1#!/bin/sh 2 3# ssl-opt.sh 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 7# 8# This file is provided under the Apache License 2.0, or the 9# GNU General Public License v2.0 or later. 10# 11# ********** 12# Apache License 2.0: 13# 14# Licensed under the Apache License, Version 2.0 (the "License"); you may 15# not use this file except in compliance with the License. 16# You may obtain a copy of the License at 17# 18# http://www.apache.org/licenses/LICENSE-2.0 19# 20# Unless required by applicable law or agreed to in writing, software 21# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 22# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 23# See the License for the specific language governing permissions and 24# limitations under the License. 25# 26# ********** 27# 28# ********** 29# GNU General Public License v2.0 or later: 30# 31# This program is free software; you can redistribute it and/or modify 32# it under the terms of the GNU General Public License as published by 33# the Free Software Foundation; either version 2 of the License, or 34# (at your option) any later version. 35# 36# This program is distributed in the hope that it will be useful, 37# but WITHOUT ANY WARRANTY; without even the implied warranty of 38# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 39# GNU General Public License for more details. 40# 41# You should have received a copy of the GNU General Public License along 42# with this program; if not, write to the Free Software Foundation, Inc., 43# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 44# 45# ********** 46# 47# Purpose 48# 49# Executes tests to prove various TLS/SSL options and extensions. 50# 51# The goal is not to cover every ciphersuite/version, but instead to cover 52# specific options (max fragment length, truncated hmac, etc) or procedures 53# (session resumption from cache or ticket, renego, etc). 54# 55# The tests assume a build with default options, with exceptions expressed 56# with a dependency. The tests focus on functionality and do not consider 57# performance. 58# 59 60set -u 61 62# Limit the size of each log to 10 GiB, in case of failures with this script 63# where it may output seemingly unlimited length error logs. 64ulimit -f 20971520 65 66if cd $( dirname $0 ); then :; else 67 echo "cd $( dirname $0 ) failed" >&2 68 exit 1 69fi 70 71# default values, can be overridden by the environment 72: ${P_SRV:=../programs/ssl/ssl_server2} 73: ${P_CLI:=../programs/ssl/ssl_client2} 74: ${P_PXY:=../programs/test/udp_proxy} 75: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system 76: ${GNUTLS_CLI:=gnutls-cli} 77: ${GNUTLS_SERV:=gnutls-serv} 78: ${PERL:=perl} 79 80O_SRV="$OPENSSL_CMD s_server -www -cert data_files/server5.crt -key data_files/server5.key" 81O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_CMD s_client" 82G_SRV="$GNUTLS_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key" 83G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile data_files/test-ca_cat12.crt" 84TCP_CLIENT="$PERL scripts/tcp_client.pl" 85 86# alternative versions of OpenSSL and GnuTLS (no default path) 87 88if [ -n "${OPENSSL_LEGACY:-}" ]; then 89 O_LEGACY_SRV="$OPENSSL_LEGACY s_server -www -cert data_files/server5.crt -key data_files/server5.key" 90 O_LEGACY_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_LEGACY s_client" 91else 92 O_LEGACY_SRV=false 93 O_LEGACY_CLI=false 94fi 95 96if [ -n "${OPENSSL_NEXT:-}" ]; then 97 O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key" 98 O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client" 99else 100 O_NEXT_SRV=false 101 O_NEXT_CLI=false 102fi 103 104if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then 105 G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key" 106else 107 G_NEXT_SRV=false 108fi 109 110if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then 111 G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile data_files/test-ca_cat12.crt" 112else 113 G_NEXT_CLI=false 114fi 115 116TESTS=0 117FAILS=0 118SKIPS=0 119 120CONFIG_H='../include/mbedtls/config.h' 121 122MEMCHECK=0 123FILTER='.*' 124EXCLUDE='^$' 125 126SHOW_TEST_NUMBER=0 127RUN_TEST_NUMBER='' 128 129PRESERVE_LOGS=0 130 131# Pick a "unique" server port in the range 10000-19999, and a proxy 132# port which is this plus 10000. Each port number may be independently 133# overridden by a command line option. 134SRV_PORT=$(($$ % 10000 + 10000)) 135PXY_PORT=$((SRV_PORT + 10000)) 136 137print_usage() { 138 echo "Usage: $0 [options]" 139 printf " -h|--help\tPrint this help.\n" 140 printf " -m|--memcheck\tCheck memory leaks and errors.\n" 141 printf " -f|--filter\tOnly matching tests are executed (substring or BRE)\n" 142 printf " -e|--exclude\tMatching tests are excluded (substring or BRE)\n" 143 printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" 144 printf " -s|--show-numbers\tShow test numbers in front of test names\n" 145 printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" 146 printf " --port\tTCP/UDP port (default: randomish 1xxxx)\n" 147 printf " --proxy-port\tTCP/UDP proxy port (default: randomish 2xxxx)\n" 148 printf " --seed\tInteger seed value to use for this test run\n" 149} 150 151get_options() { 152 while [ $# -gt 0 ]; do 153 case "$1" in 154 -f|--filter) 155 shift; FILTER=$1 156 ;; 157 -e|--exclude) 158 shift; EXCLUDE=$1 159 ;; 160 -m|--memcheck) 161 MEMCHECK=1 162 ;; 163 -n|--number) 164 shift; RUN_TEST_NUMBER=$1 165 ;; 166 -s|--show-numbers) 167 SHOW_TEST_NUMBER=1 168 ;; 169 -p|--preserve-logs) 170 PRESERVE_LOGS=1 171 ;; 172 --port) 173 shift; SRV_PORT=$1 174 ;; 175 --proxy-port) 176 shift; PXY_PORT=$1 177 ;; 178 --seed) 179 shift; SEED="$1" 180 ;; 181 -h|--help) 182 print_usage 183 exit 0 184 ;; 185 *) 186 echo "Unknown argument: '$1'" 187 print_usage 188 exit 1 189 ;; 190 esac 191 shift 192 done 193} 194 195# Read boolean configuration options from config.h for easy and quick 196# testing. Skip non-boolean options (with something other than spaces 197# and a comment after "#define SYMBOL"). The variable contains a 198# space-separated list of symbols. 199CONFIGS_ENABLED=" $(<"$CONFIG_H" \ 200 sed -n 's!^ *#define *\([A-Za-z][0-9A-Z_a-z]*\) *\(/*\)*!\1!p' | 201 tr '\n' ' ')" 202 203# Skip next test; use this macro to skip tests which are legitimate 204# in theory and expected to be re-introduced at some point, but 205# aren't expected to succeed at the moment due to problems outside 206# our control (such as bugs in other TLS implementations). 207skip_next_test() { 208 SKIP_NEXT="YES" 209} 210 211# skip next test if the flag is not enabled in config.h 212requires_config_enabled() { 213 case $CONFIGS_ENABLED in 214 *" $1 "*) :;; 215 *) SKIP_NEXT="YES";; 216 esac 217} 218 219# skip next test if the flag is enabled in config.h 220requires_config_disabled() { 221 case $CONFIGS_ENABLED in 222 *" $1 "*) SKIP_NEXT="YES";; 223 esac 224} 225 226get_config_value_or_default() { 227 # This function uses the query_config command line option to query the 228 # required Mbed TLS compile time configuration from the ssl_server2 229 # program. The command will always return a success value if the 230 # configuration is defined and the value will be printed to stdout. 231 # 232 # Note that if the configuration is not defined or is defined to nothing, 233 # the output of this function will be an empty string. 234 ${P_SRV} "query_config=${1}" 235} 236 237requires_config_value_at_least() { 238 VAL="$( get_config_value_or_default "$1" )" 239 if [ -z "$VAL" ]; then 240 # Should never happen 241 echo "Mbed TLS configuration $1 is not defined" 242 exit 1 243 elif [ "$VAL" -lt "$2" ]; then 244 SKIP_NEXT="YES" 245 fi 246} 247 248requires_config_value_at_most() { 249 VAL=$( get_config_value_or_default "$1" ) 250 if [ -z "$VAL" ]; then 251 # Should never happen 252 echo "Mbed TLS configuration $1 is not defined" 253 exit 1 254 elif [ "$VAL" -gt "$2" ]; then 255 SKIP_NEXT="YES" 256 fi 257} 258 259requires_config_value_equals() { 260 VAL=$( get_config_value_or_default "$1" ) 261 if [ -z "$VAL" ]; then 262 # Should never happen 263 echo "Mbed TLS configuration $1 is not defined" 264 exit 1 265 elif [ "$VAL" -ne "$2" ]; then 266 SKIP_NEXT="YES" 267 fi 268} 269 270# skip next test if OpenSSL doesn't support FALLBACK_SCSV 271requires_openssl_with_fallback_scsv() { 272 if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then 273 if $OPENSSL_CMD s_client -help 2>&1 | grep fallback_scsv >/dev/null 274 then 275 OPENSSL_HAS_FBSCSV="YES" 276 else 277 OPENSSL_HAS_FBSCSV="NO" 278 fi 279 fi 280 if [ "$OPENSSL_HAS_FBSCSV" = "NO" ]; then 281 SKIP_NEXT="YES" 282 fi 283} 284 285# skip next test if either IN_CONTENT_LEN or MAX_CONTENT_LEN are below a value 286requires_max_content_len() { 287 requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" $1 288 requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" $1 289} 290 291# skip next test if GnuTLS isn't available 292requires_gnutls() { 293 if [ -z "${GNUTLS_AVAILABLE:-}" ]; then 294 if ( which "$GNUTLS_CLI" && which "$GNUTLS_SERV" ) >/dev/null 2>&1; then 295 GNUTLS_AVAILABLE="YES" 296 else 297 GNUTLS_AVAILABLE="NO" 298 fi 299 fi 300 if [ "$GNUTLS_AVAILABLE" = "NO" ]; then 301 SKIP_NEXT="YES" 302 fi 303} 304 305# skip next test if GnuTLS-next isn't available 306requires_gnutls_next() { 307 if [ -z "${GNUTLS_NEXT_AVAILABLE:-}" ]; then 308 if ( which "${GNUTLS_NEXT_CLI:-}" && which "${GNUTLS_NEXT_SERV:-}" ) >/dev/null 2>&1; then 309 GNUTLS_NEXT_AVAILABLE="YES" 310 else 311 GNUTLS_NEXT_AVAILABLE="NO" 312 fi 313 fi 314 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then 315 SKIP_NEXT="YES" 316 fi 317} 318 319# skip next test if OpenSSL-legacy isn't available 320requires_openssl_legacy() { 321 if [ -z "${OPENSSL_LEGACY_AVAILABLE:-}" ]; then 322 if which "${OPENSSL_LEGACY:-}" >/dev/null 2>&1; then 323 OPENSSL_LEGACY_AVAILABLE="YES" 324 else 325 OPENSSL_LEGACY_AVAILABLE="NO" 326 fi 327 fi 328 if [ "$OPENSSL_LEGACY_AVAILABLE" = "NO" ]; then 329 SKIP_NEXT="YES" 330 fi 331} 332 333requires_openssl_next() { 334 if [ -z "${OPENSSL_NEXT_AVAILABLE:-}" ]; then 335 if which "${OPENSSL_NEXT:-}" >/dev/null 2>&1; then 336 OPENSSL_NEXT_AVAILABLE="YES" 337 else 338 OPENSSL_NEXT_AVAILABLE="NO" 339 fi 340 fi 341 if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then 342 SKIP_NEXT="YES" 343 fi 344} 345 346# skip next test if IPv6 isn't available on this host 347requires_ipv6() { 348 if [ -z "${HAS_IPV6:-}" ]; then 349 $P_SRV server_addr='::1' > $SRV_OUT 2>&1 & 350 SRV_PID=$! 351 sleep 1 352 kill $SRV_PID >/dev/null 2>&1 353 if grep "NET - Binding of the socket failed" $SRV_OUT >/dev/null; then 354 HAS_IPV6="NO" 355 else 356 HAS_IPV6="YES" 357 fi 358 rm -r $SRV_OUT 359 fi 360 361 if [ "$HAS_IPV6" = "NO" ]; then 362 SKIP_NEXT="YES" 363 fi 364} 365 366# skip next test if it's i686 or uname is not available 367requires_not_i686() { 368 if [ -z "${IS_I686:-}" ]; then 369 IS_I686="YES" 370 if which "uname" >/dev/null 2>&1; then 371 if [ -z "$(uname -a | grep i686)" ]; then 372 IS_I686="NO" 373 fi 374 fi 375 fi 376 if [ "$IS_I686" = "YES" ]; then 377 SKIP_NEXT="YES" 378 fi 379} 380 381# Calculate the input & output maximum content lengths set in the config 382MAX_CONTENT_LEN=$( get_config_value_or_default "MBEDTLS_SSL_MAX_CONTENT_LEN" ) 383MAX_IN_LEN=$( get_config_value_or_default "MBEDTLS_SSL_IN_CONTENT_LEN" ) 384MAX_OUT_LEN=$( get_config_value_or_default "MBEDTLS_SSL_OUT_CONTENT_LEN" ) 385 386# Calculate the maximum content length that fits both 387if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then 388 MAX_CONTENT_LEN="$MAX_IN_LEN" 389fi 390if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then 391 MAX_CONTENT_LEN="$MAX_OUT_LEN" 392fi 393 394# skip the next test if the SSL output buffer is less than 16KB 395requires_full_size_output_buffer() { 396 if [ "$MAX_OUT_LEN" -ne 16384 ]; then 397 SKIP_NEXT="YES" 398 fi 399} 400 401# skip the next test if valgrind is in use 402not_with_valgrind() { 403 if [ "$MEMCHECK" -gt 0 ]; then 404 SKIP_NEXT="YES" 405 fi 406} 407 408# skip the next test if valgrind is NOT in use 409only_with_valgrind() { 410 if [ "$MEMCHECK" -eq 0 ]; then 411 SKIP_NEXT="YES" 412 fi 413} 414 415# multiply the client timeout delay by the given factor for the next test 416client_needs_more_time() { 417 CLI_DELAY_FACTOR=$1 418} 419 420# wait for the given seconds after the client finished in the next test 421server_needs_more_time() { 422 SRV_DELAY_SECONDS=$1 423} 424 425# print_name <name> 426print_name() { 427 TESTS=$(( $TESTS + 1 )) 428 LINE="" 429 430 if [ "$SHOW_TEST_NUMBER" -gt 0 ]; then 431 LINE="$TESTS " 432 fi 433 434 LINE="$LINE$1" 435 printf "%s " "$LINE" 436 LEN=$(( 72 - `echo "$LINE" | wc -c` )) 437 for i in `seq 1 $LEN`; do printf '.'; done 438 printf ' ' 439 440} 441 442# Trivial function for compatibility with later Mbed TLS versions 443record_outcome() { 444 echo "$1" 445} 446 447# True if the presence of the given pattern in a log definitely indicates 448# that the test has failed. False if the presence is inconclusive. 449# 450# Inputs: 451# * $1: pattern found in the logs 452# * $TIMES_LEFT: >0 if retrying is an option 453# 454# Outputs: 455# * $outcome: set to a retry reason if the pattern is inconclusive, 456# unchanged otherwise. 457# * Return value: 1 if the pattern is inconclusive, 458# 0 if the failure is definitive. 459log_pattern_presence_is_conclusive() { 460 # If we've run out of attempts, then don't retry no matter what. 461 if [ $TIMES_LEFT -eq 0 ]; then 462 return 0 463 fi 464 case $1 in 465 "resend") 466 # An undesired resend may have been caused by the OS dropping or 467 # delaying a packet at an inopportune time. 468 outcome="RETRY(resend)" 469 return 1;; 470 esac 471} 472 473# fail <message> 474fail() { 475 record_outcome "FAIL" "$1" 476 echo " ! $1" 477 478 mv $SRV_OUT o-srv-${TESTS}.log 479 mv $CLI_OUT o-cli-${TESTS}.log 480 if [ -n "$PXY_CMD" ]; then 481 mv $PXY_OUT o-pxy-${TESTS}.log 482 fi 483 echo " ! outputs saved to o-XXX-${TESTS}.log" 484 485 if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then 486 echo " ! server output:" 487 cat o-srv-${TESTS}.log 488 echo " ! ========================================================" 489 echo " ! client output:" 490 cat o-cli-${TESTS}.log 491 if [ -n "$PXY_CMD" ]; then 492 echo " ! ========================================================" 493 echo " ! proxy output:" 494 cat o-pxy-${TESTS}.log 495 fi 496 echo "" 497 fi 498 499 FAILS=$(( $FAILS + 1 )) 500} 501 502# is_polar <cmd_line> 503is_polar() { 504 case "$1" in 505 *ssl_client2*) true;; 506 *ssl_server2*) true;; 507 *) false;; 508 esac 509} 510 511# openssl s_server doesn't have -www with DTLS 512check_osrv_dtls() { 513 case "$SRV_CMD" in 514 *s_server*-dtls*) 515 NEEDS_INPUT=1 516 SRV_CMD="$( echo $SRV_CMD | sed s/-www// )";; 517 *) NEEDS_INPUT=0;; 518 esac 519} 520 521# provide input to commands that need it 522provide_input() { 523 if [ $NEEDS_INPUT -eq 0 ]; then 524 return 525 fi 526 527 while true; do 528 echo "HTTP/1.0 200 OK" 529 sleep 1 530 done 531} 532 533# has_mem_err <log_file_name> 534has_mem_err() { 535 if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" && 536 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null 537 then 538 return 1 # false: does not have errors 539 else 540 return 0 # true: has errors 541 fi 542} 543 544# Wait for process $2 named $3 to be listening on port $1. Print error to $4. 545if type lsof >/dev/null 2>/dev/null; then 546 wait_app_start() { 547 newline=' 548' 549 START_TIME=$(date +%s) 550 if [ "$DTLS" -eq 1 ]; then 551 proto=UDP 552 else 553 proto=TCP 554 fi 555 # Make a tight loop, server normally takes less than 1s to start. 556 while true; do 557 SERVER_PIDS=$(lsof -a -n -b -i "$proto:$1" -F p) 558 # When we use a proxy, it will be listening on the same port we 559 # are checking for as well as the server and lsof will list both. 560 # If multiple PIDs are returned, each one will be on a separate 561 # line, each prepended with 'p'. 562 case ${newline}${SERVER_PIDS}${newline} in 563 *${newline}p${2}${newline}*) break;; 564 esac 565 if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then 566 echo "$3 START TIMEOUT" 567 echo "$3 START TIMEOUT" >> $4 568 break 569 fi 570 # Linux and *BSD support decimal arguments to sleep. On other 571 # OSes this may be a tight loop. 572 sleep 0.1 2>/dev/null || true 573 done 574 } 575else 576 echo "Warning: lsof not available, wait_app_start = sleep" 577 wait_app_start() { 578 sleep "$START_DELAY" 579 } 580fi 581 582# Wait for server process $2 to be listening on port $1. 583wait_server_start() { 584 wait_app_start $1 $2 "SERVER" $SRV_OUT 585} 586 587# Wait for proxy process $2 to be listening on port $1. 588wait_proxy_start() { 589 wait_app_start $1 $2 "PROXY" $PXY_OUT 590} 591 592# Given the client or server debug output, parse the unix timestamp that is 593# included in the first 4 bytes of the random bytes and check that it's within 594# acceptable bounds 595check_server_hello_time() { 596 # Extract the time from the debug (lvl 3) output of the client 597 SERVER_HELLO_TIME="$(sed -n 's/.*server hello, current time: //p' < "$1")" 598 # Get the Unix timestamp for now 599 CUR_TIME=$(date +'%s') 600 THRESHOLD_IN_SECS=300 601 602 # Check if the ServerHello time was printed 603 if [ -z "$SERVER_HELLO_TIME" ]; then 604 return 1 605 fi 606 607 # Check the time in ServerHello is within acceptable bounds 608 if [ $SERVER_HELLO_TIME -lt $(( $CUR_TIME - $THRESHOLD_IN_SECS )) ]; then 609 # The time in ServerHello is at least 5 minutes before now 610 return 1 611 elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then 612 # The time in ServerHello is at least 5 minutes later than now 613 return 1 614 else 615 return 0 616 fi 617} 618 619# wait for client to terminate and set CLI_EXIT 620# must be called right after starting the client 621wait_client_done() { 622 CLI_PID=$! 623 624 CLI_DELAY=$(( $DOG_DELAY * $CLI_DELAY_FACTOR )) 625 CLI_DELAY_FACTOR=1 626 627 ( sleep $CLI_DELAY; echo "===CLIENT_TIMEOUT===" >> $CLI_OUT; kill $CLI_PID ) & 628 DOG_PID=$! 629 630 wait $CLI_PID 631 CLI_EXIT=$? 632 633 kill $DOG_PID >/dev/null 2>&1 634 wait $DOG_PID 635 636 echo "EXIT: $CLI_EXIT" >> $CLI_OUT 637 638 sleep $SRV_DELAY_SECONDS 639 SRV_DELAY_SECONDS=0 640} 641 642# check if the given command uses dtls and sets global variable DTLS 643detect_dtls() { 644 case "$1" in 645 *dtls=1*|*-dtls*|*-u*) DTLS=1;; 646 *) DTLS=0;; 647 esac 648} 649 650# Analyze the commands that will be used in a test. 651# 652# Analyze and possibly instrument $PXY_CMD, $CLI_CMD, $SRV_CMD to pass 653# extra arguments or go through wrappers. 654# Set $DTLS (0=TLS, 1=DTLS). 655analyze_test_commands() { 656 # update DTLS variable 657 detect_dtls "$SRV_CMD" 658 659 # if the test uses DTLS but no custom proxy, add a simple proxy 660 # as it provides timing info that's useful to debug failures 661 if [ -z "$PXY_CMD" ] && [ "$DTLS" -eq 1 ]; then 662 PXY_CMD="$P_PXY" 663 case " $SRV_CMD " in 664 *' server_addr=::1 '*) 665 PXY_CMD="$PXY_CMD server_addr=::1 listen_addr=::1";; 666 esac 667 fi 668 669 # fix client port 670 if [ -n "$PXY_CMD" ]; then 671 CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g ) 672 else 673 CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$SRV_PORT/g ) 674 fi 675 676 # prepend valgrind to our commands if active 677 if [ "$MEMCHECK" -gt 0 ]; then 678 if is_polar "$SRV_CMD"; then 679 SRV_CMD="valgrind --leak-check=full $SRV_CMD" 680 fi 681 if is_polar "$CLI_CMD"; then 682 CLI_CMD="valgrind --leak-check=full $CLI_CMD" 683 fi 684 fi 685} 686 687# Check for failure conditions after a test case. 688# 689# Inputs from run_test: 690# * positional parameters: test options (see run_test documentation) 691# * $CLI_EXIT: client return code 692# * $CLI_EXPECT: expected client return code 693# * $SRV_RET: server return code 694# * $CLI_OUT, $SRV_OUT, $PXY_OUT: files containing client/server/proxy logs 695# * $TIMES_LEFT: if nonzero, a RETRY outcome is allowed 696# 697# Outputs: 698# * $outcome: one of PASS/RETRY*/FAIL 699check_test_failure() { 700 outcome=FAIL 701 702 if [ $TIMES_LEFT -gt 0 ] && 703 grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null 704 then 705 outcome="RETRY(client-timeout)" 706 return 707 fi 708 709 # check if the client and server went at least to the handshake stage 710 # (useful to avoid tests with only negative assertions and non-zero 711 # expected client exit to incorrectly succeed in case of catastrophic 712 # failure) 713 if is_polar "$SRV_CMD"; then 714 if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :; 715 else 716 fail "server or client failed to reach handshake stage" 717 return 718 fi 719 fi 720 if is_polar "$CLI_CMD"; then 721 if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :; 722 else 723 fail "server or client failed to reach handshake stage" 724 return 725 fi 726 fi 727 728 # Check server exit code (only for Mbed TLS: GnuTLS and OpenSSL don't 729 # exit with status 0 when interrupted by a signal, and we don't really 730 # care anyway), in case e.g. the server reports a memory leak. 731 if [ $SRV_RET != 0 ] && is_polar "$SRV_CMD"; then 732 fail "Server exited with status $SRV_RET" 733 return 734 fi 735 736 # check client exit code 737 if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \ 738 \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ] 739 then 740 fail "bad client exit code (expected $CLI_EXPECT, got $CLI_EXIT)" 741 return 742 fi 743 744 # check other assertions 745 # lines beginning with == are added by valgrind, ignore them 746 # lines with 'Serious error when reading debug info', are valgrind issues as well 747 while [ $# -gt 0 ] 748 do 749 case $1 in 750 "-s") 751 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else 752 fail "pattern '$2' MUST be present in the Server output" 753 return 754 fi 755 ;; 756 757 "-c") 758 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else 759 fail "pattern '$2' MUST be present in the Client output" 760 return 761 fi 762 ;; 763 764 "-S") 765 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then 766 if log_pattern_presence_is_conclusive "$2"; then 767 fail "pattern '$2' MUST NOT be present in the Server output" 768 fi 769 return 770 fi 771 ;; 772 773 "-C") 774 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then 775 if log_pattern_presence_is_conclusive "$2"; then 776 fail "pattern '$2' MUST NOT be present in the Client output" 777 fi 778 return 779 fi 780 ;; 781 782 # The filtering in the following two options (-u and -U) do the following 783 # - ignore valgrind output 784 # - filter out everything but lines right after the pattern occurrences 785 # - keep one of each non-unique line 786 # - count how many lines remain 787 # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1 788 # if there were no duplicates. 789 "-U") 790 if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then 791 fail "lines following pattern '$2' must be unique in Server output" 792 return 793 fi 794 ;; 795 796 "-u") 797 if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then 798 fail "lines following pattern '$2' must be unique in Client output" 799 return 800 fi 801 ;; 802 "-F") 803 if ! $2 "$SRV_OUT"; then 804 fail "function call to '$2' failed on Server output" 805 return 806 fi 807 ;; 808 "-f") 809 if ! $2 "$CLI_OUT"; then 810 fail "function call to '$2' failed on Client output" 811 return 812 fi 813 ;; 814 815 *) 816 echo "Unknown test: $1" >&2 817 exit 1 818 esac 819 shift 2 820 done 821 822 # check valgrind's results 823 if [ "$MEMCHECK" -gt 0 ]; then 824 if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then 825 fail "Server has memory errors" 826 return 827 fi 828 if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then 829 fail "Client has memory errors" 830 return 831 fi 832 fi 833 834 # if we're here, everything is ok 835 outcome=PASS 836} 837 838# Run the current test case: start the server and if applicable the proxy, run 839# the client, wait for all processes to finish or time out. 840# 841# Inputs: 842# * $NAME: test case name 843# * $CLI_CMD, $SRV_CMD, $PXY_CMD: commands to run 844# * $CLI_OUT, $SRV_OUT, $PXY_OUT: files to contain client/server/proxy logs 845# 846# Outputs: 847# * $CLI_EXIT: client return code 848# * $SRV_RET: server return code 849do_run_test_once() { 850 # run the commands 851 if [ -n "$PXY_CMD" ]; then 852 printf "# %s\n%s\n" "$NAME" "$PXY_CMD" > $PXY_OUT 853 $PXY_CMD >> $PXY_OUT 2>&1 & 854 PXY_PID=$! 855 wait_proxy_start "$PXY_PORT" "$PXY_PID" 856 fi 857 858 check_osrv_dtls 859 printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT 860 provide_input | $SRV_CMD >> $SRV_OUT 2>&1 & 861 SRV_PID=$! 862 wait_server_start "$SRV_PORT" "$SRV_PID" 863 864 printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT 865 eval "$CLI_CMD" >> $CLI_OUT 2>&1 & 866 wait_client_done 867 868 sleep 0.05 869 870 # terminate the server (and the proxy) 871 kill $SRV_PID 872 wait $SRV_PID 873 SRV_RET=$? 874 875 if [ -n "$PXY_CMD" ]; then 876 kill $PXY_PID >/dev/null 2>&1 877 wait $PXY_PID 878 fi 879} 880 881# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] 882# Options: -s pattern pattern that must be present in server output 883# -c pattern pattern that must be present in client output 884# -u pattern lines after pattern must be unique in client output 885# -f call shell function on client output 886# -S pattern pattern that must be absent in server output 887# -C pattern pattern that must be absent in client output 888# -U pattern lines after pattern must be unique in server output 889# -F call shell function on server output 890run_test() { 891 NAME="$1" 892 shift 1 893 894 if is_excluded "$NAME"; then 895 SKIP_NEXT="NO" 896 return 897 fi 898 899 print_name "$NAME" 900 901 # Do we only run numbered tests? 902 if [ -n "$RUN_TEST_NUMBER" ]; then 903 case ",$RUN_TEST_NUMBER," in 904 *",$TESTS,"*) :;; 905 *) SKIP_NEXT="YES";; 906 esac 907 fi 908 909 # does this test use a proxy? 910 if [ "X$1" = "X-p" ]; then 911 PXY_CMD="$2" 912 shift 2 913 else 914 PXY_CMD="" 915 fi 916 917 # get commands and client output 918 SRV_CMD="$1" 919 CLI_CMD="$2" 920 CLI_EXPECT="$3" 921 shift 3 922 923 # Check if test uses files 924 case "$SRV_CMD $CLI_CMD" in 925 *data_files/*) 926 requires_config_enabled MBEDTLS_FS_IO;; 927 esac 928 929 # should we skip? 930 if [ "X$SKIP_NEXT" = "XYES" ]; then 931 SKIP_NEXT="NO" 932 record_outcome "SKIP" 933 SKIPS=$(( $SKIPS + 1 )) 934 return 935 fi 936 937 analyze_test_commands "$@" 938 939 TIMES_LEFT=2 940 while [ $TIMES_LEFT -gt 0 ]; do 941 TIMES_LEFT=$(( $TIMES_LEFT - 1 )) 942 943 do_run_test_once 944 945 check_test_failure "$@" 946 case $outcome in 947 PASS) break;; 948 RETRY*) printf "$outcome ";; 949 FAIL) return;; 950 esac 951 done 952 953 # If we get this far, the test case passed. 954 record_outcome "PASS" 955 if [ "$PRESERVE_LOGS" -gt 0 ]; then 956 mv $SRV_OUT o-srv-${TESTS}.log 957 mv $CLI_OUT o-cli-${TESTS}.log 958 if [ -n "$PXY_CMD" ]; then 959 mv $PXY_OUT o-pxy-${TESTS}.log 960 fi 961 fi 962 963 rm -f $SRV_OUT $CLI_OUT $PXY_OUT 964} 965 966cleanup() { 967 rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION 968 test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1 969 test -n "${PXY_PID:-}" && kill $PXY_PID >/dev/null 2>&1 970 test -n "${CLI_PID:-}" && kill $CLI_PID >/dev/null 2>&1 971 test -n "${DOG_PID:-}" && kill $DOG_PID >/dev/null 2>&1 972 exit 1 973} 974 975# 976# MAIN 977# 978 979get_options "$@" 980 981# Optimize filters: if $FILTER and $EXCLUDE can be expressed as shell 982# patterns rather than regular expressions, use a case statement instead 983# of calling grep. To keep the optimizer simple, it is incomplete and only 984# detects simple cases: plain substring, everything, nothing. 985# 986# As an exception, the character '.' is treated as an ordinary character 987# if it is the only special character in the string. This is because it's 988# rare to need "any one character", but needing a literal '.' is common 989# (e.g. '-f "DTLS 1.2"'). 990need_grep= 991case "$FILTER" in 992 '^$') simple_filter=;; 993 '.*') simple_filter='*';; 994 *[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep 995 need_grep=1;; 996 *) # No regexp or shell-pattern special character 997 simple_filter="*$FILTER*";; 998esac 999case "$EXCLUDE" in 1000 '^$') simple_exclude=;; 1001 '.*') simple_exclude='*';; 1002 *[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep 1003 need_grep=1;; 1004 *) # No regexp or shell-pattern special character 1005 simple_exclude="*$EXCLUDE*";; 1006esac 1007if [ -n "$need_grep" ]; then 1008 is_excluded () { 1009 ! echo "$1" | grep "$FILTER" | grep -q -v "$EXCLUDE" 1010 } 1011else 1012 is_excluded () { 1013 case "$1" in 1014 $simple_exclude) true;; 1015 $simple_filter) false;; 1016 *) true;; 1017 esac 1018 } 1019fi 1020 1021# sanity checks, avoid an avalanche of errors 1022P_SRV_BIN="${P_SRV%%[ ]*}" 1023P_CLI_BIN="${P_CLI%%[ ]*}" 1024P_PXY_BIN="${P_PXY%%[ ]*}" 1025if [ ! -x "$P_SRV_BIN" ]; then 1026 echo "Command '$P_SRV_BIN' is not an executable file" 1027 exit 1 1028fi 1029if [ ! -x "$P_CLI_BIN" ]; then 1030 echo "Command '$P_CLI_BIN' is not an executable file" 1031 exit 1 1032fi 1033if [ ! -x "$P_PXY_BIN" ]; then 1034 echo "Command '$P_PXY_BIN' is not an executable file" 1035 exit 1 1036fi 1037if [ "$MEMCHECK" -gt 0 ]; then 1038 if which valgrind >/dev/null 2>&1; then :; else 1039 echo "Memcheck not possible. Valgrind not found" 1040 exit 1 1041 fi 1042fi 1043if which $OPENSSL_CMD >/dev/null 2>&1; then :; else 1044 echo "Command '$OPENSSL_CMD' not found" 1045 exit 1 1046fi 1047 1048# used by watchdog 1049MAIN_PID="$$" 1050 1051# We use somewhat arbitrary delays for tests: 1052# - how long do we wait for the server to start (when lsof not available)? 1053# - how long do we allow for the client to finish? 1054# (not to check performance, just to avoid waiting indefinitely) 1055# Things are slower with valgrind, so give extra time here. 1056# 1057# Note: without lsof, there is a trade-off between the running time of this 1058# script and the risk of spurious errors because we didn't wait long enough. 1059# The watchdog delay on the other hand doesn't affect normal running time of 1060# the script, only the case where a client or server gets stuck. 1061if [ "$MEMCHECK" -gt 0 ]; then 1062 START_DELAY=6 1063 DOG_DELAY=60 1064else 1065 START_DELAY=2 1066 DOG_DELAY=20 1067fi 1068 1069# some particular tests need more time: 1070# - for the client, we multiply the usual watchdog limit by a factor 1071# - for the server, we sleep for a number of seconds after the client exits 1072# see client_need_more_time() and server_needs_more_time() 1073CLI_DELAY_FACTOR=1 1074SRV_DELAY_SECONDS=0 1075 1076# fix commands to use this port, force IPv4 while at it 1077# +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later 1078# Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many 1079# machines that will resolve to ::1, and we don't want ipv6 here. 1080P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" 1081P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" 1082P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" 1083O_SRV="$O_SRV -accept $SRV_PORT" 1084O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT" 1085G_SRV="$G_SRV -p $SRV_PORT" 1086G_CLI="$G_CLI -p +SRV_PORT" 1087 1088if [ -n "${OPENSSL_LEGACY:-}" ]; then 1089 O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem" 1090 O_LEGACY_CLI="$O_LEGACY_CLI -connect 127.0.0.1:+SRV_PORT" 1091fi 1092 1093if [ -n "${OPENSSL_NEXT:-}" ]; then 1094 O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT" 1095 O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT" 1096fi 1097 1098if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then 1099 G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT" 1100fi 1101 1102if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then 1103 G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT" 1104fi 1105 1106# Allow SHA-1, because many of our test certificates use it 1107P_SRV="$P_SRV allow_sha1=1" 1108P_CLI="$P_CLI allow_sha1=1" 1109 1110# Also pick a unique name for intermediate files 1111SRV_OUT="srv_out.$$" 1112CLI_OUT="cli_out.$$" 1113PXY_OUT="pxy_out.$$" 1114SESSION="session.$$" 1115 1116SKIP_NEXT="NO" 1117 1118trap cleanup INT TERM HUP 1119 1120# Basic test 1121 1122# Checks that: 1123# - things work with all ciphersuites active (used with config-full in all.sh) 1124# - the expected (highest security) parameters are selected 1125# ("signature_algorithm ext: 6" means SHA-512 (highest common hash)) 1126run_test "Default" \ 1127 "$P_SRV debug_level=3" \ 1128 "$P_CLI" \ 1129 0 \ 1130 -s "Protocol is TLSv1.2" \ 1131 -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \ 1132 -s "client hello v3, signature_algorithm ext: 6" \ 1133 -s "ECDHE curve: secp521r1" \ 1134 -S "error" \ 1135 -C "error" 1136 1137run_test "Default, DTLS" \ 1138 "$P_SRV dtls=1" \ 1139 "$P_CLI dtls=1" \ 1140 0 \ 1141 -s "Protocol is DTLSv1.2" \ 1142 -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" 1143 1144requires_config_enabled MBEDTLS_ZLIB_SUPPORT 1145run_test "Default (compression enabled)" \ 1146 "$P_SRV debug_level=3" \ 1147 "$P_CLI debug_level=3" \ 1148 0 \ 1149 -s "Allocating compression buffer" \ 1150 -c "Allocating compression buffer" \ 1151 -s "Record expansion is unknown (compression)" \ 1152 -c "Record expansion is unknown (compression)" \ 1153 -S "error" \ 1154 -C "error" 1155 1156# Test current time in ServerHello 1157requires_config_enabled MBEDTLS_HAVE_TIME 1158run_test "ServerHello contains gmt_unix_time" \ 1159 "$P_SRV debug_level=3" \ 1160 "$P_CLI debug_level=3" \ 1161 0 \ 1162 -f "check_server_hello_time" \ 1163 -F "check_server_hello_time" 1164 1165# Test for uniqueness of IVs in AEAD ciphersuites 1166run_test "Unique IV in GCM" \ 1167 "$P_SRV exchanges=20 debug_level=4" \ 1168 "$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ 1169 0 \ 1170 -u "IV used" \ 1171 -U "IV used" 1172 1173# Tests for rc4 option 1174 1175requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES 1176run_test "RC4: server disabled, client enabled" \ 1177 "$P_SRV" \ 1178 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1179 1 \ 1180 -s "SSL - The server has no ciphersuites in common" 1181 1182requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES 1183run_test "RC4: server half, client enabled" \ 1184 "$P_SRV arc4=1" \ 1185 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1186 1 \ 1187 -s "SSL - The server has no ciphersuites in common" 1188 1189run_test "RC4: server enabled, client disabled" \ 1190 "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1191 "$P_CLI" \ 1192 1 \ 1193 -s "SSL - The server has no ciphersuites in common" 1194 1195run_test "RC4: both enabled" \ 1196 "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1197 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1198 0 \ 1199 -S "SSL - None of the common ciphersuites is usable" \ 1200 -S "SSL - The server has no ciphersuites in common" 1201 1202# Test empty CA list in CertificateRequest in TLS 1.1 and earlier 1203 1204requires_gnutls 1205requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 1206run_test "CertificateRequest with empty CA list, TLS 1.1 (GnuTLS server)" \ 1207 "$G_SRV"\ 1208 "$P_CLI force_version=tls1_1" \ 1209 0 1210 1211requires_gnutls 1212requires_config_enabled MBEDTLS_SSL_PROTO_TLS1 1213run_test "CertificateRequest with empty CA list, TLS 1.0 (GnuTLS server)" \ 1214 "$G_SRV"\ 1215 "$P_CLI force_version=tls1" \ 1216 0 1217 1218# Tests for SHA-1 support 1219 1220requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES 1221run_test "SHA-1 forbidden by default in server certificate" \ 1222 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ 1223 "$P_CLI debug_level=2 allow_sha1=0" \ 1224 1 \ 1225 -c "The certificate is signed with an unacceptable hash" 1226 1227requires_config_enabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES 1228run_test "SHA-1 forbidden by default in server certificate" \ 1229 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ 1230 "$P_CLI debug_level=2 allow_sha1=0" \ 1231 0 1232 1233run_test "SHA-1 explicitly allowed in server certificate" \ 1234 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ 1235 "$P_CLI allow_sha1=1" \ 1236 0 1237 1238run_test "SHA-256 allowed by default in server certificate" \ 1239 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2-sha256.crt" \ 1240 "$P_CLI allow_sha1=0" \ 1241 0 1242 1243requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES 1244run_test "SHA-1 forbidden by default in client certificate" \ 1245 "$P_SRV auth_mode=required allow_sha1=0" \ 1246 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ 1247 1 \ 1248 -s "The certificate is signed with an unacceptable hash" 1249 1250requires_config_enabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES 1251run_test "SHA-1 forbidden by default in client certificate" \ 1252 "$P_SRV auth_mode=required allow_sha1=0" \ 1253 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ 1254 0 1255 1256run_test "SHA-1 explicitly allowed in client certificate" \ 1257 "$P_SRV auth_mode=required allow_sha1=1" \ 1258 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ 1259 0 1260 1261run_test "SHA-256 allowed by default in client certificate" \ 1262 "$P_SRV auth_mode=required allow_sha1=0" \ 1263 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \ 1264 0 1265 1266# Tests for datagram packing 1267run_test "DTLS: multiple records in same datagram, client and server" \ 1268 "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ 1269 "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ 1270 0 \ 1271 -c "next record in same datagram" \ 1272 -s "next record in same datagram" 1273 1274run_test "DTLS: multiple records in same datagram, client only" \ 1275 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 1276 "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ 1277 0 \ 1278 -s "next record in same datagram" \ 1279 -C "next record in same datagram" 1280 1281run_test "DTLS: multiple records in same datagram, server only" \ 1282 "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ 1283 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 1284 0 \ 1285 -S "next record in same datagram" \ 1286 -c "next record in same datagram" 1287 1288run_test "DTLS: multiple records in same datagram, neither client nor server" \ 1289 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 1290 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 1291 0 \ 1292 -S "next record in same datagram" \ 1293 -C "next record in same datagram" 1294 1295# Tests for Truncated HMAC extension 1296 1297run_test "Truncated HMAC: client default, server default" \ 1298 "$P_SRV debug_level=4" \ 1299 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1300 0 \ 1301 -s "dumping 'expected mac' (20 bytes)" \ 1302 -S "dumping 'expected mac' (10 bytes)" 1303 1304requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1305run_test "Truncated HMAC: client disabled, server default" \ 1306 "$P_SRV debug_level=4" \ 1307 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ 1308 0 \ 1309 -s "dumping 'expected mac' (20 bytes)" \ 1310 -S "dumping 'expected mac' (10 bytes)" 1311 1312requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1313run_test "Truncated HMAC: client enabled, server default" \ 1314 "$P_SRV debug_level=4" \ 1315 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 1316 0 \ 1317 -s "dumping 'expected mac' (20 bytes)" \ 1318 -S "dumping 'expected mac' (10 bytes)" 1319 1320requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1321run_test "Truncated HMAC: client enabled, server disabled" \ 1322 "$P_SRV debug_level=4 trunc_hmac=0" \ 1323 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 1324 0 \ 1325 -s "dumping 'expected mac' (20 bytes)" \ 1326 -S "dumping 'expected mac' (10 bytes)" 1327 1328requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1329run_test "Truncated HMAC: client disabled, server enabled" \ 1330 "$P_SRV debug_level=4 trunc_hmac=1" \ 1331 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ 1332 0 \ 1333 -s "dumping 'expected mac' (20 bytes)" \ 1334 -S "dumping 'expected mac' (10 bytes)" 1335 1336requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1337run_test "Truncated HMAC: client enabled, server enabled" \ 1338 "$P_SRV debug_level=4 trunc_hmac=1" \ 1339 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 1340 0 \ 1341 -S "dumping 'expected mac' (20 bytes)" \ 1342 -s "dumping 'expected mac' (10 bytes)" 1343 1344run_test "Truncated HMAC, DTLS: client default, server default" \ 1345 "$P_SRV dtls=1 debug_level=4" \ 1346 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1347 0 \ 1348 -s "dumping 'expected mac' (20 bytes)" \ 1349 -S "dumping 'expected mac' (10 bytes)" 1350 1351requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1352run_test "Truncated HMAC, DTLS: client disabled, server default" \ 1353 "$P_SRV dtls=1 debug_level=4" \ 1354 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ 1355 0 \ 1356 -s "dumping 'expected mac' (20 bytes)" \ 1357 -S "dumping 'expected mac' (10 bytes)" 1358 1359requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1360run_test "Truncated HMAC, DTLS: client enabled, server default" \ 1361 "$P_SRV dtls=1 debug_level=4" \ 1362 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 1363 0 \ 1364 -s "dumping 'expected mac' (20 bytes)" \ 1365 -S "dumping 'expected mac' (10 bytes)" 1366 1367requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1368run_test "Truncated HMAC, DTLS: client enabled, server disabled" \ 1369 "$P_SRV dtls=1 debug_level=4 trunc_hmac=0" \ 1370 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 1371 0 \ 1372 -s "dumping 'expected mac' (20 bytes)" \ 1373 -S "dumping 'expected mac' (10 bytes)" 1374 1375requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1376run_test "Truncated HMAC, DTLS: client disabled, server enabled" \ 1377 "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \ 1378 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ 1379 0 \ 1380 -s "dumping 'expected mac' (20 bytes)" \ 1381 -S "dumping 'expected mac' (10 bytes)" 1382 1383requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1384run_test "Truncated HMAC, DTLS: client enabled, server enabled" \ 1385 "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \ 1386 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 1387 0 \ 1388 -S "dumping 'expected mac' (20 bytes)" \ 1389 -s "dumping 'expected mac' (10 bytes)" 1390 1391# Tests for Encrypt-then-MAC extension 1392 1393run_test "Encrypt then MAC: default" \ 1394 "$P_SRV debug_level=3 \ 1395 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1396 "$P_CLI debug_level=3" \ 1397 0 \ 1398 -c "client hello, adding encrypt_then_mac extension" \ 1399 -s "found encrypt then mac extension" \ 1400 -s "server hello, adding encrypt then mac extension" \ 1401 -c "found encrypt_then_mac extension" \ 1402 -c "using encrypt then mac" \ 1403 -s "using encrypt then mac" 1404 1405run_test "Encrypt then MAC: client enabled, server disabled" \ 1406 "$P_SRV debug_level=3 etm=0 \ 1407 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1408 "$P_CLI debug_level=3 etm=1" \ 1409 0 \ 1410 -c "client hello, adding encrypt_then_mac extension" \ 1411 -s "found encrypt then mac extension" \ 1412 -S "server hello, adding encrypt then mac extension" \ 1413 -C "found encrypt_then_mac extension" \ 1414 -C "using encrypt then mac" \ 1415 -S "using encrypt then mac" 1416 1417run_test "Encrypt then MAC: client enabled, aead cipher" \ 1418 "$P_SRV debug_level=3 etm=1 \ 1419 force_ciphersuite=TLS-RSA-WITH-AES-128-GCM-SHA256" \ 1420 "$P_CLI debug_level=3 etm=1" \ 1421 0 \ 1422 -c "client hello, adding encrypt_then_mac extension" \ 1423 -s "found encrypt then mac extension" \ 1424 -S "server hello, adding encrypt then mac extension" \ 1425 -C "found encrypt_then_mac extension" \ 1426 -C "using encrypt then mac" \ 1427 -S "using encrypt then mac" 1428 1429run_test "Encrypt then MAC: client enabled, stream cipher" \ 1430 "$P_SRV debug_level=3 etm=1 \ 1431 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1432 "$P_CLI debug_level=3 etm=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1433 0 \ 1434 -c "client hello, adding encrypt_then_mac extension" \ 1435 -s "found encrypt then mac extension" \ 1436 -S "server hello, adding encrypt then mac extension" \ 1437 -C "found encrypt_then_mac extension" \ 1438 -C "using encrypt then mac" \ 1439 -S "using encrypt then mac" 1440 1441run_test "Encrypt then MAC: client disabled, server enabled" \ 1442 "$P_SRV debug_level=3 etm=1 \ 1443 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1444 "$P_CLI debug_level=3 etm=0" \ 1445 0 \ 1446 -C "client hello, adding encrypt_then_mac extension" \ 1447 -S "found encrypt then mac extension" \ 1448 -S "server hello, adding encrypt then mac extension" \ 1449 -C "found encrypt_then_mac extension" \ 1450 -C "using encrypt then mac" \ 1451 -S "using encrypt then mac" 1452 1453requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 1454run_test "Encrypt then MAC: client SSLv3, server enabled" \ 1455 "$P_SRV debug_level=3 min_version=ssl3 \ 1456 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1457 "$P_CLI debug_level=3 force_version=ssl3" \ 1458 0 \ 1459 -C "client hello, adding encrypt_then_mac extension" \ 1460 -S "found encrypt then mac extension" \ 1461 -S "server hello, adding encrypt then mac extension" \ 1462 -C "found encrypt_then_mac extension" \ 1463 -C "using encrypt then mac" \ 1464 -S "using encrypt then mac" 1465 1466requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 1467run_test "Encrypt then MAC: client enabled, server SSLv3" \ 1468 "$P_SRV debug_level=3 force_version=ssl3 \ 1469 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1470 "$P_CLI debug_level=3 min_version=ssl3" \ 1471 0 \ 1472 -c "client hello, adding encrypt_then_mac extension" \ 1473 -S "found encrypt then mac extension" \ 1474 -S "server hello, adding encrypt then mac extension" \ 1475 -C "found encrypt_then_mac extension" \ 1476 -C "using encrypt then mac" \ 1477 -S "using encrypt then mac" 1478 1479# Tests for Extended Master Secret extension 1480 1481run_test "Extended Master Secret: default" \ 1482 "$P_SRV debug_level=3" \ 1483 "$P_CLI debug_level=3" \ 1484 0 \ 1485 -c "client hello, adding extended_master_secret extension" \ 1486 -s "found extended master secret extension" \ 1487 -s "server hello, adding extended master secret extension" \ 1488 -c "found extended_master_secret extension" \ 1489 -c "using extended master secret" \ 1490 -s "using extended master secret" 1491 1492run_test "Extended Master Secret: client enabled, server disabled" \ 1493 "$P_SRV debug_level=3 extended_ms=0" \ 1494 "$P_CLI debug_level=3 extended_ms=1" \ 1495 0 \ 1496 -c "client hello, adding extended_master_secret extension" \ 1497 -s "found extended master secret extension" \ 1498 -S "server hello, adding extended master secret extension" \ 1499 -C "found extended_master_secret extension" \ 1500 -C "using extended master secret" \ 1501 -S "using extended master secret" 1502 1503run_test "Extended Master Secret: client disabled, server enabled" \ 1504 "$P_SRV debug_level=3 extended_ms=1" \ 1505 "$P_CLI debug_level=3 extended_ms=0" \ 1506 0 \ 1507 -C "client hello, adding extended_master_secret extension" \ 1508 -S "found extended master secret extension" \ 1509 -S "server hello, adding extended master secret extension" \ 1510 -C "found extended_master_secret extension" \ 1511 -C "using extended master secret" \ 1512 -S "using extended master secret" 1513 1514requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 1515run_test "Extended Master Secret: client SSLv3, server enabled" \ 1516 "$P_SRV debug_level=3 min_version=ssl3" \ 1517 "$P_CLI debug_level=3 force_version=ssl3" \ 1518 0 \ 1519 -C "client hello, adding extended_master_secret extension" \ 1520 -S "found extended master secret extension" \ 1521 -S "server hello, adding extended master secret extension" \ 1522 -C "found extended_master_secret extension" \ 1523 -C "using extended master secret" \ 1524 -S "using extended master secret" 1525 1526requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 1527run_test "Extended Master Secret: client enabled, server SSLv3" \ 1528 "$P_SRV debug_level=3 force_version=ssl3" \ 1529 "$P_CLI debug_level=3 min_version=ssl3" \ 1530 0 \ 1531 -c "client hello, adding extended_master_secret extension" \ 1532 -S "found extended master secret extension" \ 1533 -S "server hello, adding extended master secret extension" \ 1534 -C "found extended_master_secret extension" \ 1535 -C "using extended master secret" \ 1536 -S "using extended master secret" 1537 1538# Tests for FALLBACK_SCSV 1539 1540run_test "Fallback SCSV: default" \ 1541 "$P_SRV debug_level=2" \ 1542 "$P_CLI debug_level=3 force_version=tls1_1" \ 1543 0 \ 1544 -C "adding FALLBACK_SCSV" \ 1545 -S "received FALLBACK_SCSV" \ 1546 -S "inapropriate fallback" \ 1547 -C "is a fatal alert message (msg 86)" 1548 1549run_test "Fallback SCSV: explicitly disabled" \ 1550 "$P_SRV debug_level=2" \ 1551 "$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \ 1552 0 \ 1553 -C "adding FALLBACK_SCSV" \ 1554 -S "received FALLBACK_SCSV" \ 1555 -S "inapropriate fallback" \ 1556 -C "is a fatal alert message (msg 86)" 1557 1558run_test "Fallback SCSV: enabled" \ 1559 "$P_SRV debug_level=2" \ 1560 "$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \ 1561 1 \ 1562 -c "adding FALLBACK_SCSV" \ 1563 -s "received FALLBACK_SCSV" \ 1564 -s "inapropriate fallback" \ 1565 -c "is a fatal alert message (msg 86)" 1566 1567run_test "Fallback SCSV: enabled, max version" \ 1568 "$P_SRV debug_level=2" \ 1569 "$P_CLI debug_level=3 fallback=1" \ 1570 0 \ 1571 -c "adding FALLBACK_SCSV" \ 1572 -s "received FALLBACK_SCSV" \ 1573 -S "inapropriate fallback" \ 1574 -C "is a fatal alert message (msg 86)" 1575 1576requires_openssl_with_fallback_scsv 1577run_test "Fallback SCSV: default, openssl server" \ 1578 "$O_SRV" \ 1579 "$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \ 1580 0 \ 1581 -C "adding FALLBACK_SCSV" \ 1582 -C "is a fatal alert message (msg 86)" 1583 1584requires_openssl_with_fallback_scsv 1585run_test "Fallback SCSV: enabled, openssl server" \ 1586 "$O_SRV" \ 1587 "$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \ 1588 1 \ 1589 -c "adding FALLBACK_SCSV" \ 1590 -c "is a fatal alert message (msg 86)" 1591 1592requires_openssl_with_fallback_scsv 1593run_test "Fallback SCSV: disabled, openssl client" \ 1594 "$P_SRV debug_level=2" \ 1595 "$O_CLI -tls1_1" \ 1596 0 \ 1597 -S "received FALLBACK_SCSV" \ 1598 -S "inapropriate fallback" 1599 1600requires_openssl_with_fallback_scsv 1601run_test "Fallback SCSV: enabled, openssl client" \ 1602 "$P_SRV debug_level=2" \ 1603 "$O_CLI -tls1_1 -fallback_scsv" \ 1604 1 \ 1605 -s "received FALLBACK_SCSV" \ 1606 -s "inapropriate fallback" 1607 1608requires_openssl_with_fallback_scsv 1609run_test "Fallback SCSV: enabled, max version, openssl client" \ 1610 "$P_SRV debug_level=2" \ 1611 "$O_CLI -fallback_scsv" \ 1612 0 \ 1613 -s "received FALLBACK_SCSV" \ 1614 -S "inapropriate fallback" 1615 1616# Test sending and receiving empty application data records 1617 1618run_test "Encrypt then MAC: empty application data record" \ 1619 "$P_SRV auth_mode=none debug_level=4 etm=1" \ 1620 "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 1621 0 \ 1622 -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \ 1623 -s "dumping 'input payload after decrypt' (0 bytes)" \ 1624 -c "0 bytes written in 1 fragments" 1625 1626run_test "Encrypt then MAC: disabled, empty application data record" \ 1627 "$P_SRV auth_mode=none debug_level=4 etm=0" \ 1628 "$P_CLI auth_mode=none etm=0 request_size=0" \ 1629 0 \ 1630 -s "dumping 'input payload after decrypt' (0 bytes)" \ 1631 -c "0 bytes written in 1 fragments" 1632 1633run_test "Encrypt then MAC, DTLS: empty application data record" \ 1634 "$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \ 1635 "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \ 1636 0 \ 1637 -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \ 1638 -s "dumping 'input payload after decrypt' (0 bytes)" \ 1639 -c "0 bytes written in 1 fragments" 1640 1641run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \ 1642 "$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \ 1643 "$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \ 1644 0 \ 1645 -s "dumping 'input payload after decrypt' (0 bytes)" \ 1646 -c "0 bytes written in 1 fragments" 1647 1648## ClientHello generated with 1649## "openssl s_client -CAfile tests/data_files/test-ca.crt -tls1_1 -connect localhost:4433 -cipher ..." 1650## then manually twiddling the ciphersuite list. 1651## The ClientHello content is spelled out below as a hex string as 1652## "prefix ciphersuite1 ciphersuite2 ciphersuite3 ciphersuite4 suffix". 1653## The expected response is an inappropriate_fallback alert. 1654requires_openssl_with_fallback_scsv 1655run_test "Fallback SCSV: beginning of list" \ 1656 "$P_SRV debug_level=2" \ 1657 "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 5600 0031 0032 0033 0100000900230000000f000101' '15030200020256'" \ 1658 0 \ 1659 -s "received FALLBACK_SCSV" \ 1660 -s "inapropriate fallback" 1661 1662requires_openssl_with_fallback_scsv 1663run_test "Fallback SCSV: end of list" \ 1664 "$P_SRV debug_level=2" \ 1665 "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0031 0032 0033 5600 0100000900230000000f000101' '15030200020256'" \ 1666 0 \ 1667 -s "received FALLBACK_SCSV" \ 1668 -s "inapropriate fallback" 1669 1670## Here the expected response is a valid ServerHello prefix, up to the random. 1671requires_openssl_with_fallback_scsv 1672run_test "Fallback SCSV: not in list" \ 1673 "$P_SRV debug_level=2" \ 1674 "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0056 0031 0032 0033 0100000900230000000f000101' '16030200300200002c0302'" \ 1675 0 \ 1676 -S "received FALLBACK_SCSV" \ 1677 -S "inapropriate fallback" 1678 1679# Tests for CBC 1/n-1 record splitting 1680 1681run_test "CBC Record splitting: TLS 1.2, no splitting" \ 1682 "$P_SRV" \ 1683 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 1684 request_size=123 force_version=tls1_2" \ 1685 0 \ 1686 -s "Read from client: 123 bytes read" \ 1687 -S "Read from client: 1 bytes read" \ 1688 -S "122 bytes read" 1689 1690run_test "CBC Record splitting: TLS 1.1, no splitting" \ 1691 "$P_SRV" \ 1692 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 1693 request_size=123 force_version=tls1_1" \ 1694 0 \ 1695 -s "Read from client: 123 bytes read" \ 1696 -S "Read from client: 1 bytes read" \ 1697 -S "122 bytes read" 1698 1699run_test "CBC Record splitting: TLS 1.0, splitting" \ 1700 "$P_SRV" \ 1701 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 1702 request_size=123 force_version=tls1" \ 1703 0 \ 1704 -S "Read from client: 123 bytes read" \ 1705 -s "Read from client: 1 bytes read" \ 1706 -s "122 bytes read" 1707 1708requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 1709run_test "CBC Record splitting: SSLv3, splitting" \ 1710 "$P_SRV min_version=ssl3" \ 1711 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 1712 request_size=123 force_version=ssl3" \ 1713 0 \ 1714 -S "Read from client: 123 bytes read" \ 1715 -s "Read from client: 1 bytes read" \ 1716 -s "122 bytes read" 1717 1718run_test "CBC Record splitting: TLS 1.0 RC4, no splitting" \ 1719 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1720 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ 1721 request_size=123 force_version=tls1" \ 1722 0 \ 1723 -s "Read from client: 123 bytes read" \ 1724 -S "Read from client: 1 bytes read" \ 1725 -S "122 bytes read" 1726 1727run_test "CBC Record splitting: TLS 1.0, splitting disabled" \ 1728 "$P_SRV" \ 1729 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 1730 request_size=123 force_version=tls1 recsplit=0" \ 1731 0 \ 1732 -s "Read from client: 123 bytes read" \ 1733 -S "Read from client: 1 bytes read" \ 1734 -S "122 bytes read" 1735 1736run_test "CBC Record splitting: TLS 1.0, splitting, nbio" \ 1737 "$P_SRV nbio=2" \ 1738 "$P_CLI nbio=2 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 1739 request_size=123 force_version=tls1" \ 1740 0 \ 1741 -S "Read from client: 123 bytes read" \ 1742 -s "Read from client: 1 bytes read" \ 1743 -s "122 bytes read" 1744 1745# Tests for Session Tickets 1746 1747run_test "Session resume using tickets: basic" \ 1748 "$P_SRV debug_level=3 tickets=1" \ 1749 "$P_CLI debug_level=3 tickets=1 reconnect=1" \ 1750 0 \ 1751 -c "client hello, adding session ticket extension" \ 1752 -s "found session ticket extension" \ 1753 -s "server hello, adding session ticket extension" \ 1754 -c "found session_ticket extension" \ 1755 -c "parse new session ticket" \ 1756 -S "session successfully restored from cache" \ 1757 -s "session successfully restored from ticket" \ 1758 -s "a session has been resumed" \ 1759 -c "a session has been resumed" 1760 1761run_test "Session resume using tickets: cache disabled" \ 1762 "$P_SRV debug_level=3 tickets=1 cache_max=0" \ 1763 "$P_CLI debug_level=3 tickets=1 reconnect=1" \ 1764 0 \ 1765 -c "client hello, adding session ticket extension" \ 1766 -s "found session ticket extension" \ 1767 -s "server hello, adding session ticket extension" \ 1768 -c "found session_ticket extension" \ 1769 -c "parse new session ticket" \ 1770 -S "session successfully restored from cache" \ 1771 -s "session successfully restored from ticket" \ 1772 -s "a session has been resumed" \ 1773 -c "a session has been resumed" 1774 1775run_test "Session resume using tickets: timeout" \ 1776 "$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \ 1777 "$P_CLI debug_level=3 tickets=1 reconnect=1 reco_delay=2" \ 1778 0 \ 1779 -c "client hello, adding session ticket extension" \ 1780 -s "found session ticket extension" \ 1781 -s "server hello, adding session ticket extension" \ 1782 -c "found session_ticket extension" \ 1783 -c "parse new session ticket" \ 1784 -S "session successfully restored from cache" \ 1785 -S "session successfully restored from ticket" \ 1786 -S "a session has been resumed" \ 1787 -C "a session has been resumed" 1788 1789run_test "Session resume using tickets: openssl server" \ 1790 "$O_SRV" \ 1791 "$P_CLI debug_level=3 tickets=1 reconnect=1" \ 1792 0 \ 1793 -c "client hello, adding session ticket extension" \ 1794 -c "found session_ticket extension" \ 1795 -c "parse new session ticket" \ 1796 -c "a session has been resumed" 1797 1798run_test "Session resume using tickets: openssl client" \ 1799 "$P_SRV debug_level=3 tickets=1" \ 1800 "( $O_CLI -sess_out $SESSION; \ 1801 $O_CLI -sess_in $SESSION; \ 1802 rm -f $SESSION )" \ 1803 0 \ 1804 -s "found session ticket extension" \ 1805 -s "server hello, adding session ticket extension" \ 1806 -S "session successfully restored from cache" \ 1807 -s "session successfully restored from ticket" \ 1808 -s "a session has been resumed" 1809 1810# Tests for Session Tickets with DTLS 1811 1812run_test "Session resume using tickets, DTLS: basic" \ 1813 "$P_SRV debug_level=3 dtls=1 tickets=1" \ 1814 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \ 1815 0 \ 1816 -c "client hello, adding session ticket extension" \ 1817 -s "found session ticket extension" \ 1818 -s "server hello, adding session ticket extension" \ 1819 -c "found session_ticket extension" \ 1820 -c "parse new session ticket" \ 1821 -S "session successfully restored from cache" \ 1822 -s "session successfully restored from ticket" \ 1823 -s "a session has been resumed" \ 1824 -c "a session has been resumed" 1825 1826run_test "Session resume using tickets, DTLS: cache disabled" \ 1827 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ 1828 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \ 1829 0 \ 1830 -c "client hello, adding session ticket extension" \ 1831 -s "found session ticket extension" \ 1832 -s "server hello, adding session ticket extension" \ 1833 -c "found session_ticket extension" \ 1834 -c "parse new session ticket" \ 1835 -S "session successfully restored from cache" \ 1836 -s "session successfully restored from ticket" \ 1837 -s "a session has been resumed" \ 1838 -c "a session has been resumed" 1839 1840run_test "Session resume using tickets, DTLS: timeout" \ 1841 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \ 1842 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_delay=2" \ 1843 0 \ 1844 -c "client hello, adding session ticket extension" \ 1845 -s "found session ticket extension" \ 1846 -s "server hello, adding session ticket extension" \ 1847 -c "found session_ticket extension" \ 1848 -c "parse new session ticket" \ 1849 -S "session successfully restored from cache" \ 1850 -S "session successfully restored from ticket" \ 1851 -S "a session has been resumed" \ 1852 -C "a session has been resumed" 1853 1854run_test "Session resume using tickets, DTLS: openssl server" \ 1855 "$O_SRV -dtls1" \ 1856 "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \ 1857 0 \ 1858 -c "client hello, adding session ticket extension" \ 1859 -c "found session_ticket extension" \ 1860 -c "parse new session ticket" \ 1861 -c "a session has been resumed" 1862 1863# For reasons that aren't fully understood, this test randomly fails with high 1864# probability with OpenSSL 1.0.2g on the CI, see #5012. 1865requires_openssl_next 1866run_test "Session resume using tickets, DTLS: openssl client" \ 1867 "$P_SRV dtls=1 debug_level=3 tickets=1" \ 1868 "( $O_NEXT_CLI -dtls1 -sess_out $SESSION; \ 1869 $O_NEXT_CLI -dtls1 -sess_in $SESSION; \ 1870 rm -f $SESSION )" \ 1871 0 \ 1872 -s "found session ticket extension" \ 1873 -s "server hello, adding session ticket extension" \ 1874 -S "session successfully restored from cache" \ 1875 -s "session successfully restored from ticket" \ 1876 -s "a session has been resumed" 1877 1878# Tests for Session Resume based on session-ID and cache 1879 1880run_test "Session resume using cache: tickets enabled on client" \ 1881 "$P_SRV debug_level=3 tickets=0" \ 1882 "$P_CLI debug_level=3 tickets=1 reconnect=1" \ 1883 0 \ 1884 -c "client hello, adding session ticket extension" \ 1885 -s "found session ticket extension" \ 1886 -S "server hello, adding session ticket extension" \ 1887 -C "found session_ticket extension" \ 1888 -C "parse new session ticket" \ 1889 -s "session successfully restored from cache" \ 1890 -S "session successfully restored from ticket" \ 1891 -s "a session has been resumed" \ 1892 -c "a session has been resumed" 1893 1894run_test "Session resume using cache: tickets enabled on server" \ 1895 "$P_SRV debug_level=3 tickets=1" \ 1896 "$P_CLI debug_level=3 tickets=0 reconnect=1" \ 1897 0 \ 1898 -C "client hello, adding session ticket extension" \ 1899 -S "found session ticket extension" \ 1900 -S "server hello, adding session ticket extension" \ 1901 -C "found session_ticket extension" \ 1902 -C "parse new session ticket" \ 1903 -s "session successfully restored from cache" \ 1904 -S "session successfully restored from ticket" \ 1905 -s "a session has been resumed" \ 1906 -c "a session has been resumed" 1907 1908run_test "Session resume using cache: cache_max=0" \ 1909 "$P_SRV debug_level=3 tickets=0 cache_max=0" \ 1910 "$P_CLI debug_level=3 tickets=0 reconnect=1" \ 1911 0 \ 1912 -S "session successfully restored from cache" \ 1913 -S "session successfully restored from ticket" \ 1914 -S "a session has been resumed" \ 1915 -C "a session has been resumed" 1916 1917run_test "Session resume using cache: cache_max=1" \ 1918 "$P_SRV debug_level=3 tickets=0 cache_max=1" \ 1919 "$P_CLI debug_level=3 tickets=0 reconnect=1" \ 1920 0 \ 1921 -s "session successfully restored from cache" \ 1922 -S "session successfully restored from ticket" \ 1923 -s "a session has been resumed" \ 1924 -c "a session has been resumed" 1925 1926run_test "Session resume using cache: timeout > delay" \ 1927 "$P_SRV debug_level=3 tickets=0" \ 1928 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=0" \ 1929 0 \ 1930 -s "session successfully restored from cache" \ 1931 -S "session successfully restored from ticket" \ 1932 -s "a session has been resumed" \ 1933 -c "a session has been resumed" 1934 1935run_test "Session resume using cache: timeout < delay" \ 1936 "$P_SRV debug_level=3 tickets=0 cache_timeout=1" \ 1937 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ 1938 0 \ 1939 -S "session successfully restored from cache" \ 1940 -S "session successfully restored from ticket" \ 1941 -S "a session has been resumed" \ 1942 -C "a session has been resumed" 1943 1944run_test "Session resume using cache: no timeout" \ 1945 "$P_SRV debug_level=3 tickets=0 cache_timeout=0" \ 1946 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ 1947 0 \ 1948 -s "session successfully restored from cache" \ 1949 -S "session successfully restored from ticket" \ 1950 -s "a session has been resumed" \ 1951 -c "a session has been resumed" 1952 1953run_test "Session resume using cache: openssl client" \ 1954 "$P_SRV debug_level=3 tickets=0" \ 1955 "( $O_CLI -sess_out $SESSION; \ 1956 $O_CLI -sess_in $SESSION; \ 1957 rm -f $SESSION )" \ 1958 0 \ 1959 -s "found session ticket extension" \ 1960 -S "server hello, adding session ticket extension" \ 1961 -s "session successfully restored from cache" \ 1962 -S "session successfully restored from ticket" \ 1963 -s "a session has been resumed" 1964 1965run_test "Session resume using cache: openssl server" \ 1966 "$O_SRV" \ 1967 "$P_CLI debug_level=3 tickets=0 reconnect=1" \ 1968 0 \ 1969 -C "found session_ticket extension" \ 1970 -C "parse new session ticket" \ 1971 -c "a session has been resumed" 1972 1973# Tests for Session Resume based on session-ID and cache, DTLS 1974 1975run_test "Session resume using cache, DTLS: tickets enabled on client" \ 1976 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 1977 "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1 skip_close_notify=1" \ 1978 0 \ 1979 -c "client hello, adding session ticket extension" \ 1980 -s "found session ticket extension" \ 1981 -S "server hello, adding session ticket extension" \ 1982 -C "found session_ticket extension" \ 1983 -C "parse new session ticket" \ 1984 -s "session successfully restored from cache" \ 1985 -S "session successfully restored from ticket" \ 1986 -s "a session has been resumed" \ 1987 -c "a session has been resumed" 1988 1989run_test "Session resume using cache, DTLS: tickets enabled on server" \ 1990 "$P_SRV dtls=1 debug_level=3 tickets=1" \ 1991 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ 1992 0 \ 1993 -C "client hello, adding session ticket extension" \ 1994 -S "found session ticket extension" \ 1995 -S "server hello, adding session ticket extension" \ 1996 -C "found session_ticket extension" \ 1997 -C "parse new session ticket" \ 1998 -s "session successfully restored from cache" \ 1999 -S "session successfully restored from ticket" \ 2000 -s "a session has been resumed" \ 2001 -c "a session has been resumed" 2002 2003run_test "Session resume using cache, DTLS: cache_max=0" \ 2004 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \ 2005 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ 2006 0 \ 2007 -S "session successfully restored from cache" \ 2008 -S "session successfully restored from ticket" \ 2009 -S "a session has been resumed" \ 2010 -C "a session has been resumed" 2011 2012run_test "Session resume using cache, DTLS: cache_max=1" \ 2013 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \ 2014 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ 2015 0 \ 2016 -s "session successfully restored from cache" \ 2017 -S "session successfully restored from ticket" \ 2018 -s "a session has been resumed" \ 2019 -c "a session has been resumed" 2020 2021run_test "Session resume using cache, DTLS: timeout > delay" \ 2022 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 2023 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=0" \ 2024 0 \ 2025 -s "session successfully restored from cache" \ 2026 -S "session successfully restored from ticket" \ 2027 -s "a session has been resumed" \ 2028 -c "a session has been resumed" 2029 2030run_test "Session resume using cache, DTLS: timeout < delay" \ 2031 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \ 2032 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \ 2033 0 \ 2034 -S "session successfully restored from cache" \ 2035 -S "session successfully restored from ticket" \ 2036 -S "a session has been resumed" \ 2037 -C "a session has been resumed" 2038 2039run_test "Session resume using cache, DTLS: no timeout" \ 2040 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \ 2041 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \ 2042 0 \ 2043 -s "session successfully restored from cache" \ 2044 -S "session successfully restored from ticket" \ 2045 -s "a session has been resumed" \ 2046 -c "a session has been resumed" 2047 2048# For reasons that aren't fully understood, this test randomly fails with high 2049# probability with OpenSSL 1.0.2g on the CI, see #5012. 2050requires_openssl_next 2051run_test "Session resume using cache, DTLS: openssl client" \ 2052 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 2053 "( $O_NEXT_CLI -dtls1 -sess_out $SESSION; \ 2054 $O_NEXT_CLI -dtls1 -sess_in $SESSION; \ 2055 rm -f $SESSION )" \ 2056 0 \ 2057 -s "found session ticket extension" \ 2058 -S "server hello, adding session ticket extension" \ 2059 -s "session successfully restored from cache" \ 2060 -S "session successfully restored from ticket" \ 2061 -s "a session has been resumed" 2062 2063run_test "Session resume using cache, DTLS: openssl server" \ 2064 "$O_SRV -dtls1" \ 2065 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ 2066 0 \ 2067 -C "found session_ticket extension" \ 2068 -C "parse new session ticket" \ 2069 -c "a session has been resumed" 2070 2071# Tests for Max Fragment Length extension 2072 2073requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2074run_test "Max fragment length: enabled, default" \ 2075 "$P_SRV debug_level=3" \ 2076 "$P_CLI debug_level=3" \ 2077 0 \ 2078 -c "Maximum fragment length is $MAX_CONTENT_LEN" \ 2079 -s "Maximum fragment length is $MAX_CONTENT_LEN" \ 2080 -C "client hello, adding max_fragment_length extension" \ 2081 -S "found max fragment length extension" \ 2082 -S "server hello, max_fragment_length extension" \ 2083 -C "found max_fragment_length extension" 2084 2085requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2086run_test "Max fragment length: enabled, default, larger message" \ 2087 "$P_SRV debug_level=3" \ 2088 "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 2089 0 \ 2090 -c "Maximum fragment length is $MAX_CONTENT_LEN" \ 2091 -s "Maximum fragment length is $MAX_CONTENT_LEN" \ 2092 -C "client hello, adding max_fragment_length extension" \ 2093 -S "found max fragment length extension" \ 2094 -S "server hello, max_fragment_length extension" \ 2095 -C "found max_fragment_length extension" \ 2096 -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \ 2097 -s "$MAX_CONTENT_LEN bytes read" \ 2098 -s "1 bytes read" 2099 2100requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2101run_test "Max fragment length, DTLS: enabled, default, larger message" \ 2102 "$P_SRV debug_level=3 dtls=1" \ 2103 "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 2104 1 \ 2105 -c "Maximum fragment length is $MAX_CONTENT_LEN" \ 2106 -s "Maximum fragment length is $MAX_CONTENT_LEN" \ 2107 -C "client hello, adding max_fragment_length extension" \ 2108 -S "found max fragment length extension" \ 2109 -S "server hello, max_fragment_length extension" \ 2110 -C "found max_fragment_length extension" \ 2111 -c "fragment larger than.*maximum " 2112 2113# Run some tests with MBEDTLS_SSL_MAX_FRAGMENT_LENGTH disabled 2114# (session fragment length will be 16384 regardless of mbedtls 2115# content length configuration.) 2116 2117requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2118run_test "Max fragment length: disabled, larger message" \ 2119 "$P_SRV debug_level=3" \ 2120 "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 2121 0 \ 2122 -C "Maximum fragment length is 16384" \ 2123 -S "Maximum fragment length is 16384" \ 2124 -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \ 2125 -s "$MAX_CONTENT_LEN bytes read" \ 2126 -s "1 bytes read" 2127 2128requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2129run_test "Max fragment length, DTLS: disabled, larger message" \ 2130 "$P_SRV debug_level=3 dtls=1" \ 2131 "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 2132 1 \ 2133 -C "Maximum fragment length is 16384" \ 2134 -S "Maximum fragment length is 16384" \ 2135 -c "fragment larger than.*maximum " 2136 2137requires_max_content_len 4096 2138requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2139run_test "Max fragment length: used by client" \ 2140 "$P_SRV debug_level=3" \ 2141 "$P_CLI debug_level=3 max_frag_len=4096" \ 2142 0 \ 2143 -c "Maximum fragment length is 4096" \ 2144 -s "Maximum fragment length is 4096" \ 2145 -c "client hello, adding max_fragment_length extension" \ 2146 -s "found max fragment length extension" \ 2147 -s "server hello, max_fragment_length extension" \ 2148 -c "found max_fragment_length extension" 2149 2150requires_max_content_len 4096 2151requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2152run_test "Max fragment length: used by server" \ 2153 "$P_SRV debug_level=3 max_frag_len=4096" \ 2154 "$P_CLI debug_level=3" \ 2155 0 \ 2156 -c "Maximum fragment length is $MAX_CONTENT_LEN" \ 2157 -s "Maximum fragment length is 4096" \ 2158 -C "client hello, adding max_fragment_length extension" \ 2159 -S "found max fragment length extension" \ 2160 -S "server hello, max_fragment_length extension" \ 2161 -C "found max_fragment_length extension" 2162 2163requires_max_content_len 4096 2164requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2165requires_gnutls 2166run_test "Max fragment length: gnutls server" \ 2167 "$G_SRV" \ 2168 "$P_CLI debug_level=3 max_frag_len=4096" \ 2169 0 \ 2170 -c "Maximum fragment length is 4096" \ 2171 -c "client hello, adding max_fragment_length extension" \ 2172 -c "found max_fragment_length extension" 2173 2174requires_max_content_len 2048 2175requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2176run_test "Max fragment length: client, message just fits" \ 2177 "$P_SRV debug_level=3" \ 2178 "$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \ 2179 0 \ 2180 -c "Maximum fragment length is 2048" \ 2181 -s "Maximum fragment length is 2048" \ 2182 -c "client hello, adding max_fragment_length extension" \ 2183 -s "found max fragment length extension" \ 2184 -s "server hello, max_fragment_length extension" \ 2185 -c "found max_fragment_length extension" \ 2186 -c "2048 bytes written in 1 fragments" \ 2187 -s "2048 bytes read" 2188 2189requires_max_content_len 2048 2190requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2191run_test "Max fragment length: client, larger message" \ 2192 "$P_SRV debug_level=3" \ 2193 "$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \ 2194 0 \ 2195 -c "Maximum fragment length is 2048" \ 2196 -s "Maximum fragment length is 2048" \ 2197 -c "client hello, adding max_fragment_length extension" \ 2198 -s "found max fragment length extension" \ 2199 -s "server hello, max_fragment_length extension" \ 2200 -c "found max_fragment_length extension" \ 2201 -c "2345 bytes written in 2 fragments" \ 2202 -s "2048 bytes read" \ 2203 -s "297 bytes read" 2204 2205requires_max_content_len 2048 2206requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2207run_test "Max fragment length: DTLS client, larger message" \ 2208 "$P_SRV debug_level=3 dtls=1" \ 2209 "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \ 2210 1 \ 2211 -c "Maximum fragment length is 2048" \ 2212 -s "Maximum fragment length is 2048" \ 2213 -c "client hello, adding max_fragment_length extension" \ 2214 -s "found max fragment length extension" \ 2215 -s "server hello, max_fragment_length extension" \ 2216 -c "found max_fragment_length extension" \ 2217 -c "fragment larger than.*maximum" 2218 2219# Tests for renegotiation 2220 2221# Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION 2222run_test "Renegotiation: none, for reference" \ 2223 "$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \ 2224 "$P_CLI debug_level=3 exchanges=2" \ 2225 0 \ 2226 -C "client hello, adding renegotiation extension" \ 2227 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2228 -S "found renegotiation extension" \ 2229 -s "server hello, secure renegotiation extension" \ 2230 -c "found renegotiation extension" \ 2231 -C "=> renegotiate" \ 2232 -S "=> renegotiate" \ 2233 -S "write hello request" 2234 2235requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2236run_test "Renegotiation: client-initiated" \ 2237 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ 2238 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 2239 0 \ 2240 -c "client hello, adding renegotiation extension" \ 2241 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2242 -s "found renegotiation extension" \ 2243 -s "server hello, secure renegotiation extension" \ 2244 -c "found renegotiation extension" \ 2245 -c "=> renegotiate" \ 2246 -s "=> renegotiate" \ 2247 -S "write hello request" 2248 2249requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2250run_test "Renegotiation: server-initiated" \ 2251 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ 2252 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 2253 0 \ 2254 -c "client hello, adding renegotiation extension" \ 2255 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2256 -s "found renegotiation extension" \ 2257 -s "server hello, secure renegotiation extension" \ 2258 -c "found renegotiation extension" \ 2259 -c "=> renegotiate" \ 2260 -s "=> renegotiate" \ 2261 -s "write hello request" 2262 2263# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that 2264# the server did not parse the Signature Algorithm extension. This test is valid only if an MD 2265# algorithm stronger than SHA-1 is enabled in config.h 2266requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2267run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \ 2268 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ 2269 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 2270 0 \ 2271 -c "client hello, adding renegotiation extension" \ 2272 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2273 -s "found renegotiation extension" \ 2274 -s "server hello, secure renegotiation extension" \ 2275 -c "found renegotiation extension" \ 2276 -c "=> renegotiate" \ 2277 -s "=> renegotiate" \ 2278 -S "write hello request" \ 2279 -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? 2280 2281# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that 2282# the server did not parse the Signature Algorithm extension. This test is valid only if an MD 2283# algorithm stronger than SHA-1 is enabled in config.h 2284requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2285run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \ 2286 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ 2287 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 2288 0 \ 2289 -c "client hello, adding renegotiation extension" \ 2290 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2291 -s "found renegotiation extension" \ 2292 -s "server hello, secure renegotiation extension" \ 2293 -c "found renegotiation extension" \ 2294 -c "=> renegotiate" \ 2295 -s "=> renegotiate" \ 2296 -s "write hello request" \ 2297 -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? 2298 2299requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2300run_test "Renegotiation: double" \ 2301 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ 2302 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 2303 0 \ 2304 -c "client hello, adding renegotiation extension" \ 2305 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2306 -s "found renegotiation extension" \ 2307 -s "server hello, secure renegotiation extension" \ 2308 -c "found renegotiation extension" \ 2309 -c "=> renegotiate" \ 2310 -s "=> renegotiate" \ 2311 -s "write hello request" 2312 2313requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2314run_test "Renegotiation: client-initiated, server-rejected" \ 2315 "$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \ 2316 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 2317 1 \ 2318 -c "client hello, adding renegotiation extension" \ 2319 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2320 -S "found renegotiation extension" \ 2321 -s "server hello, secure renegotiation extension" \ 2322 -c "found renegotiation extension" \ 2323 -c "=> renegotiate" \ 2324 -S "=> renegotiate" \ 2325 -S "write hello request" \ 2326 -c "SSL - Unexpected message at ServerHello in renegotiation" \ 2327 -c "failed" 2328 2329requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2330run_test "Renegotiation: server-initiated, client-rejected, default" \ 2331 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ 2332 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 2333 0 \ 2334 -C "client hello, adding renegotiation extension" \ 2335 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2336 -S "found renegotiation extension" \ 2337 -s "server hello, secure renegotiation extension" \ 2338 -c "found renegotiation extension" \ 2339 -C "=> renegotiate" \ 2340 -S "=> renegotiate" \ 2341 -s "write hello request" \ 2342 -S "SSL - An unexpected message was received from our peer" \ 2343 -S "failed" 2344 2345requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2346run_test "Renegotiation: server-initiated, client-rejected, not enforced" \ 2347 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 2348 renego_delay=-1 auth_mode=optional" \ 2349 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 2350 0 \ 2351 -C "client hello, adding renegotiation extension" \ 2352 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2353 -S "found renegotiation extension" \ 2354 -s "server hello, secure renegotiation extension" \ 2355 -c "found renegotiation extension" \ 2356 -C "=> renegotiate" \ 2357 -S "=> renegotiate" \ 2358 -s "write hello request" \ 2359 -S "SSL - An unexpected message was received from our peer" \ 2360 -S "failed" 2361 2362# delay 2 for 1 alert record + 1 application data record 2363requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2364run_test "Renegotiation: server-initiated, client-rejected, delay 2" \ 2365 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 2366 renego_delay=2 auth_mode=optional" \ 2367 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 2368 0 \ 2369 -C "client hello, adding renegotiation extension" \ 2370 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2371 -S "found renegotiation extension" \ 2372 -s "server hello, secure renegotiation extension" \ 2373 -c "found renegotiation extension" \ 2374 -C "=> renegotiate" \ 2375 -S "=> renegotiate" \ 2376 -s "write hello request" \ 2377 -S "SSL - An unexpected message was received from our peer" \ 2378 -S "failed" 2379 2380requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2381run_test "Renegotiation: server-initiated, client-rejected, delay 0" \ 2382 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 2383 renego_delay=0 auth_mode=optional" \ 2384 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 2385 0 \ 2386 -C "client hello, adding renegotiation extension" \ 2387 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2388 -S "found renegotiation extension" \ 2389 -s "server hello, secure renegotiation extension" \ 2390 -c "found renegotiation extension" \ 2391 -C "=> renegotiate" \ 2392 -S "=> renegotiate" \ 2393 -s "write hello request" \ 2394 -s "SSL - An unexpected message was received from our peer" 2395 2396requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2397run_test "Renegotiation: server-initiated, client-accepted, delay 0" \ 2398 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 2399 renego_delay=0 auth_mode=optional" \ 2400 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 2401 0 \ 2402 -c "client hello, adding renegotiation extension" \ 2403 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2404 -s "found renegotiation extension" \ 2405 -s "server hello, secure renegotiation extension" \ 2406 -c "found renegotiation extension" \ 2407 -c "=> renegotiate" \ 2408 -s "=> renegotiate" \ 2409 -s "write hello request" \ 2410 -S "SSL - An unexpected message was received from our peer" \ 2411 -S "failed" 2412 2413requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2414run_test "Renegotiation: periodic, just below period" \ 2415 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ 2416 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 2417 0 \ 2418 -C "client hello, adding renegotiation extension" \ 2419 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2420 -S "found renegotiation extension" \ 2421 -s "server hello, secure renegotiation extension" \ 2422 -c "found renegotiation extension" \ 2423 -S "record counter limit reached: renegotiate" \ 2424 -C "=> renegotiate" \ 2425 -S "=> renegotiate" \ 2426 -S "write hello request" \ 2427 -S "SSL - An unexpected message was received from our peer" \ 2428 -S "failed" 2429 2430# one extra exchange to be able to complete renego 2431requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2432run_test "Renegotiation: periodic, just above period" \ 2433 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ 2434 "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ 2435 0 \ 2436 -c "client hello, adding renegotiation extension" \ 2437 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2438 -s "found renegotiation extension" \ 2439 -s "server hello, secure renegotiation extension" \ 2440 -c "found renegotiation extension" \ 2441 -s "record counter limit reached: renegotiate" \ 2442 -c "=> renegotiate" \ 2443 -s "=> renegotiate" \ 2444 -s "write hello request" \ 2445 -S "SSL - An unexpected message was received from our peer" \ 2446 -S "failed" 2447 2448requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2449run_test "Renegotiation: periodic, two times period" \ 2450 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ 2451 "$P_CLI debug_level=3 exchanges=7 renegotiation=1" \ 2452 0 \ 2453 -c "client hello, adding renegotiation extension" \ 2454 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2455 -s "found renegotiation extension" \ 2456 -s "server hello, secure renegotiation extension" \ 2457 -c "found renegotiation extension" \ 2458 -s "record counter limit reached: renegotiate" \ 2459 -c "=> renegotiate" \ 2460 -s "=> renegotiate" \ 2461 -s "write hello request" \ 2462 -S "SSL - An unexpected message was received from our peer" \ 2463 -S "failed" 2464 2465requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2466run_test "Renegotiation: periodic, above period, disabled" \ 2467 "$P_SRV debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \ 2468 "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ 2469 0 \ 2470 -C "client hello, adding renegotiation extension" \ 2471 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2472 -S "found renegotiation extension" \ 2473 -s "server hello, secure renegotiation extension" \ 2474 -c "found renegotiation extension" \ 2475 -S "record counter limit reached: renegotiate" \ 2476 -C "=> renegotiate" \ 2477 -S "=> renegotiate" \ 2478 -S "write hello request" \ 2479 -S "SSL - An unexpected message was received from our peer" \ 2480 -S "failed" 2481 2482requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2483run_test "Renegotiation: nbio, client-initiated" \ 2484 "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \ 2485 "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \ 2486 0 \ 2487 -c "client hello, adding renegotiation extension" \ 2488 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2489 -s "found renegotiation extension" \ 2490 -s "server hello, secure renegotiation extension" \ 2491 -c "found renegotiation extension" \ 2492 -c "=> renegotiate" \ 2493 -s "=> renegotiate" \ 2494 -S "write hello request" 2495 2496requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2497run_test "Renegotiation: nbio, server-initiated" \ 2498 "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ 2499 "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \ 2500 0 \ 2501 -c "client hello, adding renegotiation extension" \ 2502 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2503 -s "found renegotiation extension" \ 2504 -s "server hello, secure renegotiation extension" \ 2505 -c "found renegotiation extension" \ 2506 -c "=> renegotiate" \ 2507 -s "=> renegotiate" \ 2508 -s "write hello request" 2509 2510requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2511run_test "Renegotiation: openssl server, client-initiated" \ 2512 "$O_SRV -www" \ 2513 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 2514 0 \ 2515 -c "client hello, adding renegotiation extension" \ 2516 -c "found renegotiation extension" \ 2517 -c "=> renegotiate" \ 2518 -C "ssl_hanshake() returned" \ 2519 -C "error" \ 2520 -c "HTTP/1.0 200 [Oo][Kk]" 2521 2522requires_gnutls 2523requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2524run_test "Renegotiation: gnutls server strict, client-initiated" \ 2525 "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \ 2526 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 2527 0 \ 2528 -c "client hello, adding renegotiation extension" \ 2529 -c "found renegotiation extension" \ 2530 -c "=> renegotiate" \ 2531 -C "ssl_hanshake() returned" \ 2532 -C "error" \ 2533 -c "HTTP/1.0 200 [Oo][Kk]" 2534 2535requires_gnutls 2536requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2537run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ 2538 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ 2539 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 2540 1 \ 2541 -c "client hello, adding renegotiation extension" \ 2542 -C "found renegotiation extension" \ 2543 -c "=> renegotiate" \ 2544 -c "mbedtls_ssl_handshake() returned" \ 2545 -c "error" \ 2546 -C "HTTP/1.0 200 [Oo][Kk]" 2547 2548requires_gnutls 2549requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2550run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ 2551 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ 2552 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ 2553 allow_legacy=0" \ 2554 1 \ 2555 -c "client hello, adding renegotiation extension" \ 2556 -C "found renegotiation extension" \ 2557 -c "=> renegotiate" \ 2558 -c "mbedtls_ssl_handshake() returned" \ 2559 -c "error" \ 2560 -C "HTTP/1.0 200 [Oo][Kk]" 2561 2562requires_gnutls 2563requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2564run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \ 2565 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ 2566 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ 2567 allow_legacy=1" \ 2568 0 \ 2569 -c "client hello, adding renegotiation extension" \ 2570 -C "found renegotiation extension" \ 2571 -c "=> renegotiate" \ 2572 -C "ssl_hanshake() returned" \ 2573 -C "error" \ 2574 -c "HTTP/1.0 200 [Oo][Kk]" 2575 2576requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2577run_test "Renegotiation: DTLS, client-initiated" \ 2578 "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \ 2579 "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ 2580 0 \ 2581 -c "client hello, adding renegotiation extension" \ 2582 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2583 -s "found renegotiation extension" \ 2584 -s "server hello, secure renegotiation extension" \ 2585 -c "found renegotiation extension" \ 2586 -c "=> renegotiate" \ 2587 -s "=> renegotiate" \ 2588 -S "write hello request" 2589 2590requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2591run_test "Renegotiation: DTLS, server-initiated" \ 2592 "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ 2593 "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \ 2594 read_timeout=1000 max_resend=2" \ 2595 0 \ 2596 -c "client hello, adding renegotiation extension" \ 2597 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2598 -s "found renegotiation extension" \ 2599 -s "server hello, secure renegotiation extension" \ 2600 -c "found renegotiation extension" \ 2601 -c "=> renegotiate" \ 2602 -s "=> renegotiate" \ 2603 -s "write hello request" 2604 2605requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2606run_test "Renegotiation: DTLS, renego_period overflow" \ 2607 "$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \ 2608 "$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \ 2609 0 \ 2610 -c "client hello, adding renegotiation extension" \ 2611 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2612 -s "found renegotiation extension" \ 2613 -s "server hello, secure renegotiation extension" \ 2614 -s "record counter limit reached: renegotiate" \ 2615 -c "=> renegotiate" \ 2616 -s "=> renegotiate" \ 2617 -s "write hello request" 2618 2619requires_gnutls 2620requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2621run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ 2622 "$G_SRV -u --mtu 4096" \ 2623 "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \ 2624 0 \ 2625 -c "client hello, adding renegotiation extension" \ 2626 -c "found renegotiation extension" \ 2627 -c "=> renegotiate" \ 2628 -C "mbedtls_ssl_handshake returned" \ 2629 -C "error" \ 2630 -s "Extra-header:" 2631 2632# Test for the "secure renegotation" extension only (no actual renegotiation) 2633 2634requires_gnutls 2635run_test "Renego ext: gnutls server strict, client default" \ 2636 "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \ 2637 "$P_CLI debug_level=3" \ 2638 0 \ 2639 -c "found renegotiation extension" \ 2640 -C "error" \ 2641 -c "HTTP/1.0 200 [Oo][Kk]" 2642 2643requires_gnutls 2644run_test "Renego ext: gnutls server unsafe, client default" \ 2645 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ 2646 "$P_CLI debug_level=3" \ 2647 0 \ 2648 -C "found renegotiation extension" \ 2649 -C "error" \ 2650 -c "HTTP/1.0 200 [Oo][Kk]" 2651 2652requires_gnutls 2653run_test "Renego ext: gnutls server unsafe, client break legacy" \ 2654 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ 2655 "$P_CLI debug_level=3 allow_legacy=-1" \ 2656 1 \ 2657 -C "found renegotiation extension" \ 2658 -c "error" \ 2659 -C "HTTP/1.0 200 [Oo][Kk]" 2660 2661requires_gnutls 2662run_test "Renego ext: gnutls client strict, server default" \ 2663 "$P_SRV debug_level=3" \ 2664 "$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \ 2665 0 \ 2666 -s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ 2667 -s "server hello, secure renegotiation extension" 2668 2669requires_gnutls 2670run_test "Renego ext: gnutls client unsafe, server default" \ 2671 "$P_SRV debug_level=3" \ 2672 "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \ 2673 0 \ 2674 -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ 2675 -S "server hello, secure renegotiation extension" 2676 2677requires_gnutls 2678run_test "Renego ext: gnutls client unsafe, server break legacy" \ 2679 "$P_SRV debug_level=3 allow_legacy=-1" \ 2680 "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \ 2681 1 \ 2682 -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ 2683 -S "server hello, secure renegotiation extension" 2684 2685# Tests for silently dropping trailing extra bytes in .der certificates 2686 2687requires_gnutls 2688run_test "DER format: no trailing bytes" \ 2689 "$P_SRV crt_file=data_files/server5-der0.crt \ 2690 key_file=data_files/server5.key" \ 2691 "$G_CLI localhost" \ 2692 0 \ 2693 -c "Handshake was completed" \ 2694 2695requires_gnutls 2696run_test "DER format: with a trailing zero byte" \ 2697 "$P_SRV crt_file=data_files/server5-der1a.crt \ 2698 key_file=data_files/server5.key" \ 2699 "$G_CLI localhost" \ 2700 0 \ 2701 -c "Handshake was completed" \ 2702 2703requires_gnutls 2704run_test "DER format: with a trailing random byte" \ 2705 "$P_SRV crt_file=data_files/server5-der1b.crt \ 2706 key_file=data_files/server5.key" \ 2707 "$G_CLI localhost" \ 2708 0 \ 2709 -c "Handshake was completed" \ 2710 2711requires_gnutls 2712run_test "DER format: with 2 trailing random bytes" \ 2713 "$P_SRV crt_file=data_files/server5-der2.crt \ 2714 key_file=data_files/server5.key" \ 2715 "$G_CLI localhost" \ 2716 0 \ 2717 -c "Handshake was completed" \ 2718 2719requires_gnutls 2720run_test "DER format: with 4 trailing random bytes" \ 2721 "$P_SRV crt_file=data_files/server5-der4.crt \ 2722 key_file=data_files/server5.key" \ 2723 "$G_CLI localhost" \ 2724 0 \ 2725 -c "Handshake was completed" \ 2726 2727requires_gnutls 2728run_test "DER format: with 8 trailing random bytes" \ 2729 "$P_SRV crt_file=data_files/server5-der8.crt \ 2730 key_file=data_files/server5.key" \ 2731 "$G_CLI localhost" \ 2732 0 \ 2733 -c "Handshake was completed" \ 2734 2735requires_gnutls 2736run_test "DER format: with 9 trailing random bytes" \ 2737 "$P_SRV crt_file=data_files/server5-der9.crt \ 2738 key_file=data_files/server5.key" \ 2739 "$G_CLI localhost" \ 2740 0 \ 2741 -c "Handshake was completed" \ 2742 2743# Tests for auth_mode 2744 2745run_test "Authentication: server badcert, client required" \ 2746 "$P_SRV crt_file=data_files/server5-badsign.crt \ 2747 key_file=data_files/server5.key" \ 2748 "$P_CLI debug_level=1 auth_mode=required" \ 2749 1 \ 2750 -c "x509_verify_cert() returned" \ 2751 -c "! The certificate is not correctly signed by the trusted CA" \ 2752 -c "! mbedtls_ssl_handshake returned" \ 2753 -c "X509 - Certificate verification failed" 2754 2755run_test "Authentication: server badcert, client optional" \ 2756 "$P_SRV crt_file=data_files/server5-badsign.crt \ 2757 key_file=data_files/server5.key" \ 2758 "$P_CLI debug_level=1 auth_mode=optional" \ 2759 0 \ 2760 -c "x509_verify_cert() returned" \ 2761 -c "! The certificate is not correctly signed by the trusted CA" \ 2762 -C "! mbedtls_ssl_handshake returned" \ 2763 -C "X509 - Certificate verification failed" 2764 2765run_test "Authentication: server goodcert, client optional, no trusted CA" \ 2766 "$P_SRV" \ 2767 "$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \ 2768 0 \ 2769 -c "x509_verify_cert() returned" \ 2770 -c "! The certificate is not correctly signed by the trusted CA" \ 2771 -c "! Certificate verification flags"\ 2772 -C "! mbedtls_ssl_handshake returned" \ 2773 -C "X509 - Certificate verification failed" \ 2774 -C "SSL - No CA Chain is set, but required to operate" 2775 2776run_test "Authentication: server goodcert, client required, no trusted CA" \ 2777 "$P_SRV" \ 2778 "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \ 2779 1 \ 2780 -c "x509_verify_cert() returned" \ 2781 -c "! The certificate is not correctly signed by the trusted CA" \ 2782 -c "! Certificate verification flags"\ 2783 -c "! mbedtls_ssl_handshake returned" \ 2784 -c "SSL - No CA Chain is set, but required to operate" 2785 2786# The purpose of the next two tests is to test the client's behaviour when receiving a server 2787# certificate with an unsupported elliptic curve. This should usually not happen because 2788# the client informs the server about the supported curves - it does, though, in the 2789# corner case of a static ECDH suite, because the server doesn't check the curve on that 2790# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a 2791# different means to have the server ignoring the client's supported curve list. 2792 2793requires_config_enabled MBEDTLS_ECP_C 2794run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \ 2795 "$P_SRV debug_level=1 key_file=data_files/server5.key \ 2796 crt_file=data_files/server5.ku-ka.crt" \ 2797 "$P_CLI debug_level=3 auth_mode=required curves=secp521r1" \ 2798 1 \ 2799 -c "bad certificate (EC key curve)"\ 2800 -c "! Certificate verification flags"\ 2801 -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage 2802 2803requires_config_enabled MBEDTLS_ECP_C 2804run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \ 2805 "$P_SRV debug_level=1 key_file=data_files/server5.key \ 2806 crt_file=data_files/server5.ku-ka.crt" \ 2807 "$P_CLI debug_level=3 auth_mode=optional curves=secp521r1" \ 2808 1 \ 2809 -c "bad certificate (EC key curve)"\ 2810 -c "! Certificate verification flags"\ 2811 -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check 2812 2813run_test "Authentication: server badcert, client none" \ 2814 "$P_SRV crt_file=data_files/server5-badsign.crt \ 2815 key_file=data_files/server5.key" \ 2816 "$P_CLI debug_level=1 auth_mode=none" \ 2817 0 \ 2818 -C "x509_verify_cert() returned" \ 2819 -C "! The certificate is not correctly signed by the trusted CA" \ 2820 -C "! mbedtls_ssl_handshake returned" \ 2821 -C "X509 - Certificate verification failed" 2822 2823run_test "Authentication: client SHA256, server required" \ 2824 "$P_SRV auth_mode=required" \ 2825 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ 2826 key_file=data_files/server6.key \ 2827 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ 2828 0 \ 2829 -c "Supported Signature Algorithm found: 4," \ 2830 -c "Supported Signature Algorithm found: 5," 2831 2832run_test "Authentication: client SHA384, server required" \ 2833 "$P_SRV auth_mode=required" \ 2834 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ 2835 key_file=data_files/server6.key \ 2836 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 2837 0 \ 2838 -c "Supported Signature Algorithm found: 4," \ 2839 -c "Supported Signature Algorithm found: 5," 2840 2841requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 2842run_test "Authentication: client has no cert, server required (SSLv3)" \ 2843 "$P_SRV debug_level=3 min_version=ssl3 auth_mode=required" \ 2844 "$P_CLI debug_level=3 force_version=ssl3 crt_file=none \ 2845 key_file=data_files/server5.key" \ 2846 1 \ 2847 -S "skip write certificate request" \ 2848 -C "skip parse certificate request" \ 2849 -c "got a certificate request" \ 2850 -c "got no certificate to send" \ 2851 -S "x509_verify_cert() returned" \ 2852 -s "client has no certificate" \ 2853 -s "! mbedtls_ssl_handshake returned" \ 2854 -c "! mbedtls_ssl_handshake returned" \ 2855 -s "No client certification received from the client, but required by the authentication mode" 2856 2857run_test "Authentication: client has no cert, server required (TLS)" \ 2858 "$P_SRV debug_level=3 auth_mode=required" \ 2859 "$P_CLI debug_level=3 crt_file=none \ 2860 key_file=data_files/server5.key" \ 2861 1 \ 2862 -S "skip write certificate request" \ 2863 -C "skip parse certificate request" \ 2864 -c "got a certificate request" \ 2865 -c "= write certificate$" \ 2866 -C "skip write certificate$" \ 2867 -S "x509_verify_cert() returned" \ 2868 -s "client has no certificate" \ 2869 -s "! mbedtls_ssl_handshake returned" \ 2870 -c "! mbedtls_ssl_handshake returned" \ 2871 -s "No client certification received from the client, but required by the authentication mode" 2872 2873run_test "Authentication: client badcert, server required" \ 2874 "$P_SRV debug_level=3 auth_mode=required" \ 2875 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ 2876 key_file=data_files/server5.key" \ 2877 1 \ 2878 -S "skip write certificate request" \ 2879 -C "skip parse certificate request" \ 2880 -c "got a certificate request" \ 2881 -C "skip write certificate" \ 2882 -C "skip write certificate verify" \ 2883 -S "skip parse certificate verify" \ 2884 -s "x509_verify_cert() returned" \ 2885 -s "! The certificate is not correctly signed by the trusted CA" \ 2886 -s "! mbedtls_ssl_handshake returned" \ 2887 -s "send alert level=2 message=48" \ 2888 -c "! mbedtls_ssl_handshake returned" \ 2889 -s "X509 - Certificate verification failed" 2890# We don't check that the client receives the alert because it might 2891# detect that its write end of the connection is closed and abort 2892# before reading the alert message. 2893 2894run_test "Authentication: client cert not trusted, server required" \ 2895 "$P_SRV debug_level=3 auth_mode=required" \ 2896 "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ 2897 key_file=data_files/server5.key" \ 2898 1 \ 2899 -S "skip write certificate request" \ 2900 -C "skip parse certificate request" \ 2901 -c "got a certificate request" \ 2902 -C "skip write certificate" \ 2903 -C "skip write certificate verify" \ 2904 -S "skip parse certificate verify" \ 2905 -s "x509_verify_cert() returned" \ 2906 -s "! The certificate is not correctly signed by the trusted CA" \ 2907 -s "! mbedtls_ssl_handshake returned" \ 2908 -c "! mbedtls_ssl_handshake returned" \ 2909 -s "X509 - Certificate verification failed" 2910 2911run_test "Authentication: client badcert, server optional" \ 2912 "$P_SRV debug_level=3 auth_mode=optional" \ 2913 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ 2914 key_file=data_files/server5.key" \ 2915 0 \ 2916 -S "skip write certificate request" \ 2917 -C "skip parse certificate request" \ 2918 -c "got a certificate request" \ 2919 -C "skip write certificate" \ 2920 -C "skip write certificate verify" \ 2921 -S "skip parse certificate verify" \ 2922 -s "x509_verify_cert() returned" \ 2923 -s "! The certificate is not correctly signed by the trusted CA" \ 2924 -S "! mbedtls_ssl_handshake returned" \ 2925 -C "! mbedtls_ssl_handshake returned" \ 2926 -S "X509 - Certificate verification failed" 2927 2928run_test "Authentication: client badcert, server none" \ 2929 "$P_SRV debug_level=3 auth_mode=none" \ 2930 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ 2931 key_file=data_files/server5.key" \ 2932 0 \ 2933 -s "skip write certificate request" \ 2934 -C "skip parse certificate request" \ 2935 -c "got no certificate request" \ 2936 -c "skip write certificate" \ 2937 -c "skip write certificate verify" \ 2938 -s "skip parse certificate verify" \ 2939 -S "x509_verify_cert() returned" \ 2940 -S "! The certificate is not correctly signed by the trusted CA" \ 2941 -S "! mbedtls_ssl_handshake returned" \ 2942 -C "! mbedtls_ssl_handshake returned" \ 2943 -S "X509 - Certificate verification failed" 2944 2945run_test "Authentication: client no cert, server optional" \ 2946 "$P_SRV debug_level=3 auth_mode=optional" \ 2947 "$P_CLI debug_level=3 crt_file=none key_file=none" \ 2948 0 \ 2949 -S "skip write certificate request" \ 2950 -C "skip parse certificate request" \ 2951 -c "got a certificate request" \ 2952 -C "skip write certificate$" \ 2953 -C "got no certificate to send" \ 2954 -S "SSLv3 client has no certificate" \ 2955 -c "skip write certificate verify" \ 2956 -s "skip parse certificate verify" \ 2957 -s "! Certificate was missing" \ 2958 -S "! mbedtls_ssl_handshake returned" \ 2959 -C "! mbedtls_ssl_handshake returned" \ 2960 -S "X509 - Certificate verification failed" 2961 2962run_test "Authentication: openssl client no cert, server optional" \ 2963 "$P_SRV debug_level=3 auth_mode=optional" \ 2964 "$O_CLI" \ 2965 0 \ 2966 -S "skip write certificate request" \ 2967 -s "skip parse certificate verify" \ 2968 -s "! Certificate was missing" \ 2969 -S "! mbedtls_ssl_handshake returned" \ 2970 -S "X509 - Certificate verification failed" 2971 2972run_test "Authentication: client no cert, openssl server optional" \ 2973 "$O_SRV -verify 10" \ 2974 "$P_CLI debug_level=3 crt_file=none key_file=none" \ 2975 0 \ 2976 -C "skip parse certificate request" \ 2977 -c "got a certificate request" \ 2978 -C "skip write certificate$" \ 2979 -c "skip write certificate verify" \ 2980 -C "! mbedtls_ssl_handshake returned" 2981 2982run_test "Authentication: client no cert, openssl server required" \ 2983 "$O_SRV -Verify 10" \ 2984 "$P_CLI debug_level=3 crt_file=none key_file=none" \ 2985 1 \ 2986 -C "skip parse certificate request" \ 2987 -c "got a certificate request" \ 2988 -C "skip write certificate$" \ 2989 -c "skip write certificate verify" \ 2990 -c "! mbedtls_ssl_handshake returned" 2991 2992requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 2993run_test "Authentication: client no cert, ssl3" \ 2994 "$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \ 2995 "$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \ 2996 0 \ 2997 -S "skip write certificate request" \ 2998 -C "skip parse certificate request" \ 2999 -c "got a certificate request" \ 3000 -C "skip write certificate$" \ 3001 -c "skip write certificate verify" \ 3002 -c "got no certificate to send" \ 3003 -s "SSLv3 client has no certificate" \ 3004 -s "skip parse certificate verify" \ 3005 -s "! Certificate was missing" \ 3006 -S "! mbedtls_ssl_handshake returned" \ 3007 -C "! mbedtls_ssl_handshake returned" \ 3008 -S "X509 - Certificate verification failed" 3009 3010# This script assumes that MBEDTLS_X509_MAX_INTERMEDIATE_CA has its default 3011# value, defined here as MAX_IM_CA. Some test cases will be skipped if the 3012# library is configured with a different value. 3013 3014MAX_IM_CA='8' 3015 3016# The tests for the max_int tests can pass with any number higher than MAX_IM_CA 3017# because only a chain of MAX_IM_CA length is tested. Equally, the max_int+1 3018# tests can pass with any number less than MAX_IM_CA. However, stricter preconditions 3019# are in place so that the semantics are consistent with the test description. 3020requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 3021requires_full_size_output_buffer 3022run_test "Authentication: server max_int chain, client default" \ 3023 "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ 3024 key_file=data_files/dir-maxpath/09.key" \ 3025 "$P_CLI server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \ 3026 0 \ 3027 -C "X509 - A fatal error occurred" 3028 3029requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 3030requires_full_size_output_buffer 3031run_test "Authentication: server max_int+1 chain, client default" \ 3032 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ 3033 key_file=data_files/dir-maxpath/10.key" \ 3034 "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \ 3035 1 \ 3036 -c "X509 - A fatal error occurred" 3037 3038requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 3039requires_full_size_output_buffer 3040run_test "Authentication: server max_int+1 chain, client optional" \ 3041 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ 3042 key_file=data_files/dir-maxpath/10.key" \ 3043 "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ 3044 auth_mode=optional" \ 3045 1 \ 3046 -c "X509 - A fatal error occurred" 3047 3048requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 3049requires_full_size_output_buffer 3050run_test "Authentication: server max_int+1 chain, client none" \ 3051 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ 3052 key_file=data_files/dir-maxpath/10.key" \ 3053 "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ 3054 auth_mode=none" \ 3055 0 \ 3056 -C "X509 - A fatal error occurred" 3057 3058requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 3059requires_full_size_output_buffer 3060run_test "Authentication: client max_int+1 chain, server default" \ 3061 "$P_SRV ca_file=data_files/dir-maxpath/00.crt" \ 3062 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ 3063 key_file=data_files/dir-maxpath/10.key" \ 3064 0 \ 3065 -S "X509 - A fatal error occurred" 3066 3067requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 3068requires_full_size_output_buffer 3069run_test "Authentication: client max_int+1 chain, server optional" \ 3070 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \ 3071 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ 3072 key_file=data_files/dir-maxpath/10.key" \ 3073 1 \ 3074 -s "X509 - A fatal error occurred" 3075 3076requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 3077requires_full_size_output_buffer 3078run_test "Authentication: client max_int+1 chain, server required" \ 3079 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ 3080 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ 3081 key_file=data_files/dir-maxpath/10.key" \ 3082 1 \ 3083 -s "X509 - A fatal error occurred" 3084 3085requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 3086requires_full_size_output_buffer 3087run_test "Authentication: client max_int chain, server required" \ 3088 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ 3089 "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \ 3090 key_file=data_files/dir-maxpath/09.key" \ 3091 0 \ 3092 -S "X509 - A fatal error occurred" 3093 3094# Tests for CA list in CertificateRequest messages 3095 3096run_test "Authentication: send CA list in CertificateRequest (default)" \ 3097 "$P_SRV debug_level=3 auth_mode=required" \ 3098 "$P_CLI crt_file=data_files/server6.crt \ 3099 key_file=data_files/server6.key" \ 3100 0 \ 3101 -s "requested DN" 3102 3103run_test "Authentication: do not send CA list in CertificateRequest" \ 3104 "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \ 3105 "$P_CLI crt_file=data_files/server6.crt \ 3106 key_file=data_files/server6.key" \ 3107 0 \ 3108 -S "requested DN" 3109 3110run_test "Authentication: send CA list in CertificateRequest, client self signed" \ 3111 "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \ 3112 "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ 3113 key_file=data_files/server5.key" \ 3114 1 \ 3115 -S "requested DN" \ 3116 -s "x509_verify_cert() returned" \ 3117 -s "! The certificate is not correctly signed by the trusted CA" \ 3118 -s "! mbedtls_ssl_handshake returned" \ 3119 -c "! mbedtls_ssl_handshake returned" \ 3120 -s "X509 - Certificate verification failed" 3121 3122# Tests for certificate selection based on SHA verson 3123 3124run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ 3125 "$P_SRV crt_file=data_files/server5.crt \ 3126 key_file=data_files/server5.key \ 3127 crt_file2=data_files/server5-sha1.crt \ 3128 key_file2=data_files/server5.key" \ 3129 "$P_CLI force_version=tls1_2" \ 3130 0 \ 3131 -c "signed using.*ECDSA with SHA256" \ 3132 -C "signed using.*ECDSA with SHA1" 3133 3134run_test "Certificate hash: client TLS 1.1 -> SHA-1" \ 3135 "$P_SRV crt_file=data_files/server5.crt \ 3136 key_file=data_files/server5.key \ 3137 crt_file2=data_files/server5-sha1.crt \ 3138 key_file2=data_files/server5.key" \ 3139 "$P_CLI force_version=tls1_1" \ 3140 0 \ 3141 -C "signed using.*ECDSA with SHA256" \ 3142 -c "signed using.*ECDSA with SHA1" 3143 3144run_test "Certificate hash: client TLS 1.0 -> SHA-1" \ 3145 "$P_SRV crt_file=data_files/server5.crt \ 3146 key_file=data_files/server5.key \ 3147 crt_file2=data_files/server5-sha1.crt \ 3148 key_file2=data_files/server5.key" \ 3149 "$P_CLI force_version=tls1" \ 3150 0 \ 3151 -C "signed using.*ECDSA with SHA256" \ 3152 -c "signed using.*ECDSA with SHA1" 3153 3154run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \ 3155 "$P_SRV crt_file=data_files/server5.crt \ 3156 key_file=data_files/server5.key \ 3157 crt_file2=data_files/server6.crt \ 3158 key_file2=data_files/server6.key" \ 3159 "$P_CLI force_version=tls1_1" \ 3160 0 \ 3161 -c "serial number.*09" \ 3162 -c "signed using.*ECDSA with SHA256" \ 3163 -C "signed using.*ECDSA with SHA1" 3164 3165run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \ 3166 "$P_SRV crt_file=data_files/server6.crt \ 3167 key_file=data_files/server6.key \ 3168 crt_file2=data_files/server5.crt \ 3169 key_file2=data_files/server5.key" \ 3170 "$P_CLI force_version=tls1_1" \ 3171 0 \ 3172 -c "serial number.*0A" \ 3173 -c "signed using.*ECDSA with SHA256" \ 3174 -C "signed using.*ECDSA with SHA1" 3175 3176# tests for SNI 3177 3178run_test "SNI: no SNI callback" \ 3179 "$P_SRV debug_level=3 \ 3180 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 3181 "$P_CLI server_name=localhost" \ 3182 0 \ 3183 -S "parse ServerName extension" \ 3184 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ 3185 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 3186 3187run_test "SNI: matching cert 1" \ 3188 "$P_SRV debug_level=3 \ 3189 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3190 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 3191 "$P_CLI server_name=localhost" \ 3192 0 \ 3193 -s "parse ServerName extension" \ 3194 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 3195 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 3196 3197run_test "SNI: matching cert 2" \ 3198 "$P_SRV debug_level=3 \ 3199 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3200 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 3201 "$P_CLI server_name=polarssl.example" \ 3202 0 \ 3203 -s "parse ServerName extension" \ 3204 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 3205 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" 3206 3207run_test "SNI: no matching cert" \ 3208 "$P_SRV debug_level=3 \ 3209 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3210 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 3211 "$P_CLI server_name=nonesuch.example" \ 3212 1 \ 3213 -s "parse ServerName extension" \ 3214 -s "ssl_sni_wrapper() returned" \ 3215 -s "mbedtls_ssl_handshake returned" \ 3216 -c "mbedtls_ssl_handshake returned" \ 3217 -c "SSL - A fatal alert message was received from our peer" 3218 3219run_test "SNI: client auth no override: optional" \ 3220 "$P_SRV debug_level=3 auth_mode=optional \ 3221 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3222 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \ 3223 "$P_CLI debug_level=3 server_name=localhost" \ 3224 0 \ 3225 -S "skip write certificate request" \ 3226 -C "skip parse certificate request" \ 3227 -c "got a certificate request" \ 3228 -C "skip write certificate" \ 3229 -C "skip write certificate verify" \ 3230 -S "skip parse certificate verify" 3231 3232run_test "SNI: client auth override: none -> optional" \ 3233 "$P_SRV debug_level=3 auth_mode=none \ 3234 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3235 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \ 3236 "$P_CLI debug_level=3 server_name=localhost" \ 3237 0 \ 3238 -S "skip write certificate request" \ 3239 -C "skip parse certificate request" \ 3240 -c "got a certificate request" \ 3241 -C "skip write certificate" \ 3242 -C "skip write certificate verify" \ 3243 -S "skip parse certificate verify" 3244 3245run_test "SNI: client auth override: optional -> none" \ 3246 "$P_SRV debug_level=3 auth_mode=optional \ 3247 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3248 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \ 3249 "$P_CLI debug_level=3 server_name=localhost" \ 3250 0 \ 3251 -s "skip write certificate request" \ 3252 -C "skip parse certificate request" \ 3253 -c "got no certificate request" \ 3254 -c "skip write certificate" \ 3255 -c "skip write certificate verify" \ 3256 -s "skip parse certificate verify" 3257 3258run_test "SNI: CA no override" \ 3259 "$P_SRV debug_level=3 auth_mode=optional \ 3260 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3261 ca_file=data_files/test-ca.crt \ 3262 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \ 3263 "$P_CLI debug_level=3 server_name=localhost \ 3264 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 3265 1 \ 3266 -S "skip write certificate request" \ 3267 -C "skip parse certificate request" \ 3268 -c "got a certificate request" \ 3269 -C "skip write certificate" \ 3270 -C "skip write certificate verify" \ 3271 -S "skip parse certificate verify" \ 3272 -s "x509_verify_cert() returned" \ 3273 -s "! The certificate is not correctly signed by the trusted CA" \ 3274 -S "The certificate has been revoked (is on a CRL)" 3275 3276run_test "SNI: CA override" \ 3277 "$P_SRV debug_level=3 auth_mode=optional \ 3278 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3279 ca_file=data_files/test-ca.crt \ 3280 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \ 3281 "$P_CLI debug_level=3 server_name=localhost \ 3282 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 3283 0 \ 3284 -S "skip write certificate request" \ 3285 -C "skip parse certificate request" \ 3286 -c "got a certificate request" \ 3287 -C "skip write certificate" \ 3288 -C "skip write certificate verify" \ 3289 -S "skip parse certificate verify" \ 3290 -S "x509_verify_cert() returned" \ 3291 -S "! The certificate is not correctly signed by the trusted CA" \ 3292 -S "The certificate has been revoked (is on a CRL)" 3293 3294run_test "SNI: CA override with CRL" \ 3295 "$P_SRV debug_level=3 auth_mode=optional \ 3296 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3297 ca_file=data_files/test-ca.crt \ 3298 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \ 3299 "$P_CLI debug_level=3 server_name=localhost \ 3300 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 3301 1 \ 3302 -S "skip write certificate request" \ 3303 -C "skip parse certificate request" \ 3304 -c "got a certificate request" \ 3305 -C "skip write certificate" \ 3306 -C "skip write certificate verify" \ 3307 -S "skip parse certificate verify" \ 3308 -s "x509_verify_cert() returned" \ 3309 -S "! The certificate is not correctly signed by the trusted CA" \ 3310 -s "The certificate has been revoked (is on a CRL)" 3311 3312# Tests for SNI and DTLS 3313 3314run_test "SNI: DTLS, no SNI callback" \ 3315 "$P_SRV debug_level=3 dtls=1 \ 3316 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 3317 "$P_CLI server_name=localhost dtls=1" \ 3318 0 \ 3319 -S "parse ServerName extension" \ 3320 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ 3321 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 3322 3323run_test "SNI: DTLS, matching cert 1" \ 3324 "$P_SRV debug_level=3 dtls=1 \ 3325 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3326 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 3327 "$P_CLI server_name=localhost dtls=1" \ 3328 0 \ 3329 -s "parse ServerName extension" \ 3330 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 3331 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 3332 3333run_test "SNI: DTLS, matching cert 2" \ 3334 "$P_SRV debug_level=3 dtls=1 \ 3335 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3336 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 3337 "$P_CLI server_name=polarssl.example dtls=1" \ 3338 0 \ 3339 -s "parse ServerName extension" \ 3340 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 3341 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" 3342 3343run_test "SNI: DTLS, no matching cert" \ 3344 "$P_SRV debug_level=3 dtls=1 \ 3345 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3346 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 3347 "$P_CLI server_name=nonesuch.example dtls=1" \ 3348 1 \ 3349 -s "parse ServerName extension" \ 3350 -s "ssl_sni_wrapper() returned" \ 3351 -s "mbedtls_ssl_handshake returned" \ 3352 -c "mbedtls_ssl_handshake returned" \ 3353 -c "SSL - A fatal alert message was received from our peer" 3354 3355run_test "SNI: DTLS, client auth no override: optional" \ 3356 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 3357 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3358 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \ 3359 "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 3360 0 \ 3361 -S "skip write certificate request" \ 3362 -C "skip parse certificate request" \ 3363 -c "got a certificate request" \ 3364 -C "skip write certificate" \ 3365 -C "skip write certificate verify" \ 3366 -S "skip parse certificate verify" 3367 3368run_test "SNI: DTLS, client auth override: none -> optional" \ 3369 "$P_SRV debug_level=3 auth_mode=none dtls=1 \ 3370 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3371 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \ 3372 "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 3373 0 \ 3374 -S "skip write certificate request" \ 3375 -C "skip parse certificate request" \ 3376 -c "got a certificate request" \ 3377 -C "skip write certificate" \ 3378 -C "skip write certificate verify" \ 3379 -S "skip parse certificate verify" 3380 3381run_test "SNI: DTLS, client auth override: optional -> none" \ 3382 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 3383 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3384 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \ 3385 "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 3386 0 \ 3387 -s "skip write certificate request" \ 3388 -C "skip parse certificate request" \ 3389 -c "got no certificate request" \ 3390 -c "skip write certificate" \ 3391 -c "skip write certificate verify" \ 3392 -s "skip parse certificate verify" 3393 3394run_test "SNI: DTLS, CA no override" \ 3395 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 3396 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3397 ca_file=data_files/test-ca.crt \ 3398 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \ 3399 "$P_CLI debug_level=3 server_name=localhost dtls=1 \ 3400 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 3401 1 \ 3402 -S "skip write certificate request" \ 3403 -C "skip parse certificate request" \ 3404 -c "got a certificate request" \ 3405 -C "skip write certificate" \ 3406 -C "skip write certificate verify" \ 3407 -S "skip parse certificate verify" \ 3408 -s "x509_verify_cert() returned" \ 3409 -s "! The certificate is not correctly signed by the trusted CA" \ 3410 -S "The certificate has been revoked (is on a CRL)" 3411 3412run_test "SNI: DTLS, CA override" \ 3413 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 3414 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3415 ca_file=data_files/test-ca.crt \ 3416 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \ 3417 "$P_CLI debug_level=3 server_name=localhost dtls=1 \ 3418 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 3419 0 \ 3420 -S "skip write certificate request" \ 3421 -C "skip parse certificate request" \ 3422 -c "got a certificate request" \ 3423 -C "skip write certificate" \ 3424 -C "skip write certificate verify" \ 3425 -S "skip parse certificate verify" \ 3426 -S "x509_verify_cert() returned" \ 3427 -S "! The certificate is not correctly signed by the trusted CA" \ 3428 -S "The certificate has been revoked (is on a CRL)" 3429 3430run_test "SNI: DTLS, CA override with CRL" \ 3431 "$P_SRV debug_level=3 auth_mode=optional \ 3432 crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \ 3433 ca_file=data_files/test-ca.crt \ 3434 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \ 3435 "$P_CLI debug_level=3 server_name=localhost dtls=1 \ 3436 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 3437 1 \ 3438 -S "skip write certificate request" \ 3439 -C "skip parse certificate request" \ 3440 -c "got a certificate request" \ 3441 -C "skip write certificate" \ 3442 -C "skip write certificate verify" \ 3443 -S "skip parse certificate verify" \ 3444 -s "x509_verify_cert() returned" \ 3445 -S "! The certificate is not correctly signed by the trusted CA" \ 3446 -s "The certificate has been revoked (is on a CRL)" 3447 3448# Tests for non-blocking I/O: exercise a variety of handshake flows 3449 3450run_test "Non-blocking I/O: basic handshake" \ 3451 "$P_SRV nbio=2 tickets=0 auth_mode=none" \ 3452 "$P_CLI nbio=2 tickets=0" \ 3453 0 \ 3454 -S "mbedtls_ssl_handshake returned" \ 3455 -C "mbedtls_ssl_handshake returned" \ 3456 -c "Read from server: .* bytes read" 3457 3458run_test "Non-blocking I/O: client auth" \ 3459 "$P_SRV nbio=2 tickets=0 auth_mode=required" \ 3460 "$P_CLI nbio=2 tickets=0" \ 3461 0 \ 3462 -S "mbedtls_ssl_handshake returned" \ 3463 -C "mbedtls_ssl_handshake returned" \ 3464 -c "Read from server: .* bytes read" 3465 3466run_test "Non-blocking I/O: ticket" \ 3467 "$P_SRV nbio=2 tickets=1 auth_mode=none" \ 3468 "$P_CLI nbio=2 tickets=1" \ 3469 0 \ 3470 -S "mbedtls_ssl_handshake returned" \ 3471 -C "mbedtls_ssl_handshake returned" \ 3472 -c "Read from server: .* bytes read" 3473 3474run_test "Non-blocking I/O: ticket + client auth" \ 3475 "$P_SRV nbio=2 tickets=1 auth_mode=required" \ 3476 "$P_CLI nbio=2 tickets=1" \ 3477 0 \ 3478 -S "mbedtls_ssl_handshake returned" \ 3479 -C "mbedtls_ssl_handshake returned" \ 3480 -c "Read from server: .* bytes read" 3481 3482run_test "Non-blocking I/O: ticket + client auth + resume" \ 3483 "$P_SRV nbio=2 tickets=1 auth_mode=required" \ 3484 "$P_CLI nbio=2 tickets=1 reconnect=1" \ 3485 0 \ 3486 -S "mbedtls_ssl_handshake returned" \ 3487 -C "mbedtls_ssl_handshake returned" \ 3488 -c "Read from server: .* bytes read" 3489 3490run_test "Non-blocking I/O: ticket + resume" \ 3491 "$P_SRV nbio=2 tickets=1 auth_mode=none" \ 3492 "$P_CLI nbio=2 tickets=1 reconnect=1" \ 3493 0 \ 3494 -S "mbedtls_ssl_handshake returned" \ 3495 -C "mbedtls_ssl_handshake returned" \ 3496 -c "Read from server: .* bytes read" 3497 3498run_test "Non-blocking I/O: session-id resume" \ 3499 "$P_SRV nbio=2 tickets=0 auth_mode=none" \ 3500 "$P_CLI nbio=2 tickets=0 reconnect=1" \ 3501 0 \ 3502 -S "mbedtls_ssl_handshake returned" \ 3503 -C "mbedtls_ssl_handshake returned" \ 3504 -c "Read from server: .* bytes read" 3505 3506# Tests for event-driven I/O: exercise a variety of handshake flows 3507 3508run_test "Event-driven I/O: basic handshake" \ 3509 "$P_SRV event=1 tickets=0 auth_mode=none" \ 3510 "$P_CLI event=1 tickets=0" \ 3511 0 \ 3512 -S "mbedtls_ssl_handshake returned" \ 3513 -C "mbedtls_ssl_handshake returned" \ 3514 -c "Read from server: .* bytes read" 3515 3516run_test "Event-driven I/O: client auth" \ 3517 "$P_SRV event=1 tickets=0 auth_mode=required" \ 3518 "$P_CLI event=1 tickets=0" \ 3519 0 \ 3520 -S "mbedtls_ssl_handshake returned" \ 3521 -C "mbedtls_ssl_handshake returned" \ 3522 -c "Read from server: .* bytes read" 3523 3524run_test "Event-driven I/O: ticket" \ 3525 "$P_SRV event=1 tickets=1 auth_mode=none" \ 3526 "$P_CLI event=1 tickets=1" \ 3527 0 \ 3528 -S "mbedtls_ssl_handshake returned" \ 3529 -C "mbedtls_ssl_handshake returned" \ 3530 -c "Read from server: .* bytes read" 3531 3532run_test "Event-driven I/O: ticket + client auth" \ 3533 "$P_SRV event=1 tickets=1 auth_mode=required" \ 3534 "$P_CLI event=1 tickets=1" \ 3535 0 \ 3536 -S "mbedtls_ssl_handshake returned" \ 3537 -C "mbedtls_ssl_handshake returned" \ 3538 -c "Read from server: .* bytes read" 3539 3540run_test "Event-driven I/O: ticket + client auth + resume" \ 3541 "$P_SRV event=1 tickets=1 auth_mode=required" \ 3542 "$P_CLI event=1 tickets=1 reconnect=1" \ 3543 0 \ 3544 -S "mbedtls_ssl_handshake returned" \ 3545 -C "mbedtls_ssl_handshake returned" \ 3546 -c "Read from server: .* bytes read" 3547 3548run_test "Event-driven I/O: ticket + resume" \ 3549 "$P_SRV event=1 tickets=1 auth_mode=none" \ 3550 "$P_CLI event=1 tickets=1 reconnect=1" \ 3551 0 \ 3552 -S "mbedtls_ssl_handshake returned" \ 3553 -C "mbedtls_ssl_handshake returned" \ 3554 -c "Read from server: .* bytes read" 3555 3556run_test "Event-driven I/O: session-id resume" \ 3557 "$P_SRV event=1 tickets=0 auth_mode=none" \ 3558 "$P_CLI event=1 tickets=0 reconnect=1" \ 3559 0 \ 3560 -S "mbedtls_ssl_handshake returned" \ 3561 -C "mbedtls_ssl_handshake returned" \ 3562 -c "Read from server: .* bytes read" 3563 3564run_test "Event-driven I/O, DTLS: basic handshake" \ 3565 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ 3566 "$P_CLI dtls=1 event=1 tickets=0" \ 3567 0 \ 3568 -c "Read from server: .* bytes read" 3569 3570run_test "Event-driven I/O, DTLS: client auth" \ 3571 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ 3572 "$P_CLI dtls=1 event=1 tickets=0" \ 3573 0 \ 3574 -c "Read from server: .* bytes read" 3575 3576run_test "Event-driven I/O, DTLS: ticket" \ 3577 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ 3578 "$P_CLI dtls=1 event=1 tickets=1" \ 3579 0 \ 3580 -c "Read from server: .* bytes read" 3581 3582run_test "Event-driven I/O, DTLS: ticket + client auth" \ 3583 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ 3584 "$P_CLI dtls=1 event=1 tickets=1" \ 3585 0 \ 3586 -c "Read from server: .* bytes read" 3587 3588run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \ 3589 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ 3590 "$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \ 3591 0 \ 3592 -c "Read from server: .* bytes read" 3593 3594run_test "Event-driven I/O, DTLS: ticket + resume" \ 3595 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ 3596 "$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \ 3597 0 \ 3598 -c "Read from server: .* bytes read" 3599 3600run_test "Event-driven I/O, DTLS: session-id resume" \ 3601 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ 3602 "$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \ 3603 0 \ 3604 -c "Read from server: .* bytes read" 3605 3606# This test demonstrates the need for the mbedtls_ssl_check_pending function. 3607# During session resumption, the client will send its ApplicationData record 3608# within the same datagram as the Finished messages. In this situation, the 3609# server MUST NOT idle on the underlying transport after handshake completion, 3610# because the ApplicationData request has already been queued internally. 3611run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \ 3612 -p "$P_PXY pack=50" \ 3613 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ 3614 "$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \ 3615 0 \ 3616 -c "Read from server: .* bytes read" 3617 3618# Tests for version negotiation 3619 3620run_test "Version check: all -> 1.2" \ 3621 "$P_SRV" \ 3622 "$P_CLI" \ 3623 0 \ 3624 -S "mbedtls_ssl_handshake returned" \ 3625 -C "mbedtls_ssl_handshake returned" \ 3626 -s "Protocol is TLSv1.2" \ 3627 -c "Protocol is TLSv1.2" 3628 3629run_test "Version check: cli max 1.1 -> 1.1" \ 3630 "$P_SRV" \ 3631 "$P_CLI max_version=tls1_1" \ 3632 0 \ 3633 -S "mbedtls_ssl_handshake returned" \ 3634 -C "mbedtls_ssl_handshake returned" \ 3635 -s "Protocol is TLSv1.1" \ 3636 -c "Protocol is TLSv1.1" 3637 3638run_test "Version check: srv max 1.1 -> 1.1" \ 3639 "$P_SRV max_version=tls1_1" \ 3640 "$P_CLI" \ 3641 0 \ 3642 -S "mbedtls_ssl_handshake returned" \ 3643 -C "mbedtls_ssl_handshake returned" \ 3644 -s "Protocol is TLSv1.1" \ 3645 -c "Protocol is TLSv1.1" 3646 3647run_test "Version check: cli+srv max 1.1 -> 1.1" \ 3648 "$P_SRV max_version=tls1_1" \ 3649 "$P_CLI max_version=tls1_1" \ 3650 0 \ 3651 -S "mbedtls_ssl_handshake returned" \ 3652 -C "mbedtls_ssl_handshake returned" \ 3653 -s "Protocol is TLSv1.1" \ 3654 -c "Protocol is TLSv1.1" 3655 3656run_test "Version check: cli max 1.1, srv min 1.1 -> 1.1" \ 3657 "$P_SRV min_version=tls1_1" \ 3658 "$P_CLI max_version=tls1_1" \ 3659 0 \ 3660 -S "mbedtls_ssl_handshake returned" \ 3661 -C "mbedtls_ssl_handshake returned" \ 3662 -s "Protocol is TLSv1.1" \ 3663 -c "Protocol is TLSv1.1" 3664 3665run_test "Version check: cli min 1.1, srv max 1.1 -> 1.1" \ 3666 "$P_SRV max_version=tls1_1" \ 3667 "$P_CLI min_version=tls1_1" \ 3668 0 \ 3669 -S "mbedtls_ssl_handshake returned" \ 3670 -C "mbedtls_ssl_handshake returned" \ 3671 -s "Protocol is TLSv1.1" \ 3672 -c "Protocol is TLSv1.1" 3673 3674run_test "Version check: cli min 1.2, srv max 1.1 -> fail" \ 3675 "$P_SRV max_version=tls1_1" \ 3676 "$P_CLI min_version=tls1_2" \ 3677 1 \ 3678 -s "mbedtls_ssl_handshake returned" \ 3679 -c "mbedtls_ssl_handshake returned" \ 3680 -c "SSL - Handshake protocol not within min/max boundaries" 3681 3682run_test "Version check: srv min 1.2, cli max 1.1 -> fail" \ 3683 "$P_SRV min_version=tls1_2" \ 3684 "$P_CLI max_version=tls1_1" \ 3685 1 \ 3686 -s "mbedtls_ssl_handshake returned" \ 3687 -c "mbedtls_ssl_handshake returned" \ 3688 -s "SSL - Handshake protocol not within min/max boundaries" 3689 3690# Tests for ALPN extension 3691 3692run_test "ALPN: none" \ 3693 "$P_SRV debug_level=3" \ 3694 "$P_CLI debug_level=3" \ 3695 0 \ 3696 -C "client hello, adding alpn extension" \ 3697 -S "found alpn extension" \ 3698 -C "got an alert message, type: \\[2:120]" \ 3699 -S "server hello, adding alpn extension" \ 3700 -C "found alpn extension " \ 3701 -C "Application Layer Protocol is" \ 3702 -S "Application Layer Protocol is" 3703 3704run_test "ALPN: client only" \ 3705 "$P_SRV debug_level=3" \ 3706 "$P_CLI debug_level=3 alpn=abc,1234" \ 3707 0 \ 3708 -c "client hello, adding alpn extension" \ 3709 -s "found alpn extension" \ 3710 -C "got an alert message, type: \\[2:120]" \ 3711 -S "server hello, adding alpn extension" \ 3712 -C "found alpn extension " \ 3713 -c "Application Layer Protocol is (none)" \ 3714 -S "Application Layer Protocol is" 3715 3716run_test "ALPN: server only" \ 3717 "$P_SRV debug_level=3 alpn=abc,1234" \ 3718 "$P_CLI debug_level=3" \ 3719 0 \ 3720 -C "client hello, adding alpn extension" \ 3721 -S "found alpn extension" \ 3722 -C "got an alert message, type: \\[2:120]" \ 3723 -S "server hello, adding alpn extension" \ 3724 -C "found alpn extension " \ 3725 -C "Application Layer Protocol is" \ 3726 -s "Application Layer Protocol is (none)" 3727 3728run_test "ALPN: both, common cli1-srv1" \ 3729 "$P_SRV debug_level=3 alpn=abc,1234" \ 3730 "$P_CLI debug_level=3 alpn=abc,1234" \ 3731 0 \ 3732 -c "client hello, adding alpn extension" \ 3733 -s "found alpn extension" \ 3734 -C "got an alert message, type: \\[2:120]" \ 3735 -s "server hello, adding alpn extension" \ 3736 -c "found alpn extension" \ 3737 -c "Application Layer Protocol is abc" \ 3738 -s "Application Layer Protocol is abc" 3739 3740run_test "ALPN: both, common cli2-srv1" \ 3741 "$P_SRV debug_level=3 alpn=abc,1234" \ 3742 "$P_CLI debug_level=3 alpn=1234,abc" \ 3743 0 \ 3744 -c "client hello, adding alpn extension" \ 3745 -s "found alpn extension" \ 3746 -C "got an alert message, type: \\[2:120]" \ 3747 -s "server hello, adding alpn extension" \ 3748 -c "found alpn extension" \ 3749 -c "Application Layer Protocol is abc" \ 3750 -s "Application Layer Protocol is abc" 3751 3752run_test "ALPN: both, common cli1-srv2" \ 3753 "$P_SRV debug_level=3 alpn=abc,1234" \ 3754 "$P_CLI debug_level=3 alpn=1234,abcde" \ 3755 0 \ 3756 -c "client hello, adding alpn extension" \ 3757 -s "found alpn extension" \ 3758 -C "got an alert message, type: \\[2:120]" \ 3759 -s "server hello, adding alpn extension" \ 3760 -c "found alpn extension" \ 3761 -c "Application Layer Protocol is 1234" \ 3762 -s "Application Layer Protocol is 1234" 3763 3764run_test "ALPN: both, no common" \ 3765 "$P_SRV debug_level=3 alpn=abc,123" \ 3766 "$P_CLI debug_level=3 alpn=1234,abcde" \ 3767 1 \ 3768 -c "client hello, adding alpn extension" \ 3769 -s "found alpn extension" \ 3770 -c "got an alert message, type: \\[2:120]" \ 3771 -S "server hello, adding alpn extension" \ 3772 -C "found alpn extension" \ 3773 -C "Application Layer Protocol is 1234" \ 3774 -S "Application Layer Protocol is 1234" 3775 3776 3777# Tests for keyUsage in leaf certificates, part 1: 3778# server-side certificate/suite selection 3779 3780run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \ 3781 "$P_SRV key_file=data_files/server2.key \ 3782 crt_file=data_files/server2.ku-ds.crt" \ 3783 "$P_CLI" \ 3784 0 \ 3785 -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-" 3786 3787 3788run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \ 3789 "$P_SRV key_file=data_files/server2.key \ 3790 crt_file=data_files/server2.ku-ke.crt" \ 3791 "$P_CLI" \ 3792 0 \ 3793 -c "Ciphersuite is TLS-RSA-WITH-" 3794 3795run_test "keyUsage srv: RSA, keyAgreement -> fail" \ 3796 "$P_SRV key_file=data_files/server2.key \ 3797 crt_file=data_files/server2.ku-ka.crt" \ 3798 "$P_CLI" \ 3799 1 \ 3800 -C "Ciphersuite is " 3801 3802run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \ 3803 "$P_SRV key_file=data_files/server5.key \ 3804 crt_file=data_files/server5.ku-ds.crt" \ 3805 "$P_CLI" \ 3806 0 \ 3807 -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-" 3808 3809 3810run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \ 3811 "$P_SRV key_file=data_files/server5.key \ 3812 crt_file=data_files/server5.ku-ka.crt" \ 3813 "$P_CLI" \ 3814 0 \ 3815 -c "Ciphersuite is TLS-ECDH-" 3816 3817run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \ 3818 "$P_SRV key_file=data_files/server5.key \ 3819 crt_file=data_files/server5.ku-ke.crt" \ 3820 "$P_CLI" \ 3821 1 \ 3822 -C "Ciphersuite is " 3823 3824# Tests for keyUsage in leaf certificates, part 2: 3825# client-side checking of server cert 3826 3827run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \ 3828 "$O_SRV -key data_files/server2.key \ 3829 -cert data_files/server2.ku-ds_ke.crt" \ 3830 "$P_CLI debug_level=1 \ 3831 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 3832 0 \ 3833 -C "bad certificate (usage extensions)" \ 3834 -C "Processing of the Certificate handshake message failed" \ 3835 -c "Ciphersuite is TLS-" 3836 3837run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \ 3838 "$O_SRV -key data_files/server2.key \ 3839 -cert data_files/server2.ku-ds_ke.crt" \ 3840 "$P_CLI debug_level=1 \ 3841 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 3842 0 \ 3843 -C "bad certificate (usage extensions)" \ 3844 -C "Processing of the Certificate handshake message failed" \ 3845 -c "Ciphersuite is TLS-" 3846 3847run_test "keyUsage cli: KeyEncipherment, RSA: OK" \ 3848 "$O_SRV -key data_files/server2.key \ 3849 -cert data_files/server2.ku-ke.crt" \ 3850 "$P_CLI debug_level=1 \ 3851 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 3852 0 \ 3853 -C "bad certificate (usage extensions)" \ 3854 -C "Processing of the Certificate handshake message failed" \ 3855 -c "Ciphersuite is TLS-" 3856 3857run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \ 3858 "$O_SRV -key data_files/server2.key \ 3859 -cert data_files/server2.ku-ke.crt" \ 3860 "$P_CLI debug_level=1 \ 3861 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 3862 1 \ 3863 -c "bad certificate (usage extensions)" \ 3864 -c "Processing of the Certificate handshake message failed" \ 3865 -C "Ciphersuite is TLS-" 3866 3867run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \ 3868 "$O_SRV -key data_files/server2.key \ 3869 -cert data_files/server2.ku-ke.crt" \ 3870 "$P_CLI debug_level=1 auth_mode=optional \ 3871 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 3872 0 \ 3873 -c "bad certificate (usage extensions)" \ 3874 -C "Processing of the Certificate handshake message failed" \ 3875 -c "Ciphersuite is TLS-" \ 3876 -c "! Usage does not match the keyUsage extension" 3877 3878run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \ 3879 "$O_SRV -key data_files/server2.key \ 3880 -cert data_files/server2.ku-ds.crt" \ 3881 "$P_CLI debug_level=1 \ 3882 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 3883 0 \ 3884 -C "bad certificate (usage extensions)" \ 3885 -C "Processing of the Certificate handshake message failed" \ 3886 -c "Ciphersuite is TLS-" 3887 3888run_test "keyUsage cli: DigitalSignature, RSA: fail" \ 3889 "$O_SRV -key data_files/server2.key \ 3890 -cert data_files/server2.ku-ds.crt" \ 3891 "$P_CLI debug_level=1 \ 3892 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 3893 1 \ 3894 -c "bad certificate (usage extensions)" \ 3895 -c "Processing of the Certificate handshake message failed" \ 3896 -C "Ciphersuite is TLS-" 3897 3898run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \ 3899 "$O_SRV -key data_files/server2.key \ 3900 -cert data_files/server2.ku-ds.crt" \ 3901 "$P_CLI debug_level=1 auth_mode=optional \ 3902 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 3903 0 \ 3904 -c "bad certificate (usage extensions)" \ 3905 -C "Processing of the Certificate handshake message failed" \ 3906 -c "Ciphersuite is TLS-" \ 3907 -c "! Usage does not match the keyUsage extension" 3908 3909# Tests for keyUsage in leaf certificates, part 3: 3910# server-side checking of client cert 3911 3912run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \ 3913 "$P_SRV debug_level=1 auth_mode=optional" \ 3914 "$O_CLI -key data_files/server2.key \ 3915 -cert data_files/server2.ku-ds.crt" \ 3916 0 \ 3917 -S "bad certificate (usage extensions)" \ 3918 -S "Processing of the Certificate handshake message failed" 3919 3920run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \ 3921 "$P_SRV debug_level=1 auth_mode=optional" \ 3922 "$O_CLI -key data_files/server2.key \ 3923 -cert data_files/server2.ku-ke.crt" \ 3924 0 \ 3925 -s "bad certificate (usage extensions)" \ 3926 -S "Processing of the Certificate handshake message failed" 3927 3928run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \ 3929 "$P_SRV debug_level=1 auth_mode=required" \ 3930 "$O_CLI -key data_files/server2.key \ 3931 -cert data_files/server2.ku-ke.crt" \ 3932 1 \ 3933 -s "bad certificate (usage extensions)" \ 3934 -s "Processing of the Certificate handshake message failed" 3935 3936run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \ 3937 "$P_SRV debug_level=1 auth_mode=optional" \ 3938 "$O_CLI -key data_files/server5.key \ 3939 -cert data_files/server5.ku-ds.crt" \ 3940 0 \ 3941 -S "bad certificate (usage extensions)" \ 3942 -S "Processing of the Certificate handshake message failed" 3943 3944run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \ 3945 "$P_SRV debug_level=1 auth_mode=optional" \ 3946 "$O_CLI -key data_files/server5.key \ 3947 -cert data_files/server5.ku-ka.crt" \ 3948 0 \ 3949 -s "bad certificate (usage extensions)" \ 3950 -S "Processing of the Certificate handshake message failed" 3951 3952# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection 3953 3954run_test "extKeyUsage srv: serverAuth -> OK" \ 3955 "$P_SRV key_file=data_files/server5.key \ 3956 crt_file=data_files/server5.eku-srv.crt" \ 3957 "$P_CLI" \ 3958 0 3959 3960run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \ 3961 "$P_SRV key_file=data_files/server5.key \ 3962 crt_file=data_files/server5.eku-srv.crt" \ 3963 "$P_CLI" \ 3964 0 3965 3966run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \ 3967 "$P_SRV key_file=data_files/server5.key \ 3968 crt_file=data_files/server5.eku-cs_any.crt" \ 3969 "$P_CLI" \ 3970 0 3971 3972run_test "extKeyUsage srv: codeSign -> fail" \ 3973 "$P_SRV key_file=data_files/server5.key \ 3974 crt_file=data_files/server5.eku-cli.crt" \ 3975 "$P_CLI" \ 3976 1 3977 3978# Tests for extendedKeyUsage, part 2: client-side checking of server cert 3979 3980run_test "extKeyUsage cli: serverAuth -> OK" \ 3981 "$O_SRV -key data_files/server5.key \ 3982 -cert data_files/server5.eku-srv.crt" \ 3983 "$P_CLI debug_level=1" \ 3984 0 \ 3985 -C "bad certificate (usage extensions)" \ 3986 -C "Processing of the Certificate handshake message failed" \ 3987 -c "Ciphersuite is TLS-" 3988 3989run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \ 3990 "$O_SRV -key data_files/server5.key \ 3991 -cert data_files/server5.eku-srv_cli.crt" \ 3992 "$P_CLI debug_level=1" \ 3993 0 \ 3994 -C "bad certificate (usage extensions)" \ 3995 -C "Processing of the Certificate handshake message failed" \ 3996 -c "Ciphersuite is TLS-" 3997 3998run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \ 3999 "$O_SRV -key data_files/server5.key \ 4000 -cert data_files/server5.eku-cs_any.crt" \ 4001 "$P_CLI debug_level=1" \ 4002 0 \ 4003 -C "bad certificate (usage extensions)" \ 4004 -C "Processing of the Certificate handshake message failed" \ 4005 -c "Ciphersuite is TLS-" 4006 4007run_test "extKeyUsage cli: codeSign -> fail" \ 4008 "$O_SRV -key data_files/server5.key \ 4009 -cert data_files/server5.eku-cs.crt" \ 4010 "$P_CLI debug_level=1" \ 4011 1 \ 4012 -c "bad certificate (usage extensions)" \ 4013 -c "Processing of the Certificate handshake message failed" \ 4014 -C "Ciphersuite is TLS-" 4015 4016# Tests for extendedKeyUsage, part 3: server-side checking of client cert 4017 4018run_test "extKeyUsage cli-auth: clientAuth -> OK" \ 4019 "$P_SRV debug_level=1 auth_mode=optional" \ 4020 "$O_CLI -key data_files/server5.key \ 4021 -cert data_files/server5.eku-cli.crt" \ 4022 0 \ 4023 -S "bad certificate (usage extensions)" \ 4024 -S "Processing of the Certificate handshake message failed" 4025 4026run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \ 4027 "$P_SRV debug_level=1 auth_mode=optional" \ 4028 "$O_CLI -key data_files/server5.key \ 4029 -cert data_files/server5.eku-srv_cli.crt" \ 4030 0 \ 4031 -S "bad certificate (usage extensions)" \ 4032 -S "Processing of the Certificate handshake message failed" 4033 4034run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \ 4035 "$P_SRV debug_level=1 auth_mode=optional" \ 4036 "$O_CLI -key data_files/server5.key \ 4037 -cert data_files/server5.eku-cs_any.crt" \ 4038 0 \ 4039 -S "bad certificate (usage extensions)" \ 4040 -S "Processing of the Certificate handshake message failed" 4041 4042run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ 4043 "$P_SRV debug_level=1 auth_mode=optional" \ 4044 "$O_CLI -key data_files/server5.key \ 4045 -cert data_files/server5.eku-cs.crt" \ 4046 0 \ 4047 -s "bad certificate (usage extensions)" \ 4048 -S "Processing of the Certificate handshake message failed" 4049 4050run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \ 4051 "$P_SRV debug_level=1 auth_mode=required" \ 4052 "$O_CLI -key data_files/server5.key \ 4053 -cert data_files/server5.eku-cs.crt" \ 4054 1 \ 4055 -s "bad certificate (usage extensions)" \ 4056 -s "Processing of the Certificate handshake message failed" 4057 4058# Tests for DHM parameters loading 4059 4060run_test "DHM parameters: reference" \ 4061 "$P_SRV" \ 4062 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 4063 debug_level=3" \ 4064 0 \ 4065 -c "value of 'DHM: P ' (2048 bits)" \ 4066 -c "value of 'DHM: G ' (2 bits)" 4067 4068run_test "DHM parameters: other parameters" \ 4069 "$P_SRV dhm_file=data_files/dhparams.pem" \ 4070 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 4071 debug_level=3" \ 4072 0 \ 4073 -c "value of 'DHM: P ' (1024 bits)" \ 4074 -c "value of 'DHM: G ' (2 bits)" 4075 4076# Tests for DHM client-side size checking 4077 4078run_test "DHM size: server default, client default, OK" \ 4079 "$P_SRV" \ 4080 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 4081 debug_level=1" \ 4082 0 \ 4083 -C "DHM prime too short:" 4084 4085run_test "DHM size: server default, client 2048, OK" \ 4086 "$P_SRV" \ 4087 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 4088 debug_level=1 dhmlen=2048" \ 4089 0 \ 4090 -C "DHM prime too short:" 4091 4092run_test "DHM size: server 1024, client default, OK" \ 4093 "$P_SRV dhm_file=data_files/dhparams.pem" \ 4094 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 4095 debug_level=1" \ 4096 0 \ 4097 -C "DHM prime too short:" 4098 4099run_test "DHM size: server 999, client 999, OK" \ 4100 "$P_SRV dhm_file=data_files/dh.999.pem" \ 4101 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 4102 debug_level=1 dhmlen=999" \ 4103 0 \ 4104 -C "DHM prime too short:" 4105 4106run_test "DHM size: server 1000, client 1000, OK" \ 4107 "$P_SRV dhm_file=data_files/dh.1000.pem" \ 4108 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 4109 debug_level=1 dhmlen=1000" \ 4110 0 \ 4111 -C "DHM prime too short:" 4112 4113run_test "DHM size: server 1000, client default, rejected" \ 4114 "$P_SRV dhm_file=data_files/dh.1000.pem" \ 4115 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 4116 debug_level=1" \ 4117 1 \ 4118 -c "DHM prime too short:" 4119 4120run_test "DHM size: server 1000, client 1001, rejected" \ 4121 "$P_SRV dhm_file=data_files/dh.1000.pem" \ 4122 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 4123 debug_level=1 dhmlen=1001" \ 4124 1 \ 4125 -c "DHM prime too short:" 4126 4127run_test "DHM size: server 999, client 1000, rejected" \ 4128 "$P_SRV dhm_file=data_files/dh.999.pem" \ 4129 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 4130 debug_level=1 dhmlen=1000" \ 4131 1 \ 4132 -c "DHM prime too short:" 4133 4134run_test "DHM size: server 998, client 999, rejected" \ 4135 "$P_SRV dhm_file=data_files/dh.998.pem" \ 4136 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 4137 debug_level=1 dhmlen=999" \ 4138 1 \ 4139 -c "DHM prime too short:" 4140 4141run_test "DHM size: server default, client 2049, rejected" \ 4142 "$P_SRV" \ 4143 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 4144 debug_level=1 dhmlen=2049" \ 4145 1 \ 4146 -c "DHM prime too short:" 4147 4148# Tests for PSK callback 4149 4150run_test "PSK callback: psk, no callback" \ 4151 "$P_SRV psk=abc123 psk_identity=foo" \ 4152 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 4153 psk_identity=foo psk=abc123" \ 4154 0 \ 4155 -S "SSL - None of the common ciphersuites is usable" \ 4156 -S "SSL - Unknown identity received" \ 4157 -S "SSL - Verification of the message MAC failed" 4158 4159run_test "PSK callback: no psk, no callback" \ 4160 "$P_SRV" \ 4161 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 4162 psk_identity=foo psk=abc123" \ 4163 1 \ 4164 -s "SSL - None of the common ciphersuites is usable" \ 4165 -S "SSL - Unknown identity received" \ 4166 -S "SSL - Verification of the message MAC failed" 4167 4168run_test "PSK callback: callback overrides other settings" \ 4169 "$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \ 4170 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 4171 psk_identity=foo psk=abc123" \ 4172 1 \ 4173 -S "SSL - None of the common ciphersuites is usable" \ 4174 -s "SSL - Unknown identity received" \ 4175 -S "SSL - Verification of the message MAC failed" 4176 4177run_test "PSK callback: first id matches" \ 4178 "$P_SRV psk_list=abc,dead,def,beef" \ 4179 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 4180 psk_identity=abc psk=dead" \ 4181 0 \ 4182 -S "SSL - None of the common ciphersuites is usable" \ 4183 -S "SSL - Unknown identity received" \ 4184 -S "SSL - Verification of the message MAC failed" 4185 4186run_test "PSK callback: second id matches" \ 4187 "$P_SRV psk_list=abc,dead,def,beef" \ 4188 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 4189 psk_identity=def psk=beef" \ 4190 0 \ 4191 -S "SSL - None of the common ciphersuites is usable" \ 4192 -S "SSL - Unknown identity received" \ 4193 -S "SSL - Verification of the message MAC failed" 4194 4195run_test "PSK callback: no match" \ 4196 "$P_SRV psk_list=abc,dead,def,beef" \ 4197 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 4198 psk_identity=ghi psk=beef" \ 4199 1 \ 4200 -S "SSL - None of the common ciphersuites is usable" \ 4201 -s "SSL - Unknown identity received" \ 4202 -S "SSL - Verification of the message MAC failed" 4203 4204run_test "PSK callback: wrong key" \ 4205 "$P_SRV psk_list=abc,dead,def,beef" \ 4206 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 4207 psk_identity=abc psk=beef" \ 4208 1 \ 4209 -S "SSL - None of the common ciphersuites is usable" \ 4210 -S "SSL - Unknown identity received" \ 4211 -s "SSL - Verification of the message MAC failed" 4212 4213# Tests for EC J-PAKE 4214 4215requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE 4216run_test "ECJPAKE: client not configured" \ 4217 "$P_SRV debug_level=3" \ 4218 "$P_CLI debug_level=3" \ 4219 0 \ 4220 -C "add ciphersuite: c0ff" \ 4221 -C "adding ecjpake_kkpp extension" \ 4222 -S "found ecjpake kkpp extension" \ 4223 -S "skip ecjpake kkpp extension" \ 4224 -S "ciphersuite mismatch: ecjpake not configured" \ 4225 -S "server hello, ecjpake kkpp extension" \ 4226 -C "found ecjpake_kkpp extension" \ 4227 -S "None of the common ciphersuites is usable" 4228 4229requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE 4230run_test "ECJPAKE: server not configured" \ 4231 "$P_SRV debug_level=3" \ 4232 "$P_CLI debug_level=3 ecjpake_pw=bla \ 4233 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 4234 1 \ 4235 -c "add ciphersuite: c0ff" \ 4236 -c "adding ecjpake_kkpp extension" \ 4237 -s "found ecjpake kkpp extension" \ 4238 -s "skip ecjpake kkpp extension" \ 4239 -s "ciphersuite mismatch: ecjpake not configured" \ 4240 -S "server hello, ecjpake kkpp extension" \ 4241 -C "found ecjpake_kkpp extension" \ 4242 -s "None of the common ciphersuites is usable" 4243 4244requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE 4245run_test "ECJPAKE: working, TLS" \ 4246 "$P_SRV debug_level=3 ecjpake_pw=bla" \ 4247 "$P_CLI debug_level=3 ecjpake_pw=bla \ 4248 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 4249 0 \ 4250 -c "add ciphersuite: c0ff" \ 4251 -c "adding ecjpake_kkpp extension" \ 4252 -C "re-using cached ecjpake parameters" \ 4253 -s "found ecjpake kkpp extension" \ 4254 -S "skip ecjpake kkpp extension" \ 4255 -S "ciphersuite mismatch: ecjpake not configured" \ 4256 -s "server hello, ecjpake kkpp extension" \ 4257 -c "found ecjpake_kkpp extension" \ 4258 -S "None of the common ciphersuites is usable" \ 4259 -S "SSL - Verification of the message MAC failed" 4260 4261server_needs_more_time 1 4262requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 4263run_test "ECJPAKE: password mismatch, TLS" \ 4264 "$P_SRV debug_level=3 ecjpake_pw=bla" \ 4265 "$P_CLI debug_level=3 ecjpake_pw=bad \ 4266 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 4267 1 \ 4268 -C "re-using cached ecjpake parameters" \ 4269 -s "SSL - Verification of the message MAC failed" 4270 4271requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 4272run_test "ECJPAKE: working, DTLS" \ 4273 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ 4274 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ 4275 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 4276 0 \ 4277 -c "re-using cached ecjpake parameters" \ 4278 -S "SSL - Verification of the message MAC failed" 4279 4280requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 4281run_test "ECJPAKE: working, DTLS, no cookie" \ 4282 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \ 4283 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ 4284 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 4285 0 \ 4286 -C "re-using cached ecjpake parameters" \ 4287 -S "SSL - Verification of the message MAC failed" 4288 4289server_needs_more_time 1 4290requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 4291run_test "ECJPAKE: password mismatch, DTLS" \ 4292 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ 4293 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \ 4294 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 4295 1 \ 4296 -c "re-using cached ecjpake parameters" \ 4297 -s "SSL - Verification of the message MAC failed" 4298 4299# for tests with configs/config-thread.h 4300requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 4301run_test "ECJPAKE: working, DTLS, nolog" \ 4302 "$P_SRV dtls=1 ecjpake_pw=bla" \ 4303 "$P_CLI dtls=1 ecjpake_pw=bla \ 4304 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 4305 0 4306 4307# Tests for ciphersuites per version 4308 4309requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4310requires_config_enabled MBEDTLS_CAMELLIA_C 4311requires_config_enabled MBEDTLS_AES_C 4312run_test "Per-version suites: SSL3" \ 4313 "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ 4314 "$P_CLI force_version=ssl3" \ 4315 0 \ 4316 -c "Ciphersuite is TLS-RSA-WITH-CAMELLIA-128-CBC-SHA" 4317 4318requires_config_enabled MBEDTLS_SSL_PROTO_TLS1 4319requires_config_enabled MBEDTLS_CAMELLIA_C 4320requires_config_enabled MBEDTLS_AES_C 4321run_test "Per-version suites: TLS 1.0" \ 4322 "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ 4323 "$P_CLI force_version=tls1 arc4=1" \ 4324 0 \ 4325 -c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA" 4326 4327requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 4328requires_config_enabled MBEDTLS_CAMELLIA_C 4329requires_config_enabled MBEDTLS_AES_C 4330run_test "Per-version suites: TLS 1.1" \ 4331 "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ 4332 "$P_CLI force_version=tls1_1" \ 4333 0 \ 4334 -c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA" 4335 4336requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4337requires_config_enabled MBEDTLS_CAMELLIA_C 4338requires_config_enabled MBEDTLS_AES_C 4339run_test "Per-version suites: TLS 1.2" \ 4340 "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ 4341 "$P_CLI force_version=tls1_2" \ 4342 0 \ 4343 -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256" 4344 4345# Test for ClientHello without extensions 4346 4347requires_gnutls 4348run_test "ClientHello without extensions" \ 4349 "$P_SRV debug_level=3" \ 4350 "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \ 4351 0 \ 4352 -s "dumping 'client hello extensions' (0 bytes)" 4353 4354# Tests for mbedtls_ssl_get_bytes_avail() 4355 4356run_test "mbedtls_ssl_get_bytes_avail: no extra data" \ 4357 "$P_SRV" \ 4358 "$P_CLI request_size=100" \ 4359 0 \ 4360 -s "Read from client: 100 bytes read$" 4361 4362run_test "mbedtls_ssl_get_bytes_avail: extra data" \ 4363 "$P_SRV" \ 4364 "$P_CLI request_size=500" \ 4365 0 \ 4366 -s "Read from client: 500 bytes read (.*+.*)" 4367 4368# Tests for small client packets 4369 4370requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4371run_test "Small client packet SSLv3 BlockCipher" \ 4372 "$P_SRV min_version=ssl3" \ 4373 "$P_CLI request_size=1 force_version=ssl3 \ 4374 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4375 0 \ 4376 -s "Read from client: 1 bytes read" 4377 4378requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4379run_test "Small client packet SSLv3 StreamCipher" \ 4380 "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4381 "$P_CLI request_size=1 force_version=ssl3 \ 4382 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4383 0 \ 4384 -s "Read from client: 1 bytes read" 4385 4386run_test "Small client packet TLS 1.0 BlockCipher" \ 4387 "$P_SRV" \ 4388 "$P_CLI request_size=1 force_version=tls1 \ 4389 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4390 0 \ 4391 -s "Read from client: 1 bytes read" 4392 4393run_test "Small client packet TLS 1.0 BlockCipher, without EtM" \ 4394 "$P_SRV" \ 4395 "$P_CLI request_size=1 force_version=tls1 etm=0 \ 4396 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4397 0 \ 4398 -s "Read from client: 1 bytes read" 4399 4400requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4401run_test "Small client packet TLS 1.0 BlockCipher, truncated MAC" \ 4402 "$P_SRV trunc_hmac=1" \ 4403 "$P_CLI request_size=1 force_version=tls1 \ 4404 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4405 0 \ 4406 -s "Read from client: 1 bytes read" 4407 4408requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4409run_test "Small client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ 4410 "$P_SRV trunc_hmac=1" \ 4411 "$P_CLI request_size=1 force_version=tls1 \ 4412 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4413 0 \ 4414 -s "Read from client: 1 bytes read" 4415 4416run_test "Small client packet TLS 1.0 StreamCipher" \ 4417 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4418 "$P_CLI request_size=1 force_version=tls1 \ 4419 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4420 0 \ 4421 -s "Read from client: 1 bytes read" 4422 4423run_test "Small client packet TLS 1.0 StreamCipher, without EtM" \ 4424 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4425 "$P_CLI request_size=1 force_version=tls1 \ 4426 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4427 0 \ 4428 -s "Read from client: 1 bytes read" 4429 4430requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4431run_test "Small client packet TLS 1.0 StreamCipher, truncated MAC" \ 4432 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4433 "$P_CLI request_size=1 force_version=tls1 \ 4434 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4435 0 \ 4436 -s "Read from client: 1 bytes read" 4437 4438requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4439run_test "Small client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ 4440 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4441 "$P_CLI request_size=1 force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ 4442 trunc_hmac=1 etm=0" \ 4443 0 \ 4444 -s "Read from client: 1 bytes read" 4445 4446run_test "Small client packet TLS 1.1 BlockCipher" \ 4447 "$P_SRV" \ 4448 "$P_CLI request_size=1 force_version=tls1_1 \ 4449 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4450 0 \ 4451 -s "Read from client: 1 bytes read" 4452 4453run_test "Small client packet TLS 1.1 BlockCipher, without EtM" \ 4454 "$P_SRV" \ 4455 "$P_CLI request_size=1 force_version=tls1_1 \ 4456 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 4457 0 \ 4458 -s "Read from client: 1 bytes read" 4459 4460requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4461run_test "Small client packet TLS 1.1 BlockCipher, truncated MAC" \ 4462 "$P_SRV trunc_hmac=1" \ 4463 "$P_CLI request_size=1 force_version=tls1_1 \ 4464 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4465 0 \ 4466 -s "Read from client: 1 bytes read" 4467 4468requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4469run_test "Small client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ 4470 "$P_SRV trunc_hmac=1" \ 4471 "$P_CLI request_size=1 force_version=tls1_1 \ 4472 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4473 0 \ 4474 -s "Read from client: 1 bytes read" 4475 4476run_test "Small client packet TLS 1.1 StreamCipher" \ 4477 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4478 "$P_CLI request_size=1 force_version=tls1_1 \ 4479 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4480 0 \ 4481 -s "Read from client: 1 bytes read" 4482 4483run_test "Small client packet TLS 1.1 StreamCipher, without EtM" \ 4484 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4485 "$P_CLI request_size=1 force_version=tls1_1 \ 4486 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4487 0 \ 4488 -s "Read from client: 1 bytes read" 4489 4490requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4491run_test "Small client packet TLS 1.1 StreamCipher, truncated MAC" \ 4492 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4493 "$P_CLI request_size=1 force_version=tls1_1 \ 4494 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4495 0 \ 4496 -s "Read from client: 1 bytes read" 4497 4498requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4499run_test "Small client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ 4500 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4501 "$P_CLI request_size=1 force_version=tls1_1 \ 4502 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 4503 0 \ 4504 -s "Read from client: 1 bytes read" 4505 4506run_test "Small client packet TLS 1.2 BlockCipher" \ 4507 "$P_SRV" \ 4508 "$P_CLI request_size=1 force_version=tls1_2 \ 4509 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4510 0 \ 4511 -s "Read from client: 1 bytes read" 4512 4513run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \ 4514 "$P_SRV" \ 4515 "$P_CLI request_size=1 force_version=tls1_2 \ 4516 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 4517 0 \ 4518 -s "Read from client: 1 bytes read" 4519 4520run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ 4521 "$P_SRV" \ 4522 "$P_CLI request_size=1 force_version=tls1_2 \ 4523 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 4524 0 \ 4525 -s "Read from client: 1 bytes read" 4526 4527requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4528run_test "Small client packet TLS 1.2 BlockCipher, truncated MAC" \ 4529 "$P_SRV trunc_hmac=1" \ 4530 "$P_CLI request_size=1 force_version=tls1_2 \ 4531 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4532 0 \ 4533 -s "Read from client: 1 bytes read" 4534 4535requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4536run_test "Small client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ 4537 "$P_SRV trunc_hmac=1" \ 4538 "$P_CLI request_size=1 force_version=tls1_2 \ 4539 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4540 0 \ 4541 -s "Read from client: 1 bytes read" 4542 4543run_test "Small client packet TLS 1.2 StreamCipher" \ 4544 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4545 "$P_CLI request_size=1 force_version=tls1_2 \ 4546 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4547 0 \ 4548 -s "Read from client: 1 bytes read" 4549 4550run_test "Small client packet TLS 1.2 StreamCipher, without EtM" \ 4551 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4552 "$P_CLI request_size=1 force_version=tls1_2 \ 4553 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4554 0 \ 4555 -s "Read from client: 1 bytes read" 4556 4557requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4558run_test "Small client packet TLS 1.2 StreamCipher, truncated MAC" \ 4559 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4560 "$P_CLI request_size=1 force_version=tls1_2 \ 4561 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4562 0 \ 4563 -s "Read from client: 1 bytes read" 4564 4565requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4566run_test "Small client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ 4567 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4568 "$P_CLI request_size=1 force_version=tls1_2 \ 4569 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 4570 0 \ 4571 -s "Read from client: 1 bytes read" 4572 4573run_test "Small client packet TLS 1.2 AEAD" \ 4574 "$P_SRV" \ 4575 "$P_CLI request_size=1 force_version=tls1_2 \ 4576 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 4577 0 \ 4578 -s "Read from client: 1 bytes read" 4579 4580run_test "Small client packet TLS 1.2 AEAD shorter tag" \ 4581 "$P_SRV" \ 4582 "$P_CLI request_size=1 force_version=tls1_2 \ 4583 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 4584 0 \ 4585 -s "Read from client: 1 bytes read" 4586 4587# Tests for small client packets in DTLS 4588 4589requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4590run_test "Small client packet DTLS 1.0" \ 4591 "$P_SRV dtls=1 force_version=dtls1" \ 4592 "$P_CLI dtls=1 request_size=1 \ 4593 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4594 0 \ 4595 -s "Read from client: 1 bytes read" 4596 4597requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4598run_test "Small client packet DTLS 1.0, without EtM" \ 4599 "$P_SRV dtls=1 force_version=dtls1 etm=0" \ 4600 "$P_CLI dtls=1 request_size=1 \ 4601 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4602 0 \ 4603 -s "Read from client: 1 bytes read" 4604 4605requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4606requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4607run_test "Small client packet DTLS 1.0, truncated hmac" \ 4608 "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1" \ 4609 "$P_CLI dtls=1 request_size=1 trunc_hmac=1 \ 4610 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4611 0 \ 4612 -s "Read from client: 1 bytes read" 4613 4614requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4615requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4616run_test "Small client packet DTLS 1.0, without EtM, truncated MAC" \ 4617 "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1 etm=0" \ 4618 "$P_CLI dtls=1 request_size=1 \ 4619 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ 4620 0 \ 4621 -s "Read from client: 1 bytes read" 4622 4623requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4624run_test "Small client packet DTLS 1.2" \ 4625 "$P_SRV dtls=1 force_version=dtls1_2" \ 4626 "$P_CLI dtls=1 request_size=1 \ 4627 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4628 0 \ 4629 -s "Read from client: 1 bytes read" 4630 4631requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4632run_test "Small client packet DTLS 1.2, without EtM" \ 4633 "$P_SRV dtls=1 force_version=dtls1_2 etm=0" \ 4634 "$P_CLI dtls=1 request_size=1 \ 4635 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4636 0 \ 4637 -s "Read from client: 1 bytes read" 4638 4639requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4640requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4641run_test "Small client packet DTLS 1.2, truncated hmac" \ 4642 "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1" \ 4643 "$P_CLI dtls=1 request_size=1 \ 4644 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4645 0 \ 4646 -s "Read from client: 1 bytes read" 4647 4648requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4649requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4650run_test "Small client packet DTLS 1.2, without EtM, truncated MAC" \ 4651 "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \ 4652 "$P_CLI dtls=1 request_size=1 \ 4653 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ 4654 0 \ 4655 -s "Read from client: 1 bytes read" 4656 4657# Tests for small server packets 4658 4659requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4660run_test "Small server packet SSLv3 BlockCipher" \ 4661 "$P_SRV response_size=1 min_version=ssl3" \ 4662 "$P_CLI force_version=ssl3 \ 4663 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4664 0 \ 4665 -c "Read from server: 1 bytes read" 4666 4667requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4668run_test "Small server packet SSLv3 StreamCipher" \ 4669 "$P_SRV response_size=1 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4670 "$P_CLI force_version=ssl3 \ 4671 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4672 0 \ 4673 -c "Read from server: 1 bytes read" 4674 4675run_test "Small server packet TLS 1.0 BlockCipher" \ 4676 "$P_SRV response_size=1" \ 4677 "$P_CLI force_version=tls1 \ 4678 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4679 0 \ 4680 -c "Read from server: 1 bytes read" 4681 4682run_test "Small server packet TLS 1.0 BlockCipher, without EtM" \ 4683 "$P_SRV response_size=1" \ 4684 "$P_CLI force_version=tls1 etm=0 \ 4685 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4686 0 \ 4687 -c "Read from server: 1 bytes read" 4688 4689requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4690run_test "Small server packet TLS 1.0 BlockCipher, truncated MAC" \ 4691 "$P_SRV response_size=1 trunc_hmac=1" \ 4692 "$P_CLI force_version=tls1 \ 4693 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4694 0 \ 4695 -c "Read from server: 1 bytes read" 4696 4697requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4698run_test "Small server packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ 4699 "$P_SRV response_size=1 trunc_hmac=1" \ 4700 "$P_CLI force_version=tls1 \ 4701 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4702 0 \ 4703 -c "Read from server: 1 bytes read" 4704 4705run_test "Small server packet TLS 1.0 StreamCipher" \ 4706 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4707 "$P_CLI force_version=tls1 \ 4708 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4709 0 \ 4710 -c "Read from server: 1 bytes read" 4711 4712run_test "Small server packet TLS 1.0 StreamCipher, without EtM" \ 4713 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4714 "$P_CLI force_version=tls1 \ 4715 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4716 0 \ 4717 -c "Read from server: 1 bytes read" 4718 4719requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4720run_test "Small server packet TLS 1.0 StreamCipher, truncated MAC" \ 4721 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4722 "$P_CLI force_version=tls1 \ 4723 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4724 0 \ 4725 -c "Read from server: 1 bytes read" 4726 4727requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4728run_test "Small server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ 4729 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4730 "$P_CLI force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ 4731 trunc_hmac=1 etm=0" \ 4732 0 \ 4733 -c "Read from server: 1 bytes read" 4734 4735run_test "Small server packet TLS 1.1 BlockCipher" \ 4736 "$P_SRV response_size=1" \ 4737 "$P_CLI force_version=tls1_1 \ 4738 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4739 0 \ 4740 -c "Read from server: 1 bytes read" 4741 4742run_test "Small server packet TLS 1.1 BlockCipher, without EtM" \ 4743 "$P_SRV response_size=1" \ 4744 "$P_CLI force_version=tls1_1 \ 4745 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 4746 0 \ 4747 -c "Read from server: 1 bytes read" 4748 4749requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4750run_test "Small server packet TLS 1.1 BlockCipher, truncated MAC" \ 4751 "$P_SRV response_size=1 trunc_hmac=1" \ 4752 "$P_CLI force_version=tls1_1 \ 4753 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4754 0 \ 4755 -c "Read from server: 1 bytes read" 4756 4757requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4758run_test "Small server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ 4759 "$P_SRV response_size=1 trunc_hmac=1" \ 4760 "$P_CLI force_version=tls1_1 \ 4761 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4762 0 \ 4763 -c "Read from server: 1 bytes read" 4764 4765run_test "Small server packet TLS 1.1 StreamCipher" \ 4766 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4767 "$P_CLI force_version=tls1_1 \ 4768 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4769 0 \ 4770 -c "Read from server: 1 bytes read" 4771 4772run_test "Small server packet TLS 1.1 StreamCipher, without EtM" \ 4773 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4774 "$P_CLI force_version=tls1_1 \ 4775 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4776 0 \ 4777 -c "Read from server: 1 bytes read" 4778 4779requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4780run_test "Small server packet TLS 1.1 StreamCipher, truncated MAC" \ 4781 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4782 "$P_CLI force_version=tls1_1 \ 4783 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4784 0 \ 4785 -c "Read from server: 1 bytes read" 4786 4787requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4788run_test "Small server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ 4789 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4790 "$P_CLI force_version=tls1_1 \ 4791 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 4792 0 \ 4793 -c "Read from server: 1 bytes read" 4794 4795run_test "Small server packet TLS 1.2 BlockCipher" \ 4796 "$P_SRV response_size=1" \ 4797 "$P_CLI force_version=tls1_2 \ 4798 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4799 0 \ 4800 -c "Read from server: 1 bytes read" 4801 4802run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \ 4803 "$P_SRV response_size=1" \ 4804 "$P_CLI force_version=tls1_2 \ 4805 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 4806 0 \ 4807 -c "Read from server: 1 bytes read" 4808 4809run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ 4810 "$P_SRV response_size=1" \ 4811 "$P_CLI force_version=tls1_2 \ 4812 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 4813 0 \ 4814 -c "Read from server: 1 bytes read" 4815 4816requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4817run_test "Small server packet TLS 1.2 BlockCipher, truncated MAC" \ 4818 "$P_SRV response_size=1 trunc_hmac=1" \ 4819 "$P_CLI force_version=tls1_2 \ 4820 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4821 0 \ 4822 -c "Read from server: 1 bytes read" 4823 4824requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4825run_test "Small server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ 4826 "$P_SRV response_size=1 trunc_hmac=1" \ 4827 "$P_CLI force_version=tls1_2 \ 4828 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4829 0 \ 4830 -c "Read from server: 1 bytes read" 4831 4832run_test "Small server packet TLS 1.2 StreamCipher" \ 4833 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4834 "$P_CLI force_version=tls1_2 \ 4835 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4836 0 \ 4837 -c "Read from server: 1 bytes read" 4838 4839run_test "Small server packet TLS 1.2 StreamCipher, without EtM" \ 4840 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4841 "$P_CLI force_version=tls1_2 \ 4842 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4843 0 \ 4844 -c "Read from server: 1 bytes read" 4845 4846requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4847run_test "Small server packet TLS 1.2 StreamCipher, truncated MAC" \ 4848 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4849 "$P_CLI force_version=tls1_2 \ 4850 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4851 0 \ 4852 -c "Read from server: 1 bytes read" 4853 4854requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4855run_test "Small server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ 4856 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4857 "$P_CLI force_version=tls1_2 \ 4858 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 4859 0 \ 4860 -c "Read from server: 1 bytes read" 4861 4862run_test "Small server packet TLS 1.2 AEAD" \ 4863 "$P_SRV response_size=1" \ 4864 "$P_CLI force_version=tls1_2 \ 4865 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 4866 0 \ 4867 -c "Read from server: 1 bytes read" 4868 4869run_test "Small server packet TLS 1.2 AEAD shorter tag" \ 4870 "$P_SRV response_size=1" \ 4871 "$P_CLI force_version=tls1_2 \ 4872 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 4873 0 \ 4874 -c "Read from server: 1 bytes read" 4875 4876# Tests for small server packets in DTLS 4877 4878requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4879run_test "Small server packet DTLS 1.0" \ 4880 "$P_SRV dtls=1 response_size=1 force_version=dtls1" \ 4881 "$P_CLI dtls=1 \ 4882 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4883 0 \ 4884 -c "Read from server: 1 bytes read" 4885 4886requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4887run_test "Small server packet DTLS 1.0, without EtM" \ 4888 "$P_SRV dtls=1 response_size=1 force_version=dtls1 etm=0" \ 4889 "$P_CLI dtls=1 \ 4890 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4891 0 \ 4892 -c "Read from server: 1 bytes read" 4893 4894requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4895requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4896run_test "Small server packet DTLS 1.0, truncated hmac" \ 4897 "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1" \ 4898 "$P_CLI dtls=1 trunc_hmac=1 \ 4899 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4900 0 \ 4901 -c "Read from server: 1 bytes read" 4902 4903requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4904requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4905run_test "Small server packet DTLS 1.0, without EtM, truncated MAC" \ 4906 "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1 etm=0" \ 4907 "$P_CLI dtls=1 \ 4908 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ 4909 0 \ 4910 -c "Read from server: 1 bytes read" 4911 4912requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4913run_test "Small server packet DTLS 1.2" \ 4914 "$P_SRV dtls=1 response_size=1 force_version=dtls1_2" \ 4915 "$P_CLI dtls=1 \ 4916 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4917 0 \ 4918 -c "Read from server: 1 bytes read" 4919 4920requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4921run_test "Small server packet DTLS 1.2, without EtM" \ 4922 "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 etm=0" \ 4923 "$P_CLI dtls=1 \ 4924 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4925 0 \ 4926 -c "Read from server: 1 bytes read" 4927 4928requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4929requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4930run_test "Small server packet DTLS 1.2, truncated hmac" \ 4931 "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1" \ 4932 "$P_CLI dtls=1 \ 4933 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4934 0 \ 4935 -c "Read from server: 1 bytes read" 4936 4937requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4938requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4939run_test "Small server packet DTLS 1.2, without EtM, truncated MAC" \ 4940 "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \ 4941 "$P_CLI dtls=1 \ 4942 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ 4943 0 \ 4944 -c "Read from server: 1 bytes read" 4945 4946# A test for extensions in SSLv3 4947requires_max_content_len 4096 4948requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4949run_test "SSLv3 with extensions, server side" \ 4950 "$P_SRV min_version=ssl3 debug_level=3" \ 4951 "$P_CLI force_version=ssl3 tickets=1 max_frag_len=4096 alpn=abc,1234" \ 4952 0 \ 4953 -S "dumping 'client hello extensions'" \ 4954 -S "server hello, total extension length:" 4955 4956# Test for large client packets 4957 4958# How many fragments do we expect to write $1 bytes? 4959fragments_for_write() { 4960 echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))" 4961} 4962 4963requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4964run_test "Large client packet SSLv3 BlockCipher" \ 4965 "$P_SRV min_version=ssl3" \ 4966 "$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \ 4967 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4968 0 \ 4969 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4970 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4971 4972requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4973run_test "Large client packet SSLv3 StreamCipher" \ 4974 "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4975 "$P_CLI request_size=16384 force_version=ssl3 \ 4976 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4977 0 \ 4978 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4979 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4980 4981run_test "Large client packet TLS 1.0 BlockCipher" \ 4982 "$P_SRV" \ 4983 "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \ 4984 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4985 0 \ 4986 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4987 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4988 4989run_test "Large client packet TLS 1.0 BlockCipher, without EtM" \ 4990 "$P_SRV" \ 4991 "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \ 4992 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4993 0 \ 4994 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4995 4996requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4997run_test "Large client packet TLS 1.0 BlockCipher, truncated MAC" \ 4998 "$P_SRV trunc_hmac=1" \ 4999 "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \ 5000 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 5001 0 \ 5002 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 5003 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5004 5005requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5006run_test "Large client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ 5007 "$P_SRV trunc_hmac=1" \ 5008 "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \ 5009 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 5010 0 \ 5011 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5012 5013run_test "Large client packet TLS 1.0 StreamCipher" \ 5014 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5015 "$P_CLI request_size=16384 force_version=tls1 \ 5016 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5017 0 \ 5018 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5019 5020run_test "Large client packet TLS 1.0 StreamCipher, without EtM" \ 5021 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5022 "$P_CLI request_size=16384 force_version=tls1 \ 5023 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 5024 0 \ 5025 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5026 5027requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5028run_test "Large client packet TLS 1.0 StreamCipher, truncated MAC" \ 5029 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5030 "$P_CLI request_size=16384 force_version=tls1 \ 5031 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5032 0 \ 5033 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5034 5035requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5036run_test "Large client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ 5037 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5038 "$P_CLI request_size=16384 force_version=tls1 \ 5039 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 5040 0 \ 5041 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 5042 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5043 5044run_test "Large client packet TLS 1.1 BlockCipher" \ 5045 "$P_SRV" \ 5046 "$P_CLI request_size=16384 force_version=tls1_1 \ 5047 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5048 0 \ 5049 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 5050 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5051 5052run_test "Large client packet TLS 1.1 BlockCipher, without EtM" \ 5053 "$P_SRV" \ 5054 "$P_CLI request_size=16384 force_version=tls1_1 etm=0 \ 5055 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5056 0 \ 5057 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5058 5059requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5060run_test "Large client packet TLS 1.1 BlockCipher, truncated MAC" \ 5061 "$P_SRV trunc_hmac=1" \ 5062 "$P_CLI request_size=16384 force_version=tls1_1 \ 5063 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 5064 0 \ 5065 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5066 5067requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5068run_test "Large client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ 5069 "$P_SRV trunc_hmac=1" \ 5070 "$P_CLI request_size=16384 force_version=tls1_1 \ 5071 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 5072 0 \ 5073 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5074 5075run_test "Large client packet TLS 1.1 StreamCipher" \ 5076 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5077 "$P_CLI request_size=16384 force_version=tls1_1 \ 5078 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5079 0 \ 5080 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 5081 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5082 5083run_test "Large client packet TLS 1.1 StreamCipher, without EtM" \ 5084 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5085 "$P_CLI request_size=16384 force_version=tls1_1 \ 5086 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 5087 0 \ 5088 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 5089 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5090 5091requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5092run_test "Large client packet TLS 1.1 StreamCipher, truncated MAC" \ 5093 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5094 "$P_CLI request_size=16384 force_version=tls1_1 \ 5095 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5096 0 \ 5097 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5098 5099requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5100run_test "Large client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ 5101 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5102 "$P_CLI request_size=16384 force_version=tls1_1 \ 5103 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 5104 0 \ 5105 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 5106 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5107 5108run_test "Large client packet TLS 1.2 BlockCipher" \ 5109 "$P_SRV" \ 5110 "$P_CLI request_size=16384 force_version=tls1_2 \ 5111 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5112 0 \ 5113 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 5114 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5115 5116run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \ 5117 "$P_SRV" \ 5118 "$P_CLI request_size=16384 force_version=tls1_2 etm=0 \ 5119 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5120 0 \ 5121 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5122 5123run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ 5124 "$P_SRV" \ 5125 "$P_CLI request_size=16384 force_version=tls1_2 \ 5126 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 5127 0 \ 5128 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 5129 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5130 5131requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5132run_test "Large client packet TLS 1.2 BlockCipher, truncated MAC" \ 5133 "$P_SRV trunc_hmac=1" \ 5134 "$P_CLI request_size=16384 force_version=tls1_2 \ 5135 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 5136 0 \ 5137 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5138 5139requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5140run_test "Large client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ 5141 "$P_SRV trunc_hmac=1" \ 5142 "$P_CLI request_size=16384 force_version=tls1_2 \ 5143 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 5144 0 \ 5145 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 5146 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5147 5148run_test "Large client packet TLS 1.2 StreamCipher" \ 5149 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5150 "$P_CLI request_size=16384 force_version=tls1_2 \ 5151 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5152 0 \ 5153 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 5154 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5155 5156run_test "Large client packet TLS 1.2 StreamCipher, without EtM" \ 5157 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5158 "$P_CLI request_size=16384 force_version=tls1_2 \ 5159 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 5160 0 \ 5161 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5162 5163requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5164run_test "Large client packet TLS 1.2 StreamCipher, truncated MAC" \ 5165 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5166 "$P_CLI request_size=16384 force_version=tls1_2 \ 5167 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5168 0 \ 5169 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5170 5171requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5172run_test "Large client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ 5173 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5174 "$P_CLI request_size=16384 force_version=tls1_2 \ 5175 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 5176 0 \ 5177 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 5178 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5179 5180run_test "Large client packet TLS 1.2 AEAD" \ 5181 "$P_SRV" \ 5182 "$P_CLI request_size=16384 force_version=tls1_2 \ 5183 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 5184 0 \ 5185 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 5186 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5187 5188run_test "Large client packet TLS 1.2 AEAD shorter tag" \ 5189 "$P_SRV" \ 5190 "$P_CLI request_size=16384 force_version=tls1_2 \ 5191 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 5192 0 \ 5193 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 5194 -s "Read from client: $MAX_CONTENT_LEN bytes read" 5195 5196# Test for large server packets 5197# The tests below fail when the server's OUT_CONTENT_LEN is less than 16384. 5198requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 5199run_test "Large server packet SSLv3 StreamCipher" \ 5200 "$P_SRV response_size=16384 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5201 "$P_CLI force_version=ssl3 \ 5202 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5203 0 \ 5204 -c "Read from server: 16384 bytes read" 5205 5206# Checking next 4 tests logs for 1n-1 split against BEAST too 5207requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 5208run_test "Large server packet SSLv3 BlockCipher" \ 5209 "$P_SRV response_size=16384 min_version=ssl3" \ 5210 "$P_CLI force_version=ssl3 recsplit=0 \ 5211 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5212 0 \ 5213 -c "Read from server: 1 bytes read"\ 5214 -c "16383 bytes read"\ 5215 -C "Read from server: 16384 bytes read" 5216 5217run_test "Large server packet TLS 1.0 BlockCipher" \ 5218 "$P_SRV response_size=16384" \ 5219 "$P_CLI force_version=tls1 recsplit=0 \ 5220 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5221 0 \ 5222 -c "Read from server: 1 bytes read"\ 5223 -c "16383 bytes read"\ 5224 -C "Read from server: 16384 bytes read" 5225 5226run_test "Large server packet TLS 1.0 BlockCipher, without EtM" \ 5227 "$P_SRV response_size=16384" \ 5228 "$P_CLI force_version=tls1 etm=0 recsplit=0 \ 5229 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5230 0 \ 5231 -c "Read from server: 1 bytes read"\ 5232 -c "16383 bytes read"\ 5233 -C "Read from server: 16384 bytes read" 5234 5235requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5236run_test "Large server packet TLS 1.0 BlockCipher truncated MAC" \ 5237 "$P_SRV response_size=16384" \ 5238 "$P_CLI force_version=tls1 recsplit=0 \ 5239 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ 5240 trunc_hmac=1" \ 5241 0 \ 5242 -c "Read from server: 1 bytes read"\ 5243 -c "16383 bytes read"\ 5244 -C "Read from server: 16384 bytes read" 5245 5246requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5247run_test "Large server packet TLS 1.0 StreamCipher truncated MAC" \ 5248 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5249 "$P_CLI force_version=tls1 \ 5250 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ 5251 trunc_hmac=1" \ 5252 0 \ 5253 -s "16384 bytes written in 1 fragments" \ 5254 -c "Read from server: 16384 bytes read" 5255 5256run_test "Large server packet TLS 1.0 StreamCipher" \ 5257 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5258 "$P_CLI force_version=tls1 \ 5259 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5260 0 \ 5261 -s "16384 bytes written in 1 fragments" \ 5262 -c "Read from server: 16384 bytes read" 5263 5264run_test "Large server packet TLS 1.0 StreamCipher, without EtM" \ 5265 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5266 "$P_CLI force_version=tls1 \ 5267 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 5268 0 \ 5269 -s "16384 bytes written in 1 fragments" \ 5270 -c "Read from server: 16384 bytes read" 5271 5272requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5273run_test "Large server packet TLS 1.0 StreamCipher, truncated MAC" \ 5274 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5275 "$P_CLI force_version=tls1 \ 5276 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5277 0 \ 5278 -s "16384 bytes written in 1 fragments" \ 5279 -c "Read from server: 16384 bytes read" 5280 5281requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5282run_test "Large server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ 5283 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5284 "$P_CLI force_version=tls1 \ 5285 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 5286 0 \ 5287 -s "16384 bytes written in 1 fragments" \ 5288 -c "Read from server: 16384 bytes read" 5289 5290run_test "Large server packet TLS 1.1 BlockCipher" \ 5291 "$P_SRV response_size=16384" \ 5292 "$P_CLI force_version=tls1_1 \ 5293 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5294 0 \ 5295 -c "Read from server: 16384 bytes read" 5296 5297run_test "Large server packet TLS 1.1 BlockCipher, without EtM" \ 5298 "$P_SRV response_size=16384" \ 5299 "$P_CLI force_version=tls1_1 etm=0 \ 5300 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5301 0 \ 5302 -s "16384 bytes written in 1 fragments" \ 5303 -c "Read from server: 16384 bytes read" 5304 5305requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5306run_test "Large server packet TLS 1.1 BlockCipher truncated MAC" \ 5307 "$P_SRV response_size=16384" \ 5308 "$P_CLI force_version=tls1_1 \ 5309 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ 5310 trunc_hmac=1" \ 5311 0 \ 5312 -c "Read from server: 16384 bytes read" 5313 5314requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5315run_test "Large server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ 5316 "$P_SRV response_size=16384 trunc_hmac=1" \ 5317 "$P_CLI force_version=tls1_1 \ 5318 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 5319 0 \ 5320 -s "16384 bytes written in 1 fragments" \ 5321 -c "Read from server: 16384 bytes read" 5322 5323run_test "Large server packet TLS 1.1 StreamCipher" \ 5324 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5325 "$P_CLI force_version=tls1_1 \ 5326 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5327 0 \ 5328 -c "Read from server: 16384 bytes read" 5329 5330run_test "Large server packet TLS 1.1 StreamCipher, without EtM" \ 5331 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5332 "$P_CLI force_version=tls1_1 \ 5333 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 5334 0 \ 5335 -s "16384 bytes written in 1 fragments" \ 5336 -c "Read from server: 16384 bytes read" 5337 5338requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5339run_test "Large server packet TLS 1.1 StreamCipher truncated MAC" \ 5340 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5341 "$P_CLI force_version=tls1_1 \ 5342 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ 5343 trunc_hmac=1" \ 5344 0 \ 5345 -c "Read from server: 16384 bytes read" 5346 5347run_test "Large server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ 5348 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5349 "$P_CLI force_version=tls1_1 \ 5350 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 5351 0 \ 5352 -s "16384 bytes written in 1 fragments" \ 5353 -c "Read from server: 16384 bytes read" 5354 5355run_test "Large server packet TLS 1.2 BlockCipher" \ 5356 "$P_SRV response_size=16384" \ 5357 "$P_CLI force_version=tls1_2 \ 5358 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5359 0 \ 5360 -c "Read from server: 16384 bytes read" 5361 5362run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \ 5363 "$P_SRV response_size=16384" \ 5364 "$P_CLI force_version=tls1_2 etm=0 \ 5365 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5366 0 \ 5367 -s "16384 bytes written in 1 fragments" \ 5368 -c "Read from server: 16384 bytes read" 5369 5370run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ 5371 "$P_SRV response_size=16384" \ 5372 "$P_CLI force_version=tls1_2 \ 5373 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 5374 0 \ 5375 -c "Read from server: 16384 bytes read" 5376 5377requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5378run_test "Large server packet TLS 1.2 BlockCipher truncated MAC" \ 5379 "$P_SRV response_size=16384" \ 5380 "$P_CLI force_version=tls1_2 \ 5381 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ 5382 trunc_hmac=1" \ 5383 0 \ 5384 -c "Read from server: 16384 bytes read" 5385 5386run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ 5387 "$P_SRV response_size=16384 trunc_hmac=1" \ 5388 "$P_CLI force_version=tls1_2 \ 5389 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 5390 0 \ 5391 -s "16384 bytes written in 1 fragments" \ 5392 -c "Read from server: 16384 bytes read" 5393 5394run_test "Large server packet TLS 1.2 StreamCipher" \ 5395 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5396 "$P_CLI force_version=tls1_2 \ 5397 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5398 0 \ 5399 -s "16384 bytes written in 1 fragments" \ 5400 -c "Read from server: 16384 bytes read" 5401 5402run_test "Large server packet TLS 1.2 StreamCipher, without EtM" \ 5403 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5404 "$P_CLI force_version=tls1_2 \ 5405 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 5406 0 \ 5407 -s "16384 bytes written in 1 fragments" \ 5408 -c "Read from server: 16384 bytes read" 5409 5410requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5411run_test "Large server packet TLS 1.2 StreamCipher truncated MAC" \ 5412 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5413 "$P_CLI force_version=tls1_2 \ 5414 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ 5415 trunc_hmac=1" \ 5416 0 \ 5417 -c "Read from server: 16384 bytes read" 5418 5419requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5420run_test "Large server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ 5421 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5422 "$P_CLI force_version=tls1_2 \ 5423 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 5424 0 \ 5425 -s "16384 bytes written in 1 fragments" \ 5426 -c "Read from server: 16384 bytes read" 5427 5428run_test "Large server packet TLS 1.2 AEAD" \ 5429 "$P_SRV response_size=16384" \ 5430 "$P_CLI force_version=tls1_2 \ 5431 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 5432 0 \ 5433 -c "Read from server: 16384 bytes read" 5434 5435run_test "Large server packet TLS 1.2 AEAD shorter tag" \ 5436 "$P_SRV response_size=16384" \ 5437 "$P_CLI force_version=tls1_2 \ 5438 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 5439 0 \ 5440 -c "Read from server: 16384 bytes read" 5441 5442# Tests for restartable ECC 5443 5444requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5445run_test "EC restart: TLS, default" \ 5446 "$P_SRV auth_mode=required" \ 5447 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5448 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5449 debug_level=1" \ 5450 0 \ 5451 -C "x509_verify_cert.*4b00" \ 5452 -C "mbedtls_pk_verify.*4b00" \ 5453 -C "mbedtls_ecdh_make_public.*4b00" \ 5454 -C "mbedtls_pk_sign.*4b00" 5455 5456requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5457run_test "EC restart: TLS, max_ops=0" \ 5458 "$P_SRV auth_mode=required" \ 5459 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5460 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5461 debug_level=1 ec_max_ops=0" \ 5462 0 \ 5463 -C "x509_verify_cert.*4b00" \ 5464 -C "mbedtls_pk_verify.*4b00" \ 5465 -C "mbedtls_ecdh_make_public.*4b00" \ 5466 -C "mbedtls_pk_sign.*4b00" 5467 5468requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5469run_test "EC restart: TLS, max_ops=65535" \ 5470 "$P_SRV auth_mode=required" \ 5471 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5472 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5473 debug_level=1 ec_max_ops=65535" \ 5474 0 \ 5475 -C "x509_verify_cert.*4b00" \ 5476 -C "mbedtls_pk_verify.*4b00" \ 5477 -C "mbedtls_ecdh_make_public.*4b00" \ 5478 -C "mbedtls_pk_sign.*4b00" 5479 5480requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5481run_test "EC restart: TLS, max_ops=1000" \ 5482 "$P_SRV auth_mode=required" \ 5483 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5484 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5485 debug_level=1 ec_max_ops=1000" \ 5486 0 \ 5487 -c "x509_verify_cert.*4b00" \ 5488 -c "mbedtls_pk_verify.*4b00" \ 5489 -c "mbedtls_ecdh_make_public.*4b00" \ 5490 -c "mbedtls_pk_sign.*4b00" 5491 5492requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5493run_test "EC restart: TLS, max_ops=1000, badsign" \ 5494 "$P_SRV auth_mode=required \ 5495 crt_file=data_files/server5-badsign.crt \ 5496 key_file=data_files/server5.key" \ 5497 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5498 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5499 debug_level=1 ec_max_ops=1000" \ 5500 1 \ 5501 -c "x509_verify_cert.*4b00" \ 5502 -C "mbedtls_pk_verify.*4b00" \ 5503 -C "mbedtls_ecdh_make_public.*4b00" \ 5504 -C "mbedtls_pk_sign.*4b00" \ 5505 -c "! The certificate is not correctly signed by the trusted CA" \ 5506 -c "! mbedtls_ssl_handshake returned" \ 5507 -c "X509 - Certificate verification failed" 5508 5509requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5510run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ 5511 "$P_SRV auth_mode=required \ 5512 crt_file=data_files/server5-badsign.crt \ 5513 key_file=data_files/server5.key" \ 5514 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5515 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5516 debug_level=1 ec_max_ops=1000 auth_mode=optional" \ 5517 0 \ 5518 -c "x509_verify_cert.*4b00" \ 5519 -c "mbedtls_pk_verify.*4b00" \ 5520 -c "mbedtls_ecdh_make_public.*4b00" \ 5521 -c "mbedtls_pk_sign.*4b00" \ 5522 -c "! The certificate is not correctly signed by the trusted CA" \ 5523 -C "! mbedtls_ssl_handshake returned" \ 5524 -C "X509 - Certificate verification failed" 5525 5526requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5527run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ 5528 "$P_SRV auth_mode=required \ 5529 crt_file=data_files/server5-badsign.crt \ 5530 key_file=data_files/server5.key" \ 5531 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5532 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5533 debug_level=1 ec_max_ops=1000 auth_mode=none" \ 5534 0 \ 5535 -C "x509_verify_cert.*4b00" \ 5536 -c "mbedtls_pk_verify.*4b00" \ 5537 -c "mbedtls_ecdh_make_public.*4b00" \ 5538 -c "mbedtls_pk_sign.*4b00" \ 5539 -C "! The certificate is not correctly signed by the trusted CA" \ 5540 -C "! mbedtls_ssl_handshake returned" \ 5541 -C "X509 - Certificate verification failed" 5542 5543requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5544run_test "EC restart: DTLS, max_ops=1000" \ 5545 "$P_SRV auth_mode=required dtls=1" \ 5546 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5547 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5548 dtls=1 debug_level=1 ec_max_ops=1000" \ 5549 0 \ 5550 -c "x509_verify_cert.*4b00" \ 5551 -c "mbedtls_pk_verify.*4b00" \ 5552 -c "mbedtls_ecdh_make_public.*4b00" \ 5553 -c "mbedtls_pk_sign.*4b00" 5554 5555requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5556run_test "EC restart: TLS, max_ops=1000 no client auth" \ 5557 "$P_SRV" \ 5558 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5559 debug_level=1 ec_max_ops=1000" \ 5560 0 \ 5561 -c "x509_verify_cert.*4b00" \ 5562 -c "mbedtls_pk_verify.*4b00" \ 5563 -c "mbedtls_ecdh_make_public.*4b00" \ 5564 -C "mbedtls_pk_sign.*4b00" 5565 5566requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5567run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \ 5568 "$P_SRV psk=abc123" \ 5569 "$P_CLI force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ 5570 psk=abc123 debug_level=1 ec_max_ops=1000" \ 5571 0 \ 5572 -C "x509_verify_cert.*4b00" \ 5573 -C "mbedtls_pk_verify.*4b00" \ 5574 -C "mbedtls_ecdh_make_public.*4b00" \ 5575 -C "mbedtls_pk_sign.*4b00" 5576 5577# Tests of asynchronous private key support in SSL 5578 5579requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5580run_test "SSL async private: sign, delay=0" \ 5581 "$P_SRV \ 5582 async_operations=s async_private_delay1=0 async_private_delay2=0" \ 5583 "$P_CLI" \ 5584 0 \ 5585 -s "Async sign callback: using key slot " \ 5586 -s "Async resume (slot [0-9]): sign done, status=0" 5587 5588requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5589run_test "SSL async private: sign, delay=1" \ 5590 "$P_SRV \ 5591 async_operations=s async_private_delay1=1 async_private_delay2=1" \ 5592 "$P_CLI" \ 5593 0 \ 5594 -s "Async sign callback: using key slot " \ 5595 -s "Async resume (slot [0-9]): call 0 more times." \ 5596 -s "Async resume (slot [0-9]): sign done, status=0" 5597 5598requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5599run_test "SSL async private: sign, delay=2" \ 5600 "$P_SRV \ 5601 async_operations=s async_private_delay1=2 async_private_delay2=2" \ 5602 "$P_CLI" \ 5603 0 \ 5604 -s "Async sign callback: using key slot " \ 5605 -U "Async sign callback: using key slot " \ 5606 -s "Async resume (slot [0-9]): call 1 more times." \ 5607 -s "Async resume (slot [0-9]): call 0 more times." \ 5608 -s "Async resume (slot [0-9]): sign done, status=0" 5609 5610# Test that the async callback correctly signs the 36-byte hash of TLS 1.0/1.1 5611# with RSA PKCS#1v1.5 as used in TLS 1.0/1.1. 5612requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5613requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 5614run_test "SSL async private: sign, RSA, TLS 1.1" \ 5615 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt \ 5616 async_operations=s async_private_delay1=0 async_private_delay2=0" \ 5617 "$P_CLI force_version=tls1_1" \ 5618 0 \ 5619 -s "Async sign callback: using key slot " \ 5620 -s "Async resume (slot [0-9]): sign done, status=0" 5621 5622requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5623run_test "SSL async private: sign, SNI" \ 5624 "$P_SRV debug_level=3 \ 5625 async_operations=s async_private_delay1=0 async_private_delay2=0 \ 5626 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 5627 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 5628 "$P_CLI server_name=polarssl.example" \ 5629 0 \ 5630 -s "Async sign callback: using key slot " \ 5631 -s "Async resume (slot [0-9]): sign done, status=0" \ 5632 -s "parse ServerName extension" \ 5633 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 5634 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" 5635 5636requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5637run_test "SSL async private: decrypt, delay=0" \ 5638 "$P_SRV \ 5639 async_operations=d async_private_delay1=0 async_private_delay2=0" \ 5640 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5641 0 \ 5642 -s "Async decrypt callback: using key slot " \ 5643 -s "Async resume (slot [0-9]): decrypt done, status=0" 5644 5645requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5646run_test "SSL async private: decrypt, delay=1" \ 5647 "$P_SRV \ 5648 async_operations=d async_private_delay1=1 async_private_delay2=1" \ 5649 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5650 0 \ 5651 -s "Async decrypt callback: using key slot " \ 5652 -s "Async resume (slot [0-9]): call 0 more times." \ 5653 -s "Async resume (slot [0-9]): decrypt done, status=0" 5654 5655requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5656run_test "SSL async private: decrypt RSA-PSK, delay=0" \ 5657 "$P_SRV psk=abc123 \ 5658 async_operations=d async_private_delay1=0 async_private_delay2=0" \ 5659 "$P_CLI psk=abc123 \ 5660 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \ 5661 0 \ 5662 -s "Async decrypt callback: using key slot " \ 5663 -s "Async resume (slot [0-9]): decrypt done, status=0" 5664 5665requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5666run_test "SSL async private: decrypt RSA-PSK, delay=1" \ 5667 "$P_SRV psk=abc123 \ 5668 async_operations=d async_private_delay1=1 async_private_delay2=1" \ 5669 "$P_CLI psk=abc123 \ 5670 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \ 5671 0 \ 5672 -s "Async decrypt callback: using key slot " \ 5673 -s "Async resume (slot [0-9]): call 0 more times." \ 5674 -s "Async resume (slot [0-9]): decrypt done, status=0" 5675 5676requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5677run_test "SSL async private: sign callback not present" \ 5678 "$P_SRV \ 5679 async_operations=d async_private_delay1=1 async_private_delay2=1" \ 5680 "$P_CLI; [ \$? -eq 1 ] && 5681 $P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5682 0 \ 5683 -S "Async sign callback" \ 5684 -s "! mbedtls_ssl_handshake returned" \ 5685 -s "The own private key or pre-shared key is not set, but needed" \ 5686 -s "Async resume (slot [0-9]): decrypt done, status=0" \ 5687 -s "Successful connection" 5688 5689requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5690run_test "SSL async private: decrypt callback not present" \ 5691 "$P_SRV debug_level=1 \ 5692 async_operations=s async_private_delay1=1 async_private_delay2=1" \ 5693 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA; 5694 [ \$? -eq 1 ] && $P_CLI" \ 5695 0 \ 5696 -S "Async decrypt callback" \ 5697 -s "! mbedtls_ssl_handshake returned" \ 5698 -s "got no RSA private key" \ 5699 -s "Async resume (slot [0-9]): sign done, status=0" \ 5700 -s "Successful connection" 5701 5702# key1: ECDSA, key2: RSA; use key1 from slot 0 5703requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5704run_test "SSL async private: slot 0 used with key1" \ 5705 "$P_SRV \ 5706 async_operations=s async_private_delay1=1 \ 5707 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5708 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 5709 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 5710 0 \ 5711 -s "Async sign callback: using key slot 0," \ 5712 -s "Async resume (slot 0): call 0 more times." \ 5713 -s "Async resume (slot 0): sign done, status=0" 5714 5715# key1: ECDSA, key2: RSA; use key2 from slot 0 5716requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5717run_test "SSL async private: slot 0 used with key2" \ 5718 "$P_SRV \ 5719 async_operations=s async_private_delay2=1 \ 5720 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5721 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 5722 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 5723 0 \ 5724 -s "Async sign callback: using key slot 0," \ 5725 -s "Async resume (slot 0): call 0 more times." \ 5726 -s "Async resume (slot 0): sign done, status=0" 5727 5728# key1: ECDSA, key2: RSA; use key2 from slot 1 5729requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5730run_test "SSL async private: slot 1 used with key2" \ 5731 "$P_SRV \ 5732 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5733 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5734 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 5735 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 5736 0 \ 5737 -s "Async sign callback: using key slot 1," \ 5738 -s "Async resume (slot 1): call 0 more times." \ 5739 -s "Async resume (slot 1): sign done, status=0" 5740 5741# key1: ECDSA, key2: RSA; use key2 directly 5742requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5743run_test "SSL async private: fall back to transparent key" \ 5744 "$P_SRV \ 5745 async_operations=s async_private_delay1=1 \ 5746 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5747 key_file2=data_files/server2.key crt_file2=data_files/server2.crt " \ 5748 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 5749 0 \ 5750 -s "Async sign callback: no key matches this certificate." 5751 5752requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5753run_test "SSL async private: sign, error in start" \ 5754 "$P_SRV \ 5755 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5756 async_private_error=1" \ 5757 "$P_CLI" \ 5758 1 \ 5759 -s "Async sign callback: injected error" \ 5760 -S "Async resume" \ 5761 -S "Async cancel" \ 5762 -s "! mbedtls_ssl_handshake returned" 5763 5764requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5765run_test "SSL async private: sign, cancel after start" \ 5766 "$P_SRV \ 5767 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5768 async_private_error=2" \ 5769 "$P_CLI" \ 5770 1 \ 5771 -s "Async sign callback: using key slot " \ 5772 -S "Async resume" \ 5773 -s "Async cancel" 5774 5775requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5776run_test "SSL async private: sign, error in resume" \ 5777 "$P_SRV \ 5778 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5779 async_private_error=3" \ 5780 "$P_CLI" \ 5781 1 \ 5782 -s "Async sign callback: using key slot " \ 5783 -s "Async resume callback: sign done but injected error" \ 5784 -S "Async cancel" \ 5785 -s "! mbedtls_ssl_handshake returned" 5786 5787requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5788run_test "SSL async private: decrypt, error in start" \ 5789 "$P_SRV \ 5790 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 5791 async_private_error=1" \ 5792 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5793 1 \ 5794 -s "Async decrypt callback: injected error" \ 5795 -S "Async resume" \ 5796 -S "Async cancel" \ 5797 -s "! mbedtls_ssl_handshake returned" 5798 5799requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5800run_test "SSL async private: decrypt, cancel after start" \ 5801 "$P_SRV \ 5802 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 5803 async_private_error=2" \ 5804 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5805 1 \ 5806 -s "Async decrypt callback: using key slot " \ 5807 -S "Async resume" \ 5808 -s "Async cancel" 5809 5810requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5811run_test "SSL async private: decrypt, error in resume" \ 5812 "$P_SRV \ 5813 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 5814 async_private_error=3" \ 5815 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5816 1 \ 5817 -s "Async decrypt callback: using key slot " \ 5818 -s "Async resume callback: decrypt done but injected error" \ 5819 -S "Async cancel" \ 5820 -s "! mbedtls_ssl_handshake returned" 5821 5822requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5823run_test "SSL async private: cancel after start then operate correctly" \ 5824 "$P_SRV \ 5825 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5826 async_private_error=-2" \ 5827 "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \ 5828 0 \ 5829 -s "Async cancel" \ 5830 -s "! mbedtls_ssl_handshake returned" \ 5831 -s "Async resume" \ 5832 -s "Successful connection" 5833 5834requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5835run_test "SSL async private: error in resume then operate correctly" \ 5836 "$P_SRV \ 5837 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5838 async_private_error=-3" \ 5839 "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \ 5840 0 \ 5841 -s "! mbedtls_ssl_handshake returned" \ 5842 -s "Async resume" \ 5843 -s "Successful connection" 5844 5845# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly 5846requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5847run_test "SSL async private: cancel after start then fall back to transparent key" \ 5848 "$P_SRV \ 5849 async_operations=s async_private_delay1=1 async_private_error=-2 \ 5850 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5851 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 5852 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256; 5853 [ \$? -eq 1 ] && 5854 $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 5855 0 \ 5856 -s "Async sign callback: using key slot 0" \ 5857 -S "Async resume" \ 5858 -s "Async cancel" \ 5859 -s "! mbedtls_ssl_handshake returned" \ 5860 -s "Async sign callback: no key matches this certificate." \ 5861 -s "Successful connection" 5862 5863# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly 5864requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5865run_test "SSL async private: sign, error in resume then fall back to transparent key" \ 5866 "$P_SRV \ 5867 async_operations=s async_private_delay1=1 async_private_error=-3 \ 5868 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5869 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 5870 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256; 5871 [ \$? -eq 1 ] && 5872 $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 5873 0 \ 5874 -s "Async resume" \ 5875 -s "! mbedtls_ssl_handshake returned" \ 5876 -s "Async sign callback: no key matches this certificate." \ 5877 -s "Successful connection" 5878 5879requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5880requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5881run_test "SSL async private: renegotiation: client-initiated; sign" \ 5882 "$P_SRV \ 5883 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5884 exchanges=2 renegotiation=1" \ 5885 "$P_CLI exchanges=2 renegotiation=1 renegotiate=1" \ 5886 0 \ 5887 -s "Async sign callback: using key slot " \ 5888 -s "Async resume (slot [0-9]): sign done, status=0" 5889 5890requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5891requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5892run_test "SSL async private: renegotiation: server-initiated; sign" \ 5893 "$P_SRV \ 5894 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5895 exchanges=2 renegotiation=1 renegotiate=1" \ 5896 "$P_CLI exchanges=2 renegotiation=1" \ 5897 0 \ 5898 -s "Async sign callback: using key slot " \ 5899 -s "Async resume (slot [0-9]): sign done, status=0" 5900 5901requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5902requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5903run_test "SSL async private: renegotiation: client-initiated; decrypt" \ 5904 "$P_SRV \ 5905 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 5906 exchanges=2 renegotiation=1" \ 5907 "$P_CLI exchanges=2 renegotiation=1 renegotiate=1 \ 5908 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5909 0 \ 5910 -s "Async decrypt callback: using key slot " \ 5911 -s "Async resume (slot [0-9]): decrypt done, status=0" 5912 5913requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5914requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5915run_test "SSL async private: renegotiation: server-initiated; decrypt" \ 5916 "$P_SRV \ 5917 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 5918 exchanges=2 renegotiation=1 renegotiate=1" \ 5919 "$P_CLI exchanges=2 renegotiation=1 \ 5920 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5921 0 \ 5922 -s "Async decrypt callback: using key slot " \ 5923 -s "Async resume (slot [0-9]): decrypt done, status=0" 5924 5925# Tests for ECC extensions (rfc 4492) 5926 5927requires_config_enabled MBEDTLS_AES_C 5928requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 5929requires_config_enabled MBEDTLS_SHA256_C 5930requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 5931run_test "Force a non ECC ciphersuite in the client side" \ 5932 "$P_SRV debug_level=3" \ 5933 "$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ 5934 0 \ 5935 -C "client hello, adding supported_elliptic_curves extension" \ 5936 -C "client hello, adding supported_point_formats extension" \ 5937 -S "found supported elliptic curves extension" \ 5938 -S "found supported point formats extension" 5939 5940requires_config_enabled MBEDTLS_AES_C 5941requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 5942requires_config_enabled MBEDTLS_SHA256_C 5943requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 5944run_test "Force a non ECC ciphersuite in the server side" \ 5945 "$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ 5946 "$P_CLI debug_level=3" \ 5947 0 \ 5948 -C "found supported_point_formats extension" \ 5949 -S "server hello, supported_point_formats extension" 5950 5951requires_config_enabled MBEDTLS_AES_C 5952requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 5953requires_config_enabled MBEDTLS_SHA256_C 5954requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 5955run_test "Force an ECC ciphersuite in the client side" \ 5956 "$P_SRV debug_level=3" \ 5957 "$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 5958 0 \ 5959 -c "client hello, adding supported_elliptic_curves extension" \ 5960 -c "client hello, adding supported_point_formats extension" \ 5961 -s "found supported elliptic curves extension" \ 5962 -s "found supported point formats extension" 5963 5964requires_config_enabled MBEDTLS_AES_C 5965requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 5966requires_config_enabled MBEDTLS_SHA256_C 5967requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 5968run_test "Force an ECC ciphersuite in the server side" \ 5969 "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 5970 "$P_CLI debug_level=3" \ 5971 0 \ 5972 -c "found supported_point_formats extension" \ 5973 -s "server hello, supported_point_formats extension" 5974 5975# Tests for DTLS HelloVerifyRequest 5976 5977run_test "DTLS cookie: enabled" \ 5978 "$P_SRV dtls=1 debug_level=2" \ 5979 "$P_CLI dtls=1 debug_level=2" \ 5980 0 \ 5981 -s "cookie verification failed" \ 5982 -s "cookie verification passed" \ 5983 -S "cookie verification skipped" \ 5984 -c "received hello verify request" \ 5985 -s "hello verification requested" \ 5986 -S "SSL - The requested feature is not available" 5987 5988run_test "DTLS cookie: disabled" \ 5989 "$P_SRV dtls=1 debug_level=2 cookies=0" \ 5990 "$P_CLI dtls=1 debug_level=2" \ 5991 0 \ 5992 -S "cookie verification failed" \ 5993 -S "cookie verification passed" \ 5994 -s "cookie verification skipped" \ 5995 -C "received hello verify request" \ 5996 -S "hello verification requested" \ 5997 -S "SSL - The requested feature is not available" 5998 5999run_test "DTLS cookie: default (failing)" \ 6000 "$P_SRV dtls=1 debug_level=2 cookies=-1" \ 6001 "$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \ 6002 1 \ 6003 -s "cookie verification failed" \ 6004 -S "cookie verification passed" \ 6005 -S "cookie verification skipped" \ 6006 -C "received hello verify request" \ 6007 -S "hello verification requested" \ 6008 -s "SSL - The requested feature is not available" 6009 6010requires_ipv6 6011run_test "DTLS cookie: enabled, IPv6" \ 6012 "$P_SRV dtls=1 debug_level=2 server_addr=::1" \ 6013 "$P_CLI dtls=1 debug_level=2 server_addr=::1" \ 6014 0 \ 6015 -s "cookie verification failed" \ 6016 -s "cookie verification passed" \ 6017 -S "cookie verification skipped" \ 6018 -c "received hello verify request" \ 6019 -s "hello verification requested" \ 6020 -S "SSL - The requested feature is not available" 6021 6022run_test "DTLS cookie: enabled, nbio" \ 6023 "$P_SRV dtls=1 nbio=2 debug_level=2" \ 6024 "$P_CLI dtls=1 nbio=2 debug_level=2" \ 6025 0 \ 6026 -s "cookie verification failed" \ 6027 -s "cookie verification passed" \ 6028 -S "cookie verification skipped" \ 6029 -c "received hello verify request" \ 6030 -s "hello verification requested" \ 6031 -S "SSL - The requested feature is not available" 6032 6033# Tests for client reconnecting from the same port with DTLS 6034 6035not_with_valgrind # spurious resend 6036run_test "DTLS client reconnect from same port: reference" \ 6037 "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \ 6038 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000" \ 6039 0 \ 6040 -C "resend" \ 6041 -S "The operation timed out" \ 6042 -S "Client initiated reconnection from same port" 6043 6044not_with_valgrind # spurious resend 6045run_test "DTLS client reconnect from same port: reconnect" \ 6046 "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \ 6047 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000 reconnect_hard=1" \ 6048 0 \ 6049 -C "resend" \ 6050 -S "The operation timed out" \ 6051 -s "Client initiated reconnection from same port" 6052 6053not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts) 6054run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \ 6055 "$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \ 6056 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \ 6057 0 \ 6058 -S "The operation timed out" \ 6059 -s "Client initiated reconnection from same port" 6060 6061only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout 6062run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \ 6063 "$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \ 6064 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \ 6065 0 \ 6066 -S "The operation timed out" \ 6067 -s "Client initiated reconnection from same port" 6068 6069run_test "DTLS client reconnect from same port: no cookies" \ 6070 "$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \ 6071 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \ 6072 0 \ 6073 -s "The operation timed out" \ 6074 -S "Client initiated reconnection from same port" 6075 6076run_test "DTLS client reconnect from same port: attacker-injected" \ 6077 -p "$P_PXY inject_clihlo=1" \ 6078 "$P_SRV dtls=1 exchanges=2 debug_level=1" \ 6079 "$P_CLI dtls=1 exchanges=2" \ 6080 0 \ 6081 -s "possible client reconnect from the same port" \ 6082 -S "Client initiated reconnection from same port" 6083 6084# Tests for various cases of client authentication with DTLS 6085# (focused on handshake flows and message parsing) 6086 6087run_test "DTLS client auth: required" \ 6088 "$P_SRV dtls=1 auth_mode=required" \ 6089 "$P_CLI dtls=1" \ 6090 0 \ 6091 -s "Verifying peer X.509 certificate... ok" 6092 6093run_test "DTLS client auth: optional, client has no cert" \ 6094 "$P_SRV dtls=1 auth_mode=optional" \ 6095 "$P_CLI dtls=1 crt_file=none key_file=none" \ 6096 0 \ 6097 -s "! Certificate was missing" 6098 6099run_test "DTLS client auth: none, client has no cert" \ 6100 "$P_SRV dtls=1 auth_mode=none" \ 6101 "$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \ 6102 0 \ 6103 -c "skip write certificate$" \ 6104 -s "! Certificate verification was skipped" 6105 6106run_test "DTLS wrong PSK: badmac alert" \ 6107 "$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \ 6108 "$P_CLI dtls=1 psk=abc124" \ 6109 1 \ 6110 -s "SSL - Verification of the message MAC failed" \ 6111 -c "SSL - A fatal alert message was received from our peer" 6112 6113# Tests for receiving fragmented handshake messages with DTLS 6114 6115requires_gnutls 6116run_test "DTLS reassembly: no fragmentation (gnutls server)" \ 6117 "$G_SRV -u --mtu 2048 -a" \ 6118 "$P_CLI dtls=1 debug_level=2" \ 6119 0 \ 6120 -C "found fragmented DTLS handshake message" \ 6121 -C "error" 6122 6123requires_gnutls 6124run_test "DTLS reassembly: some fragmentation (gnutls server)" \ 6125 "$G_SRV -u --mtu 512" \ 6126 "$P_CLI dtls=1 debug_level=2" \ 6127 0 \ 6128 -c "found fragmented DTLS handshake message" \ 6129 -C "error" 6130 6131requires_gnutls 6132run_test "DTLS reassembly: more fragmentation (gnutls server)" \ 6133 "$G_SRV -u --mtu 128" \ 6134 "$P_CLI dtls=1 debug_level=2" \ 6135 0 \ 6136 -c "found fragmented DTLS handshake message" \ 6137 -C "error" 6138 6139requires_gnutls 6140run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ 6141 "$G_SRV -u --mtu 128" \ 6142 "$P_CLI dtls=1 nbio=2 debug_level=2" \ 6143 0 \ 6144 -c "found fragmented DTLS handshake message" \ 6145 -C "error" 6146 6147requires_gnutls 6148requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6149run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ 6150 "$G_SRV -u --mtu 256" \ 6151 "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \ 6152 0 \ 6153 -c "found fragmented DTLS handshake message" \ 6154 -c "client hello, adding renegotiation extension" \ 6155 -c "found renegotiation extension" \ 6156 -c "=> renegotiate" \ 6157 -C "mbedtls_ssl_handshake returned" \ 6158 -C "error" \ 6159 -s "Extra-header:" 6160 6161requires_gnutls 6162requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6163run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ 6164 "$G_SRV -u --mtu 256" \ 6165 "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \ 6166 0 \ 6167 -c "found fragmented DTLS handshake message" \ 6168 -c "client hello, adding renegotiation extension" \ 6169 -c "found renegotiation extension" \ 6170 -c "=> renegotiate" \ 6171 -C "mbedtls_ssl_handshake returned" \ 6172 -C "error" \ 6173 -s "Extra-header:" 6174 6175run_test "DTLS reassembly: no fragmentation (openssl server)" \ 6176 "$O_SRV -dtls1 -mtu 2048" \ 6177 "$P_CLI dtls=1 debug_level=2" \ 6178 0 \ 6179 -C "found fragmented DTLS handshake message" \ 6180 -C "error" 6181 6182run_test "DTLS reassembly: some fragmentation (openssl server)" \ 6183 "$O_SRV -dtls1 -mtu 768" \ 6184 "$P_CLI dtls=1 debug_level=2" \ 6185 0 \ 6186 -c "found fragmented DTLS handshake message" \ 6187 -C "error" 6188 6189run_test "DTLS reassembly: more fragmentation (openssl server)" \ 6190 "$O_SRV -dtls1 -mtu 256" \ 6191 "$P_CLI dtls=1 debug_level=2" \ 6192 0 \ 6193 -c "found fragmented DTLS handshake message" \ 6194 -C "error" 6195 6196run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ 6197 "$O_SRV -dtls1 -mtu 256" \ 6198 "$P_CLI dtls=1 nbio=2 debug_level=2" \ 6199 0 \ 6200 -c "found fragmented DTLS handshake message" \ 6201 -C "error" 6202 6203# Tests for sending fragmented handshake messages with DTLS 6204# 6205# Use client auth when we need the client to send large messages, 6206# and use large cert chains on both sides too (the long chains we have all use 6207# both RSA and ECDSA, but ideally we should have long chains with either). 6208# Sizes reached (UDP payload): 6209# - 2037B for server certificate 6210# - 1542B for client certificate 6211# - 1013B for newsessionticket 6212# - all others below 512B 6213# All those tests assume MAX_CONTENT_LEN is at least 2048 6214 6215requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6216requires_config_enabled MBEDTLS_RSA_C 6217requires_config_enabled MBEDTLS_ECDSA_C 6218requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6219requires_max_content_len 4096 6220run_test "DTLS fragmenting: none (for reference)" \ 6221 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6222 crt_file=data_files/server7_int-ca.crt \ 6223 key_file=data_files/server7.key \ 6224 hs_timeout=2500-60000 \ 6225 max_frag_len=4096" \ 6226 "$P_CLI dtls=1 debug_level=2 \ 6227 crt_file=data_files/server8_int-ca2.crt \ 6228 key_file=data_files/server8.key \ 6229 hs_timeout=2500-60000 \ 6230 max_frag_len=4096" \ 6231 0 \ 6232 -S "found fragmented DTLS handshake message" \ 6233 -C "found fragmented DTLS handshake message" \ 6234 -C "error" 6235 6236requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6237requires_config_enabled MBEDTLS_RSA_C 6238requires_config_enabled MBEDTLS_ECDSA_C 6239requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6240requires_max_content_len 2048 6241run_test "DTLS fragmenting: server only (max_frag_len)" \ 6242 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6243 crt_file=data_files/server7_int-ca.crt \ 6244 key_file=data_files/server7.key \ 6245 hs_timeout=2500-60000 \ 6246 max_frag_len=1024" \ 6247 "$P_CLI dtls=1 debug_level=2 \ 6248 crt_file=data_files/server8_int-ca2.crt \ 6249 key_file=data_files/server8.key \ 6250 hs_timeout=2500-60000 \ 6251 max_frag_len=2048" \ 6252 0 \ 6253 -S "found fragmented DTLS handshake message" \ 6254 -c "found fragmented DTLS handshake message" \ 6255 -C "error" 6256 6257# With the MFL extension, the server has no way of forcing 6258# the client to not exceed a certain MTU; hence, the following 6259# test can't be replicated with an MTU proxy such as the one 6260# `client-initiated, server only (max_frag_len)` below. 6261requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6262requires_config_enabled MBEDTLS_RSA_C 6263requires_config_enabled MBEDTLS_ECDSA_C 6264requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6265requires_max_content_len 4096 6266run_test "DTLS fragmenting: server only (more) (max_frag_len)" \ 6267 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6268 crt_file=data_files/server7_int-ca.crt \ 6269 key_file=data_files/server7.key \ 6270 hs_timeout=2500-60000 \ 6271 max_frag_len=512" \ 6272 "$P_CLI dtls=1 debug_level=2 \ 6273 crt_file=data_files/server8_int-ca2.crt \ 6274 key_file=data_files/server8.key \ 6275 hs_timeout=2500-60000 \ 6276 max_frag_len=4096" \ 6277 0 \ 6278 -S "found fragmented DTLS handshake message" \ 6279 -c "found fragmented DTLS handshake message" \ 6280 -C "error" 6281 6282requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6283requires_config_enabled MBEDTLS_RSA_C 6284requires_config_enabled MBEDTLS_ECDSA_C 6285requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6286requires_max_content_len 2048 6287run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \ 6288 "$P_SRV dtls=1 debug_level=2 auth_mode=none \ 6289 crt_file=data_files/server7_int-ca.crt \ 6290 key_file=data_files/server7.key \ 6291 hs_timeout=2500-60000 \ 6292 max_frag_len=2048" \ 6293 "$P_CLI dtls=1 debug_level=2 \ 6294 crt_file=data_files/server8_int-ca2.crt \ 6295 key_file=data_files/server8.key \ 6296 hs_timeout=2500-60000 \ 6297 max_frag_len=1024" \ 6298 0 \ 6299 -S "found fragmented DTLS handshake message" \ 6300 -c "found fragmented DTLS handshake message" \ 6301 -C "error" 6302 6303# While not required by the standard defining the MFL extension 6304# (according to which it only applies to records, not to datagrams), 6305# Mbed TLS will never send datagrams larger than MFL + { Max record expansion }, 6306# as otherwise there wouldn't be any means to communicate MTU restrictions 6307# to the peer. 6308# The next test checks that no datagrams significantly larger than the 6309# negotiated MFL are sent. 6310requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6311requires_config_enabled MBEDTLS_RSA_C 6312requires_config_enabled MBEDTLS_ECDSA_C 6313requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6314requires_max_content_len 2048 6315run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \ 6316 -p "$P_PXY mtu=1110" \ 6317 "$P_SRV dtls=1 debug_level=2 auth_mode=none \ 6318 crt_file=data_files/server7_int-ca.crt \ 6319 key_file=data_files/server7.key \ 6320 hs_timeout=2500-60000 \ 6321 max_frag_len=2048" \ 6322 "$P_CLI dtls=1 debug_level=2 \ 6323 crt_file=data_files/server8_int-ca2.crt \ 6324 key_file=data_files/server8.key \ 6325 hs_timeout=2500-60000 \ 6326 max_frag_len=1024" \ 6327 0 \ 6328 -S "found fragmented DTLS handshake message" \ 6329 -c "found fragmented DTLS handshake message" \ 6330 -C "error" 6331 6332requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6333requires_config_enabled MBEDTLS_RSA_C 6334requires_config_enabled MBEDTLS_ECDSA_C 6335requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6336requires_max_content_len 2048 6337run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \ 6338 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6339 crt_file=data_files/server7_int-ca.crt \ 6340 key_file=data_files/server7.key \ 6341 hs_timeout=2500-60000 \ 6342 max_frag_len=2048" \ 6343 "$P_CLI dtls=1 debug_level=2 \ 6344 crt_file=data_files/server8_int-ca2.crt \ 6345 key_file=data_files/server8.key \ 6346 hs_timeout=2500-60000 \ 6347 max_frag_len=1024" \ 6348 0 \ 6349 -s "found fragmented DTLS handshake message" \ 6350 -c "found fragmented DTLS handshake message" \ 6351 -C "error" 6352 6353# While not required by the standard defining the MFL extension 6354# (according to which it only applies to records, not to datagrams), 6355# Mbed TLS will never send datagrams larger than MFL + { Max record expansion }, 6356# as otherwise there wouldn't be any means to communicate MTU restrictions 6357# to the peer. 6358# The next test checks that no datagrams significantly larger than the 6359# negotiated MFL are sent. 6360requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6361requires_config_enabled MBEDTLS_RSA_C 6362requires_config_enabled MBEDTLS_ECDSA_C 6363requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6364requires_max_content_len 2048 6365run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \ 6366 -p "$P_PXY mtu=1110" \ 6367 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6368 crt_file=data_files/server7_int-ca.crt \ 6369 key_file=data_files/server7.key \ 6370 hs_timeout=2500-60000 \ 6371 max_frag_len=2048" \ 6372 "$P_CLI dtls=1 debug_level=2 \ 6373 crt_file=data_files/server8_int-ca2.crt \ 6374 key_file=data_files/server8.key \ 6375 hs_timeout=2500-60000 \ 6376 max_frag_len=1024" \ 6377 0 \ 6378 -s "found fragmented DTLS handshake message" \ 6379 -c "found fragmented DTLS handshake message" \ 6380 -C "error" 6381 6382requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6383requires_config_enabled MBEDTLS_RSA_C 6384requires_config_enabled MBEDTLS_ECDSA_C 6385requires_max_content_len 4096 6386run_test "DTLS fragmenting: none (for reference) (MTU)" \ 6387 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6388 crt_file=data_files/server7_int-ca.crt \ 6389 key_file=data_files/server7.key \ 6390 hs_timeout=2500-60000 \ 6391 mtu=4096" \ 6392 "$P_CLI dtls=1 debug_level=2 \ 6393 crt_file=data_files/server8_int-ca2.crt \ 6394 key_file=data_files/server8.key \ 6395 hs_timeout=2500-60000 \ 6396 mtu=4096" \ 6397 0 \ 6398 -S "found fragmented DTLS handshake message" \ 6399 -C "found fragmented DTLS handshake message" \ 6400 -C "error" 6401 6402requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6403requires_config_enabled MBEDTLS_RSA_C 6404requires_config_enabled MBEDTLS_ECDSA_C 6405requires_max_content_len 4096 6406run_test "DTLS fragmenting: client (MTU)" \ 6407 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6408 crt_file=data_files/server7_int-ca.crt \ 6409 key_file=data_files/server7.key \ 6410 hs_timeout=3500-60000 \ 6411 mtu=4096" \ 6412 "$P_CLI dtls=1 debug_level=2 \ 6413 crt_file=data_files/server8_int-ca2.crt \ 6414 key_file=data_files/server8.key \ 6415 hs_timeout=3500-60000 \ 6416 mtu=1024" \ 6417 0 \ 6418 -s "found fragmented DTLS handshake message" \ 6419 -C "found fragmented DTLS handshake message" \ 6420 -C "error" 6421 6422requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6423requires_config_enabled MBEDTLS_RSA_C 6424requires_config_enabled MBEDTLS_ECDSA_C 6425requires_max_content_len 2048 6426run_test "DTLS fragmenting: server (MTU)" \ 6427 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6428 crt_file=data_files/server7_int-ca.crt \ 6429 key_file=data_files/server7.key \ 6430 hs_timeout=2500-60000 \ 6431 mtu=512" \ 6432 "$P_CLI dtls=1 debug_level=2 \ 6433 crt_file=data_files/server8_int-ca2.crt \ 6434 key_file=data_files/server8.key \ 6435 hs_timeout=2500-60000 \ 6436 mtu=2048" \ 6437 0 \ 6438 -S "found fragmented DTLS handshake message" \ 6439 -c "found fragmented DTLS handshake message" \ 6440 -C "error" 6441 6442requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6443requires_config_enabled MBEDTLS_RSA_C 6444requires_config_enabled MBEDTLS_ECDSA_C 6445requires_max_content_len 2048 6446run_test "DTLS fragmenting: both (MTU=1024)" \ 6447 -p "$P_PXY mtu=1024" \ 6448 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6449 crt_file=data_files/server7_int-ca.crt \ 6450 key_file=data_files/server7.key \ 6451 hs_timeout=2500-60000 \ 6452 mtu=1024" \ 6453 "$P_CLI dtls=1 debug_level=2 \ 6454 crt_file=data_files/server8_int-ca2.crt \ 6455 key_file=data_files/server8.key \ 6456 hs_timeout=2500-60000 \ 6457 mtu=1024" \ 6458 0 \ 6459 -s "found fragmented DTLS handshake message" \ 6460 -c "found fragmented DTLS handshake message" \ 6461 -C "error" 6462 6463# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 6464requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6465requires_config_enabled MBEDTLS_RSA_C 6466requires_config_enabled MBEDTLS_ECDSA_C 6467requires_config_enabled MBEDTLS_SHA256_C 6468requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 6469requires_config_enabled MBEDTLS_AES_C 6470requires_config_enabled MBEDTLS_GCM_C 6471requires_max_content_len 2048 6472run_test "DTLS fragmenting: both (MTU=512)" \ 6473 -p "$P_PXY mtu=512" \ 6474 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6475 crt_file=data_files/server7_int-ca.crt \ 6476 key_file=data_files/server7.key \ 6477 hs_timeout=2500-60000 \ 6478 mtu=512" \ 6479 "$P_CLI dtls=1 debug_level=2 \ 6480 crt_file=data_files/server8_int-ca2.crt \ 6481 key_file=data_files/server8.key \ 6482 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6483 hs_timeout=2500-60000 \ 6484 mtu=512" \ 6485 0 \ 6486 -s "found fragmented DTLS handshake message" \ 6487 -c "found fragmented DTLS handshake message" \ 6488 -C "error" 6489 6490# Test for automatic MTU reduction on repeated resend. 6491# Forcing ciphersuite for this test to fit the MTU of 508 with full config. 6492# The ratio of max/min timeout should ideally equal 4 to accept two 6493# retransmissions, but in some cases (like both the server and client using 6494# fragmentation and auto-reduction) an extra retransmission might occur, 6495# hence the ratio of 8. 6496not_with_valgrind 6497requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6498requires_config_enabled MBEDTLS_RSA_C 6499requires_config_enabled MBEDTLS_ECDSA_C 6500requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 6501requires_config_enabled MBEDTLS_AES_C 6502requires_config_enabled MBEDTLS_GCM_C 6503requires_max_content_len 2048 6504run_test "DTLS fragmenting: proxy MTU: auto-reduction" \ 6505 -p "$P_PXY mtu=508" \ 6506 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6507 crt_file=data_files/server7_int-ca.crt \ 6508 key_file=data_files/server7.key \ 6509 hs_timeout=400-3200" \ 6510 "$P_CLI dtls=1 debug_level=2 \ 6511 crt_file=data_files/server8_int-ca2.crt \ 6512 key_file=data_files/server8.key \ 6513 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6514 hs_timeout=400-3200" \ 6515 0 \ 6516 -s "found fragmented DTLS handshake message" \ 6517 -c "found fragmented DTLS handshake message" \ 6518 -C "error" 6519 6520# Forcing ciphersuite for this test to fit the MTU of 508 with full config. 6521only_with_valgrind 6522requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6523requires_config_enabled MBEDTLS_RSA_C 6524requires_config_enabled MBEDTLS_ECDSA_C 6525requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 6526requires_config_enabled MBEDTLS_AES_C 6527requires_config_enabled MBEDTLS_GCM_C 6528requires_max_content_len 2048 6529run_test "DTLS fragmenting: proxy MTU: auto-reduction" \ 6530 -p "$P_PXY mtu=508" \ 6531 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6532 crt_file=data_files/server7_int-ca.crt \ 6533 key_file=data_files/server7.key \ 6534 hs_timeout=250-10000" \ 6535 "$P_CLI dtls=1 debug_level=2 \ 6536 crt_file=data_files/server8_int-ca2.crt \ 6537 key_file=data_files/server8.key \ 6538 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6539 hs_timeout=250-10000" \ 6540 0 \ 6541 -s "found fragmented DTLS handshake message" \ 6542 -c "found fragmented DTLS handshake message" \ 6543 -C "error" 6544 6545# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend 6546# OTOH the client might resend if the server is to slow to reset after sending 6547# a HelloVerifyRequest, so only check for no retransmission server-side 6548not_with_valgrind # spurious autoreduction due to timeout 6549requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6550requires_config_enabled MBEDTLS_RSA_C 6551requires_config_enabled MBEDTLS_ECDSA_C 6552requires_max_content_len 2048 6553run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ 6554 -p "$P_PXY mtu=1024" \ 6555 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6556 crt_file=data_files/server7_int-ca.crt \ 6557 key_file=data_files/server7.key \ 6558 hs_timeout=10000-60000 \ 6559 mtu=1024" \ 6560 "$P_CLI dtls=1 debug_level=2 \ 6561 crt_file=data_files/server8_int-ca2.crt \ 6562 key_file=data_files/server8.key \ 6563 hs_timeout=10000-60000 \ 6564 mtu=1024" \ 6565 0 \ 6566 -S "autoreduction" \ 6567 -s "found fragmented DTLS handshake message" \ 6568 -c "found fragmented DTLS handshake message" \ 6569 -C "error" 6570 6571# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 6572# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend 6573# OTOH the client might resend if the server is to slow to reset after sending 6574# a HelloVerifyRequest, so only check for no retransmission server-side 6575not_with_valgrind # spurious autoreduction due to timeout 6576requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6577requires_config_enabled MBEDTLS_RSA_C 6578requires_config_enabled MBEDTLS_ECDSA_C 6579requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 6580requires_config_enabled MBEDTLS_AES_C 6581requires_config_enabled MBEDTLS_GCM_C 6582requires_max_content_len 2048 6583run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ 6584 -p "$P_PXY mtu=512" \ 6585 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6586 crt_file=data_files/server7_int-ca.crt \ 6587 key_file=data_files/server7.key \ 6588 hs_timeout=10000-60000 \ 6589 mtu=512" \ 6590 "$P_CLI dtls=1 debug_level=2 \ 6591 crt_file=data_files/server8_int-ca2.crt \ 6592 key_file=data_files/server8.key \ 6593 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6594 hs_timeout=10000-60000 \ 6595 mtu=512" \ 6596 0 \ 6597 -S "autoreduction" \ 6598 -s "found fragmented DTLS handshake message" \ 6599 -c "found fragmented DTLS handshake message" \ 6600 -C "error" 6601 6602not_with_valgrind # spurious autoreduction due to timeout 6603requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6604requires_config_enabled MBEDTLS_RSA_C 6605requires_config_enabled MBEDTLS_ECDSA_C 6606requires_max_content_len 2048 6607run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ 6608 -p "$P_PXY mtu=1024" \ 6609 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6610 crt_file=data_files/server7_int-ca.crt \ 6611 key_file=data_files/server7.key \ 6612 hs_timeout=10000-60000 \ 6613 mtu=1024 nbio=2" \ 6614 "$P_CLI dtls=1 debug_level=2 \ 6615 crt_file=data_files/server8_int-ca2.crt \ 6616 key_file=data_files/server8.key \ 6617 hs_timeout=10000-60000 \ 6618 mtu=1024 nbio=2" \ 6619 0 \ 6620 -S "autoreduction" \ 6621 -s "found fragmented DTLS handshake message" \ 6622 -c "found fragmented DTLS handshake message" \ 6623 -C "error" 6624 6625# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 6626not_with_valgrind # spurious autoreduction due to timeout 6627requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6628requires_config_enabled MBEDTLS_RSA_C 6629requires_config_enabled MBEDTLS_ECDSA_C 6630requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 6631requires_config_enabled MBEDTLS_AES_C 6632requires_config_enabled MBEDTLS_GCM_C 6633requires_max_content_len 2048 6634run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ 6635 -p "$P_PXY mtu=512" \ 6636 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6637 crt_file=data_files/server7_int-ca.crt \ 6638 key_file=data_files/server7.key \ 6639 hs_timeout=10000-60000 \ 6640 mtu=512 nbio=2" \ 6641 "$P_CLI dtls=1 debug_level=2 \ 6642 crt_file=data_files/server8_int-ca2.crt \ 6643 key_file=data_files/server8.key \ 6644 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6645 hs_timeout=10000-60000 \ 6646 mtu=512 nbio=2" \ 6647 0 \ 6648 -S "autoreduction" \ 6649 -s "found fragmented DTLS handshake message" \ 6650 -c "found fragmented DTLS handshake message" \ 6651 -C "error" 6652 6653# Forcing ciphersuite for this test to fit the MTU of 1450 with full config. 6654# This ensures things still work after session_reset(). 6655# It also exercises the "resumed handshake" flow. 6656# Since we don't support reading fragmented ClientHello yet, 6657# up the MTU to 1450 (larger than ClientHello with session ticket, 6658# but still smaller than client's Certificate to ensure fragmentation). 6659# An autoreduction on the client-side might happen if the server is 6660# slow to reset, therefore omitting '-C "autoreduction"' below. 6661# reco_delay avoids races where the client reconnects before the server has 6662# resumed listening, which would result in a spurious autoreduction. 6663not_with_valgrind # spurious autoreduction due to timeout 6664requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6665requires_config_enabled MBEDTLS_RSA_C 6666requires_config_enabled MBEDTLS_ECDSA_C 6667requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 6668requires_config_enabled MBEDTLS_AES_C 6669requires_config_enabled MBEDTLS_GCM_C 6670requires_max_content_len 2048 6671run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ 6672 -p "$P_PXY mtu=1450" \ 6673 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6674 crt_file=data_files/server7_int-ca.crt \ 6675 key_file=data_files/server7.key \ 6676 hs_timeout=10000-60000 \ 6677 mtu=1450" \ 6678 "$P_CLI dtls=1 debug_level=2 \ 6679 crt_file=data_files/server8_int-ca2.crt \ 6680 key_file=data_files/server8.key \ 6681 hs_timeout=10000-60000 \ 6682 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6683 mtu=1450 reconnect=1 skip_close_notify=1 reco_delay=1" \ 6684 0 \ 6685 -S "autoreduction" \ 6686 -s "found fragmented DTLS handshake message" \ 6687 -c "found fragmented DTLS handshake message" \ 6688 -C "error" 6689 6690# An autoreduction on the client-side might happen if the server is 6691# slow to reset, therefore omitting '-C "autoreduction"' below. 6692not_with_valgrind # spurious autoreduction due to timeout 6693requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6694requires_config_enabled MBEDTLS_RSA_C 6695requires_config_enabled MBEDTLS_ECDSA_C 6696requires_config_enabled MBEDTLS_SHA256_C 6697requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 6698requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6699requires_config_enabled MBEDTLS_CHACHAPOLY_C 6700requires_max_content_len 2048 6701run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ 6702 -p "$P_PXY mtu=512" \ 6703 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6704 crt_file=data_files/server7_int-ca.crt \ 6705 key_file=data_files/server7.key \ 6706 exchanges=2 renegotiation=1 \ 6707 hs_timeout=10000-60000 \ 6708 mtu=512" \ 6709 "$P_CLI dtls=1 debug_level=2 \ 6710 crt_file=data_files/server8_int-ca2.crt \ 6711 key_file=data_files/server8.key \ 6712 exchanges=2 renegotiation=1 renegotiate=1 \ 6713 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6714 hs_timeout=10000-60000 \ 6715 mtu=512" \ 6716 0 \ 6717 -S "autoreduction" \ 6718 -s "found fragmented DTLS handshake message" \ 6719 -c "found fragmented DTLS handshake message" \ 6720 -C "error" 6721 6722# An autoreduction on the client-side might happen if the server is 6723# slow to reset, therefore omitting '-C "autoreduction"' below. 6724not_with_valgrind # spurious autoreduction due to timeout 6725requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6726requires_config_enabled MBEDTLS_RSA_C 6727requires_config_enabled MBEDTLS_ECDSA_C 6728requires_config_enabled MBEDTLS_SHA256_C 6729requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 6730requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6731requires_config_enabled MBEDTLS_AES_C 6732requires_config_enabled MBEDTLS_GCM_C 6733requires_max_content_len 2048 6734run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ 6735 -p "$P_PXY mtu=512" \ 6736 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6737 crt_file=data_files/server7_int-ca.crt \ 6738 key_file=data_files/server7.key \ 6739 exchanges=2 renegotiation=1 \ 6740 hs_timeout=10000-60000 \ 6741 mtu=512" \ 6742 "$P_CLI dtls=1 debug_level=2 \ 6743 crt_file=data_files/server8_int-ca2.crt \ 6744 key_file=data_files/server8.key \ 6745 exchanges=2 renegotiation=1 renegotiate=1 \ 6746 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6747 hs_timeout=10000-60000 \ 6748 mtu=512" \ 6749 0 \ 6750 -S "autoreduction" \ 6751 -s "found fragmented DTLS handshake message" \ 6752 -c "found fragmented DTLS handshake message" \ 6753 -C "error" 6754 6755# An autoreduction on the client-side might happen if the server is 6756# slow to reset, therefore omitting '-C "autoreduction"' below. 6757not_with_valgrind # spurious autoreduction due to timeout 6758requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6759requires_config_enabled MBEDTLS_RSA_C 6760requires_config_enabled MBEDTLS_ECDSA_C 6761requires_config_enabled MBEDTLS_SHA256_C 6762requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 6763requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6764requires_config_enabled MBEDTLS_AES_C 6765requires_config_enabled MBEDTLS_CCM_C 6766requires_max_content_len 2048 6767run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ 6768 -p "$P_PXY mtu=1024" \ 6769 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6770 crt_file=data_files/server7_int-ca.crt \ 6771 key_file=data_files/server7.key \ 6772 exchanges=2 renegotiation=1 \ 6773 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ 6774 hs_timeout=10000-60000 \ 6775 mtu=1024" \ 6776 "$P_CLI dtls=1 debug_level=2 \ 6777 crt_file=data_files/server8_int-ca2.crt \ 6778 key_file=data_files/server8.key \ 6779 exchanges=2 renegotiation=1 renegotiate=1 \ 6780 hs_timeout=10000-60000 \ 6781 mtu=1024" \ 6782 0 \ 6783 -S "autoreduction" \ 6784 -s "found fragmented DTLS handshake message" \ 6785 -c "found fragmented DTLS handshake message" \ 6786 -C "error" 6787 6788# An autoreduction on the client-side might happen if the server is 6789# slow to reset, therefore omitting '-C "autoreduction"' below. 6790not_with_valgrind # spurious autoreduction due to timeout 6791requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6792requires_config_enabled MBEDTLS_RSA_C 6793requires_config_enabled MBEDTLS_ECDSA_C 6794requires_config_enabled MBEDTLS_SHA256_C 6795requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 6796requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6797requires_config_enabled MBEDTLS_AES_C 6798requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 6799requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC 6800requires_max_content_len 2048 6801run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ 6802 -p "$P_PXY mtu=1024" \ 6803 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6804 crt_file=data_files/server7_int-ca.crt \ 6805 key_file=data_files/server7.key \ 6806 exchanges=2 renegotiation=1 \ 6807 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ 6808 hs_timeout=10000-60000 \ 6809 mtu=1024" \ 6810 "$P_CLI dtls=1 debug_level=2 \ 6811 crt_file=data_files/server8_int-ca2.crt \ 6812 key_file=data_files/server8.key \ 6813 exchanges=2 renegotiation=1 renegotiate=1 \ 6814 hs_timeout=10000-60000 \ 6815 mtu=1024" \ 6816 0 \ 6817 -S "autoreduction" \ 6818 -s "found fragmented DTLS handshake message" \ 6819 -c "found fragmented DTLS handshake message" \ 6820 -C "error" 6821 6822# An autoreduction on the client-side might happen if the server is 6823# slow to reset, therefore omitting '-C "autoreduction"' below. 6824not_with_valgrind # spurious autoreduction due to timeout 6825requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6826requires_config_enabled MBEDTLS_RSA_C 6827requires_config_enabled MBEDTLS_ECDSA_C 6828requires_config_enabled MBEDTLS_SHA256_C 6829requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 6830requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6831requires_config_enabled MBEDTLS_AES_C 6832requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 6833requires_max_content_len 2048 6834run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ 6835 -p "$P_PXY mtu=1024" \ 6836 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6837 crt_file=data_files/server7_int-ca.crt \ 6838 key_file=data_files/server7.key \ 6839 exchanges=2 renegotiation=1 \ 6840 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \ 6841 hs_timeout=10000-60000 \ 6842 mtu=1024" \ 6843 "$P_CLI dtls=1 debug_level=2 \ 6844 crt_file=data_files/server8_int-ca2.crt \ 6845 key_file=data_files/server8.key \ 6846 exchanges=2 renegotiation=1 renegotiate=1 \ 6847 hs_timeout=10000-60000 \ 6848 mtu=1024" \ 6849 0 \ 6850 -S "autoreduction" \ 6851 -s "found fragmented DTLS handshake message" \ 6852 -c "found fragmented DTLS handshake message" \ 6853 -C "error" 6854 6855# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 6856requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6857requires_config_enabled MBEDTLS_RSA_C 6858requires_config_enabled MBEDTLS_ECDSA_C 6859requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 6860requires_config_enabled MBEDTLS_AES_C 6861requires_config_enabled MBEDTLS_GCM_C 6862client_needs_more_time 2 6863requires_max_content_len 2048 6864run_test "DTLS fragmenting: proxy MTU + 3d" \ 6865 -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ 6866 "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \ 6867 crt_file=data_files/server7_int-ca.crt \ 6868 key_file=data_files/server7.key \ 6869 hs_timeout=250-10000 mtu=512" \ 6870 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 6871 crt_file=data_files/server8_int-ca2.crt \ 6872 key_file=data_files/server8.key \ 6873 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6874 hs_timeout=250-10000 mtu=512" \ 6875 0 \ 6876 -s "found fragmented DTLS handshake message" \ 6877 -c "found fragmented DTLS handshake message" \ 6878 -C "error" 6879 6880# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 6881requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6882requires_config_enabled MBEDTLS_RSA_C 6883requires_config_enabled MBEDTLS_ECDSA_C 6884requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 6885requires_config_enabled MBEDTLS_AES_C 6886requires_config_enabled MBEDTLS_GCM_C 6887client_needs_more_time 2 6888requires_max_content_len 2048 6889run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ 6890 -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ 6891 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6892 crt_file=data_files/server7_int-ca.crt \ 6893 key_file=data_files/server7.key \ 6894 hs_timeout=250-10000 mtu=512 nbio=2" \ 6895 "$P_CLI dtls=1 debug_level=2 \ 6896 crt_file=data_files/server8_int-ca2.crt \ 6897 key_file=data_files/server8.key \ 6898 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6899 hs_timeout=250-10000 mtu=512 nbio=2" \ 6900 0 \ 6901 -s "found fragmented DTLS handshake message" \ 6902 -c "found fragmented DTLS handshake message" \ 6903 -C "error" 6904 6905# interop tests for DTLS fragmentating with reliable connection 6906# 6907# here and below we just want to test that the we fragment in a way that 6908# pleases other implementations, so we don't need the peer to fragment 6909requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6910requires_config_enabled MBEDTLS_RSA_C 6911requires_config_enabled MBEDTLS_ECDSA_C 6912requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6913requires_gnutls 6914requires_max_content_len 2048 6915run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ 6916 "$G_SRV -u" \ 6917 "$P_CLI dtls=1 debug_level=2 \ 6918 crt_file=data_files/server8_int-ca2.crt \ 6919 key_file=data_files/server8.key \ 6920 mtu=512 force_version=dtls1_2" \ 6921 0 \ 6922 -c "fragmenting handshake message" \ 6923 -C "error" 6924 6925requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6926requires_config_enabled MBEDTLS_RSA_C 6927requires_config_enabled MBEDTLS_ECDSA_C 6928requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 6929requires_gnutls 6930requires_max_content_len 2048 6931run_test "DTLS fragmenting: gnutls server, DTLS 1.0" \ 6932 "$G_SRV -u" \ 6933 "$P_CLI dtls=1 debug_level=2 \ 6934 crt_file=data_files/server8_int-ca2.crt \ 6935 key_file=data_files/server8.key \ 6936 mtu=512 force_version=dtls1" \ 6937 0 \ 6938 -c "fragmenting handshake message" \ 6939 -C "error" 6940 6941# We use --insecure for the GnuTLS client because it expects 6942# the hostname / IP it connects to to be the name used in the 6943# certificate obtained from the server. Here, however, it 6944# connects to 127.0.0.1 while our test certificates use 'localhost' 6945# as the server name in the certificate. This will make the 6946# certifiate validation fail, but passing --insecure makes 6947# GnuTLS continue the connection nonetheless. 6948requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6949requires_config_enabled MBEDTLS_RSA_C 6950requires_config_enabled MBEDTLS_ECDSA_C 6951requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6952requires_gnutls 6953requires_not_i686 6954requires_max_content_len 2048 6955run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ 6956 "$P_SRV dtls=1 debug_level=2 \ 6957 crt_file=data_files/server7_int-ca.crt \ 6958 key_file=data_files/server7.key \ 6959 mtu=512 force_version=dtls1_2" \ 6960 "$G_CLI -u --insecure 127.0.0.1" \ 6961 0 \ 6962 -s "fragmenting handshake message" 6963 6964# See previous test for the reason to use --insecure 6965requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6966requires_config_enabled MBEDTLS_RSA_C 6967requires_config_enabled MBEDTLS_ECDSA_C 6968requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 6969requires_gnutls 6970requires_not_i686 6971requires_max_content_len 2048 6972run_test "DTLS fragmenting: gnutls client, DTLS 1.0" \ 6973 "$P_SRV dtls=1 debug_level=2 \ 6974 crt_file=data_files/server7_int-ca.crt \ 6975 key_file=data_files/server7.key \ 6976 mtu=512 force_version=dtls1" \ 6977 "$G_CLI -u --insecure 127.0.0.1" \ 6978 0 \ 6979 -s "fragmenting handshake message" 6980 6981requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6982requires_config_enabled MBEDTLS_RSA_C 6983requires_config_enabled MBEDTLS_ECDSA_C 6984requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6985requires_max_content_len 2048 6986run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ 6987 "$O_SRV -dtls1_2 -verify 10" \ 6988 "$P_CLI dtls=1 debug_level=2 \ 6989 crt_file=data_files/server8_int-ca2.crt \ 6990 key_file=data_files/server8.key \ 6991 mtu=512 force_version=dtls1_2" \ 6992 0 \ 6993 -c "fragmenting handshake message" \ 6994 -C "error" 6995 6996requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6997requires_config_enabled MBEDTLS_RSA_C 6998requires_config_enabled MBEDTLS_ECDSA_C 6999requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 7000requires_max_content_len 2048 7001run_test "DTLS fragmenting: openssl server, DTLS 1.0" \ 7002 "$O_SRV -dtls1 -verify 10" \ 7003 "$P_CLI dtls=1 debug_level=2 \ 7004 crt_file=data_files/server8_int-ca2.crt \ 7005 key_file=data_files/server8.key \ 7006 mtu=512 force_version=dtls1" \ 7007 0 \ 7008 -c "fragmenting handshake message" \ 7009 -C "error" 7010 7011requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7012requires_config_enabled MBEDTLS_RSA_C 7013requires_config_enabled MBEDTLS_ECDSA_C 7014requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7015requires_max_content_len 2048 7016run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ 7017 "$P_SRV dtls=1 debug_level=2 \ 7018 crt_file=data_files/server7_int-ca.crt \ 7019 key_file=data_files/server7.key \ 7020 mtu=512 force_version=dtls1_2" \ 7021 "$O_CLI -dtls1_2" \ 7022 0 \ 7023 -s "fragmenting handshake message" 7024 7025requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7026requires_config_enabled MBEDTLS_RSA_C 7027requires_config_enabled MBEDTLS_ECDSA_C 7028requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 7029requires_max_content_len 2048 7030run_test "DTLS fragmenting: openssl client, DTLS 1.0" \ 7031 "$P_SRV dtls=1 debug_level=2 \ 7032 crt_file=data_files/server7_int-ca.crt \ 7033 key_file=data_files/server7.key \ 7034 mtu=512 force_version=dtls1" \ 7035 "$O_CLI -dtls1" \ 7036 0 \ 7037 -s "fragmenting handshake message" 7038 7039# interop tests for DTLS fragmentating with unreliable connection 7040# 7041# again we just want to test that the we fragment in a way that 7042# pleases other implementations, so we don't need the peer to fragment 7043requires_gnutls_next 7044requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7045requires_config_enabled MBEDTLS_RSA_C 7046requires_config_enabled MBEDTLS_ECDSA_C 7047requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7048client_needs_more_time 4 7049requires_max_content_len 2048 7050run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ 7051 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 7052 "$G_NEXT_SRV -u" \ 7053 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7054 crt_file=data_files/server8_int-ca2.crt \ 7055 key_file=data_files/server8.key \ 7056 hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ 7057 0 \ 7058 -c "fragmenting handshake message" \ 7059 -C "error" 7060 7061requires_gnutls_next 7062requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7063requires_config_enabled MBEDTLS_RSA_C 7064requires_config_enabled MBEDTLS_ECDSA_C 7065requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 7066client_needs_more_time 4 7067requires_max_content_len 2048 7068run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \ 7069 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 7070 "$G_NEXT_SRV -u" \ 7071 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7072 crt_file=data_files/server8_int-ca2.crt \ 7073 key_file=data_files/server8.key \ 7074 hs_timeout=250-60000 mtu=512 force_version=dtls1" \ 7075 0 \ 7076 -c "fragmenting handshake message" \ 7077 -C "error" 7078 7079requires_gnutls_next 7080requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7081requires_config_enabled MBEDTLS_RSA_C 7082requires_config_enabled MBEDTLS_ECDSA_C 7083requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7084client_needs_more_time 4 7085requires_max_content_len 2048 7086run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ 7087 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 7088 "$P_SRV dtls=1 debug_level=2 \ 7089 crt_file=data_files/server7_int-ca.crt \ 7090 key_file=data_files/server7.key \ 7091 hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ 7092 "$G_NEXT_CLI -u --insecure 127.0.0.1" \ 7093 0 \ 7094 -s "fragmenting handshake message" 7095 7096requires_gnutls_next 7097requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7098requires_config_enabled MBEDTLS_RSA_C 7099requires_config_enabled MBEDTLS_ECDSA_C 7100requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 7101client_needs_more_time 4 7102requires_max_content_len 2048 7103run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \ 7104 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 7105 "$P_SRV dtls=1 debug_level=2 \ 7106 crt_file=data_files/server7_int-ca.crt \ 7107 key_file=data_files/server7.key \ 7108 hs_timeout=250-60000 mtu=512 force_version=dtls1" \ 7109 "$G_NEXT_CLI -u --insecure 127.0.0.1" \ 7110 0 \ 7111 -s "fragmenting handshake message" 7112 7113## Interop test with OpenSSL might trigger a bug in recent versions (including 7114## all versions installed on the CI machines), reported here: 7115## Bug report: https://github.com/openssl/openssl/issues/6902 7116## They should be re-enabled once a fixed version of OpenSSL is available 7117## (this should happen in some 1.1.1_ release according to the ticket). 7118skip_next_test 7119requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7120requires_config_enabled MBEDTLS_RSA_C 7121requires_config_enabled MBEDTLS_ECDSA_C 7122requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7123client_needs_more_time 4 7124requires_max_content_len 2048 7125run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ 7126 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 7127 "$O_SRV -dtls1_2 -verify 10" \ 7128 "$P_CLI dtls=1 debug_level=2 \ 7129 crt_file=data_files/server8_int-ca2.crt \ 7130 key_file=data_files/server8.key \ 7131 hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ 7132 0 \ 7133 -c "fragmenting handshake message" \ 7134 -C "error" 7135 7136skip_next_test 7137requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7138requires_config_enabled MBEDTLS_RSA_C 7139requires_config_enabled MBEDTLS_ECDSA_C 7140requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 7141client_needs_more_time 4 7142requires_max_content_len 2048 7143run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \ 7144 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 7145 "$O_SRV -dtls1 -verify 10" \ 7146 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7147 crt_file=data_files/server8_int-ca2.crt \ 7148 key_file=data_files/server8.key \ 7149 hs_timeout=250-60000 mtu=512 force_version=dtls1" \ 7150 0 \ 7151 -c "fragmenting handshake message" \ 7152 -C "error" 7153 7154skip_next_test 7155requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7156requires_config_enabled MBEDTLS_RSA_C 7157requires_config_enabled MBEDTLS_ECDSA_C 7158requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7159client_needs_more_time 4 7160requires_max_content_len 2048 7161run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ 7162 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 7163 "$P_SRV dtls=1 debug_level=2 \ 7164 crt_file=data_files/server7_int-ca.crt \ 7165 key_file=data_files/server7.key \ 7166 hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ 7167 "$O_CLI -dtls1_2" \ 7168 0 \ 7169 -s "fragmenting handshake message" 7170 7171# -nbio is added to prevent s_client from blocking in case of duplicated 7172# messages at the end of the handshake 7173skip_next_test 7174requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7175requires_config_enabled MBEDTLS_RSA_C 7176requires_config_enabled MBEDTLS_ECDSA_C 7177requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 7178client_needs_more_time 4 7179requires_max_content_len 2048 7180run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \ 7181 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 7182 "$P_SRV dgram_packing=0 dtls=1 debug_level=2 \ 7183 crt_file=data_files/server7_int-ca.crt \ 7184 key_file=data_files/server7.key \ 7185 hs_timeout=250-60000 mtu=512 force_version=dtls1" \ 7186 "$O_CLI -nbio -dtls1" \ 7187 0 \ 7188 -s "fragmenting handshake message" 7189 7190# Tests for specific things with "unreliable" UDP connection 7191 7192not_with_valgrind # spurious resend due to timeout 7193run_test "DTLS proxy: reference" \ 7194 -p "$P_PXY" \ 7195 "$P_SRV dtls=1 debug_level=2 hs_timeout=10000-20000" \ 7196 "$P_CLI dtls=1 debug_level=2 hs_timeout=10000-20000" \ 7197 0 \ 7198 -C "replayed record" \ 7199 -S "replayed record" \ 7200 -C "record from another epoch" \ 7201 -S "record from another epoch" \ 7202 -C "discarding invalid record" \ 7203 -S "discarding invalid record" \ 7204 -S "resend" \ 7205 -s "Extra-header:" \ 7206 -c "HTTP/1.0 200 OK" 7207 7208not_with_valgrind # spurious resend due to timeout 7209run_test "DTLS proxy: duplicate every packet" \ 7210 -p "$P_PXY duplicate=1" \ 7211 "$P_SRV dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \ 7212 "$P_CLI dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \ 7213 0 \ 7214 -c "replayed record" \ 7215 -s "replayed record" \ 7216 -c "record from another epoch" \ 7217 -s "record from another epoch" \ 7218 -S "resend" \ 7219 -s "Extra-header:" \ 7220 -c "HTTP/1.0 200 OK" 7221 7222run_test "DTLS proxy: duplicate every packet, server anti-replay off" \ 7223 -p "$P_PXY duplicate=1" \ 7224 "$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=0" \ 7225 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 7226 0 \ 7227 -c "replayed record" \ 7228 -S "replayed record" \ 7229 -c "record from another epoch" \ 7230 -s "record from another epoch" \ 7231 -c "resend" \ 7232 -s "resend" \ 7233 -s "Extra-header:" \ 7234 -c "HTTP/1.0 200 OK" 7235 7236run_test "DTLS proxy: multiple records in same datagram" \ 7237 -p "$P_PXY pack=50" \ 7238 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 7239 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 7240 0 \ 7241 -c "next record in same datagram" \ 7242 -s "next record in same datagram" 7243 7244run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \ 7245 -p "$P_PXY pack=50 duplicate=1" \ 7246 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 7247 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 7248 0 \ 7249 -c "next record in same datagram" \ 7250 -s "next record in same datagram" 7251 7252run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \ 7253 -p "$P_PXY bad_ad=1" \ 7254 "$P_SRV dtls=1 dgram_packing=0 debug_level=1" \ 7255 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 7256 0 \ 7257 -c "discarding invalid record (mac)" \ 7258 -s "discarding invalid record (mac)" \ 7259 -s "Extra-header:" \ 7260 -c "HTTP/1.0 200 OK" \ 7261 -S "too many records with bad MAC" \ 7262 -S "Verification of the message MAC failed" 7263 7264run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \ 7265 -p "$P_PXY bad_ad=1" \ 7266 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=1" \ 7267 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 7268 1 \ 7269 -C "discarding invalid record (mac)" \ 7270 -S "discarding invalid record (mac)" \ 7271 -S "Extra-header:" \ 7272 -C "HTTP/1.0 200 OK" \ 7273 -s "too many records with bad MAC" \ 7274 -s "Verification of the message MAC failed" 7275 7276run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \ 7277 -p "$P_PXY bad_ad=1" \ 7278 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2" \ 7279 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 7280 0 \ 7281 -c "discarding invalid record (mac)" \ 7282 -s "discarding invalid record (mac)" \ 7283 -s "Extra-header:" \ 7284 -c "HTTP/1.0 200 OK" \ 7285 -S "too many records with bad MAC" \ 7286 -S "Verification of the message MAC failed" 7287 7288run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\ 7289 -p "$P_PXY bad_ad=1" \ 7290 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2 exchanges=2" \ 7291 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100 exchanges=2" \ 7292 1 \ 7293 -c "discarding invalid record (mac)" \ 7294 -s "discarding invalid record (mac)" \ 7295 -s "Extra-header:" \ 7296 -c "HTTP/1.0 200 OK" \ 7297 -s "too many records with bad MAC" \ 7298 -s "Verification of the message MAC failed" 7299 7300run_test "DTLS proxy: delay ChangeCipherSpec" \ 7301 -p "$P_PXY delay_ccs=1" \ 7302 "$P_SRV dtls=1 debug_level=1 dgram_packing=0" \ 7303 "$P_CLI dtls=1 debug_level=1 dgram_packing=0" \ 7304 0 \ 7305 -c "record from another epoch" \ 7306 -s "record from another epoch" \ 7307 -s "Extra-header:" \ 7308 -c "HTTP/1.0 200 OK" 7309 7310# Tests for reordering support with DTLS 7311 7312run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ 7313 -p "$P_PXY delay_srv=ServerHello" \ 7314 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 7315 hs_timeout=2500-60000" \ 7316 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7317 hs_timeout=2500-60000" \ 7318 0 \ 7319 -c "Buffering HS message" \ 7320 -c "Next handshake message has been buffered - load"\ 7321 -S "Buffering HS message" \ 7322 -S "Next handshake message has been buffered - load"\ 7323 -C "Injecting buffered CCS message" \ 7324 -C "Remember CCS message" \ 7325 -S "Injecting buffered CCS message" \ 7326 -S "Remember CCS message" 7327 7328run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \ 7329 -p "$P_PXY delay_srv=ServerHello" \ 7330 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 7331 hs_timeout=2500-60000" \ 7332 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7333 hs_timeout=2500-60000" \ 7334 0 \ 7335 -c "Buffering HS message" \ 7336 -c "found fragmented DTLS handshake message"\ 7337 -c "Next handshake message 1 not or only partially bufffered" \ 7338 -c "Next handshake message has been buffered - load"\ 7339 -S "Buffering HS message" \ 7340 -S "Next handshake message has been buffered - load"\ 7341 -C "Injecting buffered CCS message" \ 7342 -C "Remember CCS message" \ 7343 -S "Injecting buffered CCS message" \ 7344 -S "Remember CCS message" 7345 7346# The client buffers the ServerKeyExchange before receiving the fragmented 7347# Certificate message; at the time of writing, together these are aroudn 1200b 7348# in size, so that the bound below ensures that the certificate can be reassembled 7349# while keeping the ServerKeyExchange. 7350requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300 7351run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \ 7352 -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ 7353 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 7354 hs_timeout=2500-60000" \ 7355 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7356 hs_timeout=2500-60000" \ 7357 0 \ 7358 -c "Buffering HS message" \ 7359 -c "Next handshake message has been buffered - load"\ 7360 -C "attempt to make space by freeing buffered messages" \ 7361 -S "Buffering HS message" \ 7362 -S "Next handshake message has been buffered - load"\ 7363 -C "Injecting buffered CCS message" \ 7364 -C "Remember CCS message" \ 7365 -S "Injecting buffered CCS message" \ 7366 -S "Remember CCS message" 7367 7368# The size constraints ensure that the delayed certificate message can't 7369# be reassembled while keeping the ServerKeyExchange message, but it can 7370# when dropping it first. 7371requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900 7372requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299 7373run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \ 7374 -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ 7375 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 7376 hs_timeout=2500-60000" \ 7377 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7378 hs_timeout=2500-60000" \ 7379 0 \ 7380 -c "Buffering HS message" \ 7381 -c "attempt to make space by freeing buffered future messages" \ 7382 -c "Enough space available after freeing buffered HS messages" \ 7383 -S "Buffering HS message" \ 7384 -S "Next handshake message has been buffered - load"\ 7385 -C "Injecting buffered CCS message" \ 7386 -C "Remember CCS message" \ 7387 -S "Injecting buffered CCS message" \ 7388 -S "Remember CCS message" 7389 7390run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ 7391 -p "$P_PXY delay_cli=Certificate" \ 7392 "$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \ 7393 hs_timeout=2500-60000" \ 7394 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7395 hs_timeout=2500-60000" \ 7396 0 \ 7397 -C "Buffering HS message" \ 7398 -C "Next handshake message has been buffered - load"\ 7399 -s "Buffering HS message" \ 7400 -s "Next handshake message has been buffered - load" \ 7401 -C "Injecting buffered CCS message" \ 7402 -C "Remember CCS message" \ 7403 -S "Injecting buffered CCS message" \ 7404 -S "Remember CCS message" 7405 7406run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ 7407 -p "$P_PXY delay_srv=NewSessionTicket" \ 7408 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 7409 hs_timeout=2500-60000" \ 7410 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7411 hs_timeout=2500-60000" \ 7412 0 \ 7413 -C "Buffering HS message" \ 7414 -C "Next handshake message has been buffered - load"\ 7415 -S "Buffering HS message" \ 7416 -S "Next handshake message has been buffered - load" \ 7417 -c "Injecting buffered CCS message" \ 7418 -c "Remember CCS message" \ 7419 -S "Injecting buffered CCS message" \ 7420 -S "Remember CCS message" 7421 7422run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ 7423 -p "$P_PXY delay_cli=ClientKeyExchange" \ 7424 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 7425 hs_timeout=2500-60000" \ 7426 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7427 hs_timeout=2500-60000" \ 7428 0 \ 7429 -C "Buffering HS message" \ 7430 -C "Next handshake message has been buffered - load"\ 7431 -S "Buffering HS message" \ 7432 -S "Next handshake message has been buffered - load" \ 7433 -C "Injecting buffered CCS message" \ 7434 -C "Remember CCS message" \ 7435 -s "Injecting buffered CCS message" \ 7436 -s "Remember CCS message" 7437 7438run_test "DTLS reordering: Buffer encrypted Finished message" \ 7439 -p "$P_PXY delay_ccs=1" \ 7440 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 7441 hs_timeout=2500-60000" \ 7442 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7443 hs_timeout=2500-60000" \ 7444 0 \ 7445 -s "Buffer record from epoch 1" \ 7446 -s "Found buffered record from current epoch - load" \ 7447 -c "Buffer record from epoch 1" \ 7448 -c "Found buffered record from current epoch - load" 7449 7450# In this test, both the fragmented NewSessionTicket and the ChangeCipherSpec 7451# from the server are delayed, so that the encrypted Finished message 7452# is received and buffered. When the fragmented NewSessionTicket comes 7453# in afterwards, the encrypted Finished message must be freed in order 7454# to make space for the NewSessionTicket to be reassembled. 7455# This works only in very particular circumstances: 7456# - MBEDTLS_SSL_DTLS_MAX_BUFFERING must be large enough to allow buffering 7457# of the NewSessionTicket, but small enough to also allow buffering of 7458# the encrypted Finished message. 7459# - The MTU setting on the server must be so small that the NewSessionTicket 7460# needs to be fragmented. 7461# - All messages sent by the server must be small enough to be either sent 7462# without fragmentation or be reassembled within the bounds of 7463# MBEDTLS_SSL_DTLS_MAX_BUFFERING. Achieve this by testing with a PSK-based 7464# handshake, omitting CRTs. 7465requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 240 7466requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 280 7467run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \ 7468 -p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \ 7469 "$P_SRV mtu=190 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \ 7470 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=abc123 psk_identity=foo" \ 7471 0 \ 7472 -s "Buffer record from epoch 1" \ 7473 -s "Found buffered record from current epoch - load" \ 7474 -c "Buffer record from epoch 1" \ 7475 -C "Found buffered record from current epoch - load" \ 7476 -c "Enough space available after freeing future epoch record" 7477 7478# Tests for "randomly unreliable connection": try a variety of flows and peers 7479 7480client_needs_more_time 2 7481run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ 7482 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7483 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7484 psk=abc123" \ 7485 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7486 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 7487 0 \ 7488 -s "Extra-header:" \ 7489 -c "HTTP/1.0 200 OK" 7490 7491client_needs_more_time 2 7492run_test "DTLS proxy: 3d, \"short\" RSA handshake" \ 7493 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7494 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ 7495 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \ 7496 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 7497 0 \ 7498 -s "Extra-header:" \ 7499 -c "HTTP/1.0 200 OK" 7500 7501client_needs_more_time 2 7502run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \ 7503 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7504 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ 7505 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \ 7506 0 \ 7507 -s "Extra-header:" \ 7508 -c "HTTP/1.0 200 OK" 7509 7510client_needs_more_time 2 7511run_test "DTLS proxy: 3d, FS, client auth" \ 7512 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7513 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=required" \ 7514 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \ 7515 0 \ 7516 -s "Extra-header:" \ 7517 -c "HTTP/1.0 200 OK" 7518 7519client_needs_more_time 2 7520run_test "DTLS proxy: 3d, FS, ticket" \ 7521 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7522 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \ 7523 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \ 7524 0 \ 7525 -s "Extra-header:" \ 7526 -c "HTTP/1.0 200 OK" 7527 7528client_needs_more_time 2 7529run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \ 7530 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7531 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \ 7532 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \ 7533 0 \ 7534 -s "Extra-header:" \ 7535 -c "HTTP/1.0 200 OK" 7536 7537client_needs_more_time 2 7538run_test "DTLS proxy: 3d, max handshake, nbio" \ 7539 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7540 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \ 7541 auth_mode=required" \ 7542 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1" \ 7543 0 \ 7544 -s "Extra-header:" \ 7545 -c "HTTP/1.0 200 OK" 7546 7547client_needs_more_time 4 7548run_test "DTLS proxy: 3d, min handshake, resumption" \ 7549 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7550 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7551 psk=abc123 debug_level=3" \ 7552 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7553 debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \ 7554 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 7555 0 \ 7556 -s "a session has been resumed" \ 7557 -c "a session has been resumed" \ 7558 -s "Extra-header:" \ 7559 -c "HTTP/1.0 200 OK" 7560 7561client_needs_more_time 4 7562run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ 7563 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7564 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7565 psk=abc123 debug_level=3 nbio=2" \ 7566 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7567 debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \ 7568 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \ 7569 0 \ 7570 -s "a session has been resumed" \ 7571 -c "a session has been resumed" \ 7572 -s "Extra-header:" \ 7573 -c "HTTP/1.0 200 OK" 7574 7575client_needs_more_time 4 7576requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 7577run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ 7578 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7579 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7580 psk=abc123 renegotiation=1 debug_level=2" \ 7581 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7582 renegotiate=1 debug_level=2 \ 7583 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 7584 0 \ 7585 -c "=> renegotiate" \ 7586 -s "=> renegotiate" \ 7587 -s "Extra-header:" \ 7588 -c "HTTP/1.0 200 OK" 7589 7590client_needs_more_time 4 7591requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 7592run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ 7593 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7594 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7595 psk=abc123 renegotiation=1 debug_level=2" \ 7596 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7597 renegotiate=1 debug_level=2 \ 7598 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 7599 0 \ 7600 -c "=> renegotiate" \ 7601 -s "=> renegotiate" \ 7602 -s "Extra-header:" \ 7603 -c "HTTP/1.0 200 OK" 7604 7605client_needs_more_time 4 7606requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 7607run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ 7608 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7609 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7610 psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \ 7611 debug_level=2" \ 7612 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7613 renegotiation=1 exchanges=4 debug_level=2 \ 7614 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 7615 0 \ 7616 -c "=> renegotiate" \ 7617 -s "=> renegotiate" \ 7618 -s "Extra-header:" \ 7619 -c "HTTP/1.0 200 OK" 7620 7621client_needs_more_time 4 7622requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 7623run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ 7624 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7625 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7626 psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \ 7627 debug_level=2 nbio=2" \ 7628 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7629 renegotiation=1 exchanges=4 debug_level=2 nbio=2 \ 7630 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 7631 0 \ 7632 -c "=> renegotiate" \ 7633 -s "=> renegotiate" \ 7634 -s "Extra-header:" \ 7635 -c "HTTP/1.0 200 OK" 7636 7637## Interop tests with OpenSSL might trigger a bug in recent versions (including 7638## all versions installed on the CI machines), reported here: 7639## Bug report: https://github.com/openssl/openssl/issues/6902 7640## They should be re-enabled once a fixed version of OpenSSL is available 7641## (this should happen in some 1.1.1_ release according to the ticket). 7642skip_next_test 7643client_needs_more_time 6 7644not_with_valgrind # risk of non-mbedtls peer timing out 7645run_test "DTLS proxy: 3d, openssl server" \ 7646 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ 7647 "$O_SRV -dtls1 -mtu 2048" \ 7648 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ 7649 0 \ 7650 -c "HTTP/1.0 200 OK" 7651 7652skip_next_test # see above 7653client_needs_more_time 8 7654not_with_valgrind # risk of non-mbedtls peer timing out 7655run_test "DTLS proxy: 3d, openssl server, fragmentation" \ 7656 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ 7657 "$O_SRV -dtls1 -mtu 768" \ 7658 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ 7659 0 \ 7660 -c "HTTP/1.0 200 OK" 7661 7662skip_next_test # see above 7663client_needs_more_time 8 7664not_with_valgrind # risk of non-mbedtls peer timing out 7665run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ 7666 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ 7667 "$O_SRV -dtls1 -mtu 768" \ 7668 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \ 7669 0 \ 7670 -c "HTTP/1.0 200 OK" 7671 7672requires_gnutls 7673client_needs_more_time 6 7674not_with_valgrind # risk of non-mbedtls peer timing out 7675run_test "DTLS proxy: 3d, gnutls server" \ 7676 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7677 "$G_SRV -u --mtu 2048 -a" \ 7678 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ 7679 0 \ 7680 -s "Extra-header:" \ 7681 -c "Extra-header:" 7682 7683requires_gnutls_next 7684client_needs_more_time 8 7685not_with_valgrind # risk of non-mbedtls peer timing out 7686run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ 7687 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7688 "$G_NEXT_SRV -u --mtu 512" \ 7689 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ 7690 0 \ 7691 -s "Extra-header:" \ 7692 -c "Extra-header:" 7693 7694requires_gnutls_next 7695client_needs_more_time 8 7696not_with_valgrind # risk of non-mbedtls peer timing out 7697run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ 7698 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7699 "$G_NEXT_SRV -u --mtu 512" \ 7700 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \ 7701 0 \ 7702 -s "Extra-header:" \ 7703 -c "Extra-header:" 7704 7705# Final report 7706 7707echo "------------------------------------------------------------------------" 7708 7709if [ $FAILS = 0 ]; then 7710 printf "PASSED" 7711else 7712 printf "FAILED" 7713fi 7714PASSES=$(( $TESTS - $FAILS )) 7715echo " ($PASSES / $TESTS tests ($SKIPS skipped))" 7716 7717exit $FAILS 7718