCipher, without EtM" \ 4971 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4972 "$P_CLI force_version=tls1 \ 4973 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4974 0 \ 4975 -s "16384 bytes written in 1 fragments" \ 4976 -c "Read from server: 16384 bytes read" 4977 4978requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4979run_test "Large server packet TLS 1.0 StreamCipher, truncated MAC" \ 4980 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4981 "$P_CLI force_version=tls1 \ 4982 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4983 0 \ 4984 -s "16384 bytes written in 1 fragments" \ 4985 -c "Read from server: 16384 bytes read" 4986 4987requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4988run_test "Large server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ 4989 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4990 "$P_CLI force_version=tls1 \ 4991 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 4992 0 \ 4993 -s "16384 bytes written in 1 fragments" \ 4994 -c "Read from server: 16384 bytes read" 4995 4996run_test "Large server packet TLS 1.1 BlockCipher" \ 4997 "$P_SRV response_size=16384" \ 4998 "$P_CLI force_version=tls1_1 \ 4999 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5000 0 \ 5001 -c "Read from server: 16384 bytes read" 5002 5003run_test "Large server packet TLS 1.1 BlockCipher, without EtM" \ 5004 "$P_SRV response_size=16384" \ 5005 "$P_CLI force_version=tls1_1 etm=0 \ 5006 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5007 0 \ 5008 -s "16384 bytes written in 1 fragments" \ 5009 -c "Read from server: 16384 bytes read" 5010 5011requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5012run_test "Large server packet TLS 1.1 BlockCipher truncated MAC" \ 5013 "$P_SRV response_size=16384" \ 5014 "$P_CLI force_version=tls1_1 \ 5015 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ 5016 trunc_hmac=1" \ 5017 0 \ 5018 -c "Read from server: 16384 bytes read" 5019 5020requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5021run_test "Large server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ 5022 "$P_SRV response_size=16384 trunc_hmac=1" \ 5023 "$P_CLI force_version=tls1_1 \ 5024 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 5025 0 \ 5026 -s "16384 bytes written in 1 fragments" \ 5027 -c "Read from server: 16384 bytes read" 5028 5029run_test "Large server packet TLS 1.1 StreamCipher" \ 5030 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5031 "$P_CLI force_version=tls1_1 \ 5032 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5033 0 \ 5034 -c "Read from server: 16384 bytes read" 5035 5036run_test "Large server packet TLS 1.1 StreamCipher, without EtM" \ 5037 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5038 "$P_CLI force_version=tls1_1 \ 5039 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 5040 0 \ 5041 -s "16384 bytes written in 1 fragments" \ 5042 -c "Read from server: 16384 bytes read" 5043 5044requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5045run_test "Large server packet TLS 1.1 StreamCipher truncated MAC" \ 5046 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5047 "$P_CLI force_version=tls1_1 \ 5048 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ 5049 trunc_hmac=1" \ 5050 0 \ 5051 -c "Read from server: 16384 bytes read" 5052 5053run_test "Large server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ 5054 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5055 "$P_CLI force_version=tls1_1 \ 5056 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 5057 0 \ 5058 -s "16384 bytes written in 1 fragments" \ 5059 -c "Read from server: 16384 bytes read" 5060 5061run_test "Large server packet TLS 1.2 BlockCipher" \ 5062 "$P_SRV response_size=16384" \ 5063 "$P_CLI force_version=tls1_2 \ 5064 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5065 0 \ 5066 -c "Read from server: 16384 bytes read" 5067 5068run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \ 5069 "$P_SRV response_size=16384" \ 5070 "$P_CLI force_version=tls1_2 etm=0 \ 5071 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5072 0 \ 5073 -s "16384 bytes written in 1 fragments" \ 5074 -c "Read from server: 16384 bytes read" 5075 5076run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ 5077 "$P_SRV response_size=16384" \ 5078 "$P_CLI force_version=tls1_2 \ 5079 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 5080 0 \ 5081 -c "Read from server: 16384 bytes read" 5082 5083requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5084run_test "Large server packet TLS 1.2 BlockCipher truncated MAC" \ 5085 "$P_SRV response_size=16384" \ 5086 "$P_CLI force_version=tls1_2 \ 5087 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ 5088 trunc_hmac=1" \ 5089 0 \ 5090 -c "Read from server: 16384 bytes read" 5091 5092run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ 5093 "$P_SRV response_size=16384 trunc_hmac=1" \ 5094 "$P_CLI force_version=tls1_2 \ 5095 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 5096 0 \ 5097 -s "16384 bytes written in 1 fragments" \ 5098 -c "Read from server: 16384 bytes read" 5099 5100run_test "Large server packet TLS 1.2 StreamCipher" \ 5101 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5102 "$P_CLI force_version=tls1_2 \ 5103 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5104 0 \ 5105 -s "16384 bytes written in 1 fragments" \ 5106 -c "Read from server: 16384 bytes read" 5107 5108run_test "Large server packet TLS 1.2 StreamCipher, without EtM" \ 5109 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5110 "$P_CLI force_version=tls1_2 \ 5111 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 5112 0 \ 5113 -s "16384 bytes written in 1 fragments" \ 5114 -c "Read from server: 16384 bytes read" 5115 5116requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5117run_test "Large server packet TLS 1.2 StreamCipher truncated MAC" \ 5118 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5119 "$P_CLI force_version=tls1_2 \ 5120 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ 5121 trunc_hmac=1" \ 5122 0 \ 5123 -c "Read from server: 16384 bytes read" 5124 5125requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5126run_test "Large server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ 5127 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5128 "$P_CLI force_version=tls1_2 \ 5129 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 5130 0 \ 5131 -s "16384 bytes written in 1 fragments" \ 5132 -c "Read from server: 16384 bytes read" 5133 5134run_test "Large server packet TLS 1.2 AEAD" \ 5135 "$P_SRV response_size=16384" \ 5136 "$P_CLI force_version=tls1_2 \ 5137 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 5138 0 \ 5139 -c "Read from server: 16384 bytes read" 5140 5141run_test "Large server packet TLS 1.2 AEAD shorter tag" \ 5142 "$P_SRV response_size=16384" \ 5143 "$P_CLI force_version=tls1_2 \ 5144 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 5145 0 \ 5146 -c "Read from server: 16384 bytes read" 5147 5148# Tests for restartable ECC 5149 5150requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5151run_test "EC restart: TLS, default" \ 5152 "$P_SRV auth_mode=required" \ 5153 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5154 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5155 debug_level=1" \ 5156 0 \ 5157 -C "x509_verify_cert.*4b00" \ 5158 -C "mbedtls_pk_verify.*4b00" \ 5159 -C "mbedtls_ecdh_make_public.*4b00" \ 5160 -C "mbedtls_pk_sign.*4b00" 5161 5162requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5163run_test "EC restart: TLS, max_ops=0" \ 5164 "$P_SRV auth_mode=required" \ 5165 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5166 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5167 debug_level=1 ec_max_ops=0" \ 5168 0 \ 5169 -C "x509_verify_cert.*4b00" \ 5170 -C "mbedtls_pk_verify.*4b00" \ 5171 -C "mbedtls_ecdh_make_public.*4b00" \ 5172 -C "mbedtls_pk_sign.*4b00" 5173 5174requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5175run_test "EC restart: TLS, max_ops=65535" \ 5176 "$P_SRV auth_mode=required" \ 5177 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5178 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5179 debug_level=1 ec_max_ops=65535" \ 5180 0 \ 5181 -C "x509_verify_cert.*4b00" \ 5182 -C "mbedtls_pk_verify.*4b00" \ 5183 -C "mbedtls_ecdh_make_public.*4b00" \ 5184 -C "mbedtls_pk_sign.*4b00" 5185 5186requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5187run_test "EC restart: TLS, max_ops=1000" \ 5188 "$P_SRV auth_mode=required" \ 5189 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5190 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5191 debug_level=1 ec_max_ops=1000" \ 5192 0 \ 5193 -c "x509_verify_cert.*4b00" \ 5194 -c "mbedtls_pk_verify.*4b00" \ 5195 -c "mbedtls_ecdh_make_public.*4b00" \ 5196 -c "mbedtls_pk_sign.*4b00" 5197 5198requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5199run_test "EC restart: TLS, max_ops=1000, badsign" \ 5200 "$P_SRV auth_mode=required \ 5201 crt_file=data_files/server5-badsign.crt \ 5202 key_file=data_files/server5.key" \ 5203 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5204 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5205 debug_level=1 ec_max_ops=1000" \ 5206 1 \ 5207 -c "x509_verify_cert.*4b00" \ 5208 -C "mbedtls_pk_verify.*4b00" \ 5209 -C "mbedtls_ecdh_make_public.*4b00" \ 5210 -C "mbedtls_pk_sign.*4b00" \ 5211 -c "! The certificate is not correctly signed by the trusted CA" \ 5212 -c "! mbedtls_ssl_handshake returned" \ 5213 -c "X509 - Certificate verification failed" 5214 5215requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5216run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ 5217 "$P_SRV auth_mode=required \ 5218 crt_file=data_files/server5-badsign.crt \ 5219 key_file=data_files/server5.key" \ 5220 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5221 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5222 debug_level=1 ec_max_ops=1000 auth_mode=optional" \ 5223 0 \ 5224 -c "x509_verify_cert.*4b00" \ 5225 -c "mbedtls_pk_verify.*4b00" \ 5226 -c "mbedtls_ecdh_make_public.*4b00" \ 5227 -c "mbedtls_pk_sign.*4b00" \ 5228 -c "! The certificate is not correctly signed by the trusted CA" \ 5229 -C "! mbedtls_ssl_handshake returned" \ 5230 -C "X509 - Certificate verification failed" 5231 5232requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5233run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ 5234 "$P_SRV auth_mode=required \ 5235 crt_file=data_files/server5-badsign.crt \ 5236 key_file=data_files/server5.key" \ 5237 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5238 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5239 debug_level=1 ec_max_ops=1000 auth_mode=none" \ 5240 0 \ 5241 -C "x509_verify_cert.*4b00" \ 5242 -c "mbedtls_pk_verify.*4b00" \ 5243 -c "mbedtls_ecdh_make_public.*4b00" \ 5244 -c "mbedtls_pk_sign.*4b00" \ 5245 -C "! The certificate is not correctly signed by the trusted CA" \ 5246 -C "! mbedtls_ssl_handshake returned" \ 5247 -C "X509 - Certificate verification failed" 5248 5249requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5250run_test "EC restart: DTLS, max_ops=1000" \ 5251 "$P_SRV auth_mode=required dtls=1" \ 5252 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5253 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5254 dtls=1 debug_level=1 ec_max_ops=1000" \ 5255 0 \ 5256 -c "x509_verify_cert.*4b00" \ 5257 -c "mbedtls_pk_verify.*4b00" \ 5258 -c "mbedtls_ecdh_make_public.*4b00" \ 5259 -c "mbedtls_pk_sign.*4b00" 5260 5261requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5262run_test "EC restart: TLS, max_ops=1000 no client auth" \ 5263 "$P_SRV" \ 5264 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5265 debug_level=1 ec_max_ops=1000" \ 5266 0 \ 5267 -c "x509_verify_cert.*4b00" \ 5268 -c "mbedtls_pk_verify.*4b00" \ 5269 -c "mbedtls_ecdh_make_public.*4b00" \ 5270 -C "mbedtls_pk_sign.*4b00" 5271 5272requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5273run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \ 5274 "$P_SRV psk=abc123" \ 5275 "$P_CLI force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ 5276 psk=abc123 debug_level=1 ec_max_ops=1000" \ 5277 0 \ 5278 -C "x509_verify_cert.*4b00" \ 5279 -C "mbedtls_pk_verify.*4b00" \ 5280 -C "mbedtls_ecdh_make_public.*4b00" \ 5281 -C "mbedtls_pk_sign.*4b00" 5282 5283# Tests of asynchronous private key support in SSL 5284 5285requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5286run_test "SSL async private: sign, delay=0" \ 5287 "$P_SRV \ 5288 async_operations=s async_private_delay1=0 async_private_delay2=0" \ 5289 "$P_CLI" \ 5290 0 \ 5291 -s "Async sign callback: using key slot " \ 5292 -s "Async resume (slot [0-9]): sign done, status=0" 5293 5294requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5295run_test "SSL async private: sign, delay=1" \ 5296 "$P_SRV \ 5297 async_operations=s async_private_delay1=1 async_private_delay2=1" \ 5298 "$P_CLI" \ 5299 0 \ 5300 -s "Async sign callback: using key slot " \ 5301 -s "Async resume (slot [0-9]): call 0 more times." \ 5302 -s "Async resume (slot [0-9]): sign done, status=0" 5303 5304requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5305run_test "SSL async private: sign, delay=2" \ 5306 "$P_SRV \ 5307 async_operations=s async_private_delay1=2 async_private_delay2=2" \ 5308 "$P_CLI" \ 5309 0 \ 5310 -s "Async sign callback: using key slot " \ 5311 -U "Async sign callback: using key slot " \ 5312 -s "Async resume (slot [0-9]): call 1 more times." \ 5313 -s "Async resume (slot [0-9]): call 0 more times." \ 5314 -s "Async resume (slot [0-9]): sign done, status=0" 5315 5316# Test that the async callback correctly signs the 36-byte hash of TLS 1.0/1.1 5317# with RSA PKCS#1v1.5 as used in TLS 1.0/1.1. 5318requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5319requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 5320run_test "SSL async private: sign, RSA, TLS 1.1" \ 5321 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt \ 5322 async_operations=s async_private_delay1=0 async_private_delay2=0" \ 5323 "$P_CLI force_version=tls1_1" \ 5324 0 \ 5325 -s "Async sign callback: using key slot " \ 5326 -s "Async resume (slot [0-9]): sign done, status=0" 5327 5328requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5329run_test "SSL async private: sign, SNI" \ 5330 "$P_SRV debug_level=3 \ 5331 async_operations=s async_private_delay1=0 async_private_delay2=0 \ 5332 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 5333 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 5334 "$P_CLI server_name=polarssl.example" \ 5335 0 \ 5336 -s "Async sign callback: using key slot " \ 5337 -s "Async resume (slot [0-9]): sign done, status=0" \ 5338 -s "parse ServerName extension" \ 5339 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 5340 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" 5341 5342requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5343run_test "SSL async private: decrypt, delay=0" \ 5344 "$P_SRV \ 5345 async_operations=d async_private_delay1=0 async_private_delay2=0" \ 5346 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5347 0 \ 5348 -s "Async decrypt callback: using key slot " \ 5349 -s "Async resume (slot [0-9]): decrypt done, status=0" 5350 5351requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5352run_test "SSL async private: decrypt, delay=1" \ 5353 "$P_SRV \ 5354 async_operations=d async_private_delay1=1 async_private_delay2=1" \ 5355 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5356 0 \ 5357 -s "Async decrypt callback: using key slot " \ 5358 -s "Async resume (slot [0-9]): call 0 more times." \ 5359 -s "Async resume (slot [0-9]): decrypt done, status=0" 5360 5361requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5362run_test "SSL async private: decrypt RSA-PSK, delay=0" \ 5363 "$P_SRV psk=abc123 \ 5364 async_operations=d async_private_delay1=0 async_private_delay2=0" \ 5365 "$P_CLI psk=abc123 \ 5366 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \ 5367 0 \ 5368 -s "Async decrypt callback: using key slot " \ 5369 -s "Async resume (slot [0-9]): decrypt done, status=0" 5370 5371requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5372run_test "SSL async private: decrypt RSA-PSK, delay=1" \ 5373 "$P_SRV psk=abc123 \ 5374 async_operations=d async_private_delay1=1 async_private_delay2=1" \ 5375 "$P_CLI psk=abc123 \ 5376 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \ 5377 0 \ 5378 -s "Async decrypt callback: using key slot " \ 5379 -s "Async resume (slot [0-9]): call 0 more times." \ 5380 -s "Async resume (slot [0-9]): decrypt done, status=0" 5381 5382requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5383run_test "SSL async private: sign callback not present" \ 5384 "$P_SRV \ 5385 async_operations=d async_private_delay1=1 async_private_delay2=1" \ 5386 "$P_CLI; [ \$? -eq 1 ] && 5387 $P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5388 0 \ 5389 -S "Async sign callback" \ 5390 -s "! mbedtls_ssl_handshake returned" \ 5391 -s "The own private key or pre-shared key is not set, but needed" \ 5392 -s "Async resume (slot [0-9]): decrypt done, status=0" \ 5393 -s "Successful connection" 5394 5395requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5396run_test "SSL async private: decrypt callback not present" \ 5397 "$P_SRV debug_level=1 \ 5398 async_operations=s async_private_delay1=1 async_private_delay2=1" \ 5399 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA; 5400 [ \$? -eq 1 ] && $P_CLI" \ 5401 0 \ 5402 -S "Async decrypt callback" \ 5403 -s "! mbedtls_ssl_handshake returned" \ 5404 -s "got no RSA private key" \ 5405 -s "Async resume (slot [0-9]): sign done, status=0" \ 5406 -s "Successful connection" 5407 5408# key1: ECDSA, key2: RSA; use key1 from slot 0 5409requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5410run_test "SSL async private: slot 0 used with key1" \ 5411 "$P_SRV \ 5412 async_operations=s async_private_delay1=1 \ 5413 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5414 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 5415 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 5416 0 \ 5417 -s "Async sign callback: using key slot 0," \ 5418 -s "Async resume (slot 0): call 0 more times." \ 5419 -s "Async resume (slot 0): sign done, status=0" 5420 5421# key1: ECDSA, key2: RSA; use key2 from slot 0 5422requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5423run_test "SSL async private: slot 0 used with key2" \ 5424 "$P_SRV \ 5425 async_operations=s async_private_delay2=1 \ 5426 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5427 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 5428 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 5429 0 \ 5430 -s "Async sign callback: using key slot 0," \ 5431 -s "Async resume (slot 0): call 0 more times." \ 5432 -s "Async resume (slot 0): sign done, status=0" 5433 5434# key1: ECDSA, key2: RSA; use key2 from slot 1 5435requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5436run_test "SSL async private: slot 1 used with key2" \ 5437 "$P_SRV \ 5438 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5439 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5440 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 5441 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 5442 0 \ 5443 -s "Async sign callback: using key slot 1," \ 5444 -s "Async resume (slot 1): call 0 more times." \ 5445 -s "Async resume (slot 1): sign done, status=0" 5446 5447# key1: ECDSA, key2: RSA; use key2 directly 5448requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5449run_test "SSL async private: fall back to transparent key" \ 5450 "$P_SRV \ 5451 async_operations=s async_private_delay1=1 \ 5452 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5453 key_file2=data_files/server2.key crt_file2=data_files/server2.crt " \ 5454 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 5455 0 \ 5456 -s "Async sign callback: no key matches this certificate." 5457 5458requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5459run_test "SSL async private: sign, error in start" \ 5460 "$P_SRV \ 5461 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5462 async_private_error=1" \ 5463 "$P_CLI" \ 5464 1 \ 5465 -s "Async sign callback: injected error" \ 5466 -S "Async resume" \ 5467 -S "Async cancel" \ 5468 -s "! mbedtls_ssl_handshake returned" 5469 5470requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5471run_test "SSL async private: sign, cancel after start" \ 5472 "$P_SRV \ 5473 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5474 async_private_error=2" \ 5475 "$P_CLI" \ 5476 1 \ 5477 -s "Async sign callback: using key slot " \ 5478 -S "Async resume" \ 5479 -s "Async cancel" 5480 5481requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5482run_test "SSL async private: sign, error in resume" \ 5483 "$P_SRV \ 5484 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5485 async_private_error=3" \ 5486 "$P_CLI" \ 5487 1 \ 5488 -s "Async sign callback: using key slot " \ 5489 -s "Async resume callback: sign done but injected error" \ 5490 -S "Async cancel" \ 5491 -s "! mbedtls_ssl_handshake returned" 5492 5493requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5494run_test "SSL async private: decrypt, error in start" \ 5495 "$P_SRV \ 5496 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 5497 async_private_error=1" \ 5498 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5499 1 \ 5500 -s "Async decrypt callback: injected error" \ 5501 -S "Async resume" \ 5502 -S "Async cancel" \ 5503 -s "! mbedtls_ssl_handshake returned" 5504 5505requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5506run_test "SSL async private: decrypt, cancel after start" \ 5507 "$P_SRV \ 5508 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 5509 async_private_error=2" \ 5510 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5511 1 \ 5512 -s "Async decrypt callback: using key slot " \ 5513 -S "Async resume" \ 5514 -s "Async cancel" 5515 5516requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5517run_test "SSL async private: decrypt, error in resume" \ 5518 "$P_SRV \ 5519 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 5520 async_private_error=3" \ 5521 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5522 1 \ 5523 -s "Async decrypt callback: using key slot " \ 5524 -s "Async resume callback: decrypt done but injected error" \ 5525 -S "Async cancel" \ 5526 -s "! mbedtls_ssl_handshake returned" 5527 5528requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5529run_test "SSL async private: cancel after start then operate correctly" \ 5530 "$P_SRV \ 5531 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5532 async_private_error=-2" \ 5533 "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \ 5534 0 \ 5535 -s "Async cancel" \ 5536 -s "! mbedtls_ssl_handshake returned" \ 5537 -s "Async resume" \ 5538 -s "Successful connection" 5539 5540requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5541run_test "SSL async private: error in resume then operate correctly" \ 5542 "$P_SRV \ 5543 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5544 async_private_error=-3" \ 5545 "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \ 5546 0 \ 5547 -s "! mbedtls_ssl_handshake returned" \ 5548 -s "Async resume" \ 5549 -s "Successful connection" 5550 5551# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly 5552requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5553run_test "SSL async private: cancel after start then fall back to transparent key" \ 5554 "$P_SRV \ 5555 async_operations=s async_private_delay1=1 async_private_error=-2 \ 5556 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5557 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 5558 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256; 5559 [ \$? -eq 1 ] && 5560 $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 5561 0 \ 5562 -s "Async sign callback: using key slot 0" \ 5563 -S "Async resume" \ 5564 -s "Async cancel" \ 5565 -s "! mbedtls_ssl_handshake returned" \ 5566 -s "Async sign callback: no key matches this certificate." \ 5567 -s "Successful connection" 5568 5569# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly 5570requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5571run_test "SSL async private: sign, error in resume then fall back to transparent key" \ 5572 "$P_SRV \ 5573 async_operations=s async_private_delay1=1 async_private_error=-3 \ 5574 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5575 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 5576 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256; 5577 [ \$? -eq 1 ] && 5578 $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 5579 0 \ 5580 -s "Async resume" \ 5581 -s "! mbedtls_ssl_handshake returned" \ 5582 -s "Async sign callback: no key matches this certificate." \ 5583 -s "Successful connection" 5584 5585requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5586requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5587run_test "SSL async private: renegotiation: client-initiated; sign" \ 5588 "$P_SRV \ 5589 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5590 exchanges=2 renegotiation=1" \ 5591 "$P_CLI exchanges=2 renegotiation=1 renegotiate=1" \ 5592 0 \ 5593 -s "Async sign callback: using key slot " \ 5594 -s "Async resume (slot [0-9]): sign done, status=0" 5595 5596requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5597requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5598run_test "SSL async private: renegotiation: server-initiated; sign" \ 5599 "$P_SRV \ 5600 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5601 exchanges=2 renegotiation=1 renegotiate=1" \ 5602 "$P_CLI exchanges=2 renegotiation=1" \ 5603 0 \ 5604 -s "Async sign callback: using key slot " \ 5605 -s "Async resume (slot [0-9]): sign done, status=0" 5606 5607requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5608requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5609run_test "SSL async private: renegotiation: client-initiated; decrypt" \ 5610 "$P_SRV \ 5611 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 5612 exchanges=2 renegotiation=1" \ 5613 "$P_CLI exchanges=2 renegotiation=1 renegotiate=1 \ 5614 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5615 0 \ 5616 -s "Async decrypt callback: using key slot " \ 5617 -s "Async resume (slot [0-9]): decrypt done, status=0" 5618 5619requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5620requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5621run_test "SSL async private: renegotiation: server-initiated; decrypt" \ 5622 "$P_SRV \ 5623 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 5624 exchanges=2 renegotiation=1 renegotiate=1" \ 5625 "$P_CLI exchanges=2 renegotiation=1 \ 5626 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5627 0 \ 5628 -s "Async decrypt callback: using key slot " \ 5629 -s "Async resume (slot [0-9]): decrypt done, status=0" 5630 5631# Tests for ECC extensions (rfc 4492) 5632 5633requires_config_enabled MBEDTLS_AES_C 5634requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 5635requires_config_enabled MBEDTLS_SHA256_C 5636requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 5637run_test "Force a non ECC ciphersuite in the client side" \ 5638 "$P_SRV debug_level=3" \ 5639 "$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ 5640 0 \ 5641 -C "client hello, adding supported_elliptic_curves extension" \ 5642 -C "client hello, adding supported_point_formats extension" \ 5643 -S "found supported elliptic curves extension" \ 5644 -S "found supported point formats extension" 5645 5646requires_config_enabled MBEDTLS_AES_C 5647requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 5648requires_config_enabled MBEDTLS_SHA256_C 5649requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 5650run_test "Force a non ECC ciphersuite in the server side" \ 5651 "$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ 5652 "$P_CLI debug_level=3" \ 5653 0 \ 5654 -C "found supported_point_formats extension" \ 5655 -S "server hello, supported_point_formats extension" 5656 5657requires_config_enabled MBEDTLS_AES_C 5658requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 5659requires_config_enabled MBEDTLS_SHA256_C 5660requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 5661run_test "Force an ECC ciphersuite in the client side" \ 5662 "$P_SRV debug_level=3" \ 5663 "$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 5664 0 \ 5665 -c "client hello, adding supported_elliptic_curves extension" \ 5666 -c "client hello, adding supported_point_formats extension" \ 5667 -s "found supported elliptic curves extension" \ 5668 -s "found supported point formats extension" 5669 5670requires_config_enabled MBEDTLS_AES_C 5671requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 5672requires_config_enabled MBEDTLS_SHA256_C 5673requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 5674run_test "Force an ECC ciphersuite in the server side" \ 5675 "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 5676 "$P_CLI debug_level=3" \ 5677 0 \ 5678 -c "found supported_point_formats extension" \ 5679 -s "server hello, supported_point_formats extension" 5680 5681# Tests for DTLS HelloVerifyRequest 5682 5683run_test "DTLS cookie: enabled" \ 5684 "$P_SRV dtls=1 debug_level=2" \ 5685 "$P_CLI dtls=1 debug_level=2" \ 5686 0 \ 5687 -s "cookie verification failed" \ 5688 -s "cookie verification passed" \ 5689 -S "cookie verification skipped" \ 5690 -c "received hello verify request" \ 5691 -s "hello verification requested" \ 5692 -S "SSL - The requested feature is not available" 5693 5694run_test "DTLS cookie: disabled" \ 5695 "$P_SRV dtls=1 debug_level=2 cookies=0" \ 5696 "$P_CLI dtls=1 debug_level=2" \ 5697 0 \ 5698 -S "cookie verification failed" \ 5699 -S "cookie verification passed" \ 5700 -s "cookie verification skipped" \ 5701 -C "received hello verify request" \ 5702 -S "hello verification requested" \ 5703 -S "SSL - The requested feature is not available" 5704 5705run_test "DTLS cookie: default (failing)" \ 5706 "$P_SRV dtls=1 debug_level=2 cookies=-1" \ 5707 "$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \ 5708 1 \ 5709 -s "cookie verification failed" \ 5710 -S "cookie verification passed" \ 5711 -S "cookie verification skipped" \ 5712 -C "received hello verify request" \ 5713 -S "hello verification requested" \ 5714 -s "SSL - The requested feature is not available" 5715 5716requires_ipv6 5717run_test "DTLS cookie: enabled, IPv6" \ 5718 "$P_SRV dtls=1 debug_level=2 server_addr=::1" \ 5719 "$P_CLI dtls=1 debug_level=2 server_addr=::1" \ 5720 0 \ 5721 -s "cookie verification failed" \ 5722 -s "cookie verification passed" \ 5723 -S "cookie verification skipped" \ 5724 -c "received hello verify request" \ 5725 -s "hello verification requested" \ 5726 -S "SSL - The requested feature is not available" 5727 5728run_test "DTLS cookie: enabled, nbio" \ 5729 "$P_SRV dtls=1 nbio=2 debug_level=2" \ 5730 "$P_CLI dtls=1 nbio=2 debug_level=2" \ 5731 0 \ 5732 -s "cookie verification failed" \ 5733 -s "cookie verification passed" \ 5734 -S "cookie verification skipped" \ 5735 -c "received hello verify request" \ 5736 -s "hello verification requested" \ 5737 -S "SSL - The requested feature is not available" 5738 5739# Tests for client reconnecting from the same port with DTLS 5740 5741not_with_valgrind # spurious resend 5742run_test "DTLS client reconnect from same port: reference" \ 5743 "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \ 5744 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000" \ 5745 0 \ 5746 -C "resend" \ 5747 -S "The operation timed out" \ 5748 -S "Client initiated reconnection from same port" 5749 5750not_with_valgrind # spurious resend 5751run_test "DTLS client reconnect from same port: reconnect" \ 5752 "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \ 5753 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \ 5754 0 \ 5755 -C "resend" \ 5756 -S "The operation timed out" \ 5757 -s "Client initiated reconnection from same port" 5758 5759not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts) 5760run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \ 5761 "$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \ 5762 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \ 5763 0 \ 5764 -S "The operation timed out" \ 5765 -s "Client initiated reconnection from same port" 5766 5767only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout 5768run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \ 5769 "$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \ 5770 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \ 5771 0 \ 5772 -S "The operation timed out" \ 5773 -s "Client initiated reconnection from same port" 5774 5775run_test "DTLS client reconnect from same port: no cookies" \ 5776 "$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \ 5777 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \ 5778 0 \ 5779 -s "The operation timed out" \ 5780 -S "Client initiated reconnection from same port" 5781 5782# Tests for various cases of client authentication with DTLS 5783# (focused on handshake flows and message parsing) 5784 5785run_test "DTLS client auth: required" \ 5786 "$P_SRV dtls=1 auth_mode=required" \ 5787 "$P_CLI dtls=1" \ 5788 0 \ 5789 -s "Verifying peer X.509 certificate... ok" 5790 5791run_test "DTLS client auth: optional, client has no cert" \ 5792 "$P_SRV dtls=1 auth_mode=optional" \ 5793 "$P_CLI dtls=1 crt_file=none key_file=none" \ 5794 0 \ 5795 -s "! Certificate was missing" 5796 5797run_test "DTLS client auth: none, client has no cert" \ 5798 "$P_SRV dtls=1 auth_mode=none" \ 5799 "$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \ 5800 0 \ 5801 -c "skip write certificate$" \ 5802 -s "! Certificate verification was skipped" 5803 5804run_test "DTLS wrong PSK: badmac alert" \ 5805 "$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \ 5806 "$P_CLI dtls=1 psk=abc124" \ 5807 1 \ 5808 -s "SSL - Verification of the message MAC failed" \ 5809 -c "SSL - A fatal alert message was received from our peer" 5810 5811# Tests for receiving fragmented handshake messages with DTLS 5812 5813requires_gnutls 5814run_test "DTLS reassembly: no fragmentation (gnutls server)" \ 5815 "$G_SRV -u --mtu 2048 -a" \ 5816 "$P_CLI dtls=1 debug_level=2" \ 5817 0 \ 5818 -C "found fragmented DTLS handshake message" \ 5819 -C "error" 5820 5821requires_gnutls 5822run_test "DTLS reassembly: some fragmentation (gnutls server)" \ 5823 "$G_SRV -u --mtu 512" \ 5824 "$P_CLI dtls=1 debug_level=2" \ 5825 0 \ 5826 -c "found fragmented DTLS handshake message" \ 5827 -C "error" 5828 5829requires_gnutls 5830run_test "DTLS reassembly: more fragmentation (gnutls server)" \ 5831 "$G_SRV -u --mtu 128" \ 5832 "$P_CLI dtls=1 debug_level=2" \ 5833 0 \ 5834 -c "found fragmented DTLS handshake message" \ 5835 -C "error" 5836 5837requires_gnutls 5838run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ 5839 "$G_SRV -u --mtu 128" \ 5840 "$P_CLI dtls=1 nbio=2 debug_level=2" \ 5841 0 \ 5842 -c "found fragmented DTLS handshake message" \ 5843 -C "error" 5844 5845requires_gnutls 5846requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5847run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ 5848 "$G_SRV -u --mtu 256" \ 5849 "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \ 5850 0 \ 5851 -c "found fragmented DTLS handshake message" \ 5852 -c "client hello, adding renegotiation extension" \ 5853 -c "found renegotiation extension" \ 5854 -c "=> renegotiate" \ 5855 -C "mbedtls_ssl_handshake returned" \ 5856 -C "error" \ 5857 -s "Extra-header:" 5858 5859requires_gnutls 5860requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5861run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ 5862 "$G_SRV -u --mtu 256" \ 5863 "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \ 5864 0 \ 5865 -c "found fragmented DTLS handshake message" \ 5866 -c "client hello, adding renegotiation extension" \ 5867 -c "found renegotiation extension" \ 5868 -c "=> renegotiate" \ 5869 -C "mbedtls_ssl_handshake returned" \ 5870 -C "error" \ 5871 -s "Extra-header:" 5872 5873run_test "DTLS reassembly: no fragmentation (openssl server)" \ 5874 "$O_SRV -dtls1 -mtu 2048" \ 5875 "$P_CLI dtls=1 debug_level=2" \ 5876 0 \ 5877 -C "found fragmented DTLS handshake message" \ 5878 -C "error" 5879 5880run_test "DTLS reassembly: some fragmentation (openssl server)" \ 5881 "$O_SRV -dtls1 -mtu 768" \ 5882 "$P_CLI dtls=1 debug_level=2" \ 5883 0 \ 5884 -c "found fragmented DTLS handshake message" \ 5885 -C "error" 5886 5887run_test "DTLS reassembly: more fragmentation (openssl server)" \ 5888 "$O_SRV -dtls1 -mtu 256" \ 5889 "$P_CLI dtls=1 debug_level=2" \ 5890 0 \ 5891 -c "found fragmented DTLS handshake message" \ 5892 -C "error" 5893 5894run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ 5895 "$O_SRV -dtls1 -mtu 256" \ 5896 "$P_CLI dtls=1 nbio=2 debug_level=2" \ 5897 0 \ 5898 -c "found fragmented DTLS handshake message" \ 5899 -C "error" 5900 5901# Tests for sending fragmented handshake messages with DTLS 5902# 5903# Use client auth when we need the client to send large messages, 5904# and use large cert chains on both sides too (the long chains we have all use 5905# both RSA and ECDSA, but ideally we should have long chains with either). 5906# Sizes reached (UDP payload): 5907# - 2037B for server certificate 5908# - 1542B for client certificate 5909# - 1013B for newsessionticket 5910# - all others below 512B 5911# All those tests assume MAX_CONTENT_LEN is at least 2048 5912 5913requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 5914requires_config_enabled MBEDTLS_RSA_C 5915requires_config_enabled MBEDTLS_ECDSA_C 5916requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 5917run_test "DTLS fragmenting: none (for reference)" \ 5918 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 5919 crt_file=data_files/server7_int-ca.crt \ 5920 key_file=data_files/server7.key \ 5921 hs_timeout=2500-60000 \ 5922 max_frag_len=4096" \ 5923 "$P_CLI dtls=1 debug_level=2 \ 5924 crt_file=data_files/server8_int-ca2.crt \ 5925 key_file=data_files/server8.key \ 5926 hs_timeout=2500-60000 \ 5927 max_frag_len=4096" \ 5928 0 \ 5929 -S "found fragmented DTLS handshake message" \ 5930 -C "found fragmented DTLS handshake message" \ 5931 -C "error" 5932 5933requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 5934requires_config_enabled MBEDTLS_RSA_C 5935requires_config_enabled MBEDTLS_ECDSA_C 5936requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 5937run_test "DTLS fragmenting: server only (max_frag_len)" \ 5938 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 5939 crt_file=data_files/server7_int-ca.crt \ 5940 key_file=data_files/server7.key \ 5941 hs_timeout=2500-60000 \ 5942 max_frag_len=1024" \ 5943 "$P_CLI dtls=1 debug_level=2 \ 5944 crt_file=data_files/server8_int-ca2.crt \ 5945 key_file=data_files/server8.key \ 5946 hs_timeout=2500-60000 \ 5947 max_frag_len=2048" \ 5948 0 \ 5949 -S "found fragmented DTLS handshake message" \ 5950 -c "found fragmented DTLS handshake message" \ 5951 -C "error" 5952 5953# With the MFL extension, the server has no way of forcing 5954# the client to not exceed a certain MTU; hence, the following 5955# test can't be replicated with an MTU proxy such as the one 5956# `client-initiated, server only (max_frag_len)` below. 5957requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 5958requires_config_enabled MBEDTLS_RSA_C 5959requires_config_enabled MBEDTLS_ECDSA_C 5960requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 5961run_test "DTLS fragmenting: server only (more) (max_frag_len)" \ 5962 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 5963 crt_file=data_files/server7_int-ca.crt \ 5964 key_file=data_files/server7.key \ 5965 hs_timeout=2500-60000 \ 5966 max_frag_len=512" \ 5967 "$P_CLI dtls=1 debug_level=2 \ 5968 crt_file=data_files/server8_int-ca2.crt \ 5969 key_file=data_files/server8.key \ 5970 hs_timeout=2500-60000 \ 5971 max_frag_len=4096" \ 5972 0 \ 5973 -S "found fragmented DTLS handshake message" \ 5974 -c "found fragmented DTLS handshake message" \ 5975 -C "error" 5976 5977requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 5978requires_config_enabled MBEDTLS_RSA_C 5979requires_config_enabled MBEDTLS_ECDSA_C 5980requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 5981run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \ 5982 "$P_SRV dtls=1 debug_level=2 auth_mode=none \ 5983 crt_file=data_files/server7_int-ca.crt \ 5984 key_file=data_files/server7.key \ 5985 hs_timeout=2500-60000 \ 5986 max_frag_len=2048" \ 5987 "$P_CLI dtls=1 debug_level=2 \ 5988 crt_file=data_files/server8_int-ca2.crt \ 5989 key_file=data_files/server8.key \ 5990 hs_timeout=2500-60000 \ 5991 max_frag_len=1024" \ 5992 0 \ 5993 -S "found fragmented DTLS handshake message" \ 5994 -c "found fragmented DTLS handshake message" \ 5995 -C "error" 5996 5997# While not required by the standard defining the MFL extension 5998# (according to which it only applies to records, not to datagrams), 5999# Mbed TLS will never send datagrams larger than MFL + { Max record expansion }, 6000# as otherwise there wouldn't be any means to communicate MTU restrictions 6001# to the peer. 6002# The next test checks that no datagrams significantly larger than the 6003# negotiated MFL are sent. 6004requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6005requires_config_enabled MBEDTLS_RSA_C 6006requires_config_enabled MBEDTLS_ECDSA_C 6007requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6008run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \ 6009 -p "$P_PXY mtu=1110" \ 6010 "$P_SRV dtls=1 debug_level=2 auth_mode=none \ 6011 crt_file=data_files/server7_int-ca.crt \ 6012 key_file=data_files/server7.key \ 6013 hs_timeout=2500-60000 \ 6014 max_frag_len=2048" \ 6015 "$P_CLI dtls=1 debug_level=2 \ 6016 crt_file=data_files/server8_int-ca2.crt \ 6017 key_file=data_files/server8.key \ 6018 hs_timeout=2500-60000 \ 6019 max_frag_len=1024" \ 6020 0 \ 6021 -S "found fragmented DTLS handshake message" \ 6022 -c "found fragmented DTLS handshake message" \ 6023 -C "error" 6024 6025requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6026requires_config_enabled MBEDTLS_RSA_C 6027requires_config_enabled MBEDTLS_ECDSA_C 6028requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6029run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \ 6030 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6031 crt_file=data_files/server7_int-ca.crt \ 6032 key_file=data_files/server7.key \ 6033 hs_timeout=2500-60000 \ 6034 max_frag_len=2048" \ 6035 "$P_CLI dtls=1 debug_level=2 \ 6036 crt_file=data_files/server8_int-ca2.crt \ 6037 key_file=data_files/server8.key \ 6038 hs_timeout=2500-60000 \ 6039 max_frag_len=1024" \ 6040 0 \ 6041 -s "found fragmented DTLS handshake message" \ 6042 -c "found fragmented DTLS handshake message" \ 6043 -C "error" 6044 6045# While not required by the standard defining the MFL extension 6046# (according to which it only applies to records, not to datagrams), 6047# Mbed TLS will never send datagrams larger than MFL + { Max record expansion }, 6048# as otherwise there wouldn't be any means to communicate MTU restrictions 6049# to the peer. 6050# The next test checks that no datagrams significantly larger than the 6051# negotiated MFL are sent. 6052requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6053requires_config_enabled MBEDTLS_RSA_C 6054requires_config_enabled MBEDTLS_ECDSA_C 6055requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6056run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \ 6057 -p "$P_PXY mtu=1110" \ 6058 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6059 crt_file=data_files/server7_int-ca.crt \ 6060 key_file=data_files/server7.key \ 6061 hs_timeout=2500-60000 \ 6062 max_frag_len=2048" \ 6063 "$P_CLI dtls=1 debug_level=2 \ 6064 crt_file=data_files/server8_int-ca2.crt \ 6065 key_file=data_files/server8.key \ 6066 hs_timeout=2500-60000 \ 6067 max_frag_len=1024" \ 6068 0 \ 6069 -s "found fragmented DTLS handshake message" \ 6070 -c "found fragmented DTLS handshake message" \ 6071 -C "error" 6072 6073requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6074requires_config_enabled MBEDTLS_RSA_C 6075requires_config_enabled MBEDTLS_ECDSA_C 6076run_test "DTLS fragmenting: none (for reference) (MTU)" \ 6077 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6078 crt_file=data_files/server7_int-ca.crt \ 6079 key_file=data_files/server7.key \ 6080 hs_timeout=2500-60000 \ 6081 mtu=4096" \ 6082 "$P_CLI dtls=1 debug_level=2 \ 6083 crt_file=data_files/server8_int-ca2.crt \ 6084 key_file=data_files/server8.key \ 6085 hs_timeout=2500-60000 \ 6086 mtu=4096" \ 6087 0 \ 6088 -S "found fragmented DTLS handshake message" \ 6089 -C "found fragmented DTLS handshake message" \ 6090 -C "error" 6091 6092requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6093requires_config_enabled MBEDTLS_RSA_C 6094requires_config_enabled MBEDTLS_ECDSA_C 6095run_test "DTLS fragmenting: client (MTU)" \ 6096 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6097 crt_file=data_files/server7_int-ca.crt \ 6098 key_file=data_files/server7.key \ 6099 hs_timeout=3500-60000 \ 6100 mtu=4096" \ 6101 "$P_CLI dtls=1 debug_level=2 \ 6102 crt_file=data_files/server8_int-ca2.crt \ 6103 key_file=data_files/server8.key \ 6104 hs_timeout=3500-60000 \ 6105 mtu=1024" \ 6106 0 \ 6107 -s "found fragmented DTLS handshake message" \ 6108 -C "found fragmented DTLS handshake message" \ 6109 -C "error" 6110 6111requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6112requires_config_enabled MBEDTLS_RSA_C 6113requires_config_enabled MBEDTLS_ECDSA_C 6114run_test "DTLS fragmenting: server (MTU)" \ 6115 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6116 crt_file=data_files/server7_int-ca.crt \ 6117 key_file=data_files/server7.key \ 6118 hs_timeout=2500-60000 \ 6119 mtu=512" \ 6120 "$P_CLI dtls=1 debug_level=2 \ 6121 crt_file=data_files/server8_int-ca2.crt \ 6122 key_file=data_files/server8.key \ 6123 hs_timeout=2500-60000 \ 6124 mtu=2048" \ 6125 0 \ 6126 -S "found fragmented DTLS handshake message" \ 6127 -c "found fragmented DTLS handshake message" \ 6128 -C "error" 6129 6130requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6131requires_config_enabled MBEDTLS_RSA_C 6132requires_config_enabled MBEDTLS_ECDSA_C 6133run_test "DTLS fragmenting: both (MTU=1024)" \ 6134 -p "$P_PXY mtu=1024" \ 6135 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6136 crt_file=data_files/server7_int-ca.crt \ 6137 key_file=data_files/server7.key \ 6138 hs_timeout=2500-60000 \ 6139 mtu=1024" \ 6140 "$P_CLI dtls=1 debug_level=2 \ 6141 crt_file=data_files/server8_int-ca2.crt \ 6142 key_file=data_files/server8.key \ 6143 hs_timeout=2500-60000 \ 6144 mtu=1024" \ 6145 0 \ 6146 -s "found fragmented DTLS handshake message" \ 6147 -c "found fragmented DTLS handshake message" \ 6148 -C "error" 6149 6150# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 6151requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6152requires_config_enabled MBEDTLS_RSA_C 6153requires_config_enabled MBEDTLS_ECDSA_C 6154requires_config_enabled MBEDTLS_SHA256_C 6155requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6156requires_config_enabled MBEDTLS_AES_C 6157requires_config_enabled MBEDTLS_GCM_C 6158run_test "DTLS fragmenting: both (MTU=512)" \ 6159 -p "$P_PXY mtu=512" \ 6160 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6161 crt_file=data_files/server7_int-ca.crt \ 6162 key_file=data_files/server7.key \ 6163 hs_timeout=2500-60000 \ 6164 mtu=512" \ 6165 "$P_CLI dtls=1 debug_level=2 \ 6166 crt_file=data_files/server8_int-ca2.crt \ 6167 key_file=data_files/server8.key \ 6168 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6169 hs_timeout=2500-60000 \ 6170 mtu=512" \ 6171 0 \ 6172 -s "found fragmented DTLS handshake message" \ 6173 -c "found fragmented DTLS handshake message" \ 6174 -C "error" 6175 6176# Test for automatic MTU reduction on repeated resend. 6177# Forcing ciphersuite for this test to fit the MTU of 508 with full config. 6178# The ratio of max/min timeout should ideally equal 4 to accept two 6179# retransmissions, but in some cases (like both the server and client using 6180# fragmentation and auto-reduction) an extra retransmission might occur, 6181# hence the ratio of 8. 6182not_with_valgrind 6183requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6184requires_config_enabled MBEDTLS_RSA_C 6185requires_config_enabled MBEDTLS_ECDSA_C 6186requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6187requires_config_enabled MBEDTLS_AES_C 6188requires_config_enabled MBEDTLS_GCM_C 6189run_test "DTLS fragmenting: proxy MTU: auto-reduction" \ 6190 -p "$P_PXY mtu=508" \ 6191 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6192 crt_file=data_files/server7_int-ca.crt \ 6193 key_file=data_files/server7.key \ 6194 hs_timeout=400-3200" \ 6195 "$P_CLI dtls=1 debug_level=2 \ 6196 crt_file=data_files/server8_int-ca2.crt \ 6197 key_file=data_files/server8.key \ 6198 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6199 hs_timeout=400-3200" \ 6200 0 \ 6201 -s "found fragmented DTLS handshake message" \ 6202 -c "found fragmented DTLS handshake message" \ 6203 -C "error" 6204 6205# Forcing ciphersuite for this test to fit the MTU of 508 with full config. 6206only_with_valgrind 6207requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6208requires_config_enabled MBEDTLS_RSA_C 6209requires_config_enabled MBEDTLS_ECDSA_C 6210requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6211requires_config_enabled MBEDTLS_AES_C 6212requires_config_enabled MBEDTLS_GCM_C 6213run_test "DTLS fragmenting: proxy MTU: auto-reduction" \ 6214 -p "$P_PXY mtu=508" \ 6215 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6216 crt_file=data_files/server7_int-ca.crt \ 6217 key_file=data_files/server7.key \ 6218 hs_timeout=250-10000" \ 6219 "$P_CLI dtls=1 debug_level=2 \ 6220 crt_file=data_files/server8_int-ca2.crt \ 6221 key_file=data_files/server8.key \ 6222 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6223 hs_timeout=250-10000" \ 6224 0 \ 6225 -s "found fragmented DTLS handshake message" \ 6226 -c "found fragmented DTLS handshake message" \ 6227 -C "error" 6228 6229# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend 6230# OTOH the client might resend if the server is to slow to reset after sending 6231# a HelloVerifyRequest, so only check for no retransmission server-side 6232not_with_valgrind # spurious autoreduction due to timeout 6233requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6234requires_config_enabled MBEDTLS_RSA_C 6235requires_config_enabled MBEDTLS_ECDSA_C 6236run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ 6237 -p "$P_PXY mtu=1024" \ 6238 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6239 crt_file=data_files/server7_int-ca.crt \ 6240 key_file=data_files/server7.key \ 6241 hs_timeout=10000-60000 \ 6242 mtu=1024" \ 6243 "$P_CLI dtls=1 debug_level=2 \ 6244 crt_file=data_files/server8_int-ca2.crt \ 6245 key_file=data_files/server8.key \ 6246 hs_timeout=10000-60000 \ 6247 mtu=1024" \ 6248 0 \ 6249 -S "autoreduction" \ 6250 -s "found fragmented DTLS handshake message" \ 6251 -c "found fragmented DTLS handshake message" \ 6252 -C "error" 6253 6254# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 6255# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend 6256# OTOH the client might resend if the server is to slow to reset after sending 6257# a HelloVerifyRequest, so only check for no retransmission server-side 6258not_with_valgrind # spurious autoreduction due to timeout 6259requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6260requires_config_enabled MBEDTLS_RSA_C 6261requires_config_enabled MBEDTLS_ECDSA_C 6262requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6263requires_config_enabled MBEDTLS_AES_C 6264requires_config_enabled MBEDTLS_GCM_C 6265run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ 6266 -p "$P_PXY mtu=512" \ 6267 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6268 crt_file=data_files/server7_int-ca.crt \ 6269 key_file=data_files/server7.key \ 6270 hs_timeout=10000-60000 \ 6271 mtu=512" \ 6272 "$P_CLI dtls=1 debug_level=2 \ 6273 crt_file=data_files/server8_int-ca2.crt \ 6274 key_file=data_files/server8.key \ 6275 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6276 hs_timeout=10000-60000 \ 6277 mtu=512" \ 6278 0 \ 6279 -S "autoreduction" \ 6280 -s "found fragmented DTLS handshake message" \ 6281 -c "found fragmented DTLS handshake message" \ 6282 -C "error" 6283 6284not_with_valgrind # spurious autoreduction due to timeout 6285requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6286requires_config_enabled MBEDTLS_RSA_C 6287requires_config_enabled MBEDTLS_ECDSA_C 6288run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ 6289 -p "$P_PXY mtu=1024" \ 6290 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6291 crt_file=data_files/server7_int-ca.crt \ 6292 key_file=data_files/server7.key \ 6293 hs_timeout=10000-60000 \ 6294 mtu=1024 nbio=2" \ 6295 "$P_CLI dtls=1 debug_level=2 \ 6296 crt_file=data_files/server8_int-ca2.crt \ 6297 key_file=data_files/server8.key \ 6298 hs_timeout=10000-60000 \ 6299 mtu=1024 nbio=2" \ 6300 0 \ 6301 -S "autoreduction" \ 6302 -s "found fragmented DTLS handshake message" \ 6303 -c "found fragmented DTLS handshake message" \ 6304 -C "error" 6305 6306# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 6307not_with_valgrind # spurious autoreduction due to timeout 6308requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6309requires_config_enabled MBEDTLS_RSA_C 6310requires_config_enabled MBEDTLS_ECDSA_C 6311requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6312requires_config_enabled MBEDTLS_AES_C 6313requires_config_enabled MBEDTLS_GCM_C 6314run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ 6315 -p "$P_PXY mtu=512" \ 6316 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6317 crt_file=data_files/server7_int-ca.crt \ 6318 key_file=data_files/server7.key \ 6319 hs_timeout=10000-60000 \ 6320 mtu=512 nbio=2" \ 6321 "$P_CLI dtls=1 debug_level=2 \ 6322 crt_file=data_files/server8_int-ca2.crt \ 6323 key_file=data_files/server8.key \ 6324 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6325 hs_timeout=10000-60000 \ 6326 mtu=512 nbio=2" \ 6327 0 \ 6328 -S "autoreduction" \ 6329 -s "found fragmented DTLS handshake message" \ 6330 -c "found fragmented DTLS handshake message" \ 6331 -C "error" 6332 6333# Forcing ciphersuite for this test to fit the MTU of 1450 with full config. 6334# This ensures things still work after session_reset(). 6335# It also exercises the "resumed handshake" flow. 6336# Since we don't support reading fragmented ClientHello yet, 6337# up the MTU to 1450 (larger than ClientHello with session ticket, 6338# but still smaller than client's Certificate to ensure fragmentation). 6339# An autoreduction on the client-side might happen if the server is 6340# slow to reset, therefore omitting '-C "autoreduction"' below. 6341# reco_delay avoids races where the client reconnects before the server has 6342# resumed listening, which would result in a spurious autoreduction. 6343not_with_valgrind # spurious autoreduction due to timeout 6344requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6345requires_config_enabled MBEDTLS_RSA_C 6346requires_config_enabled MBEDTLS_ECDSA_C 6347requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6348requires_config_enabled MBEDTLS_AES_C 6349requires_config_enabled MBEDTLS_GCM_C 6350run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ 6351 -p "$P_PXY mtu=1450" \ 6352 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6353 crt_file=data_files/server7_int-ca.crt \ 6354 key_file=data_files/server7.key \ 6355 hs_timeout=10000-60000 \ 6356 mtu=1450" \ 6357 "$P_CLI dtls=1 debug_level=2 \ 6358 crt_file=data_files/server8_int-ca2.crt \ 6359 key_file=data_files/server8.key \ 6360 hs_timeout=10000-60000 \ 6361 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6362 mtu=1450 reconnect=1 reco_delay=1" \ 6363 0 \ 6364 -S "autoreduction" \ 6365 -s "found fragmented DTLS handshake message" \ 6366 -c "found fragmented DTLS handshake message" \ 6367 -C "error" 6368 6369# An autoreduction on the client-side might happen if the server is 6370# slow to reset, therefore omitting '-C "autoreduction"' below. 6371not_with_valgrind # spurious autoreduction due to timeout 6372requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6373requires_config_enabled MBEDTLS_RSA_C 6374requires_config_enabled MBEDTLS_ECDSA_C 6375requires_config_enabled MBEDTLS_SHA256_C 6376requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6377requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6378requires_config_enabled MBEDTLS_CHACHAPOLY_C 6379run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ 6380 -p "$P_PXY mtu=512" \ 6381 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6382 crt_file=data_files/server7_int-ca.crt \ 6383 key_file=data_files/server7.key \ 6384 exchanges=2 renegotiation=1 \ 6385 hs_timeout=10000-60000 \ 6386 mtu=512" \ 6387 "$P_CLI dtls=1 debug_level=2 \ 6388 crt_file=data_files/server8_int-ca2.crt \ 6389 key_file=data_files/server8.key \ 6390 exchanges=2 renegotiation=1 renegotiate=1 \ 6391 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6392 hs_timeout=10000-60000 \ 6393 mtu=512" \ 6394 0 \ 6395 -S "autoreduction" \ 6396 -s "found fragmented DTLS handshake message" \ 6397 -c "found fragmented DTLS handshake message" \ 6398 -C "error" 6399 6400# An autoreduction on the client-side might happen if the server is 6401# slow to reset, therefore omitting '-C "autoreduction"' below. 6402not_with_valgrind # spurious autoreduction due to timeout 6403requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6404requires_config_enabled MBEDTLS_RSA_C 6405requires_config_enabled MBEDTLS_ECDSA_C 6406requires_config_enabled MBEDTLS_SHA256_C 6407requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6408requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6409requires_config_enabled MBEDTLS_AES_C 6410requires_config_enabled MBEDTLS_GCM_C 6411run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ 6412 -p "$P_PXY mtu=512" \ 6413 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6414 crt_file=data_files/server7_int-ca.crt \ 6415 key_file=data_files/server7.key \ 6416 exchanges=2 renegotiation=1 \ 6417 hs_timeout=10000-60000 \ 6418 mtu=512" \ 6419 "$P_CLI dtls=1 debug_level=2 \ 6420 crt_file=data_files/server8_int-ca2.crt \ 6421 key_file=data_files/server8.key \ 6422 exchanges=2 renegotiation=1 renegotiate=1 \ 6423 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6424 hs_timeout=10000-60000 \ 6425 mtu=512" \ 6426 0 \ 6427 -S "autoreduction" \ 6428 -s "found fragmented DTLS handshake message" \ 6429 -c "found fragmented DTLS handshake message" \ 6430 -C "error" 6431 6432# An autoreduction on the client-side might happen if the server is 6433# slow to reset, therefore omitting '-C "autoreduction"' below. 6434not_with_valgrind # spurious autoreduction due to timeout 6435requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6436requires_config_enabled MBEDTLS_RSA_C 6437requires_config_enabled MBEDTLS_ECDSA_C 6438requires_config_enabled MBEDTLS_SHA256_C 6439requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6440requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6441requires_config_enabled MBEDTLS_AES_C 6442requires_config_enabled MBEDTLS_CCM_C 6443run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ 6444 -p "$P_PXY mtu=1024" \ 6445 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6446 crt_file=data_files/server7_int-ca.crt \ 6447 key_file=data_files/server7.key \ 6448 exchanges=2 renegotiation=1 \ 6449 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ 6450 hs_timeout=10000-60000 \ 6451 mtu=1024" \ 6452 "$P_CLI dtls=1 debug_level=2 \ 6453 crt_file=data_files/server8_int-ca2.crt \ 6454 key_file=data_files/server8.key \ 6455 exchanges=2 renegotiation=1 renegotiate=1 \ 6456 hs_timeout=10000-60000 \ 6457 mtu=1024" \ 6458 0 \ 6459 -S "autoreduction" \ 6460 -s "found fragmented DTLS handshake message" \ 6461 -c "found fragmented DTLS handshake message" \ 6462 -C "error" 6463 6464# An autoreduction on the client-side might happen if the server is 6465# slow to reset, therefore omitting '-C "autoreduction"' below. 6466not_with_valgrind # spurious autoreduction due to timeout 6467requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6468requires_config_enabled MBEDTLS_RSA_C 6469requires_config_enabled MBEDTLS_ECDSA_C 6470requires_config_enabled MBEDTLS_SHA256_C 6471requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6472requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6473requires_config_enabled MBEDTLS_AES_C 6474requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 6475requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC 6476run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ 6477 -p "$P_PXY mtu=1024" \ 6478 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6479 crt_file=data_files/server7_int-ca.crt \ 6480 key_file=data_files/server7.key \ 6481 exchanges=2 renegotiation=1 \ 6482 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ 6483 hs_timeout=10000-60000 \ 6484 mtu=1024" \ 6485 "$P_CLI dtls=1 debug_level=2 \ 6486 crt_file=data_files/server8_int-ca2.crt \ 6487 key_file=data_files/server8.key \ 6488 exchanges=2 renegotiation=1 renegotiate=1 \ 6489 hs_timeout=10000-60000 \ 6490 mtu=1024" \ 6491 0 \ 6492 -S "autoreduction" \ 6493 -s "found fragmented DTLS handshake message" \ 6494 -c "found fragmented DTLS handshake message" \ 6495 -C "error" 6496 6497# An autoreduction on the client-side might happen if the server is 6498# slow to reset, therefore omitting '-C "autoreduction"' below. 6499not_with_valgrind # spurious autoreduction due to timeout 6500requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6501requires_config_enabled MBEDTLS_RSA_C 6502requires_config_enabled MBEDTLS_ECDSA_C 6503requires_config_enabled MBEDTLS_SHA256_C 6504requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6505requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6506requires_config_enabled MBEDTLS_AES_C 6507requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 6508run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ 6509 -p "$P_PXY mtu=1024" \ 6510 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6511 crt_file=data_files/server7_int-ca.crt \ 6512 key_file=data_files/server7.key \ 6513 exchanges=2 renegotiation=1 \ 6514 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \ 6515 hs_timeout=10000-60000 \ 6516 mtu=1024" \ 6517 "$P_CLI dtls=1 debug_level=2 \ 6518 crt_file=data_files/server8_int-ca2.crt \ 6519 key_file=data_files/server8.key \ 6520 exchanges=2 renegotiation=1 renegotiate=1 \ 6521 hs_timeout=10000-60000 \ 6522 mtu=1024" \ 6523 0 \ 6524 -S "autoreduction" \ 6525 -s "found fragmented DTLS handshake message" \ 6526 -c "found fragmented DTLS handshake message" \ 6527 -C "error" 6528 6529# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 6530requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6531requires_config_enabled MBEDTLS_RSA_C 6532requires_config_enabled MBEDTLS_ECDSA_C 6533requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6534requires_config_enabled MBEDTLS_AES_C 6535requires_config_enabled MBEDTLS_GCM_C 6536client_needs_more_time 2 6537run_test "DTLS fragmenting: proxy MTU + 3d" \ 6538 -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ 6539 "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \ 6540 crt_file=data_files/server7_int-ca.crt \ 6541 key_file=data_files/server7.key \ 6542 hs_timeout=250-10000 mtu=512" \ 6543 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 6544 crt_file=data_files/server8_int-ca2.crt \ 6545 key_file=data_files/server8.key \ 6546 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6547 hs_timeout=250-10000 mtu=512" \ 6548 0 \ 6549 -s "found fragmented DTLS handshake message" \ 6550 -c "found fragmented DTLS handshake message" \ 6551 -C "error" 6552 6553# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 6554requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6555requires_config_enabled MBEDTLS_RSA_C 6556requires_config_enabled MBEDTLS_ECDSA_C 6557requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6558requires_config_enabled MBEDTLS_AES_C 6559requires_config_enabled MBEDTLS_GCM_C 6560client_needs_more_time 2 6561run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ 6562 -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ 6563 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6564 crt_file=data_files/server7_int-ca.crt \ 6565 key_file=data_files/server7.key \ 6566 hs_timeout=250-10000 mtu=512 nbio=2" \ 6567 "$P_CLI dtls=1 debug_level=2 \ 6568 crt_file=data_files/server8_int-ca2.crt \ 6569 key_file=data_files/server8.key \ 6570 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6571 hs_timeout=250-10000 mtu=512 nbio=2" \ 6572 0 \ 6573 -s "found fragmented DTLS handshake message" \ 6574 -c "found fragmented DTLS handshake message" \ 6575 -C "error" 6576 6577# interop tests for DTLS fragmentating with reliable connection 6578# 6579# here and below we just want to test that the we fragment in a way that 6580# pleases other implementations, so we don't need the peer to fragment 6581requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6582requires_config_enabled MBEDTLS_RSA_C 6583requires_config_enabled MBEDTLS_ECDSA_C 6584requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6585requires_gnutls 6586run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ 6587 "$G_SRV -u" \ 6588 "$P_CLI dtls=1 debug_level=2 \ 6589 crt_file=data_files/server8_int-ca2.crt \ 6590 key_file=data_files/server8.key \ 6591 mtu=512 force_version=dtls1_2" \ 6592 0 \ 6593 -c "fragmenting handshake message" \ 6594 -C "error" 6595 6596requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6597requires_config_enabled MBEDTLS_RSA_C 6598requires_config_enabled MBEDTLS_ECDSA_C 6599requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 6600requires_gnutls 6601run_test "DTLS fragmenting: gnutls server, DTLS 1.0" \ 6602 "$G_SRV -u" \ 6603 "$P_CLI dtls=1 debug_level=2 \ 6604 crt_file=data_files/server8_int-ca2.crt \ 6605 key_file=data_files/server8.key \ 6606 mtu=512 force_version=dtls1" \ 6607 0 \ 6608 -c "fragmenting handshake message" \ 6609 -C "error" 6610 6611# We use --insecure for the GnuTLS client because it expects 6612# the hostname / IP it connects to to be the name used in the 6613# certificate obtained from the server. Here, however, it 6614# connects to 127.0.0.1 while our test certificates use 'localhost' 6615# as the server name in the certificate. This will make the 6616# certifiate validation fail, but passing --insecure makes 6617# GnuTLS continue the connection nonetheless. 6618requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6619requires_config_enabled MBEDTLS_RSA_C 6620requires_config_enabled MBEDTLS_ECDSA_C 6621requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6622requires_gnutls 6623requires_not_i686 6624run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ 6625 "$P_SRV dtls=1 debug_level=2 \ 6626 crt_file=data_files/server7_int-ca.crt \ 6627 key_file=data_files/server7.key \ 6628 mtu=512 force_version=dtls1_2" \ 6629 "$G_CLI -u --insecure 127.0.0.1" \ 6630 0 \ 6631 -s "fragmenting handshake message" 6632 6633# See previous test for the reason to use --insecure 6634requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6635requires_config_enabled MBEDTLS_RSA_C 6636requires_config_enabled MBEDTLS_ECDSA_C 6637requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 6638requires_gnutls 6639requires_not_i686 6640run_test "DTLS fragmenting: gnutls client, DTLS 1.0" \ 6641 "$P_SRV dtls=1 debug_level=2 \ 6642 crt_file=data_files/server7_int-ca.crt \ 6643 key_file=data_files/server7.key \ 6644 mtu=512 force_version=dtls1" \ 6645 "$G_CLI -u --insecure 127.0.0.1" \ 6646 0 \ 6647 -s "fragmenting handshake message" 6648 6649requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6650requires_config_enabled MBEDTLS_RSA_C 6651requires_config_enabled MBEDTLS_ECDSA_C 6652requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6653run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ 6654 "$O_SRV -dtls1_2 -verify 10" \ 6655 "$P_CLI dtls=1 debug_level=2 \ 6656 crt_file=data_files/server8_int-ca2.crt \ 6657 key_file=data_files/server8.key \ 6658 mtu=512 force_version=dtls1_2" \ 6659 0 \ 6660 -c "fragmenting handshake message" \ 6661 -C "error" 6662 6663requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6664requires_config_enabled MBEDTLS_RSA_C 6665requires_config_enabled MBEDTLS_ECDSA_C 6666requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 6667run_test "DTLS fragmenting: openssl server, DTLS 1.0" \ 6668 "$O_SRV -dtls1 -verify 10" \ 6669 "$P_CLI dtls=1 debug_level=2 \ 6670 crt_file=data_files/server8_int-ca2.crt \ 6671 key_file=data_files/server8.key \ 6672 mtu=512 force_version=dtls1" \ 6673 0 \ 6674 -c "fragmenting handshake message" \ 6675 -C "error" 6676 6677requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6678requires_config_enabled MBEDTLS_RSA_C 6679requires_config_enabled MBEDTLS_ECDSA_C 6680requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6681run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ 6682 "$P_SRV dtls=1 debug_level=2 \ 6683 crt_file=data_files/server7_int-ca.crt \ 6684 key_file=data_files/server7.key \ 6685 mtu=512 force_version=dtls1_2" \ 6686 "$O_CLI -dtls1_2" \ 6687 0 \ 6688 -s "fragmenting handshake message" 6689 6690requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6691requires_config_enabled MBEDTLS_RSA_C 6692requires_config_enabled MBEDTLS_ECDSA_C 6693requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 6694run_test "DTLS fragmenting: openssl client, DTLS 1.0" \ 6695 "$P_SRV dtls=1 debug_level=2 \ 6696 crt_file=data_files/server7_int-ca.crt \ 6697 key_file=data_files/server7.key \ 6698 mtu=512 force_version=dtls1" \ 6699 "$O_CLI -dtls1" \ 6700 0 \ 6701 -s "fragmenting handshake message" 6702 6703# interop tests for DTLS fragmentating with unreliable connection 6704# 6705# again we just want to test that the we fragment in a way that 6706# pleases other implementations, so we don't need the peer to fragment 6707requires_gnutls_next 6708requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6709requires_config_enabled MBEDTLS_RSA_C 6710requires_config_enabled MBEDTLS_ECDSA_C 6711requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6712client_needs_more_time 4 6713run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ 6714 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 6715 "$G_NEXT_SRV -u" \ 6716 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 6717 crt_file=data_files/server8_int-ca2.crt \ 6718 key_file=data_files/server8.key \ 6719 hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ 6720 0 \ 6721 -c "fragmenting handshake message" \ 6722 -C "error" 6723 6724requires_gnutls_next 6725requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6726requires_config_enabled MBEDTLS_RSA_C 6727requires_config_enabled MBEDTLS_ECDSA_C 6728requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 6729client_needs_more_time 4 6730run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \ 6731 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 6732 "$G_NEXT_SRV -u" \ 6733 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 6734 crt_file=data_files/server8_int-ca2.crt \ 6735 key_file=data_files/server8.key \ 6736 hs_timeout=250-60000 mtu=512 force_version=dtls1" \ 6737 0 \ 6738 -c "fragmenting handshake message" \ 6739 -C "error" 6740 6741requires_gnutls_next 6742requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6743requires_config_enabled MBEDTLS_RSA_C 6744requires_config_enabled MBEDTLS_ECDSA_C 6745requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6746client_needs_more_time 4 6747run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ 6748 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 6749 "$P_SRV dtls=1 debug_level=2 \ 6750 crt_file=data_files/server7_int-ca.crt \ 6751 key_file=data_files/server7.key \ 6752 hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ 6753 "$G_NEXT_CLI -u --insecure 127.0.0.1" \ 6754 0 \ 6755 -s "fragmenting handshake message" 6756 6757requires_gnutls_next 6758requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6759requires_config_enabled MBEDTLS_RSA_C 6760requires_config_enabled MBEDTLS_ECDSA_C 6761requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 6762client_needs_more_time 4 6763run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \ 6764 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 6765 "$P_SRV dtls=1 debug_level=2 \ 6766 crt_file=data_files/server7_int-ca.crt \ 6767 key_file=data_files/server7.key \ 6768 hs_timeout=250-60000 mtu=512 force_version=dtls1" \ 6769 "$G_NEXT_CLI -u --insecure 127.0.0.1" \ 6770 0 \ 6771 -s "fragmenting handshake message" 6772 6773## Interop test with OpenSSL might trigger a bug in recent versions (including 6774## all versions installed on the CI machines), reported here: 6775## Bug report: https://github.com/openssl/openssl/issues/6902 6776## They should be re-enabled once a fixed version of OpenSSL is available 6777## (this should happen in some 1.1.1_ release according to the ticket). 6778skip_next_test 6779requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6780requires_config_enabled MBEDTLS_RSA_C 6781requires_config_enabled MBEDTLS_ECDSA_C 6782requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6783client_needs_more_time 4 6784run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ 6785 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 6786 "$O_SRV -dtls1_2 -verify 10" \ 6787 "$P_CLI dtls=1 debug_level=2 \ 6788 crt_file=data_files/server8_int-ca2.crt \ 6789 key_file=data_files/server8.key \ 6790 hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ 6791 0 \ 6792 -c "fragmenting handshake message" \ 6793 -C "error" 6794 6795skip_next_test 6796requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6797requires_config_enabled MBEDTLS_RSA_C 6798requires_config_enabled MBEDTLS_ECDSA_C 6799requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 6800client_needs_more_time 4 6801run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \ 6802 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 6803 "$O_SRV -dtls1 -verify 10" \ 6804 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 6805 crt_file=data_files/server8_int-ca2.crt \ 6806 key_file=data_files/server8.key \ 6807 hs_timeout=250-60000 mtu=512 force_version=dtls1" \ 6808 0 \ 6809 -c "fragmenting handshake message" \ 6810 -C "error" 6811 6812skip_next_test 6813requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6814requires_config_enabled MBEDTLS_RSA_C 6815requires_config_enabled MBEDTLS_ECDSA_C 6816requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6817client_needs_more_time 4 6818run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ 6819 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 6820 "$P_SRV dtls=1 debug_level=2 \ 6821 crt_file=data_files/server7_int-ca.crt \ 6822 key_file=data_files/server7.key \ 6823 hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ 6824 "$O_CLI -dtls1_2" \ 6825 0 \ 6826 -s "fragmenting handshake message" 6827 6828# -nbio is added to prevent s_client from blocking in case of duplicated 6829# messages at the end of the handshake 6830skip_next_test 6831requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6832requires_config_enabled MBEDTLS_RSA_C 6833requires_config_enabled MBEDTLS_ECDSA_C 6834requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 6835client_needs_more_time 4 6836run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \ 6837 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 6838 "$P_SRV dgram_packing=0 dtls=1 debug_level=2 \ 6839 crt_file=data_files/server7_int-ca.crt \ 6840 key_file=data_files/server7.key \ 6841 hs_timeout=250-60000 mtu=512 force_version=dtls1" \ 6842 "$O_CLI -nbio -dtls1" \ 6843 0 \ 6844 -s "fragmenting handshake message" 6845 6846# Tests for specific things with "unreliable" UDP connection 6847 6848not_with_valgrind # spurious resend due to timeout 6849run_test "DTLS proxy: reference" \ 6850 -p "$P_PXY" \ 6851 "$P_SRV dtls=1 debug_level=2" \ 6852 "$P_CLI dtls=1 debug_level=2" \ 6853 0 \ 6854 -C "replayed record" \ 6855 -S "replayed record" \ 6856 -C "record from another epoch" \ 6857 -S "record from another epoch" \ 6858 -C "discarding invalid record" \ 6859 -S "discarding invalid record" \ 6860 -S "resend" \ 6861 -s "Extra-header:" \ 6862 -c "HTTP/1.0 200 OK" 6863 6864not_with_valgrind # spurious resend due to timeout 6865run_test "DTLS proxy: duplicate every packet" \ 6866 -p "$P_PXY duplicate=1" \ 6867 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 6868 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 6869 0 \ 6870 -c "replayed record" \ 6871 -s "replayed record" \ 6872 -c "record from another epoch" \ 6873 -s "record from another epoch" \ 6874 -S "resend" \ 6875 -s "Extra-header:" \ 6876 -c "HTTP/1.0 200 OK" 6877 6878run_test "DTLS proxy: duplicate every packet, server anti-replay off" \ 6879 -p "$P_PXY duplicate=1" \ 6880 "$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=0" \ 6881 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 6882 0 \ 6883 -c "replayed record" \ 6884 -S "replayed record" \ 6885 -c "record from another epoch" \ 6886 -s "record from another epoch" \ 6887 -c "resend" \ 6888 -s "resend" \ 6889 -s "Extra-header:" \ 6890 -c "HTTP/1.0 200 OK" 6891 6892run_test "DTLS proxy: multiple records in same datagram" \ 6893 -p "$P_PXY pack=50" \ 6894 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 6895 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 6896 0 \ 6897 -c "next record in same datagram" \ 6898 -s "next record in same datagram" 6899 6900run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \ 6901 -p "$P_PXY pack=50 duplicate=1" \ 6902 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 6903 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 6904 0 \ 6905 -c "next record in same datagram" \ 6906 -s "next record in same datagram" 6907 6908run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \ 6909 -p "$P_PXY bad_ad=1" \ 6910 "$P_SRV dtls=1 dgram_packing=0 debug_level=1" \ 6911 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 6912 0 \ 6913 -c "discarding invalid record (mac)" \ 6914 -s "discarding invalid record (mac)" \ 6915 -s "Extra-header:" \ 6916 -c "HTTP/1.0 200 OK" \ 6917 -S "too many records with bad MAC" \ 6918 -S "Verification of the message MAC failed" 6919 6920run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \ 6921 -p "$P_PXY bad_ad=1" \ 6922 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=1" \ 6923 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 6924 1 \ 6925 -C "discarding invalid record (mac)" \ 6926 -S "discarding invalid record (mac)" \ 6927 -S "Extra-header:" \ 6928 -C "HTTP/1.0 200 OK" \ 6929 -s "too many records with bad MAC" \ 6930 -s "Verification of the message MAC failed" 6931 6932run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \ 6933 -p "$P_PXY bad_ad=1" \ 6934 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2" \ 6935 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 6936 0 \ 6937 -c "discarding invalid record (mac)" \ 6938 -s "discarding invalid record (mac)" \ 6939 -s "Extra-header:" \ 6940 -c "HTTP/1.0 200 OK" \ 6941 -S "too many records with bad MAC" \ 6942 -S "Verification of the message MAC failed" 6943 6944run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\ 6945 -p "$P_PXY bad_ad=1" \ 6946 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2 exchanges=2" \ 6947 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100 exchanges=2" \ 6948 1 \ 6949 -c "discarding invalid record (mac)" \ 6950 -s "discarding invalid record (mac)" \ 6951 -s "Extra-header:" \ 6952 -c "HTTP/1.0 200 OK" \ 6953 -s "too many records with bad MAC" \ 6954 -s "Verification of the message MAC failed" 6955 6956run_test "DTLS proxy: delay ChangeCipherSpec" \ 6957 -p "$P_PXY delay_ccs=1" \ 6958 "$P_SRV dtls=1 debug_level=1 dgram_packing=0" \ 6959 "$P_CLI dtls=1 debug_level=1 dgram_packing=0" \ 6960 0 \ 6961 -c "record from another epoch" \ 6962 -s "record from another epoch" \ 6963 -s "Extra-header:" \ 6964 -c "HTTP/1.0 200 OK" 6965 6966# Tests for reordering support with DTLS 6967 6968run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ 6969 -p "$P_PXY delay_srv=ServerHello" \ 6970 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 6971 hs_timeout=2500-60000" \ 6972 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 6973 hs_timeout=2500-60000" \ 6974 0 \ 6975 -c "Buffering HS message" \ 6976 -c "Next handshake message has been buffered - load"\ 6977 -S "Buffering HS message" \ 6978 -S "Next handshake message has been buffered - load"\ 6979 -C "Injecting buffered CCS message" \ 6980 -C "Remember CCS message" \ 6981 -S "Injecting buffered CCS message" \ 6982 -S "Remember CCS message" 6983 6984run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \ 6985 -p "$P_PXY delay_srv=ServerHello" \ 6986 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 6987 hs_timeout=2500-60000" \ 6988 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 6989 hs_timeout=2500-60000" \ 6990 0 \ 6991 -c "Buffering HS message" \ 6992 -c "found fragmented DTLS handshake message"\ 6993 -c "Next handshake message 1 not or only partially bufffered" \ 6994 -c "Next handshake message has been buffered - load"\ 6995 -S "Buffering HS message" \ 6996 -S "Next handshake message has been buffered - load"\ 6997 -C "Injecting buffered CCS message" \ 6998 -C "Remember CCS message" \ 6999 -S "Injecting buffered CCS message" \ 7000 -S "Remember CCS message" 7001 7002# The client buffers the ServerKeyExchange before receiving the fragmented 7003# Certificate message; at the time of writing, together these are aroudn 1200b 7004# in size, so that the bound below ensures that the certificate can be reassembled 7005# while keeping the ServerKeyExchange. 7006requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300 7007run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \ 7008 -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ 7009 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 7010 hs_timeout=2500-60000" \ 7011 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7012 hs_timeout=2500-60000" \ 7013 0 \ 7014 -c "Buffering HS message" \ 7015 -c "Next handshake message has been buffered - load"\ 7016 -C "attempt to make space by freeing buffered messages" \ 7017 -S "Buffering HS message" \ 7018 -S "Next handshake message has been buffered - load"\ 7019 -C "Injecting buffered CCS message" \ 7020 -C "Remember CCS message" \ 7021 -S "Injecting buffered CCS message" \ 7022 -S "Remember CCS message" 7023 7024# The size constraints ensure that the delayed certificate message can't 7025# be reassembled while keeping the ServerKeyExchange message, but it can 7026# when dropping it first. 7027requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900 7028requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299 7029run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \ 7030 -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ 7031 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 7032 hs_timeout=2500-60000" \ 7033 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7034 hs_timeout=2500-60000" \ 7035 0 \ 7036 -c "Buffering HS message" \ 7037 -c "attempt to make space by freeing buffered future messages" \ 7038 -c "Enough space available after freeing buffered HS messages" \ 7039 -S "Buffering HS message" \ 7040 -S "Next handshake message has been buffered - load"\ 7041 -C "Injecting buffered CCS message" \ 7042 -C "Remember CCS message" \ 7043 -S "Injecting buffered CCS message" \ 7044 -S "Remember CCS message" 7045 7046run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ 7047 -p "$P_PXY delay_cli=Certificate" \ 7048 "$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \ 7049 hs_timeout=2500-60000" \ 7050 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7051 hs_timeout=2500-60000" \ 7052 0 \ 7053 -C "Buffering HS message" \ 7054 -C "Next handshake message has been buffered - load"\ 7055 -s "Buffering HS message" \ 7056 -s "Next handshake message has been buffered - load" \ 7057 -C "Injecting buffered CCS message" \ 7058 -C "Remember CCS message" \ 7059 -S "Injecting buffered CCS message" \ 7060 -S "Remember CCS message" 7061 7062run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ 7063 -p "$P_PXY delay_srv=NewSessionTicket" \ 7064 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 7065 hs_timeout=2500-60000" \ 7066 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7067 hs_timeout=2500-60000" \ 7068 0 \ 7069 -C "Buffering HS message" \ 7070 -C "Next handshake message has been buffered - load"\ 7071 -S "Buffering HS message" \ 7072 -S "Next handshake message has been buffered - load" \ 7073 -c "Injecting buffered CCS message" \ 7074 -c "Remember CCS message" \ 7075 -S "Injecting buffered CCS message" \ 7076 -S "Remember CCS message" 7077 7078run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ 7079 -p "$P_PXY delay_cli=ClientKeyExchange" \ 7080 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 7081 hs_timeout=2500-60000" \ 7082 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7083 hs_timeout=2500-60000" \ 7084 0 \ 7085 -C "Buffering HS message" \ 7086 -C "Next handshake message has been buffered - load"\ 7087 -S "Buffering HS message" \ 7088 -S "Next handshake message has been buffered - load" \ 7089 -C "Injecting buffered CCS message" \ 7090 -C "Remember CCS message" \ 7091 -s "Injecting buffered CCS message" \ 7092 -s "Remember CCS message" 7093 7094run_test "DTLS reordering: Buffer encrypted Finished message" \ 7095 -p "$P_PXY delay_ccs=1" \ 7096 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 7097 hs_timeout=2500-60000" \ 7098 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7099 hs_timeout=2500-60000" \ 7100 0 \ 7101 -s "Buffer record from epoch 1" \ 7102 -s "Found buffered record from current epoch - load" \ 7103 -c "Buffer record from epoch 1" \ 7104 -c "Found buffered record from current epoch - load" 7105 7106# In this test, both the fragmented NewSessionTicket and the ChangeCipherSpec 7107# from the server are delayed, so that the encrypted Finished message 7108# is received and buffered. When the fragmented NewSessionTicket comes 7109# in afterwards, the encrypted Finished message must be freed in order 7110# to make space for the NewSessionTicket to be reassembled. 7111# This works only in very particular circumstances: 7112# - MBEDTLS_SSL_DTLS_MAX_BUFFERING must be large enough to allow buffering 7113# of the NewSessionTicket, but small enough to also allow buffering of 7114# the encrypted Finished message. 7115# - The MTU setting on the server must be so small that the NewSessionTicket 7116# needs to be fragmented. 7117# - All messages sent by the server must be small enough to be either sent 7118# without fragmentation or be reassembled within the bounds of 7119# MBEDTLS_SSL_DTLS_MAX_BUFFERING. Achieve this by testing with a PSK-based 7120# handshake, omitting CRTs. 7121requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 240 7122requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 280 7123run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \ 7124 -p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \ 7125 "$P_SRV mtu=190 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \ 7126 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=abc123 psk_identity=foo" \ 7127 0 \ 7128 -s "Buffer record from epoch 1" \ 7129 -s "Found buffered record from current epoch - load" \ 7130 -c "Buffer record from epoch 1" \ 7131 -C "Found buffered record from current epoch - load" \ 7132 -c "Enough space available after freeing future epoch record" 7133 7134# Tests for "randomly unreliable connection": try a variety of flows and peers 7135 7136client_needs_more_time 2 7137run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ 7138 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7139 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7140 psk=abc123" \ 7141 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7142 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 7143 0 \ 7144 -s "Extra-header:" \ 7145 -c "HTTP/1.0 200 OK" 7146 7147client_needs_more_time 2 7148run_test "DTLS proxy: 3d, \"short\" RSA handshake" \ 7149 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7150 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ 7151 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \ 7152 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 7153 0 \ 7154 -s "Extra-header:" \ 7155 -c "HTTP/1.0 200 OK" 7156 7157client_needs_more_time 2 7158run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \ 7159 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7160 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ 7161 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \ 7162 0 \ 7163 -s "Extra-header:" \ 7164 -c "HTTP/1.0 200 OK" 7165 7166client_needs_more_time 2 7167run_test "DTLS proxy: 3d, FS, client auth" \ 7168 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7169 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=required" \ 7170 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \ 7171 0 \ 7172 -s "Extra-header:" \ 7173 -c "HTTP/1.0 200 OK" 7174 7175client_needs_more_time 2 7176run_test "DTLS proxy: 3d, FS, ticket" \ 7177 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7178 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \ 7179 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \ 7180 0 \ 7181 -s "Extra-header:" \ 7182 -c "HTTP/1.0 200 OK" 7183 7184client_needs_more_time 2 7185run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \ 7186 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7187 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \ 7188 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \ 7189 0 \ 7190 -s "Extra-header:" \ 7191 -c "HTTP/1.0 200 OK" 7192 7193client_needs_more_time 2 7194run_test "DTLS proxy: 3d, max handshake, nbio" \ 7195 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7196 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \ 7197 auth_mode=required" \ 7198 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1" \ 7199 0 \ 7200 -s "Extra-header:" \ 7201 -c "HTTP/1.0 200 OK" 7202 7203client_needs_more_time 4 7204run_test "DTLS proxy: 3d, min handshake, resumption" \ 7205 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7206 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7207 psk=abc123 debug_level=3" \ 7208 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7209 debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \ 7210 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 7211 0 \ 7212 -s "a session has been resumed" \ 7213 -c "a session has been resumed" \ 7214 -s "Extra-header:" \ 7215 -c "HTTP/1.0 200 OK" 7216 7217client_needs_more_time 4 7218run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ 7219 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7220 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7221 psk=abc123 debug_level=3 nbio=2" \ 7222 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7223 debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \ 7224 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \ 7225 0 \ 7226 -s "a session has been resumed" \ 7227 -c "a session has been resumed" \ 7228 -s "Extra-header:" \ 7229 -c "HTTP/1.0 200 OK" 7230 7231client_needs_more_time 4 7232requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 7233run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ 7234 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7235 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7236 psk=abc123 renegotiation=1 debug_level=2" \ 7237 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7238 renegotiate=1 debug_level=2 \ 7239 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 7240 0 \ 7241 -c "=> renegotiate" \ 7242 -s "=> renegotiate" \ 7243 -s "Extra-header:" \ 7244 -c "HTTP/1.0 200 OK" 7245 7246client_needs_more_time 4 7247requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 7248run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ 7249 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7250 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7251 psk=abc123 renegotiation=1 debug_level=2" \ 7252 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7253 renegotiate=1 debug_level=2 \ 7254 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 7255 0 \ 7256 -c "=> renegotiate" \ 7257 -s "=> renegotiate" \ 7258 -s "Extra-header:" \ 7259 -c "HTTP/1.0 200 OK" 7260 7261client_needs_more_time 4 7262requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 7263run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ 7264 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7265 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7266 psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \ 7267 debug_level=2" \ 7268 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7269 renegotiation=1 exchanges=4 debug_level=2 \ 7270 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 7271 0 \ 7272 -c "=> renegotiate" \ 7273 -s "=> renegotiate" \ 7274 -s "Extra-header:" \ 7275 -c "HTTP/1.0 200 OK" 7276 7277client_needs_more_time 4 7278requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 7279run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ 7280 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7281 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7282 psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \ 7283 debug_level=2 nbio=2" \ 7284 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7285 renegotiation=1 exchanges=4 debug_level=2 nbio=2 \ 7286 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 7287 0 \ 7288 -c "=> renegotiate" \ 7289 -s "=> renegotiate" \ 7290 -s "Extra-header:" \ 7291 -c "HTTP/1.0 200 OK" 7292 7293## Interop tests with OpenSSL might trigger a bug in recent versions (including 7294## all versions installed on the CI machines), reported here: 7295## Bug report: https://github.com/openssl/openssl/issues/6902 7296## They should be re-enabled once a fixed version of OpenSSL is available 7297## (this should happen in some 1.1.1_ release according to the ticket). 7298skip_next_test 7299client_needs_more_time 6 7300not_with_valgrind # risk of non-mbedtls peer timing out 7301run_test "DTLS proxy: 3d, openssl server" \ 7302 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ 7303 "$O_SRV -dtls1 -mtu 2048" \ 7304 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ 7305 0 \ 7306 -c "HTTP/1.0 200 OK" 7307 7308skip_next_test # see above 7309client_needs_more_time 8 7310not_with_valgrind # risk of non-mbedtls peer timing out 7311run_test "DTLS proxy: 3d, openssl server, fragmentation" \ 7312 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ 7313 "$O_SRV -dtls1 -mtu 768" \ 7314 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ 7315 0 \ 7316 -c "HTTP/1.0 200 OK" 7317 7318skip_next_test # see above 7319client_needs_more_time 8 7320not_with_valgrind # risk of non-mbedtls peer timing out 7321run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ 7322 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ 7323 "$O_SRV -dtls1 -mtu 768" \ 7324 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \ 7325 0 \ 7326 -c "HTTP/1.0 200 OK" 7327 7328requires_gnutls 7329client_needs_more_time 6 7330not_with_valgrind # risk of non-mbedtls peer timing out 7331run_test "DTLS proxy: 3d, gnutls server" \ 7332 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7333 "$G_SRV -u --mtu 2048 -a" \ 7334 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ 7335 0 \ 7336 -s "Extra-header:" \ 7337 -c "Extra-header:" 7338 7339requires_gnutls_next 7340client_needs_more_time 8 7341not_with_valgrind # risk of non-mbedtls peer timing out 7342run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ 7343 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7344 "$G_NEXT_SRV -u --mtu 512" \ 7345 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ 7346 0 \ 7347 -s "Extra-header:" \ 7348 -c "Extra-header:" 7349 7350requires_gnutls_next 7351client_needs_more_time 8 7352not_with_valgrind # risk of non-mbedtls peer timing out 7353run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ 7354 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7355 "$G_NEXT_SRV -u --mtu 512" \ 7356 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \ 7357 0 \ 7358 -s "Extra-header:" \ 7359 -c "Extra-header:" 7360 7361# Final report 7362 7363echo "------------------------------------------------------------------------" 7364 7365if [ $FAILS = 0 ]; then 7366 printf "PASSED" 7367else 7368 printf "FAILED" 7369fi 7370PASSES=$(( $TESTS - $FAILS )) 7371echo " ($PASSES / $TESTS tests ($SKIPS skipped))" 7372 7373exit $FAILS 7374