diff --git a/ChangeLog b/ChangeLog index 961e6e21a..099df83f9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,7 +12,7 @@ Features last paragraph). * Add support for packing multiple records within a single datagram, enabled by default. - * Add support for buffering out-of-order handshake messages. + * Add support for buffering out-of-order handshake messages in DTLS. The maximum amount of RAM used for this can be controlled by the compile-time constant MBEDTLS_SSL_DTLS_MAX_BUFFERING defined in mbedtls/config.h. diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 1cdff71f1..052aed0d3 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3015,6 +3015,15 @@ * Maximum number of heap-allocated bytes for the purpose of * DTLS handshake message reassembly and future message buffering. * + * This should be at least 9/8 * MBEDTLSSL_IN_CONTENT_LEN + * to account for a reassembled handshake message of maximum size, + * together with its reassembly bitmap. + * + * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default) + * should be sufficient for all practical situations as it allows + * to reassembly a large handshake message (such as a certificate) + * while buffering multiple smaller handshake messages. + * */ //#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 39c7bfaa1..83849a564 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -243,8 +243,12 @@ #define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN #endif +/* + * Maximum number of heap-allocated bytes for the purpose of + * DTLS handshake message reassembly and future message buffering. + */ #if !defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING) -#define MBEDTLS_SSL_DTLS_MAX_BUFFERING ( 2 * MBEDTLS_SSL_IN_CONTENT_LEN ) +#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 #endif /* \} name SECTION: Module settings */ @@ -1027,14 +1031,14 @@ struct mbedtls_ssl_context int renego_records_seen; /*!< Records since renego request, or with DTLS, number of retransmissions of request if renego_max_records is < 0 */ -#endif +#endif /* MBEDTLS_SSL_RENEGOTIATION */ int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */ int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */ #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) unsigned badmac_seen; /*!< records with a bad MAC received */ -#endif +#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ mbedtls_ssl_send_t *f_send; /*!< Callback for network send */ mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */ @@ -1090,11 +1094,11 @@ struct mbedtls_ssl_context uint16_t in_epoch; /*!< DTLS epoch for incoming records */ size_t next_record_offset; /*!< offset of the next record in datagram (equal to in_left if none) */ -#endif +#endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) uint64_t in_window_top; /*!< last validated record seq_num */ uint64_t in_window; /*!< bitmask for replay detection */ -#endif +#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ size_t in_hslen; /*!< current handshake message length, including the handshake header */ @@ -1126,14 +1130,14 @@ struct mbedtls_ssl_context #if defined(MBEDTLS_SSL_PROTO_DTLS) uint16_t mtu; /*!< path mtu, used to fragment outgoing messages */ -#endif +#endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_ZLIB_SUPPORT) unsigned char *compress_buf; /*!< zlib data buffer */ -#endif +#endif /* MBEDTLS_ZLIB_SUPPORT */ #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) signed char split_done; /*!< current record already splitted? */ -#endif +#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */ /* * PKI layer @@ -1146,11 +1150,11 @@ struct mbedtls_ssl_context #if defined(MBEDTLS_X509_CRT_PARSE_C) char *hostname; /*!< expected peer CN for verification (and SNI if available) */ -#endif +#endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_ALPN) const char *alpn_chosen; /*!< negotiated protocol */ -#endif +#endif /* MBEDTLS_SSL_ALPN */ /* * Information for DTLS hello verify @@ -1158,7 +1162,7 @@ struct mbedtls_ssl_context #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) unsigned char *cli_id; /*!< transport-level ID of the client */ size_t cli_id_len; /*!< length of cli_id */ -#endif +#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ /* * Secure renegotiation @@ -1170,7 +1174,7 @@ struct mbedtls_ssl_context size_t verify_data_len; /*!< length of verify data stored */ char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ -#endif +#endif /* MBEDTLS_SSL_RENEGOTIATION */ }; #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) @@ -1405,8 +1409,9 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, * encapsulation and encryption/authentication if any. * * \note This can be called at any point during the connection, for - * example when a PMTU estimate becomes available from other - * sources, such as lower (or higher) protocol layers. + * example when a Path Maximum Transfer Unit (PMTU) + * estimate becomes available from other sources, + * such as lower (or higher) protocol layers. * * \note This setting only controls the size of the packets we send, * and does not restrict the size of the datagrams we're diff --git a/library/ssl_cli.c b/library/ssl_cli.c index f77c177f4..838572011 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1101,7 +1101,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); return( ret ); } -#endif +#endif /* MBEDTLS_SSL_PROTO_DTLS */ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) ); @@ -3414,7 +3414,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) return( ret ); } -#endif +#endif /* MBEDTLS_SSL_PROTO_DTLS */ /* Change state now, so that it is right in mbedtls_ssl_read_record(), used * by DTLS for dropping out-of-sequence ChangeCipherSpec records */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 84c83e330..36ca0d69f 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2397,7 +2397,7 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); return( ret ); } -#endif +#endif /* MBEDTLS_SSL_PROTO_DTLS */ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello verify request" ) ); @@ -3385,7 +3385,7 @@ static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); return( ret ); } -#endif +#endif /* MBEDTLS_SSL_PROTO_DTLS */ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello done" ) ); @@ -4264,7 +4264,7 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ) if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) return( ret ); } -#endif +#endif /* MBEDTLS_SSL_PROTO_DTLS */ switch( ssl->state ) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 141f4e0f4..78955bb7f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -55,7 +55,7 @@ #endif static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl ); -static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context *ssl ); +static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl ); /* Length of the "epoch" field in the record header */ static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl ) @@ -109,6 +109,17 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_DTLS) +/* Forward declarations for functions related to message buffering. */ +static void ssl_buffering_free( mbedtls_ssl_context *ssl ); +static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl, + uint8_t slot ); +static void ssl_free_buffered_record( mbedtls_ssl_context *ssl ); +static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ); +static int ssl_load_buffered_record( mbedtls_ssl_context *ssl ); +static int ssl_buffer_message( mbedtls_ssl_context *ssl ); +static int ssl_buffer_future_record( mbedtls_ssl_context *ssl ); +static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl ); + static size_t ssl_get_current_mtu( const mbedtls_ssl_context *ssl ); static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl ) { @@ -183,11 +194,6 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl return( (int) remaining ); } -static void ssl_buffering_free( mbedtls_ssl_context *ssl ); - -static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl, - uint8_t slot ); - /* * Double the retransmit timeout value, within the allowed range, * returning -1 if the maximum value has already been reached. @@ -3037,7 +3043,7 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 ); - /* Copy the handshame message content and set records fields */ + /* Copy the handshake message content and set records fields */ memcpy( ssl->out_msg + 12, p, cur_hs_frag_len ); ssl->out_msglen = cur_hs_frag_len + 12; ssl->out_msgtype = cur->type; @@ -3274,7 +3280,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - /* Update running hashes of hanshake messages seen */ + /* Update running hashes of handshake messages seen */ if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen ); } @@ -3402,12 +3408,12 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) #endif /* MBEDTLS_SSL_PROTO_DTLS */ MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, " - "version = [%d:%d], msglen = %d", - ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2], len ) ); - + "version = [%d:%d], msglen = %d", + ssl->out_hdr[0], ssl->out_hdr[1], + ssl->out_hdr[2], len ) ); MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network", - ssl->out_hdr, protected_record_size ); + ssl->out_hdr, protected_record_size ); ssl->out_left += protected_record_size; ssl->out_hdr += protected_record_size; @@ -3440,7 +3446,9 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) remaining = (size_t) ret; if( remaining == 0 ) + { flush = SSL_FORCE_FLUSH; + } else { MBEDTLS_SSL_DEBUG_MSG( 2, ( "Still %u bytes available in current datagram", (unsigned) remaining ) ); @@ -3473,21 +3481,21 @@ static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl ) return( 0 ); } -static uint32_t ssl_get_hs_frag_len( mbedtls_ssl_context *ssl ) +static uint32_t ssl_get_hs_frag_len( mbedtls_ssl_context const *ssl ) { return( ( ssl->in_msg[9] << 16 ) | ( ssl->in_msg[10] << 8 ) | ssl->in_msg[11] ); } -static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context *ssl ) +static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context const *ssl ) { return( ( ssl->in_msg[6] << 16 ) | ( ssl->in_msg[7] << 8 ) | ssl->in_msg[8] ); } -static int ssl_check_hs_header( mbedtls_ssl_context *ssl ) +static int ssl_check_hs_header( mbedtls_ssl_context const *ssl ) { uint32_t msg_len, frag_off, frag_len; @@ -3585,7 +3593,7 @@ static size_t ssl_get_reassembly_buffer_size( size_t msg_len, #endif /* MBEDTLS_SSL_PROTO_DTLS */ -static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context *ssl ) +static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl ) { return( ( ssl->in_msg[1] << 16 ) | ( ssl->in_msg[2] << 8 ) | @@ -3664,7 +3672,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) /* Message reassembly is handled alongside buffering of future * messages; the commonality is that both handshake fragments and - * future messages cannot be forwarded immediately to the handshake + * future messages cannot be forwarded immediately to the * handshake logic layer. */ if( ssl_hs_is_proper_fragment( ssl ) == 1 ) { @@ -4285,14 +4293,6 @@ static int ssl_consume_current_message( mbedtls_ssl_context *ssl ); static int ssl_get_next_record( mbedtls_ssl_context *ssl ); static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl ); -#if defined(MBEDTLS_SSL_PROTO_DTLS) -static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ); -static int ssl_load_buffered_record( mbedtls_ssl_context *ssl ); -static int ssl_buffer_message( mbedtls_ssl_context *ssl ); -static int ssl_buffer_future_record( mbedtls_ssl_context *ssl ); -static int ssl_another_record_in_datagram( mbedtls_ssl_context *ssl ); -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, unsigned update_hs_digest ) { @@ -4316,7 +4316,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, /* We only check for buffered messages if the * current datagram is fully consumed. */ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl_another_record_in_datagram( ssl ) == 0 ) + ssl_next_record_is_in_datagram( ssl ) == 0 ) { if( ssl_load_buffered_message( ssl ) == 0 ) have_buffered = 1; @@ -4331,7 +4331,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, if( ret != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret ); + MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_get_next_record" ), ret ); return( ret ); } } @@ -4378,7 +4378,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_PROTO_DTLS) -static int ssl_another_record_in_datagram( mbedtls_ssl_context *ssl ) +static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl ) { if( ssl->in_left > ssl->next_record_offset ) return( 1 ); @@ -4409,7 +4409,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ) goto exit; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Inject buffered CCS message" ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Injecting buffered CCS message" ) ); ssl->in_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; ssl->in_msglen = 1; ssl->in_msg[0] = 1; @@ -4422,6 +4422,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ) goto exit; } +#if defined(MBEDTLS_DEBUG_C) /* Debug only */ { unsigned offset; @@ -4432,10 +4433,11 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "Future message with sequence number %u %s buffered.", hs->in_msg_seq + offset, - hs_buf->is_complete ? "fully" : "partitially" ) ); + hs_buf->is_complete ? "fully" : "partially" ) ); } } } +#endif /* MBEDTLS_DEBUG_C */ /* Check if we have buffered and/or fully reassembled the * next handshake message. */ @@ -4481,7 +4483,6 @@ exit: return( ret ); } -static void ssl_free_buffered_record( mbedtls_ssl_context *ssl ); static int ssl_buffer_make_space( mbedtls_ssl_context *ssl, size_t desired ) { @@ -4501,9 +4502,9 @@ static int ssl_buffer_make_space( mbedtls_ssl_context *ssl, return( 0 ); } - /* We don't have enough space to buffer the next expected - * handshake message. Remove buffers used for future msgs - * to gain space, starting with the most distant one. */ + /* We don't have enough space to buffer the next expected handshake + * message. Remove buffers used for future messages to gain space, + * starting with the most distant one. */ for( offset = MBEDTLS_SSL_MAX_BUFFERED_HS - 1; offset >= 0; offset-- ) { @@ -4706,6 +4707,7 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) } default: + /* We don't buffer other types of messages. */ break; } @@ -4851,7 +4853,7 @@ static int ssl_load_buffered_record( mbedtls_ssl_context *ssl ) /* Only consider loading future records if the * input buffer is empty. */ - if( ssl_another_record_in_datagram( ssl ) == 1 ) + if( ssl_next_record_is_in_datagram( ssl ) == 1 ) return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_record" ) ); @@ -7723,7 +7725,7 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) /* * In all other cases, the rest of the message can be dropped. - * As in ssl_read_record_layer, this needs to be adapted if + * As in ssl_get_next_record, this needs to be adapted if * we implement support for multiple alerts in single records. */ diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 258522003..41739d057 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -152,10 +152,10 @@ static struct options int delay; /* delay 1 packet in N (none if 0) */ int delay_ccs; /* delay ChangeCipherSpec */ char* delay_cli[MAX_DELAYED_HS]; /* handshake types of messages from - * client that should be delayed. */ + * client that should be delayed. */ uint8_t delay_cli_cnt; /* Number of entries in delay_cli. */ char* delay_srv[MAX_DELAYED_HS]; /* handshake types of messages from - * server that should be delayed. */ + * server that should be delayed. */ uint8_t delay_srv_cnt; /* Number of entries in delay_srv. */ int drop; /* drop 1 packet in N (none if 0) */ int mtu; /* drop packets larger than this */ @@ -249,8 +249,8 @@ static void get_options( int argc, char *argv[] ) if( *delay_cnt == MAX_DELAYED_HS ) { - mbedtls_printf( " maximally %d uses of delay_cli argument allowed\n", - MAX_DELAYED_HS ); + mbedtls_printf( " too many uses of %s: only %d allowed\n", + p, MAX_DELAYED_HS ); exit_usage( p, NULL ); } @@ -663,6 +663,7 @@ int handle_message( const char *way, delay_list = opt.delay_srv; delay_list_len = opt.delay_srv_cnt; } + /* Check if message type is in the list of messages * that should be delayed */ for( delay_idx = 0; delay_idx < delay_list_len; delay_idx++ ) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ce6c2010a..227d04280 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -142,6 +142,14 @@ get_options() { done } +# Skip next test; use this macro to skip tests which are legitimate +# in theory and expected to be re-introduced at some point, but +# aren't expected to succeed at the moment due to problems outside +# our control (such as bugs in other TLS implementations). +skip_next_test() { + SKIP_NEXT="YES" +} + # skip next test if the flag is not enabled in config.h requires_config_enabled() { if grep "^#define $1" $CONFIG_H > /dev/null; then :; else @@ -156,21 +164,22 @@ requires_config_disabled() { fi } -requires_config_value_at_least() { +get_config_value_or_default() { NAME="$1" - DEF_VAL=$( grep ".*#define.*MBEDTLS_SSL_DTLS_MAX_BUFFERING" ../include/mbedtls/config.h | + DEF_VAL=$( grep ".*#define.*${NAME}" ../include/mbedtls/config.h | sed 's/^.*\s\([0-9]*\)$/\1/' ) - VAL=$( ../scripts/config.pl get $NAME || echo "$DEF_VAL" ) + ../scripts/config.pl get $NAME || echo "$DEF_VAL" +} + +requires_config_value_at_least() { + VAL=$( get_config_value_or_default "$1" ) if [ "$VAL" -lt "$2" ]; then SKIP_NEXT="YES" fi } requires_config_value_at_most() { - NAME="$1" - DEF_VAL=$( grep ".*#define.*MBEDTLS_SSL_DTLS_MAX_BUFFERING" ../include/mbedtls/config.h | - sed 's/^.*\s\([0-9]*\)$/\1/' ) - VAL=$( ../scripts/config.pl get $NAME || echo "$DEF_VAL" ) + VAL=$( get_config_value_or_default "$1" ) if [ "$VAL" -gt "$2" ]; then SKIP_NEXT="YES" fi @@ -5317,9 +5326,8 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio" \ -c "found fragmented DTLS handshake message" \ -C "error" -# This ensures things still work after session_reset(), -# for example it would have caught #1941. -# It also exercises the "resumed hanshake" flow. +# This ensures things still work after session_reset(). +# It also exercises the "resumed handshake" flow. # Since we don't support reading fragmented ClientHello yet, # up the MTU to 1450 (larger than ClientHello with session ticket, # but still smaller than client's Certificate to ensure fragmentation). @@ -5571,6 +5579,13 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.0" \ -c "fragmenting handshake message" \ -C "error" +# We use --insecure for the GnuTLS client because it expects +# the hostname / IP it connects to to be the name used in the +# certificate obtained from the server. Here, however, it +# connects to 127.0.0.1 while our test certificates use 'localhost' +# as the server name in the certificate. This will make the +# certifiate validation fail, but passing --insecure makes +# GnuTLS continue the connection nonetheless. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -5585,6 +5600,7 @@ run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ 0 \ -s "fragmenting handshake message" +# See previous test for the reason to use --insecure requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -5696,38 +5712,39 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \ ## https://gitlab.com/gnutls/gnutls/issues/543 ## We can re-enable them when a fixed version fo GnuTLS is available ## and installed in our CI system. -## -## requires_gnutls -## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -## requires_config_enabled MBEDTLS_RSA_C -## requires_config_enabled MBEDTLS_ECDSA_C -## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -## client_needs_more_time 4 -## run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ -## -p "$P_PXY drop=8 delay=8 duplicate=8" \ -## "$P_SRV dtls=1 debug_level=2 \ -## crt_file=data_files/server7_int-ca.crt \ -## key_file=data_files/server7.key \ -## hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ -## "$G_CLI -u --insecure 127.0.0.1" \ -## 0 \ -## -s "fragmenting handshake message" -## -## requires_gnutls -## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -## requires_config_enabled MBEDTLS_RSA_C -## requires_config_enabled MBEDTLS_ECDSA_C -## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 -## client_needs_more_time 4 -## run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \ -## -p "$P_PXY drop=8 delay=8 duplicate=8" \ -## "$P_SRV dtls=1 debug_level=2 \ -## crt_file=data_files/server7_int-ca.crt \ -## key_file=data_files/server7.key \ -## hs_timeout=250-60000 mtu=512 force_version=dtls1" \ -## "$G_CLI -u --insecure 127.0.0.1" \ -## 0 \ -## -s "fragmenting handshake message" +skip_next_test +requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +client_needs_more_time 4 +run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ + -p "$P_PXY drop=8 delay=8 duplicate=8" \ + "$P_SRV dtls=1 debug_level=2 \ + crt_file=data_files/server7_int-ca.crt \ + key_file=data_files/server7.key \ + hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ + "$G_CLI -u --insecure 127.0.0.1" \ + 0 \ + -s "fragmenting handshake message" + +skip_next_test +requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 +client_needs_more_time 4 +run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \ + -p "$P_PXY drop=8 delay=8 duplicate=8" \ + "$P_SRV dtls=1 debug_level=2 \ + crt_file=data_files/server7_int-ca.crt \ + key_file=data_files/server7.key \ + hs_timeout=250-60000 mtu=512 force_version=dtls1" \ + "$G_CLI -u --insecure 127.0.0.1" \ + 0 \ + -s "fragmenting handshake message" ## Interop test with OpenSSL might triger a bug in recent versions (that ## probably won't be fixed before 1.1.1X), so we use an old version that @@ -5736,22 +5753,22 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \ ## Bug report: https://github.com/openssl/openssl/issues/6902 ## They should be re-enabled (and the DTLS 1.0 switched back to a non-legacy ## version of OpenSSL once a fixed version of OpenSSL is available) -## -## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -## requires_config_enabled MBEDTLS_RSA_C -## requires_config_enabled MBEDTLS_ECDSA_C -## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -## client_needs_more_time 4 -## run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ -## -p "$P_PXY drop=8 delay=8 duplicate=8" \ -## "$O_SRV -dtls1_2 -verify 10" \ -## "$P_CLI dtls=1 debug_level=2 \ -## crt_file=data_files/server8_int-ca2.crt \ -## key_file=data_files/server8.key \ -## hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ -## 0 \ -## -c "fragmenting handshake message" \ -## -C "error" +skip_next_test +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +client_needs_more_time 4 +run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ + -p "$P_PXY drop=8 delay=8 duplicate=8" \ + "$O_SRV -dtls1_2 -verify 10" \ + "$P_CLI dtls=1 debug_level=2 \ + crt_file=data_files/server8_int-ca2.crt \ + key_file=data_files/server8.key \ + hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ + 0 \ + -c "fragmenting handshake message" \ + -C "error" requires_openssl_legacy requires_config_enabled MBEDTLS_SSL_PROTO_DTLS @@ -5935,9 +5952,25 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ -c "Next handshake message has been buffered - load"\ -S "Buffering HS message" \ -S "Next handshake message has been buffered - load"\ - -C "Inject buffered CCS message" \ + -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ - -S "Inject buffered CCS message" \ + -S "Injecting buffered CCS message" \ + -S "Remember CCS message" + +run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \ + -p "$P_PXY delay_srv=ServerHello" \ + "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \ + 0 \ + -c "Buffering HS message" \ + -c "found fragmented DTLS handshake message"\ + -c "Next handshake message 1 not or only partially bufffered" \ + -c "Next handshake message has been buffered - load"\ + -S "Buffering HS message" \ + -S "Next handshake message has been buffered - load"\ + -C "Injecting buffered CCS message" \ + -C "Remember CCS message" \ + -S "Injecting buffered CCS message" \ -S "Remember CCS message" # The client buffers the ServerKeyExchange before receiving the fragmented @@ -5955,9 +5988,9 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex -C "attempt to make space by freeing buffered messages" \ -S "Buffering HS message" \ -S "Next handshake message has been buffered - load"\ - -C "Inject buffered CCS message" \ + -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ - -S "Inject buffered CCS message" \ + -S "Injecting buffered CCS message" \ -S "Remember CCS message" # The size constraints ensure that the delayed certificate message can't @@ -5975,9 +6008,9 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex -c "Enough space available after freeing buffered HS messages" \ -S "Buffering HS message" \ -S "Next handshake message has been buffered - load"\ - -C "Inject buffered CCS message" \ + -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ - -S "Inject buffered CCS message" \ + -S "Injecting buffered CCS message" \ -S "Remember CCS message" run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ @@ -5989,9 +6022,9 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ -C "Next handshake message has been buffered - load"\ -s "Buffering HS message" \ -s "Next handshake message has been buffered - load" \ - -C "Inject buffered CCS message" \ + -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ - -S "Inject buffered CCS message" \ + -S "Injecting buffered CCS message" \ -S "Remember CCS message" run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ @@ -6003,9 +6036,9 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ -C "Next handshake message has been buffered - load"\ -S "Buffering HS message" \ -S "Next handshake message has been buffered - load" \ - -c "Inject buffered CCS message" \ + -c "Injecting buffered CCS message" \ -c "Remember CCS message" \ - -S "Inject buffered CCS message" \ + -S "Injecting buffered CCS message" \ -S "Remember CCS message" run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ @@ -6017,9 +6050,9 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ -C "Next handshake message has been buffered - load"\ -S "Buffering HS message" \ -S "Next handshake message has been buffered - load" \ - -C "Inject buffered CCS message" \ + -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ - -s "Inject buffered CCS message" \ + -s "Injecting buffered CCS message" \ -s "Remember CCS message" run_test "DTLS reordering: Buffer encrypted Finished message" \