mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 17:45:37 +01:00
Merge branch 'development' into development
This commit is contained in:
Simon Butcher
commit
0bbb4fc132
@ -21,6 +21,10 @@ Features
|
||||
last paragraph).
|
||||
* Add support for packing multiple records within a single datagram,
|
||||
enabled by default.
|
||||
* Add support for buffering out-of-order handshake messages in DTLS.
|
||||
The maximum amount of RAM used for this can be controlled by the
|
||||
compile-time constant MBEDTLS_SSL_DTLS_MAX_BUFFERING defined
|
||||
in mbedtls/config.h.
|
||||
|
||||
API Changes
|
||||
* Add function mbedtls_ssl_set_datagram_packing() to configure
|
||||
@ -66,6 +70,7 @@ Changes
|
||||
* Fix a miscalculation of the maximum record expansion in
|
||||
mbedtls_ssl_get_record_expansion() in case of ChachaPoly ciphersuites,
|
||||
or CBC ciphersuites in (D)TLS versions 1.1 or higher. Fixes #1913, #1914.
|
||||
* Add support for buffering of out-of-order handshake messages.
|
||||
|
||||
INTERNAL NOTE: need to bump soversion of libmbedtls:
|
||||
- added new member 'mtu' to public 'mbedtls_ssl_conf' structure
|
||||
|
||||
@ -3010,6 +3010,23 @@
|
||||
*/
|
||||
//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
|
||||
|
||||
/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING
|
||||
*
|
||||
* Maximum number of heap-allocated bytes for the purpose of
|
||||
* DTLS handshake message reassembly and future message buffering.
|
||||
*
|
||||
* This should be at least 9/8 * MBEDTLSSL_IN_CONTENT_LEN
|
||||
* to account for a reassembled handshake message of maximum size,
|
||||
* together with its reassembly bitmap.
|
||||
*
|
||||
* A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default)
|
||||
* should be sufficient for all practical situations as it allows
|
||||
* to reassembly a large handshake message (such as a certificate)
|
||||
* while buffering multiple smaller handshake messages.
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
|
||||
|
||||
//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
|
||||
//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
|
||||
//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
|
||||
|
||||
@ -121,6 +121,7 @@
|
||||
#define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 /**< Couldn't set the hash for verifying CertificateVerify */
|
||||
#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 /**< Internal-only message signaling that further message-processing should be done */
|
||||
#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500 /**< The asynchronous operation is not completed yet. */
|
||||
#define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480 /**< Internal-only message signaling that a message arrived early. */
|
||||
|
||||
/*
|
||||
* Various constants
|
||||
@ -242,6 +243,14 @@
|
||||
#define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Maximum number of heap-allocated bytes for the purpose of
|
||||
* DTLS handshake message reassembly and future message buffering.
|
||||
*/
|
||||
#if !defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING)
|
||||
#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
|
||||
#endif
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
|
||||
/*
|
||||
@ -1022,14 +1031,14 @@ struct mbedtls_ssl_context
|
||||
int renego_records_seen; /*!< Records since renego request, or with DTLS,
|
||||
number of retransmissions of request if
|
||||
renego_max_records is < 0 */
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||
|
||||
int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
|
||||
int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
||||
unsigned badmac_seen; /*!< records with a bad MAC received */
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
|
||||
|
||||
mbedtls_ssl_send_t *f_send; /*!< Callback for network send */
|
||||
mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */
|
||||
@ -1085,11 +1094,11 @@ struct mbedtls_ssl_context
|
||||
uint16_t in_epoch; /*!< DTLS epoch for incoming records */
|
||||
size_t next_record_offset; /*!< offset of the next record in datagram
|
||||
(equal to in_left if none) */
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||
uint64_t in_window_top; /*!< last validated record seq_num */
|
||||
uint64_t in_window; /*!< bitmask for replay detection */
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
|
||||
|
||||
size_t in_hslen; /*!< current handshake message length,
|
||||
including the handshake header */
|
||||
@ -1121,14 +1130,14 @@ struct mbedtls_ssl_context
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
uint16_t mtu; /*!< path mtu, used to fragment outgoing messages */
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||
unsigned char *compress_buf; /*!< zlib data buffer */
|
||||
#endif
|
||||
#endif /* MBEDTLS_ZLIB_SUPPORT */
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||
signed char split_done; /*!< current record already splitted? */
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
|
||||
|
||||
/*
|
||||
* PKI layer
|
||||
@ -1141,11 +1150,11 @@ struct mbedtls_ssl_context
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
char *hostname; /*!< expected peer CN for verification
|
||||
(and SNI if available) */
|
||||
#endif
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
const char *alpn_chosen; /*!< negotiated protocol */
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_ALPN */
|
||||
|
||||
/*
|
||||
* Information for DTLS hello verify
|
||||
@ -1153,7 +1162,7 @@ struct mbedtls_ssl_context
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
|
||||
unsigned char *cli_id; /*!< transport-level ID of the client */
|
||||
size_t cli_id_len; /*!< length of cli_id */
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
|
||||
|
||||
/*
|
||||
* Secure renegotiation
|
||||
@ -1165,7 +1174,7 @@ struct mbedtls_ssl_context
|
||||
size_t verify_data_len; /*!< length of verify data stored */
|
||||
char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
|
||||
char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||
};
|
||||
|
||||
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
|
||||
@ -1400,8 +1409,9 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
|
||||
* encapsulation and encryption/authentication if any.
|
||||
*
|
||||
* \note This can be called at any point during the connection, for
|
||||
* example when a PMTU estimate becomes available from other
|
||||
* sources, such as lower (or higher) protocol layers.
|
||||
* example when a Path Maximum Transfer Unit (PMTU)
|
||||
* estimate becomes available from other sources,
|
||||
* such as lower (or higher) protocol layers.
|
||||
*
|
||||
* \note This setting only controls the size of the packets we send,
|
||||
* and does not restrict the size of the datagrams we're
|
||||
|
||||
@ -155,6 +155,9 @@
|
||||
#define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
|
||||
( MBEDTLS_SSL_OUT_CONTENT_LEN ) )
|
||||
|
||||
/* The maximum number of buffered handshake messages. */
|
||||
#define MBEDTLS_SSL_MAX_BUFFERED_HS 4
|
||||
|
||||
/* Maximum length we can advertise as our max content length for
|
||||
RFC 6066 max_fragment_length extension negotiation purposes
|
||||
(the lesser of both sizes, if they are unequal.)
|
||||
@ -294,8 +297,6 @@ struct mbedtls_ssl_handshake_params
|
||||
unsigned char verify_cookie_len; /*!< Cli: cookie length
|
||||
Srv: flag for sending a cookie */
|
||||
|
||||
unsigned char *hs_msg; /*!< Reassembled handshake message */
|
||||
|
||||
uint32_t retransmit_timeout; /*!< Current value of timeout */
|
||||
unsigned char retransmit_state; /*!< Retransmission state */
|
||||
mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
|
||||
@ -307,6 +308,33 @@ struct mbedtls_ssl_handshake_params
|
||||
resending messages */
|
||||
unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
|
||||
for resending messages */
|
||||
|
||||
struct
|
||||
{
|
||||
size_t total_bytes_buffered; /*!< Cumulative size of heap allocated
|
||||
* buffers used for message buffering. */
|
||||
|
||||
uint8_t seen_ccs; /*!< Indicates if a CCS message has
|
||||
* been seen in the current flight. */
|
||||
|
||||
struct mbedtls_ssl_hs_buffer
|
||||
{
|
||||
unsigned is_valid : 1;
|
||||
unsigned is_fragmented : 1;
|
||||
unsigned is_complete : 1;
|
||||
unsigned char *data;
|
||||
size_t data_len;
|
||||
} hs[MBEDTLS_SSL_MAX_BUFFERED_HS];
|
||||
|
||||
struct
|
||||
{
|
||||
unsigned char *data;
|
||||
size_t len;
|
||||
unsigned epoch;
|
||||
} future_record;
|
||||
|
||||
} buffering;
|
||||
|
||||
uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
@ -366,6 +394,8 @@ struct mbedtls_ssl_handshake_params
|
||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||
};
|
||||
|
||||
typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
|
||||
|
||||
/*
|
||||
* This structure contains a full set of runtime transform parameters
|
||||
* either in negotiation or active.
|
||||
@ -480,7 +510,6 @@ int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
|
||||
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
|
||||
|
||||
int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
|
||||
void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
|
||||
@ -492,7 +521,10 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
|
||||
* of the logic of (D)TLS from the implementation
|
||||
* of the secure transport.
|
||||
*
|
||||
* \param ssl SSL context to use
|
||||
* \param ssl The SSL context to use.
|
||||
* \param update_hs_digest This indicates if the handshake digest
|
||||
* should be automatically updated in case
|
||||
* a handshake message is found.
|
||||
*
|
||||
* \return 0 or non-zero error code.
|
||||
*
|
||||
@ -558,7 +590,8 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
|
||||
* following the above definition.
|
||||
*
|
||||
*/
|
||||
int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
|
||||
unsigned update_hs_digest );
|
||||
int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
|
||||
|
||||
int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
|
||||
|
||||
@ -515,6 +515,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
||||
mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that further message-processing should be done" );
|
||||
if( use_ret == -(MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) )
|
||||
mbedtls_snprintf( buf, buflen, "SSL - The asynchronous operation is not completed yet" );
|
||||
if( use_ret == -(MBEDTLS_ERR_SSL_EARLY_MESSAGE) )
|
||||
mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that a message arrived early" );
|
||||
#endif /* MBEDTLS_SSL_TLS_C */
|
||||
|
||||
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
|
||||
|
||||
@ -1101,7 +1101,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
|
||||
return( ret );
|
||||
}
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
|
||||
|
||||
@ -1500,7 +1500,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||
|
||||
buf = ssl->in_msg;
|
||||
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
|
||||
{
|
||||
/* No alert on a read error. */
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
|
||||
@ -2349,7 +2349,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
|
||||
return( ret );
|
||||
@ -2656,7 +2656,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
|
||||
return( ret );
|
||||
@ -2808,7 +2808,7 @@ static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello done" ) );
|
||||
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
|
||||
return( ret );
|
||||
@ -3297,7 +3297,7 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse new session ticket" ) );
|
||||
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
|
||||
return( ret );
|
||||
@ -3414,7 +3414,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
|
||||
if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
||||
return( ret );
|
||||
}
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
/* Change state now, so that it is right in mbedtls_ssl_read_record(), used
|
||||
* by DTLS for dropping out-of-sequence ChangeCipherSpec records */
|
||||
|
||||
@ -2397,7 +2397,7 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
|
||||
return( ret );
|
||||
}
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello verify request" ) );
|
||||
|
||||
@ -3385,7 +3385,7 @@ static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl )
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
|
||||
return( ret );
|
||||
}
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello done" ) );
|
||||
|
||||
@ -3728,7 +3728,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
||||
}
|
||||
else
|
||||
#endif
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
|
||||
return( ret );
|
||||
@ -4038,25 +4038,10 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
}
|
||||
|
||||
/* Read the message without adding it to the checksum */
|
||||
do {
|
||||
|
||||
do ret = mbedtls_ssl_read_record_layer( ssl );
|
||||
while( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
ret = mbedtls_ssl_handle_message_type( ssl );
|
||||
|
||||
} while( MBEDTLS_ERR_SSL_NON_FATAL == ret ||
|
||||
MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret );
|
||||
|
||||
ret = mbedtls_ssl_read_record( ssl, 0 /* no checksum update */ );
|
||||
if( 0 != ret )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret );
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record" ), ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
@ -4279,7 +4264,7 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl )
|
||||
if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
||||
return( ret );
|
||||
}
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
switch( ssl->state )
|
||||
{
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -40,6 +40,8 @@
|
||||
#define mbedtls_time time
|
||||
#define mbedtls_time_t time_t
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
||||
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
@ -106,6 +108,21 @@ int main( void )
|
||||
" delay=%%d default: 0 (no delayed packets)\n" \
|
||||
" delay about 1:N packets randomly\n" \
|
||||
" delay_ccs=0/1 default: 0 (don't delay ChangeCipherSpec)\n" \
|
||||
" delay_cli=%%s Handshake message from client that should be\n"\
|
||||
" delayed. Possible values are 'ClientHello',\n" \
|
||||
" 'Certificate', 'CertificateVerify', and\n" \
|
||||
" 'ClientKeyExchange'.\n" \
|
||||
" May be used multiple times, even for the same\n"\
|
||||
" message, in which case the respective message\n"\
|
||||
" gets delayed multiple times.\n" \
|
||||
" delay_srv=%%s Handshake message from server that should be\n"\
|
||||
" delayed. Possible values are 'HelloRequest',\n"\
|
||||
" 'ServerHello', 'ServerHelloDone', 'Certificate'\n"\
|
||||
" 'ServerKeyExchange', 'NewSessionTicket',\n"\
|
||||
" 'HelloVerifyRequest' and ''CertificateRequest'.\n"\
|
||||
" May be used multiple times, even for the same\n"\
|
||||
" message, in which case the respective message\n"\
|
||||
" gets delayed multiple times.\n" \
|
||||
" drop=%%d default: 0 (no dropped packets)\n" \
|
||||
" drop about 1:N packets randomly\n" \
|
||||
" mtu=%%d default: 0 (unlimited)\n" \
|
||||
@ -121,6 +138,9 @@ int main( void )
|
||||
/*
|
||||
* global options
|
||||
*/
|
||||
|
||||
#define MAX_DELAYED_HS 10
|
||||
|
||||
static struct options
|
||||
{
|
||||
const char *server_addr; /* address to forward packets to */
|
||||
@ -131,6 +151,12 @@ static struct options
|
||||
int duplicate; /* duplicate 1 in N packets (none if 0) */
|
||||
int delay; /* delay 1 packet in N (none if 0) */
|
||||
int delay_ccs; /* delay ChangeCipherSpec */
|
||||
char* delay_cli[MAX_DELAYED_HS]; /* handshake types of messages from
|
||||
* client that should be delayed. */
|
||||
uint8_t delay_cli_cnt; /* Number of entries in delay_cli. */
|
||||
char* delay_srv[MAX_DELAYED_HS]; /* handshake types of messages from
|
||||
* server that should be delayed. */
|
||||
uint8_t delay_srv_cnt; /* Number of entries in delay_srv. */
|
||||
int drop; /* drop 1 packet in N (none if 0) */
|
||||
int mtu; /* drop packets larger than this */
|
||||
int bad_ad; /* inject corrupted ApplicationData record */
|
||||
@ -164,6 +190,11 @@ static void get_options( int argc, char *argv[] )
|
||||
opt.pack = DFL_PACK;
|
||||
/* Other members default to 0 */
|
||||
|
||||
opt.delay_cli_cnt = 0;
|
||||
opt.delay_srv_cnt = 0;
|
||||
memset( opt.delay_cli, 0, sizeof( opt.delay_cli ) );
|
||||
memset( opt.delay_srv, 0, sizeof( opt.delay_srv ) );
|
||||
|
||||
for( i = 1; i < argc; i++ )
|
||||
{
|
||||
p = argv[i];
|
||||
@ -197,6 +228,43 @@ static void get_options( int argc, char *argv[] )
|
||||
if( opt.delay_ccs < 0 || opt.delay_ccs > 1 )
|
||||
exit_usage( p, q );
|
||||
}
|
||||
else if( strcmp( p, "delay_cli" ) == 0 ||
|
||||
strcmp( p, "delay_srv" ) == 0 )
|
||||
{
|
||||
uint8_t *delay_cnt;
|
||||
char **delay_list;
|
||||
size_t len;
|
||||
char *buf;
|
||||
|
||||
if( strcmp( p, "delay_cli" ) == 0 )
|
||||
{
|
||||
delay_cnt = &opt.delay_cli_cnt;
|
||||
delay_list = opt.delay_cli;
|
||||
}
|
||||
else
|
||||
{
|
||||
delay_cnt = &opt.delay_srv_cnt;
|
||||
delay_list = opt.delay_srv;
|
||||
}
|
||||
|
||||
if( *delay_cnt == MAX_DELAYED_HS )
|
||||
{
|
||||
mbedtls_printf( " too many uses of %s: only %d allowed\n",
|
||||
p, MAX_DELAYED_HS );
|
||||
exit_usage( p, NULL );
|
||||
}
|
||||
|
||||
len = strlen( q );
|
||||
buf = mbedtls_calloc( 1, len + 1 );
|
||||
if( buf == NULL )
|
||||
{
|
||||
mbedtls_printf( " Allocation failure\n" );
|
||||
exit( 1 );
|
||||
}
|
||||
memcpy( buf, q, len + 1 );
|
||||
|
||||
delay_list[ (*delay_cnt)++ ] = buf;
|
||||
}
|
||||
else if( strcmp( p, "drop" ) == 0 )
|
||||
{
|
||||
opt.drop = atoi( q );
|
||||
@ -488,11 +556,37 @@ int send_packet( const packet *p, const char *why )
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
static packet prev;
|
||||
#define MAX_DELAYED_MSG 5
|
||||
static size_t prev_len;
|
||||
static packet prev[MAX_DELAYED_MSG];
|
||||
|
||||
void clear_pending( void )
|
||||
{
|
||||
memset( &prev, 0, sizeof( packet ) );
|
||||
memset( &prev, 0, sizeof( prev ) );
|
||||
prev_len = 0;
|
||||
}
|
||||
|
||||
void delay_packet( packet *delay )
|
||||
{
|
||||
if( prev_len == MAX_DELAYED_MSG )
|
||||
return;
|
||||
|
||||
memcpy( &prev[prev_len++], delay, sizeof( packet ) );
|
||||
}
|
||||
|
||||
int send_delayed()
|
||||
{
|
||||
uint8_t offset;
|
||||
int ret;
|
||||
for( offset = 0; offset < prev_len; offset++ )
|
||||
{
|
||||
ret = send_packet( &prev[offset], "delayed" );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
||||
clear_pending();
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
@ -540,6 +634,10 @@ int handle_message( const char *way,
|
||||
packet cur;
|
||||
size_t id;
|
||||
|
||||
uint8_t delay_idx;
|
||||
char ** delay_list;
|
||||
uint8_t delay_list_len;
|
||||
|
||||
/* receive packet */
|
||||
if( ( ret = mbedtls_net_recv( src, cur.buf, sizeof( cur.buf ) ) ) <= 0 )
|
||||
{
|
||||
@ -555,6 +653,37 @@ int handle_message( const char *way,
|
||||
|
||||
id = cur.len % sizeof( dropped );
|
||||
|
||||
if( strcmp( way, "S <- C" ) == 0 )
|
||||
{
|
||||
delay_list = opt.delay_cli;
|
||||
delay_list_len = opt.delay_cli_cnt;
|
||||
}
|
||||
else
|
||||
{
|
||||
delay_list = opt.delay_srv;
|
||||
delay_list_len = opt.delay_srv_cnt;
|
||||
}
|
||||
|
||||
/* Check if message type is in the list of messages
|
||||
* that should be delayed */
|
||||
for( delay_idx = 0; delay_idx < delay_list_len; delay_idx++ )
|
||||
{
|
||||
if( delay_list[ delay_idx ] == NULL )
|
||||
continue;
|
||||
|
||||
if( strcmp( delay_list[ delay_idx ], cur.type ) == 0 )
|
||||
{
|
||||
/* Delay message */
|
||||
delay_packet( &cur );
|
||||
|
||||
/* Remove entry from list */
|
||||
mbedtls_free( delay_list[delay_idx] );
|
||||
delay_list[delay_idx] = NULL;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
|
||||
/* do we want to drop, delay, or forward it? */
|
||||
if( ( opt.mtu != 0 &&
|
||||
cur.len > (unsigned) opt.mtu ) ||
|
||||
@ -574,12 +703,11 @@ int handle_message( const char *way,
|
||||
strcmp( cur.type, "ApplicationData" ) != 0 &&
|
||||
! ( opt.protect_hvr &&
|
||||
strcmp( cur.type, "HelloVerifyRequest" ) == 0 ) &&
|
||||
prev.dst == NULL &&
|
||||
cur.len != (size_t) opt.protect_len &&
|
||||
dropped[id] < DROP_MAX &&
|
||||
rand() % opt.delay == 0 ) )
|
||||
{
|
||||
memcpy( &prev, &cur, sizeof( packet ) );
|
||||
delay_packet( &cur );
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -587,15 +715,11 @@ int handle_message( const char *way,
|
||||
if( ( ret = send_packet( &cur, "forwarded" ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
/* send previously delayed message if any */
|
||||
if( prev.dst != NULL )
|
||||
{
|
||||
ret = send_packet( &prev, "delayed" );
|
||||
memset( &prev, 0, sizeof( packet ) );
|
||||
/* send previously delayed messages if any */
|
||||
ret = send_delayed();
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
@ -604,6 +728,7 @@ int main( int argc, char *argv[] )
|
||||
{
|
||||
int ret = 1;
|
||||
int exit_code = MBEDTLS_EXIT_FAILURE;
|
||||
uint8_t delay_idx;
|
||||
|
||||
mbedtls_net_context listen_fd, client_fd, server_fd;
|
||||
|
||||
@ -798,6 +923,12 @@ exit:
|
||||
}
|
||||
#endif
|
||||
|
||||
for( delay_idx = 0; delay_idx < MAX_DELAYED_HS; delay_idx++ )
|
||||
{
|
||||
mbedtls_free( opt.delay_cli + delay_idx );
|
||||
mbedtls_free( opt.delay_srv + delay_idx );
|
||||
}
|
||||
|
||||
mbedtls_net_free( &client_fd );
|
||||
mbedtls_net_free( &server_fd );
|
||||
mbedtls_net_free( &listen_fd );
|
||||
|
||||
@ -558,6 +558,26 @@ make
|
||||
msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
|
||||
if_build_succeeded tests/ssl-opt.sh -f "Max fragment"
|
||||
|
||||
msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0"
|
||||
cleanup
|
||||
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||
scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test"
|
||||
if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg"
|
||||
|
||||
msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1"
|
||||
cleanup
|
||||
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||
scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 240
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test"
|
||||
if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket"
|
||||
|
||||
msg "build: cmake, full config, clang" # ~ 50s
|
||||
cleanup
|
||||
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||
|
||||
291
tests/ssl-opt.sh
291
tests/ssl-opt.sh
@ -142,6 +142,14 @@ get_options() {
|
||||
done
|
||||
}
|
||||
|
||||
# Skip next test; use this macro to skip tests which are legitimate
|
||||
# in theory and expected to be re-introduced at some point, but
|
||||
# aren't expected to succeed at the moment due to problems outside
|
||||
# our control (such as bugs in other TLS implementations).
|
||||
skip_next_test() {
|
||||
SKIP_NEXT="YES"
|
||||
}
|
||||
|
||||
# skip next test if the flag is not enabled in config.h
|
||||
requires_config_enabled() {
|
||||
if grep "^#define $1" $CONFIG_H > /dev/null; then :; else
|
||||
@ -156,6 +164,27 @@ requires_config_disabled() {
|
||||
fi
|
||||
}
|
||||
|
||||
get_config_value_or_default() {
|
||||
NAME="$1"
|
||||
DEF_VAL=$( grep ".*#define.*${NAME}" ../include/mbedtls/config.h |
|
||||
sed 's/^.*\s\([0-9]*\)$/\1/' )
|
||||
../scripts/config.pl get $NAME || echo "$DEF_VAL"
|
||||
}
|
||||
|
||||
requires_config_value_at_least() {
|
||||
VAL=$( get_config_value_or_default "$1" )
|
||||
if [ "$VAL" -lt "$2" ]; then
|
||||
SKIP_NEXT="YES"
|
||||
fi
|
||||
}
|
||||
|
||||
requires_config_value_at_most() {
|
||||
VAL=$( get_config_value_or_default "$1" )
|
||||
if [ "$VAL" -gt "$2" ]; then
|
||||
SKIP_NEXT="YES"
|
||||
fi
|
||||
}
|
||||
|
||||
# skip next test if OpenSSL doesn't support FALLBACK_SCSV
|
||||
requires_openssl_with_fallback_scsv() {
|
||||
if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
|
||||
@ -5297,9 +5326,8 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio" \
|
||||
-c "found fragmented DTLS handshake message" \
|
||||
-C "error"
|
||||
|
||||
# This ensures things still work after session_reset(),
|
||||
# for example it would have caught #1941.
|
||||
# It also exercises the "resumed hanshake" flow.
|
||||
# This ensures things still work after session_reset().
|
||||
# It also exercises the "resumed handshake" flow.
|
||||
# Since we don't support reading fragmented ClientHello yet,
|
||||
# up the MTU to 1450 (larger than ClientHello with session ticket,
|
||||
# but still smaller than client's Certificate to ensure fragmentation).
|
||||
@ -5551,6 +5579,13 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.0" \
|
||||
-c "fragmenting handshake message" \
|
||||
-C "error"
|
||||
|
||||
# We use --insecure for the GnuTLS client because it expects
|
||||
# the hostname / IP it connects to to be the name used in the
|
||||
# certificate obtained from the server. Here, however, it
|
||||
# connects to 127.0.0.1 while our test certificates use 'localhost'
|
||||
# as the server name in the certificate. This will make the
|
||||
# certifiate validation fail, but passing --insecure makes
|
||||
# GnuTLS continue the connection nonetheless.
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
@ -5565,6 +5600,7 @@ run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
|
||||
0 \
|
||||
-s "fragmenting handshake message"
|
||||
|
||||
# See previous test for the reason to use --insecure
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
@ -5676,38 +5712,39 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
|
||||
## https://gitlab.com/gnutls/gnutls/issues/543
|
||||
## We can re-enable them when a fixed version fo GnuTLS is available
|
||||
## and installed in our CI system.
|
||||
##
|
||||
## requires_gnutls
|
||||
## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
## requires_config_enabled MBEDTLS_RSA_C
|
||||
## requires_config_enabled MBEDTLS_ECDSA_C
|
||||
## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
## client_needs_more_time 4
|
||||
## run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
|
||||
## -p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||
## "$P_SRV dtls=1 debug_level=2 \
|
||||
## crt_file=data_files/server7_int-ca.crt \
|
||||
## key_file=data_files/server7.key \
|
||||
## hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
|
||||
## "$G_CLI -u --insecure 127.0.0.1" \
|
||||
## 0 \
|
||||
## -s "fragmenting handshake message"
|
||||
##
|
||||
## requires_gnutls
|
||||
## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
## requires_config_enabled MBEDTLS_RSA_C
|
||||
## requires_config_enabled MBEDTLS_ECDSA_C
|
||||
## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||
## client_needs_more_time 4
|
||||
## run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
|
||||
## -p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||
## "$P_SRV dtls=1 debug_level=2 \
|
||||
## crt_file=data_files/server7_int-ca.crt \
|
||||
## key_file=data_files/server7.key \
|
||||
## hs_timeout=250-60000 mtu=512 force_version=dtls1" \
|
||||
## "$G_CLI -u --insecure 127.0.0.1" \
|
||||
## 0 \
|
||||
## -s "fragmenting handshake message"
|
||||
skip_next_test
|
||||
requires_gnutls
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
client_needs_more_time 4
|
||||
run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
|
||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||
"$P_SRV dtls=1 debug_level=2 \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
key_file=data_files/server7.key \
|
||||
hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
|
||||
"$G_CLI -u --insecure 127.0.0.1" \
|
||||
0 \
|
||||
-s "fragmenting handshake message"
|
||||
|
||||
skip_next_test
|
||||
requires_gnutls
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||
client_needs_more_time 4
|
||||
run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
|
||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||
"$P_SRV dtls=1 debug_level=2 \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
key_file=data_files/server7.key \
|
||||
hs_timeout=250-60000 mtu=512 force_version=dtls1" \
|
||||
"$G_CLI -u --insecure 127.0.0.1" \
|
||||
0 \
|
||||
-s "fragmenting handshake message"
|
||||
|
||||
## Interop test with OpenSSL might triger a bug in recent versions (that
|
||||
## probably won't be fixed before 1.1.1X), so we use an old version that
|
||||
@ -5716,22 +5753,22 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
|
||||
## Bug report: https://github.com/openssl/openssl/issues/6902
|
||||
## They should be re-enabled (and the DTLS 1.0 switched back to a non-legacy
|
||||
## version of OpenSSL once a fixed version of OpenSSL is available)
|
||||
##
|
||||
## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
## requires_config_enabled MBEDTLS_RSA_C
|
||||
## requires_config_enabled MBEDTLS_ECDSA_C
|
||||
## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
## client_needs_more_time 4
|
||||
## run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
|
||||
## -p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||
## "$O_SRV -dtls1_2 -verify 10" \
|
||||
## "$P_CLI dtls=1 debug_level=2 \
|
||||
## crt_file=data_files/server8_int-ca2.crt \
|
||||
## key_file=data_files/server8.key \
|
||||
## hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
|
||||
## 0 \
|
||||
## -c "fragmenting handshake message" \
|
||||
## -C "error"
|
||||
skip_next_test
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
client_needs_more_time 4
|
||||
run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
|
||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||
"$O_SRV -dtls1_2 -verify 10" \
|
||||
"$P_CLI dtls=1 debug_level=2 \
|
||||
crt_file=data_files/server8_int-ca2.crt \
|
||||
key_file=data_files/server8.key \
|
||||
hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
|
||||
0 \
|
||||
-c "fragmenting handshake message" \
|
||||
-C "error"
|
||||
|
||||
requires_openssl_legacy
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
@ -5904,6 +5941,158 @@ run_test "DTLS proxy: delay ChangeCipherSpec" \
|
||||
-s "Extra-header:" \
|
||||
-c "HTTP/1.0 200 OK"
|
||||
|
||||
# Tests for reordering support with DTLS
|
||||
|
||||
run_test "DTLS reordering: Buffer out-of-order handshake message on client" \
|
||||
-p "$P_PXY delay_srv=ServerHello" \
|
||||
"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \
|
||||
"$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
|
||||
0 \
|
||||
-c "Buffering HS message" \
|
||||
-c "Next handshake message has been buffered - load"\
|
||||
-S "Buffering HS message" \
|
||||
-S "Next handshake message has been buffered - load"\
|
||||
-C "Injecting buffered CCS message" \
|
||||
-C "Remember CCS message" \
|
||||
-S "Injecting buffered CCS message" \
|
||||
-S "Remember CCS message"
|
||||
|
||||
run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \
|
||||
-p "$P_PXY delay_srv=ServerHello" \
|
||||
"$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2" \
|
||||
"$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
|
||||
0 \
|
||||
-c "Buffering HS message" \
|
||||
-c "found fragmented DTLS handshake message"\
|
||||
-c "Next handshake message 1 not or only partially bufffered" \
|
||||
-c "Next handshake message has been buffered - load"\
|
||||
-S "Buffering HS message" \
|
||||
-S "Next handshake message has been buffered - load"\
|
||||
-C "Injecting buffered CCS message" \
|
||||
-C "Remember CCS message" \
|
||||
-S "Injecting buffered CCS message" \
|
||||
-S "Remember CCS message"
|
||||
|
||||
# The client buffers the ServerKeyExchange before receiving the fragmented
|
||||
# Certificate message; at the time of writing, together these are aroudn 1200b
|
||||
# in size, so that the bound below ensures that the certificate can be reassembled
|
||||
# while keeping the ServerKeyExchange.
|
||||
requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300
|
||||
run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \
|
||||
-p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
|
||||
"$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2" \
|
||||
"$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
|
||||
0 \
|
||||
-c "Buffering HS message" \
|
||||
-c "Next handshake message has been buffered - load"\
|
||||
-C "attempt to make space by freeing buffered messages" \
|
||||
-S "Buffering HS message" \
|
||||
-S "Next handshake message has been buffered - load"\
|
||||
-C "Injecting buffered CCS message" \
|
||||
-C "Remember CCS message" \
|
||||
-S "Injecting buffered CCS message" \
|
||||
-S "Remember CCS message"
|
||||
|
||||
# The size constraints ensure that the delayed certificate message can't
|
||||
# be reassembled while keeping the ServerKeyExchange message, but it can
|
||||
# when dropping it first.
|
||||
requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900
|
||||
requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299
|
||||
run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \
|
||||
-p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
|
||||
"$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2" \
|
||||
"$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
|
||||
0 \
|
||||
-c "Buffering HS message" \
|
||||
-c "attempt to make space by freeing buffered future messages" \
|
||||
-c "Enough space available after freeing buffered HS messages" \
|
||||
-S "Buffering HS message" \
|
||||
-S "Next handshake message has been buffered - load"\
|
||||
-C "Injecting buffered CCS message" \
|
||||
-C "Remember CCS message" \
|
||||
-S "Injecting buffered CCS message" \
|
||||
-S "Remember CCS message"
|
||||
|
||||
run_test "DTLS reordering: Buffer out-of-order handshake message on server" \
|
||||
-p "$P_PXY delay_cli=Certificate" \
|
||||
"$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2" \
|
||||
"$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
|
||||
0 \
|
||||
-C "Buffering HS message" \
|
||||
-C "Next handshake message has been buffered - load"\
|
||||
-s "Buffering HS message" \
|
||||
-s "Next handshake message has been buffered - load" \
|
||||
-C "Injecting buffered CCS message" \
|
||||
-C "Remember CCS message" \
|
||||
-S "Injecting buffered CCS message" \
|
||||
-S "Remember CCS message"
|
||||
|
||||
run_test "DTLS reordering: Buffer out-of-order CCS message on client"\
|
||||
-p "$P_PXY delay_srv=NewSessionTicket" \
|
||||
"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \
|
||||
"$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
|
||||
0 \
|
||||
-C "Buffering HS message" \
|
||||
-C "Next handshake message has been buffered - load"\
|
||||
-S "Buffering HS message" \
|
||||
-S "Next handshake message has been buffered - load" \
|
||||
-c "Injecting buffered CCS message" \
|
||||
-c "Remember CCS message" \
|
||||
-S "Injecting buffered CCS message" \
|
||||
-S "Remember CCS message"
|
||||
|
||||
run_test "DTLS reordering: Buffer out-of-order CCS message on server"\
|
||||
-p "$P_PXY delay_cli=ClientKeyExchange" \
|
||||
"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \
|
||||
"$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
|
||||
0 \
|
||||
-C "Buffering HS message" \
|
||||
-C "Next handshake message has been buffered - load"\
|
||||
-S "Buffering HS message" \
|
||||
-S "Next handshake message has been buffered - load" \
|
||||
-C "Injecting buffered CCS message" \
|
||||
-C "Remember CCS message" \
|
||||
-s "Injecting buffered CCS message" \
|
||||
-s "Remember CCS message"
|
||||
|
||||
run_test "DTLS reordering: Buffer encrypted Finished message" \
|
||||
-p "$P_PXY delay_ccs=1" \
|
||||
"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \
|
||||
"$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
|
||||
0 \
|
||||
-s "Buffer record from epoch 1" \
|
||||
-s "Found buffered record from current epoch - load" \
|
||||
-c "Buffer record from epoch 1" \
|
||||
-c "Found buffered record from current epoch - load"
|
||||
|
||||
# In this test, both the fragmented NewSessionTicket and the ChangeCipherSpec
|
||||
# from the server are delayed, so that the encrypted Finished message
|
||||
# is received and buffered. When the fragmented NewSessionTicket comes
|
||||
# in afterwards, the encrypted Finished message must be freed in order
|
||||
# to make space for the NewSessionTicket to be reassembled.
|
||||
# This works only in very particular circumstances:
|
||||
# - MBEDTLS_SSL_DTLS_MAX_BUFFERING must be large enough to allow buffering
|
||||
# of the NewSessionTicket, but small enough to also allow buffering of
|
||||
# the encrypted Finished message.
|
||||
# - The MTU setting on the server must be so small that the NewSessionTicket
|
||||
# needs to be fragmented.
|
||||
# - All messages sent by the server must be small enough to be either sent
|
||||
# without fragmentation or be reassembled within the bounds of
|
||||
# MBEDTLS_SSL_DTLS_MAX_BUFFERING. Achieve this by testing with a PSK-based
|
||||
# handshake, omitting CRTs.
|
||||
requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 240
|
||||
requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 280
|
||||
run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \
|
||||
-p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \
|
||||
"$P_SRV mtu=190 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \
|
||||
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=abc123 psk_identity=foo" \
|
||||
0 \
|
||||
-s "Buffer record from epoch 1" \
|
||||
-s "Found buffered record from current epoch - load" \
|
||||
-c "Buffer record from epoch 1" \
|
||||
-C "Found buffered record from current epoch - load" \
|
||||
-c "Enough space available after freeing future epoch record"
|
||||
|
||||
# Tests for "randomly unreliable connection": try a variety of flows and peers
|
||||
|
||||
client_needs_more_time 2
|
||||
|
||||
Loading…
Reference in New Issue
Block a user