From 90c6e84a9c3e1823af6430d948e1e3e80521b01d Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 3 Apr 2020 05:25:29 -0400 Subject: [PATCH 1/9] Split the maximum fragment length into two - an input and output MFL Since the server might want to have a different maximum fragment length for the outgoing messages than the negotiated one - introduce a new way of computing it. This commit also adds additional ssl-opt.sh tests ensuring that the maximum fragment lengths are set as expected. mbedtls_ssl_get_max_frag_len() is now a deprecated function, being an alias to mbedtls_ssl_get_output_max_frag_len(). The behaviour of this function is the same as before. Signed-off-by: Andrzej Kurek --- ChangeLog | 9 ++ include/mbedtls/ssl.h | 60 +++++++-- include/mbedtls/ssl_internal.h | 8 +- library/ssl_msg.c | 2 +- library/ssl_tls.c | 46 ++++++- programs/ssl/ssl_client2.c | 6 +- programs/ssl/ssl_server2.c | 6 +- tests/ssl-opt.sh | 231 ++++++++++++++++++++++++++++++--- 8 files changed, 328 insertions(+), 40 deletions(-) diff --git a/ChangeLog b/ChangeLog index bcceebb7d..0547f69ed 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,10 @@ mbed TLS ChangeLog (Sorted per branch, date) New deprecations * Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL that enables function hooks in the SSL module for hardware acceleration of individual records. + * Deprecate mbedtls_ssl_get_max_frag_len() in favour of + mbedtls_ssl_get_output_max_frag_len() and + mbedtls_ssl_get_input_max_frag_len() to be more precise about which max + fragment length is desired. Bugfix * Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and @@ -13,6 +17,11 @@ Bugfix Changes * Mbed Crypto is no longer a Git submodule. The crypto part of the library is back directly in the present repository. + * Split mbedtls_ssl_get_max_frag_len() into + mbedtls_ssl_get_output_max_frag_len() and + mbedtls_ssl_get_input_max_frag_len() to ensure that a sufficient input + buffer is allocated by the server (if MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH + is defined), regardless of what MFL was configured for it. = mbed TLS 2.21.0 branch released 2020-02-20 diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 1a071fc30..1c98a5e5a 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3523,18 +3523,61 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) /** - * \brief Return the maximum fragment length (payload, in bytes). - * This is the value negotiated with peer if any, - * or the locally configured value. + * \brief Return the maximum fragment length (payload, in bytes) for + * the output buffer. For the client, this is the configured + * value. For the server, it is the minimum of two - the + * configured value and the negotiated one. * * \sa mbedtls_ssl_conf_max_frag_len() * \sa mbedtls_ssl_get_max_record_payload() * * \param ssl SSL context * - * \return Current maximum fragment length. + * \return Current maximum fragment length for the output buffer. */ -size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ); +size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl ); + +/** + * \brief Return the maximum fragment length (payload, in bytes) for + * the input buffer. This is the negotiated maximum fragment + * length, or, if there is none, MBEDTLS_SSL_MAX_CONTENT_LEN. + * If it is not defined either, the value is 2^14. This function + * works as its predecessor, \c mbedtls_ssl_get_max_frag_len(). + * + * \sa mbedtls_ssl_conf_max_frag_len() + * \sa mbedtls_ssl_get_max_record_payload() + * + * \param ssl SSL context + * + * \return Current maximum fragment length for the output buffer. + */ +size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) + +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif + +/** + * \brief This function is a deprecated approach to getting the max + * fragment length. Its an alias for + * \c mbedtls_ssl_get_output_max_frag_len(), as the behaviour + * is the same. See \c mbedtls_ssl_get_output_max_frag_len() for + * more detail. + * + * \sa mbedtls_ssl_get_input_max_frag_len() + * \sa mbedtls_ssl_get_output_max_frag_len() + * + * \param ssl SSL context + * + * \return Current maximum fragment length for the output buffer. + */ +MBEDTLS_DEPRECATED size_t mbedtls_ssl_get_max_frag_len( + const mbedtls_ssl_context *ssl ); +#endif /* MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ /** @@ -3555,7 +3598,8 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ); * when record compression is enabled. * * \sa mbedtls_ssl_set_mtu() - * \sa mbedtls_ssl_get_max_frag_len() + * \sa mbedtls_ssl_get_output_max_frag_len() + * \sa mbedtls_ssl_get_input_max_frag_len() * \sa mbedtls_ssl_get_record_expansion() * * \param ssl SSL context @@ -3863,8 +3907,8 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * or negotiated with the peer), then: * - with TLS, less bytes than requested are written. * - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned. - * \c mbedtls_ssl_get_max_frag_len() may be used to query the - * active maximum fragment length. + * \c mbedtls_ssl_get_output_max_frag_len() may be used to + * query the active maximum fragment length. * * \note Attempting to write 0 bytes will result in an empty TLS * application record being sent. diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 9ff61fd3c..f83d01454 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -260,11 +260,11 @@ static inline uint32_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx ) { #if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID) - return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx ) + return (uint32_t) mbedtls_ssl_get_output_max_frag_len( ctx ) + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD + MBEDTLS_SSL_CID_OUT_LEN_MAX; #else - return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx ) + return (uint32_t) mbedtls_ssl_get_output_max_frag_len( ctx ) + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; #endif } @@ -272,11 +272,11 @@ static inline uint32_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context static inline uint32_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ctx ) { #if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID) - return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx ) + return (uint32_t) mbedtls_ssl_get_input_max_frag_len( ctx ) + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD + MBEDTLS_SSL_CID_IN_LEN_MAX; #else - return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx ) + return (uint32_t) mbedtls_ssl_get_input_max_frag_len( ctx ) + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; #endif } diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 18fa55574..b4902bef8 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -214,7 +214,7 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl ); + const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl ); if( max_len > mfl ) max_len = mfl; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 990fa5c0c..9b0a710a9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4889,7 +4889,42 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ) } #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ) +size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl ) +{ + size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN; + size_t read_mfl; + + /* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */ + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && + ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE ) + { + return ssl_mfl_code_to_length( ssl->conf->mfl_code ); + } + + /* Check if a smaller max length was negotiated */ + if( ssl->session_out != NULL ) + { + read_mfl = ssl_mfl_code_to_length( ssl->session_out->mfl_code ); + if( read_mfl < max_len ) + { + max_len = read_mfl; + } + } + + // During a handshake, use the value being negotiated + if( ssl->session_negotiate != NULL ) + { + read_mfl = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code ); + if( read_mfl < max_len ) + { + max_len = read_mfl; + } + } + + return( max_len ); +} + +size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl ) { size_t max_len; @@ -4914,6 +4949,13 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ) return( max_len ); } + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ) +{ + return mbedtls_ssl_get_output_max_frag_len( ssl ); +} +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -4946,7 +4988,7 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl ); + const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl ); if( max_len > mfl ) max_len = mfl; diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d6c3d7751..f6284feeb 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2553,8 +2553,10 @@ int main( int argc, char *argv[] ) mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" ); #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - mbedtls_printf( " [ Maximum fragment length is %u ]\n", - (unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) ); + mbedtls_printf( " [ Maximum input fragment length is %u ]\n", + (unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) ); + mbedtls_printf( " [ Maximum output fragment length is %u ]\n", + (unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) ); #endif #if defined(MBEDTLS_SSL_ALPN) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index f1b5c37aa..845881f93 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3633,8 +3633,10 @@ handshake: mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" ); #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - mbedtls_printf( " [ Maximum fragment length is %u ]\n", - (unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) ); + mbedtls_printf( " [ Maximum input fragment length is %u ]\n", + (unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) ); + mbedtls_printf( " [ Maximum output fragment length is %u ]\n", + (unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) ); #endif #if defined(MBEDTLS_SSL_ALPN) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 35f742f67..b0228d7ae 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2925,8 +2925,10 @@ run_test "Max fragment length: enabled, default" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ 0 \ - -c "Maximum fragment length is $MAX_CONTENT_LEN" \ - -s "Maximum fragment length is $MAX_CONTENT_LEN" \ + -c "Maximum input fragment length is $MAX_CONTENT_LEN" \ + -c "Maximum output fragment length is $MAX_CONTENT_LEN" \ + -s "Maximum input fragment length is $MAX_CONTENT_LEN" \ + -s "Maximum output fragment length is $MAX_CONTENT_LEN" \ -C "client hello, adding max_fragment_length extension" \ -S "found max fragment length extension" \ -S "server hello, max_fragment_length extension" \ @@ -2937,8 +2939,10 @@ run_test "Max fragment length: enabled, default, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 0 \ - -c "Maximum fragment length is $MAX_CONTENT_LEN" \ - -s "Maximum fragment length is $MAX_CONTENT_LEN" \ + -c "Maximum input fragment length is $MAX_CONTENT_LEN" \ + -c "Maximum output fragment length is $MAX_CONTENT_LEN" \ + -s "Maximum input fragment length is $MAX_CONTENT_LEN" \ + -s "Maximum output fragment length is $MAX_CONTENT_LEN" \ -C "client hello, adding max_fragment_length extension" \ -S "found max fragment length extension" \ -S "server hello, max_fragment_length extension" \ @@ -2952,8 +2956,10 @@ run_test "Max fragment length, DTLS: enabled, default, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 1 \ - -c "Maximum fragment length is $MAX_CONTENT_LEN" \ - -s "Maximum fragment length is $MAX_CONTENT_LEN" \ + -c "Maximum input fragment length is $MAX_CONTENT_LEN" \ + -c "Maximum output fragment length is $MAX_CONTENT_LEN" \ + -s "Maximum input fragment length is $MAX_CONTENT_LEN" \ + -s "Maximum output fragment length is $MAX_CONTENT_LEN" \ -C "client hello, adding max_fragment_length extension" \ -S "found max fragment length extension" \ -S "server hello, max_fragment_length extension" \ @@ -2969,8 +2975,10 @@ run_test "Max fragment length: disabled, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 0 \ - -C "Maximum fragment length is 16384" \ - -S "Maximum fragment length is 16384" \ + -C "Maximum input fragment length is 16384" \ + -C "Maximum output fragment length is 16384" \ + -S "Maximum input fragment length is 16384" \ + -S "Maximum output fragment length is 16384" \ -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \ -s "$MAX_CONTENT_LEN bytes read" \ -s "1 bytes read" @@ -2980,8 +2988,10 @@ run_test "Max fragment length DTLS: disabled, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 1 \ - -C "Maximum fragment length is 16384" \ - -S "Maximum fragment length is 16384" \ + -C "Maximum input fragment length is 16384" \ + -C "Maximum output fragment length is 16384" \ + -S "Maximum input fragment length is 16384" \ + -S "Maximum output fragment length is 16384" \ -c "fragment larger than.*maximum " requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH @@ -2989,8 +2999,178 @@ run_test "Max fragment length: used by client" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=4096" \ 0 \ - -c "Maximum fragment length is 4096" \ - -s "Maximum fragment length is 4096" \ + -c "Maximum input fragment length is 4096" \ + -c "Maximum output fragment length is 4096" \ + -s "Maximum input fragment length is 4096" \ + -s "Maximum output fragment length is 4096" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 512, server 1024" \ + "$P_SRV debug_level=3 max_frag_len=1024" \ + "$P_CLI debug_level=3 max_frag_len=512" \ + 0 \ + -c "Maximum input fragment length is 512" \ + -c "Maximum output fragment length is 512" \ + -s "Maximum input fragment length is 512" \ + -s "Maximum output fragment length is 512" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 512, server 2048" \ + "$P_SRV debug_level=3 max_frag_len=2048" \ + "$P_CLI debug_level=3 max_frag_len=512" \ + 0 \ + -c "Maximum input fragment length is 512" \ + -c "Maximum output fragment length is 512" \ + -s "Maximum input fragment length is 512" \ + -s "Maximum output fragment length is 512" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 512, server 4096" \ + "$P_SRV debug_level=3 max_frag_len=4096" \ + "$P_CLI debug_level=3 max_frag_len=512" \ + 0 \ + -c "Maximum input fragment length is 512" \ + -c "Maximum output fragment length is 512" \ + -s "Maximum input fragment length is 512" \ + -s "Maximum output fragment length is 512" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 1024, server 512" \ + "$P_SRV debug_level=3 max_frag_len=512" \ + "$P_CLI debug_level=3 max_frag_len=1024" \ + 0 \ + -c "Maximum input fragment length is 1024" \ + -c "Maximum output fragment length is 1024" \ + -s "Maximum input fragment length is 1024" \ + -s "Maximum output fragment length is 512" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 1024, server 2048" \ + "$P_SRV debug_level=3 max_frag_len=2048" \ + "$P_CLI debug_level=3 max_frag_len=1024" \ + 0 \ + -c "Maximum input fragment length is 1024" \ + -c "Maximum output fragment length is 1024" \ + -s "Maximum input fragment length is 1024" \ + -s "Maximum output fragment length is 1024" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 1024, server 4096" \ + "$P_SRV debug_level=3 max_frag_len=4096" \ + "$P_CLI debug_level=3 max_frag_len=1024" \ + 0 \ + -c "Maximum input fragment length is 1024" \ + -c "Maximum output fragment length is 1024" \ + -s "Maximum input fragment length is 1024" \ + -s "Maximum output fragment length is 1024" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 2048, server 512" \ + "$P_SRV debug_level=3 max_frag_len=512" \ + "$P_CLI debug_level=3 max_frag_len=2048" \ + 0 \ + -c "Maximum input fragment length is 2048" \ + -c "Maximum output fragment length is 2048" \ + -s "Maximum input fragment length is 2048" \ + -s "Maximum output fragment length is 512" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 2048, server 1024" \ + "$P_SRV debug_level=3 max_frag_len=1024" \ + "$P_CLI debug_level=3 max_frag_len=2048" \ + 0 \ + -c "Maximum input fragment length is 2048" \ + -c "Maximum output fragment length is 2048" \ + -s "Maximum input fragment length is 2048" \ + -s "Maximum output fragment length is 1024" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 2048, server 4096" \ + "$P_SRV debug_level=3 max_frag_len=4096" \ + "$P_CLI debug_level=3 max_frag_len=2048" \ + 0 \ + -c "Maximum input fragment length is 2048" \ + -c "Maximum output fragment length is 2048" \ + -s "Maximum input fragment length is 2048" \ + -s "Maximum output fragment length is 2048" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 4096, server 512" \ + "$P_SRV debug_level=3 max_frag_len=512" \ + "$P_CLI debug_level=3 max_frag_len=4096" \ + 0 \ + -c "Maximum input fragment length is 4096" \ + -c "Maximum output fragment length is 4096" \ + -s "Maximum input fragment length is 4096" \ + -s "Maximum output fragment length is 512" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 4096, server 1024" \ + "$P_SRV debug_level=3 max_frag_len=1024" \ + "$P_CLI debug_level=3 max_frag_len=4096" \ + 0 \ + -c "Maximum input fragment length is 4096" \ + -c "Maximum output fragment length is 4096" \ + -s "Maximum input fragment length is 4096" \ + -s "Maximum output fragment length is 1024" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: client 4096, server 2048" \ + "$P_SRV debug_level=3 max_frag_len=2048" \ + "$P_CLI debug_level=3 max_frag_len=4096" \ + 0 \ + -c "Maximum input fragment length is 4096" \ + -c "Maximum output fragment length is 4096" \ + -s "Maximum input fragment length is 4096" \ + -s "Maximum output fragment length is 2048" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3001,8 +3181,10 @@ run_test "Max fragment length: used by server" \ "$P_SRV debug_level=3 max_frag_len=4096" \ "$P_CLI debug_level=3" \ 0 \ - -c "Maximum fragment length is $MAX_CONTENT_LEN" \ - -s "Maximum fragment length is 4096" \ + -c "Maximum input fragment length is $MAX_CONTENT_LEN" \ + -c "Maximum output fragment length is $MAX_CONTENT_LEN" \ + -s "Maximum input fragment length is $MAX_CONTENT_LEN" \ + -s "Maximum output fragment length is 4096" \ -C "client hello, adding max_fragment_length extension" \ -S "found max fragment length extension" \ -S "server hello, max_fragment_length extension" \ @@ -3014,7 +3196,8 @@ run_test "Max fragment length: gnutls server" \ "$G_SRV" \ "$P_CLI debug_level=3 max_frag_len=4096" \ 0 \ - -c "Maximum fragment length is 4096" \ + -c "Maximum input fragment length is 4096" \ + -c "Maximum output fragment length is 4096" \ -c "client hello, adding max_fragment_length extension" \ -c "found max_fragment_length extension" @@ -3023,8 +3206,10 @@ run_test "Max fragment length: client, message just fits" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \ 0 \ - -c "Maximum fragment length is 2048" \ - -s "Maximum fragment length is 2048" \ + -c "Maximum input fragment length is 2048" \ + -c "Maximum output fragment length is 2048" \ + -s "Maximum input fragment length is 2048" \ + -s "Maximum output fragment length is 2048" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3037,8 +3222,10 @@ run_test "Max fragment length: client, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \ 0 \ - -c "Maximum fragment length is 2048" \ - -s "Maximum fragment length is 2048" \ + -c "Maximum input fragment length is 2048" \ + -c "Maximum output fragment length is 2048" \ + -s "Maximum input fragment length is 2048" \ + -s "Maximum output fragment length is 2048" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3052,8 +3239,10 @@ run_test "Max fragment length: DTLS client, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \ 1 \ - -c "Maximum fragment length is 2048" \ - -s "Maximum fragment length is 2048" \ + -c "Maximum input fragment length is 2048" \ + -c "Maximum output fragment length is 2048" \ + -s "Maximum input fragment length is 2048" \ + -s "Maximum output fragment length is 2048" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ From 8ea6872889f073876ca3b7c17a51eca419e06f50 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 3 Apr 2020 06:40:47 -0400 Subject: [PATCH 2/9] Improve pointer calculations when resizing I/O buffers This commit introduces two changes: - Add in_msg and out_msg calculations for buffer upsizing. This was previously considered as unnecessary, but renegotiation using certain ciphersuites needs this. - Improving the way out_msg and in_msg pointers are calculated, so that even if no resizing is introduced, the pointers remain the same; New tests added: - various renegotiation schemes with a range of MFL's and ciphersuites; - an ssl-opt.sh test exercising two things that were problematic: renegotiation with TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 and a server MFL that's smaller than the one negotiated by the client. Signed-off-by: Andrzej Kurek --- library/ssl_tls.c | 96 +++++++++------ tests/ssl-opt.sh | 23 ++++ tests/suites/test_suite_ssl.data | 168 +++++++++++++++++++++++++-- tests/suites/test_suite_ssl.function | 11 +- 4 files changed, 244 insertions(+), 54 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9b0a710a9..d0adfd951 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3673,36 +3673,51 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) /* If the buffers are too small - reallocate */ { int modified = 0; - if( ssl->in_buf_len < MBEDTLS_SSL_IN_BUFFER_LEN ) + size_t written_in = 0; + size_t written_out = 0; + if( ssl->in_buf != NULL ) { - if( resize_buffer( &ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN, - &ssl->in_buf_len ) != 0 ) + written_in = ssl->in_msg - ssl->in_buf; + if( ssl->in_buf_len < MBEDTLS_SSL_IN_BUFFER_LEN ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", MBEDTLS_SSL_IN_BUFFER_LEN ) ); - modified = 1; + if( resize_buffer( &ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN, + &ssl->in_buf_len ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) ); + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", MBEDTLS_SSL_IN_BUFFER_LEN ) ); + modified = 1; + } } } - if( ssl->out_buf_len < MBEDTLS_SSL_OUT_BUFFER_LEN ) + + if( ssl->out_buf != NULL ) { - if( resize_buffer( &ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN, - &ssl->out_buf_len ) != 0 ) + written_out = ssl->out_msg - ssl->out_buf; + if( ssl->out_buf_len < MBEDTLS_SSL_OUT_BUFFER_LEN ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", MBEDTLS_SSL_OUT_BUFFER_LEN ) ); - modified = 1; + if( resize_buffer( &ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN, + &ssl->out_buf_len ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) ); + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", MBEDTLS_SSL_OUT_BUFFER_LEN ) ); + modified = 1; + } } } if( modified ) { /* Update pointers here to avoid doing it twice. */ mbedtls_ssl_reset_in_out_pointers( ssl ); + /* Fields below might not be properly updated with record + * splitting, so they are manually updated here. */ + ssl->out_msg = ssl->out_buf + written_out; + ssl->in_msg = ssl->in_buf + written_in; } } #endif @@ -5934,36 +5949,41 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) uint32_t buf_len = mbedtls_ssl_get_input_buflen( ssl ); size_t written_in = 0; size_t written_out = 0; - if( ssl->in_buf != NULL && - ssl->in_buf_len > buf_len && - ssl->in_left < buf_len ) + if( ssl->in_buf != NULL ) { written_in = ssl->in_msg - ssl->in_buf; - if( resize_buffer( &ssl->in_buf, buf_len, &ssl->in_buf_len ) != 0 ) + if( ssl->in_buf_len > buf_len && ssl->in_left < buf_len ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", buf_len ) ); - modified = 1; + written_in = ssl->in_msg - ssl->in_buf; + if( resize_buffer( &ssl->in_buf, buf_len, &ssl->in_buf_len ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) ); + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", buf_len ) ); + modified = 1; + } } } + buf_len = mbedtls_ssl_get_output_buflen( ssl ); - if( ssl->out_buf != NULL && - ssl->out_buf_len > mbedtls_ssl_get_output_buflen( ssl ) && - ssl->out_left < buf_len ) + if(ssl->out_buf != NULL ) { written_out = ssl->out_msg - ssl->out_buf; - if( resize_buffer( &ssl->out_buf, buf_len, &ssl->out_buf_len ) != 0 ) + if( ssl->out_buf_len > mbedtls_ssl_get_output_buflen( ssl ) && + ssl->out_left < buf_len ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", buf_len ) ); - modified = 1; + if( resize_buffer( &ssl->out_buf, buf_len, &ssl->out_buf_len ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) ); + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", buf_len ) ); + modified = 1; + } } } if( modified ) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b0228d7ae..df4baf848 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3343,6 +3343,29 @@ run_test "Renegotiation: double" \ -s "=> renegotiate" \ -s "write hello request" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Renegotiation with max fragment length: client 2048, server 512" \ + "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \ + "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + 0 \ + -c "Maximum input fragment length is 2048" \ + -c "Maximum output fragment length is 2048" \ + -s "Maximum input fragment length is 2048" \ + -s "Maximum output fragment length is 512" \ + -c "client hello, adding max_fragment_length extension" \ + -s "found max fragment length extension" \ + -s "server hello, max_fragment_length extension" \ + -c "found max_fragment_length extension" \ + -c "client hello, adding renegotiation extension" \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" \ + -s "=> renegotiate" \ + -s "write hello request" + requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: client-initiated, server-rejected" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \ diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 47ebd92d3..9af6a5ca0 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -379,40 +379,184 @@ DTLS serialization with MFL=4096 resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096 DTLS no legacy renegotiation with MFL=512 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" DTLS no legacy renegotiation with MFL=1024 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" DTLS no legacy renegotiation with MFL=2048 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" DTLS no legacy renegotiation with MFL=4096 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" DTLS legacy allow renegotiation with MFL=512 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" DTLS legacy allow renegotiation with MFL=1024 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" DTLS legacy allow renegotiation with MFL=2048 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" DTLS legacy allow renegotiation with MFL=4096 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" DTLS legacy break handshake renegotiation with MFL=512 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" DTLS legacy break handshake renegotiation with MFL=1024 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" DTLS legacy break handshake renegotiation with MFL=2048 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" DTLS legacy break handshake renegotiation with MFL=4096 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" + +DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS no legacy renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS no legacy renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS no legacy renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS legacy allow renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS legacy allow renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS legacy allow renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS legacy allow renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS legacy break handshake renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" + +DTLS no legacy renegotiation with MFL=512, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" + +DTLS no legacy renegotiation with MFL=1024, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" + +DTLS no legacy renegotiation with MFL=2048, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" + +DTLS no legacy renegotiation with MFL=4096, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" + +DTLS legacy allow renegotiation with MFL=512, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" + +DTLS legacy allow renegotiation with MFL=1024, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" + +DTLS legacy allow renegotiation with MFL=2048, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" + +DTLS legacy allow renegotiation with MFL=4096, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" + +DTLS legacy break handshake renegotiation with MFL=512, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" + +DTLS legacy break handshake renegotiation with MFL=1024, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" + +DTLS legacy break handshake renegotiation with MFL=2048, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" + +DTLS legacy break handshake renegotiation with MFL=4096, RSA-WITH-AES-128-CCM +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" + +DTLS no legacy renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS no legacy renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS no legacy renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS no legacy renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS legacy allow renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS legacy allow renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS legacy allow renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS legacy allow renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS legacy break handshake renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS legacy break handshake renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS legacy break handshake renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS legacy break handshake renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" SSL DTLS replay: initial state, seqnum 0 ssl_dtls_replay:"":"000000000000":0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 2a6e99b46..e59a1677c 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3900,12 +3900,13 @@ void renegotiation( int legacy_renegotiation ) /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */ void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation, - int serialize, int dtls ) + int serialize, int dtls, char *cipher ) { handshake_test_options options; init_handshake_options( &options ); options.mfl = mfl; + options.cipher = cipher; options.renegotiate = renegotiation; options.legacy_renegotiation = legacy_renegotiation; options.serialize = serialize; @@ -3921,7 +3922,8 @@ void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation, /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS */ void resize_buffers_serialize_mfl( int mfl ) { - test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1 ); + test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1, + (char *) "" ); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; @@ -3929,9 +3931,10 @@ void resize_buffers_serialize_mfl( int mfl ) /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */ -void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation ) +void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation, + char *cipher ) { - test_resize_buffers( mfl, 1, legacy_renegotiation, 0, 1 ); + test_resize_buffers( mfl, 1, legacy_renegotiation, 0, 1, cipher ); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; From 6d6ee98c140e70fb8b07301e270081eb1fe91d13 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 9 Apr 2020 18:28:14 +0200 Subject: [PATCH 3/9] Exit with a failure status if some tests failed Signed-off-by: Gilles Peskine --- tests/scripts/basic-build-test.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 6419f05e4..7490777ec 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -224,3 +224,7 @@ make clean if [ -f "$CONFIG_BAK" ]; then mv "$CONFIG_BAK" "$CONFIG_H" fi + +if [ $TOTAL_FAIL -ne 0 ]; then + exit 1 +fi From ca51b474dc2966576a98a59d094647423fb0dd35 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 9 Apr 2020 18:29:42 +0200 Subject: [PATCH 4/9] Note that we keep going even if some tests fail Signed-off-by: Gilles Peskine --- tests/scripts/basic-build-test.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 7490777ec..a2f12f890 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -79,15 +79,15 @@ if [ ! -f "seedfile" ]; then dd if=/dev/urandom of="seedfile" bs=32 count=1 fi -# Step 2a - Unit Tests +# Step 2a - Unit Tests (keep going even if some tests fail) perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT echo -# Step 2b - System Tests +# Step 2b - System Tests (keep going even if some tests fail) sh ssl-opt.sh |tee sys-test-$TEST_OUTPUT echo -# Step 2c - Compatibility tests +# Step 2c - Compatibility tests (keep going even if some tests fail) sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' | \ tee compat-test-$TEST_OUTPUT OPENSSL_CMD="$OPENSSL_LEGACY" \ From 5757d542619bc84e1a1b2ff9eecb35195fbc1cbd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 9 Apr 2020 18:32:48 +0200 Subject: [PATCH 5/9] If 'make lcov' failed, exit immediately Signed-off-by: Gilles Peskine --- tests/scripts/basic-build-test.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index a2f12f890..e248c2267 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -104,7 +104,15 @@ echo # Step 3 - Process the coverage report cd .. -make lcov |tee tests/cov-$TEST_OUTPUT +{ + make lcov + echo SUCCESS +} | tee tests/cov-$TEST_OUTPUT + +if [ "$(tail -n1 tests/cov-$TEST_OUTPUT)" != "SUCCESS" ]; then + echo >&2 "Fatal: 'make lcov' failed" + exit 2 +fi # Step 4 - Summarise the test report From bfcb6e16ab669814478b1de63e48d4ff6b408711 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 9 Apr 2020 18:33:34 +0200 Subject: [PATCH 6/9] Create a large enough seedfile The seedfile needs to have the size of the entropy accumulator, which is 64 bytes (512 bits) since the entropy accumulator uses SHA-512 and the seed size needs to be the same as the hash output (or larger). We used to enable MBEDTLS_ENTROPY_FORCE_SHA256 in the full config, so the entropy accumulator was 256 bits (32 bytes), and therefore a 32-byte seedfile worked. But we no longer turn on this option in the full config, so the 32-byte seedfile no longer works. Signed-off-by: Gilles Peskine --- tests/scripts/basic-build-test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index e248c2267..bbfcf25c8 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -76,7 +76,7 @@ make -j TEST_OUTPUT=out_${PPID} cd tests if [ ! -f "seedfile" ]; then - dd if=/dev/urandom of="seedfile" bs=32 count=1 + dd if=/dev/urandom of="seedfile" bs=64 count=1 fi # Step 2a - Unit Tests (keep going even if some tests fail) From 40be51ffe32f729dbaf8da8876faa60d83caaa09 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 9 Apr 2020 18:50:08 +0200 Subject: [PATCH 7/9] Add a few echo statements to make the logs easier to follow Signed-off-by: Gilles Peskine --- tests/scripts/basic-build-test.sh | 39 +++++++++++++++++++++---------- 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index bbfcf25c8..1b92e4183 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -78,28 +78,43 @@ cd tests if [ ! -f "seedfile" ]; then dd if=/dev/urandom of="seedfile" bs=64 count=1 fi +echo # Step 2a - Unit Tests (keep going even if some tests fail) +echo '################ Unit tests ################' perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT +echo '^^^^^^^^^^^^^^^^ Unit tests ^^^^^^^^^^^^^^^^' echo # Step 2b - System Tests (keep going even if some tests fail) +echo +echo '################ ssl-opt.sh ################' sh ssl-opt.sh |tee sys-test-$TEST_OUTPUT +echo '^^^^^^^^^^^^^^^^ ssl-opt.sh ^^^^^^^^^^^^^^^^' echo # Step 2c - Compatibility tests (keep going even if some tests fail) -sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' | \ - tee compat-test-$TEST_OUTPUT -OPENSSL_CMD="$OPENSSL_LEGACY" \ - sh compat.sh -m 'ssl3' |tee -a compat-test-$TEST_OUTPUT -OPENSSL_CMD="$OPENSSL_LEGACY" \ - GNUTLS_CLI="$GNUTLS_LEGACY_CLI" \ - GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \ - sh compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' | \ - tee -a compat-test-$TEST_OUTPUT -OPENSSL_CMD="$OPENSSL_NEXT" \ - sh compat.sh -e '^$' -f 'ARIA\|CHACHA' | \ - tee -a compat-test-$TEST_OUTPUT +echo '################ compat.sh ################' +{ + echo '#### compat.sh: Default versions' + sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' + echo + + echo '#### compat.sh: legacy (SSLv3)' + OPENSSL_CMD="$OPENSSL_LEGACY" sh compat.sh -m 'ssl3' + echo + + echo '#### compat.sh: legacy (null, DES, RC4)' + OPENSSL_CMD="$OPENSSL_LEGACY" \ + GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \ + sh compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' + echo + + echo '#### compat.sh: next (ARIA, ChaCha)' + OPENSSL_CMD="$OPENSSL_NEXT" sh compat.sh -e '^$' -f 'ARIA\|CHACHA' + echo +} | tee compat-test-$TEST_OUTPUT +echo '^^^^^^^^^^^^^^^^ compat.sh ^^^^^^^^^^^^^^^^' echo # Step 3 - Process the coverage report From b3d0bab10b32d113deeeba4704da0f184d0d1a78 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 9 Apr 2020 19:47:48 +0200 Subject: [PATCH 8/9] MBEDTLS_MEMORY_BACKTRACE is no longer included in the full config Signed-off-by: Gilles Peskine --- tests/scripts/basic-build-test.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 1b92e4183..08c141052 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -68,7 +68,6 @@ export LDFLAGS=' --coverage' make clean cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.py full -scripts/config.py unset MBEDTLS_MEMORY_BACKTRACE make -j From c877c24ed0514ad0e398d0fd6ca7db3593bef740 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Apr 2020 00:18:55 +0200 Subject: [PATCH 9/9] Enable extra features that have tests The "full" configuration excludes some deprecated or experimental features. Enable the ones that have tests, don't have extra requirements and don't turn off some other feature. Signed-off-by: Gilles Peskine --- tests/scripts/basic-build-test.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 08c141052..aca2f11fb 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -68,6 +68,10 @@ export LDFLAGS=' --coverage' make clean cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.py full +# Enable some deprecated or experimental features that are not in the +# full config, but are compatible with it and have tests. +scripts/config.py set MBEDTLS_SSL_PROTO_SSL3 +scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C make -j