Merge remote-tracking branch 'public/pr/1939' into development
This commit is contained in:
commit
1846e406c8
9 changed files with 1242 additions and 105 deletions
17
ChangeLog
17
ChangeLog
|
@ -2,6 +2,12 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
|
|
||||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||||
|
|
||||||
|
Features
|
||||||
|
* Add support for fragmentation of outgoing DTLS handshake messages. This
|
||||||
|
is controlled by the maximum fragment length as set locally or negotiated
|
||||||
|
with the peer, as well as by a new per-connection MTU option, set using
|
||||||
|
mbedtls_ssl_set_mtu().
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
|
* Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
|
||||||
MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890
|
MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890
|
||||||
|
@ -18,6 +24,14 @@ Bugfix
|
||||||
without providing a list of CAs. This was due to an overly strict bounds
|
without providing a list of CAs. This was due to an overly strict bounds
|
||||||
check in parsing the CertificateRequest message,
|
check in parsing the CertificateRequest message,
|
||||||
introduced in Mbed TLS 2.12.0. Fixes #1954.
|
introduced in Mbed TLS 2.12.0. Fixes #1954.
|
||||||
|
* Fix potential use-after-free in mbedtls_ssl_get_max_frag_len()
|
||||||
|
and mbedtls_ssl_get_record_expansion() after a session reset. Fixes #1941.
|
||||||
|
* Fix a miscalculation of the maximum record expansion in
|
||||||
|
mbedtls_ssl_get_record_expansion() in case of ChachaPoly ciphersuites,
|
||||||
|
or CBC ciphersuites in (D)TLS versions 1.1 or higher. Fixes #1913, #1914.
|
||||||
|
* Fix overly strict bounds check in ssl_parse_certificate_request()
|
||||||
|
which could lead to valid CertificateRequest messages being rejected.
|
||||||
|
Fixes #1954.
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Copy headers preserving timestamps when doing a "make install".
|
* Copy headers preserving timestamps when doing a "make install".
|
||||||
|
@ -30,6 +44,9 @@ Changes
|
||||||
mbedtls_ssl_get_record_expansion() in case of ChachaPoly ciphersuites,
|
mbedtls_ssl_get_record_expansion() in case of ChachaPoly ciphersuites,
|
||||||
or CBC ciphersuites in (D)TLS versions 1.1 or higher. Fixes #1913, #1914.
|
or CBC ciphersuites in (D)TLS versions 1.1 or higher. Fixes #1913, #1914.
|
||||||
|
|
||||||
|
INTERNAL NOTE: need to bump soversion of libmbedtls:
|
||||||
|
- added new member 'mtu' to public 'mbedtls_ssl_conf' structure
|
||||||
|
|
||||||
= mbed TLS 2.12.0 branch released 2018-07-25
|
= mbed TLS 2.12.0 branch released 2018-07-25
|
||||||
|
|
||||||
Security
|
Security
|
||||||
|
|
|
@ -1112,6 +1112,10 @@ struct mbedtls_ssl_context
|
||||||
size_t out_msglen; /*!< record header: message length */
|
size_t out_msglen; /*!< record header: message length */
|
||||||
size_t out_left; /*!< amount of data not yet written */
|
size_t out_left; /*!< amount of data not yet written */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
uint16_t mtu; /*!< path mtu, used to fragment outgoing messages */
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||||
unsigned char *compress_buf; /*!< zlib data buffer */
|
unsigned char *compress_buf; /*!< zlib data buffer */
|
||||||
#endif
|
#endif
|
||||||
|
@ -1374,6 +1378,51 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
|
||||||
mbedtls_ssl_recv_t *f_recv,
|
mbedtls_ssl_recv_t *f_recv,
|
||||||
mbedtls_ssl_recv_timeout_t *f_recv_timeout );
|
mbedtls_ssl_recv_timeout_t *f_recv_timeout );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
/**
|
||||||
|
* \brief Set the Maximum Tranport Unit (MTU).
|
||||||
|
* Special value: 0 means unset (no limit).
|
||||||
|
* This represents the maximum size of a datagram payload
|
||||||
|
* handled by the transport layer (usually UDP) as determined
|
||||||
|
* by the network link and stack. In practice, this controls
|
||||||
|
* the maximum size datagram the DTLS layer will pass to the
|
||||||
|
* \c f_send() callback set using \c mbedtls_ssl_set_bio().
|
||||||
|
*
|
||||||
|
* \note The limit on datagram size is converted to a limit on
|
||||||
|
* record payload by subtracting the current overhead of
|
||||||
|
* encapsulation and encryption/authentication if any.
|
||||||
|
*
|
||||||
|
* \note This can be called at any point during the connection, for
|
||||||
|
* example when a PMTU estimate becomes available from other
|
||||||
|
* sources, such as lower (or higher) protocol layers.
|
||||||
|
*
|
||||||
|
* \note This setting only controls the size of the packets we send,
|
||||||
|
* and does not restrict the size of the datagrams we're
|
||||||
|
* willing to receive. Client-side, you can request the
|
||||||
|
* server to use smaller records with \c
|
||||||
|
* mbedtls_ssl_conf_max_frag_len().
|
||||||
|
*
|
||||||
|
* \note If both a MTU and a maximum fragment length have been
|
||||||
|
* configured (or negotiated with the peer), the resulting
|
||||||
|
* lower limit on record payload (see first note) is used.
|
||||||
|
*
|
||||||
|
* \note This can only be used to decrease the maximum size
|
||||||
|
* of datagrams (hence records, see first note) sent. It
|
||||||
|
* cannot be used to increase the maximum size of records over
|
||||||
|
* the limit set by #MBEDTLS_SSL_OUT_CONTENT_LEN.
|
||||||
|
*
|
||||||
|
* \note Values lower than the current record layer expansion will
|
||||||
|
* result in an error when trying to send data.
|
||||||
|
*
|
||||||
|
* \note Using record compression together with a non-zero MTU value
|
||||||
|
* will result in an error when trying to send data.
|
||||||
|
*
|
||||||
|
* \param ssl SSL context
|
||||||
|
* \param mtu Value of the path MTU in bytes
|
||||||
|
*/
|
||||||
|
void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu );
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Set the timeout period for mbedtls_ssl_read()
|
* \brief Set the timeout period for mbedtls_ssl_read()
|
||||||
* (Default: no timeout.)
|
* (Default: no timeout.)
|
||||||
|
@ -2433,6 +2482,18 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
|
||||||
* (Client: set maximum fragment length to emit *and*
|
* (Client: set maximum fragment length to emit *and*
|
||||||
* negotiate with the server during handshake)
|
* negotiate with the server during handshake)
|
||||||
*
|
*
|
||||||
|
* \note With TLS, this currently only affects ApplicationData (sent
|
||||||
|
* with \c mbedtls_ssl_read()), not handshake messages.
|
||||||
|
* With DTLS, this affects both ApplicationData and handshake.
|
||||||
|
*
|
||||||
|
* \note This sets the maximum length for a record's payload,
|
||||||
|
* excluding record overhead that will be added to it, see
|
||||||
|
* \c mbedtls_ssl_get_record_expansion().
|
||||||
|
*
|
||||||
|
* \note For DTLS, it is also possible to set a limit for the total
|
||||||
|
* size of daragrams passed to the transport layer, including
|
||||||
|
* record overhead, see \c mbedtls_ssl_set_mtu().
|
||||||
|
*
|
||||||
* \param conf SSL configuration
|
* \param conf SSL configuration
|
||||||
* \param mfl_code Code for maximum fragment length (allowed values:
|
* \param mfl_code Code for maximum fragment length (allowed values:
|
||||||
* MBEDTLS_SSL_MAX_FRAG_LEN_512, MBEDTLS_SSL_MAX_FRAG_LEN_1024,
|
* MBEDTLS_SSL_MAX_FRAG_LEN_512, MBEDTLS_SSL_MAX_FRAG_LEN_1024,
|
||||||
|
@ -2695,6 +2756,9 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
|
||||||
* \brief Return the (maximum) number of bytes added by the record
|
* \brief Return the (maximum) number of bytes added by the record
|
||||||
* layer: header + encryption/MAC overhead (inc. padding)
|
* layer: header + encryption/MAC overhead (inc. padding)
|
||||||
*
|
*
|
||||||
|
* \note This function is not available (always returns an error)
|
||||||
|
* when record compression is enabled.
|
||||||
|
*
|
||||||
* \param ssl SSL context
|
* \param ssl SSL context
|
||||||
*
|
*
|
||||||
* \return Current maximum record expansion in bytes, or
|
* \return Current maximum record expansion in bytes, or
|
||||||
|
@ -2709,12 +2773,8 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
|
||||||
* This is the value negotiated with peer if any,
|
* This is the value negotiated with peer if any,
|
||||||
* or the locally configured value.
|
* or the locally configured value.
|
||||||
*
|
*
|
||||||
* \note With DTLS, \c mbedtls_ssl_write() will return an error if
|
* \sa mbedtls_ssl_conf_max_frag_len()
|
||||||
* called with a larger length value.
|
* \sa mbedtls_ssl_get_max_record_payload()
|
||||||
* With TLS, \c mbedtls_ssl_write() will fragment the input if
|
|
||||||
* necessary and return the number of bytes written; it is up
|
|
||||||
* to the caller to call \c mbedtls_ssl_write() again in
|
|
||||||
* order to send the remaining bytes if any.
|
|
||||||
*
|
*
|
||||||
* \param ssl SSL context
|
* \param ssl SSL context
|
||||||
*
|
*
|
||||||
|
@ -2723,6 +2783,34 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
|
||||||
size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
|
size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
|
||||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Return the current maximum outgoing record payload in bytes.
|
||||||
|
* This takes into account the config.h setting \c
|
||||||
|
* MBEDTLS_SSL_OUT_CONTENT_LEN, the configured and negotiated
|
||||||
|
* max fragment length extension if used, and for DTLS the
|
||||||
|
* path MTU as configured and current record expansion.
|
||||||
|
*
|
||||||
|
* \note With DTLS, \c mbedtls_ssl_write() will return an error if
|
||||||
|
* called with a larger length value.
|
||||||
|
* With TLS, \c mbedtls_ssl_write() will fragment the input if
|
||||||
|
* necessary and return the number of bytes written; it is up
|
||||||
|
* to the caller to call \c mbedtls_ssl_write() again in
|
||||||
|
* order to send the remaining bytes if any.
|
||||||
|
*
|
||||||
|
* \note This function is not available (always returns an error)
|
||||||
|
* when record compression is enabled.
|
||||||
|
*
|
||||||
|
* \sa mbedtls_ssl_set_mtu()
|
||||||
|
* \sa mbedtls_ssl_get_max_frag_len()
|
||||||
|
* \sa mbedtls_ssl_get_record_expansion()
|
||||||
|
*
|
||||||
|
* \param ssl SSL context
|
||||||
|
*
|
||||||
|
* \return Current maximum payload for an outgoing record,
|
||||||
|
* or a negative error code.
|
||||||
|
*/
|
||||||
|
int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
/**
|
/**
|
||||||
* \brief Return the peer certificate from the current connection
|
* \brief Return the peer certificate from the current connection
|
||||||
|
|
|
@ -298,8 +298,9 @@ struct mbedtls_ssl_handshake_params
|
||||||
|
|
||||||
uint32_t retransmit_timeout; /*!< Current value of timeout */
|
uint32_t retransmit_timeout; /*!< Current value of timeout */
|
||||||
unsigned char retransmit_state; /*!< Retransmission state */
|
unsigned char retransmit_state; /*!< Retransmission state */
|
||||||
mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
|
mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
|
||||||
mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
|
mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
|
||||||
|
unsigned char *cur_msg_p; /*!< Position in current message */
|
||||||
unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
|
unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
|
||||||
flight being received */
|
flight being received */
|
||||||
mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
|
mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
|
||||||
|
@ -559,6 +560,7 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
|
||||||
int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
|
int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
|
||||||
int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
|
int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
|
||||||
|
|
||||||
|
int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
|
||||||
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl );
|
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl );
|
||||||
int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
|
int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
|
@ -668,6 +670,7 @@ static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
|
||||||
void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
|
void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
|
||||||
void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
|
void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
|
||||||
int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
|
int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
|
||||||
|
int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Visible for testing purposes only */
|
/* Visible for testing purposes only */
|
||||||
|
|
|
@ -1088,12 +1088,21 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||||
mbedtls_ssl_send_flight_completed( ssl );
|
mbedtls_ssl_send_flight_completed( ssl );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||||
|
( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
@ -3075,9 +3084,9 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -3260,9 +3269,9 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -3402,7 +3411,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||||
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
||||||
{
|
{
|
||||||
if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -2384,12 +2384,21 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
ssl->state = MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT;
|
ssl->state = MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT;
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||||
|
( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello verify request" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello verify request" ) );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
@ -2624,7 +2633,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
||||||
ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO;
|
ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO;
|
||||||
|
|
||||||
ret = mbedtls_ssl_write_record( ssl );
|
ret = mbedtls_ssl_write_handshake_msg( ssl );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) );
|
||||||
|
|
||||||
|
@ -2819,7 +2828,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
||||||
ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)( total_dn_size >> 8 );
|
ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)( total_dn_size >> 8 );
|
||||||
ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)( total_dn_size );
|
ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)( total_dn_size );
|
||||||
|
|
||||||
ret = mbedtls_ssl_write_record( ssl );
|
ret = mbedtls_ssl_write_handshake_msg( ssl );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) );
|
||||||
|
|
||||||
|
@ -3336,9 +3345,9 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -3363,12 +3372,21 @@ static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl )
|
||||||
mbedtls_ssl_send_flight_completed( ssl );
|
mbedtls_ssl_send_flight_completed( ssl );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||||
|
( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello done" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello done" ) );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
@ -4227,9 +4245,9 @@ static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
|
||||||
*/
|
*/
|
||||||
ssl->handshake->new_session_ticket = 0;
|
ssl->handshake->new_session_ticket = 0;
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -4258,7 +4276,7 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl )
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||||
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
||||||
{
|
{
|
||||||
if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -2822,20 +2822,37 @@ static void ssl_swap_epochs( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Retransmit the current flight of messages.
|
* Retransmit the current flight of messages.
|
||||||
|
*/
|
||||||
|
int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
|
||||||
|
{
|
||||||
|
int ret = 0;
|
||||||
|
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_resend" ) );
|
||||||
|
|
||||||
|
ret = mbedtls_ssl_flight_transmit( ssl );
|
||||||
|
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_resend" ) );
|
||||||
|
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Transmit or retransmit the current flight of messages.
|
||||||
*
|
*
|
||||||
* Need to remember the current message in case flush_output returns
|
* Need to remember the current message in case flush_output returns
|
||||||
* WANT_WRITE, causing us to exit this function and come back later.
|
* WANT_WRITE, causing us to exit this function and come back later.
|
||||||
* This function must be called until state is no longer SENDING.
|
* This function must be called until state is no longer SENDING.
|
||||||
*/
|
*/
|
||||||
int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
|
int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_resend" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) );
|
||||||
|
|
||||||
if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING )
|
if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise resending" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise flight transmission" ) );
|
||||||
|
|
||||||
ssl->handshake->cur_msg = ssl->handshake->flight;
|
ssl->handshake->cur_msg = ssl->handshake->flight;
|
||||||
|
ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12;
|
||||||
ssl_swap_epochs( ssl );
|
ssl_swap_epochs( ssl );
|
||||||
|
|
||||||
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING;
|
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING;
|
||||||
|
@ -2844,8 +2861,7 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
|
||||||
while( ssl->handshake->cur_msg != NULL )
|
while( ssl->handshake->cur_msg != NULL )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
mbedtls_ssl_flight_item *cur = ssl->handshake->cur_msg;
|
const mbedtls_ssl_flight_item * const cur = ssl->handshake->cur_msg;
|
||||||
|
|
||||||
/* Swap epochs before sending Finished: we can't do it after
|
/* Swap epochs before sending Finished: we can't do it after
|
||||||
* sending ChangeCipherSpec, in case write returns WANT_READ.
|
* sending ChangeCipherSpec, in case write returns WANT_READ.
|
||||||
* Must be done before copying, may change out_msg pointer */
|
* Must be done before copying, may change out_msg pointer */
|
||||||
|
@ -2855,14 +2871,83 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
|
||||||
ssl_swap_epochs( ssl );
|
ssl_swap_epochs( ssl );
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy( ssl->out_msg, cur->p, cur->len );
|
/* CCS is copied as is, while HS messages may need fragmentation */
|
||||||
ssl->out_msglen = cur->len;
|
if( cur->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
|
||||||
ssl->out_msgtype = cur->type;
|
{
|
||||||
|
memcpy( ssl->out_msg, cur->p, cur->len );
|
||||||
|
ssl->out_msglen = cur->len;
|
||||||
|
ssl->out_msgtype = cur->type;
|
||||||
|
|
||||||
ssl->handshake->cur_msg = cur->next;
|
/* Update position inside current message */
|
||||||
|
ssl->handshake->cur_msg_p += cur->len;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
const int ret_payload = mbedtls_ssl_get_max_out_record_payload( ssl );
|
||||||
|
const size_t max_record_payload = (size_t) ret_payload;
|
||||||
|
/* DTLS handshake headers are 12 bytes */
|
||||||
|
const size_t max_hs_fragment_len = max_record_payload - 12;
|
||||||
|
const unsigned char * const p = ssl->handshake->cur_msg_p;
|
||||||
|
const size_t hs_len = cur->len - 12;
|
||||||
|
const size_t frag_off = p - ( cur->p + 12 );
|
||||||
|
const size_t rem_len = hs_len - frag_off;
|
||||||
|
const size_t frag_len = rem_len > max_hs_fragment_len
|
||||||
|
? max_hs_fragment_len : rem_len;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "resent handshake message header", ssl->out_msg, 12 );
|
if( ret_payload < 0 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_get_max_out_record_payload",
|
||||||
|
ret_payload );
|
||||||
|
return( ret_payload );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( frag_off == 0 && frag_len != hs_len )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "fragmenting handshake message (%u > %u)",
|
||||||
|
(unsigned) hs_len,
|
||||||
|
(unsigned) max_hs_fragment_len ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Messages are stored with handshake headers as if not fragmented,
|
||||||
|
* copy beginning of headers then fill fragmentation fields.
|
||||||
|
* Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */
|
||||||
|
memcpy( ssl->out_msg, cur->p, 6 );
|
||||||
|
|
||||||
|
ssl->out_msg[6] = ( ( frag_off >> 16 ) & 0xff );
|
||||||
|
ssl->out_msg[7] = ( ( frag_off >> 8 ) & 0xff );
|
||||||
|
ssl->out_msg[8] = ( ( frag_off ) & 0xff );
|
||||||
|
|
||||||
|
ssl->out_msg[ 9] = ( ( frag_len >> 16 ) & 0xff );
|
||||||
|
ssl->out_msg[10] = ( ( frag_len >> 8 ) & 0xff );
|
||||||
|
ssl->out_msg[11] = ( ( frag_len ) & 0xff );
|
||||||
|
|
||||||
|
MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 );
|
||||||
|
|
||||||
|
/* Copy the handshake message content and set records fields */
|
||||||
|
memcpy( ssl->out_msg + 12, p, frag_len );
|
||||||
|
ssl->out_msglen = frag_len + 12;
|
||||||
|
ssl->out_msgtype = cur->type;
|
||||||
|
|
||||||
|
/* Update position inside current message */
|
||||||
|
ssl->handshake->cur_msg_p += frag_len;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* If done with the current message move to the next one if any */
|
||||||
|
if( ssl->handshake->cur_msg_p >= cur->p + cur->len )
|
||||||
|
{
|
||||||
|
if( cur->next != NULL )
|
||||||
|
{
|
||||||
|
ssl->handshake->cur_msg = cur->next;
|
||||||
|
ssl->handshake->cur_msg_p = cur->next->p + 12;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
ssl->handshake->cur_msg = NULL;
|
||||||
|
ssl->handshake->cur_msg_p = NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Actually send the message out */
|
||||||
if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
|
||||||
|
@ -2870,6 +2955,7 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Update state and set timer */
|
||||||
if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
|
if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
|
||||||
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
|
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
|
||||||
else
|
else
|
||||||
|
@ -2878,7 +2964,7 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
|
||||||
ssl_set_timer( ssl, ssl->handshake->retransmit_timeout );
|
ssl_set_timer( ssl, ssl->handshake->retransmit_timeout );
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_resend" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_flight_transmit" ) );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
@ -2927,43 +3013,83 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Record layer functions
|
* Handshake layer functions
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Write current record.
|
* Write (DTLS: or queue) current handshake (including CCS) message.
|
||||||
* Uses ssl->out_msgtype, ssl->out_msglen and bytes at ssl->out_msg.
|
*
|
||||||
|
* - fill in handshake headers
|
||||||
|
* - update handshake checksum
|
||||||
|
* - DTLS: save message for resending
|
||||||
|
* - then pass to the record layer
|
||||||
|
*
|
||||||
|
* DTLS: except for HelloRequest, messages are only queued, and will only be
|
||||||
|
* actually sent when calling flight_transmit() or resend().
|
||||||
|
*
|
||||||
|
* Inputs:
|
||||||
|
* - ssl->out_msglen: 4 + actual handshake message len
|
||||||
|
* (4 is the size of handshake headers for TLS)
|
||||||
|
* - ssl->out_msg[0]: the handshake type (ClientHello, ServerHello, etc)
|
||||||
|
* - ssl->out_msg + 4: the handshake message body
|
||||||
|
*
|
||||||
|
* Outputs, ie state before passing to flight_append() or write_record():
|
||||||
|
* - ssl->out_msglen: the length of the record contents
|
||||||
|
* (including handshake headers but excluding record headers)
|
||||||
|
* - ssl->out_msg: the record contents (handshake headers + content)
|
||||||
*/
|
*/
|
||||||
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
|
int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
int ret, done = 0, out_msg_type;
|
int ret;
|
||||||
size_t len = ssl->out_msglen;
|
const size_t hs_len = ssl->out_msglen - 4;
|
||||||
|
const unsigned char hs_type = ssl->out_msg[0];
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write handshake message" ) );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Sanity checks
|
||||||
|
*/
|
||||||
|
if( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||||
|
ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
|
||||||
|
{
|
||||||
|
/* In SSLv3, the client might send a NoCertificate alert. */
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C)
|
||||||
|
if( ! ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
|
||||||
|
ssl->out_msgtype == MBEDTLS_SSL_MSG_ALERT &&
|
||||||
|
ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) )
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||||
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||||
|
hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST &&
|
||||||
|
ssl->handshake == NULL )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||||
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||||
ssl->handshake != NULL &&
|
ssl->handshake != NULL &&
|
||||||
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
||||||
{
|
{
|
||||||
; /* Skip special handshake treatment when resending */
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||||
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
}
|
}
|
||||||
else
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Fill handshake headers
|
||||||
|
*/
|
||||||
if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
|
if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
|
||||||
{
|
{
|
||||||
out_msg_type = ssl->out_msg[0];
|
ssl->out_msg[1] = (unsigned char)( hs_len >> 16 );
|
||||||
|
ssl->out_msg[2] = (unsigned char)( hs_len >> 8 );
|
||||||
if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST &&
|
ssl->out_msg[3] = (unsigned char)( hs_len );
|
||||||
ssl->handshake == NULL )
|
|
||||||
{
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
|
||||||
}
|
|
||||||
|
|
||||||
ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 );
|
|
||||||
ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 );
|
|
||||||
ssl->out_msg[3] = (unsigned char)( ( len - 4 ) );
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* DTLS has additional fields in the Handshake layer,
|
* DTLS has additional fields in the Handshake layer,
|
||||||
|
@ -2980,17 +3106,16 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: "
|
||||||
"size %u, maximum %u",
|
"size %u, maximum %u",
|
||||||
(unsigned) ( ssl->in_hslen - 4 ),
|
(unsigned) ( hs_len ),
|
||||||
(unsigned) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) );
|
(unsigned) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
|
|
||||||
memmove( ssl->out_msg + 12, ssl->out_msg + 4, len - 4 );
|
memmove( ssl->out_msg + 12, ssl->out_msg + 4, hs_len );
|
||||||
ssl->out_msglen += 8;
|
ssl->out_msglen += 8;
|
||||||
len += 8;
|
|
||||||
|
|
||||||
/* Write message_seq and update it, except for HelloRequest */
|
/* Write message_seq and update it, except for HelloRequest */
|
||||||
if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
|
if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
|
||||||
{
|
{
|
||||||
ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF;
|
ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF;
|
||||||
ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF;
|
ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF;
|
||||||
|
@ -3002,23 +3127,23 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
|
||||||
ssl->out_msg[5] = 0;
|
ssl->out_msg[5] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* We don't fragment, so frag_offset = 0 and frag_len = len */
|
/* Handshake hashes are computed without fragmentation,
|
||||||
|
* so set frag_offset = 0 and frag_len = hs_len for now */
|
||||||
memset( ssl->out_msg + 6, 0x00, 3 );
|
memset( ssl->out_msg + 6, 0x00, 3 );
|
||||||
memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 );
|
memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
|
||||||
if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
|
/* Update running hashes of hanshake messages seen */
|
||||||
ssl->handshake->update_checksum( ssl, ssl->out_msg, len );
|
if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
|
||||||
|
ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen );
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Save handshake and CCS messages for resending */
|
/* Either send now, or just save to be sent (and resent) later */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||||
ssl->handshake != NULL &&
|
( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
|
||||||
ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING &&
|
hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) )
|
||||||
( ssl->out_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ||
|
|
||||||
ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) )
|
|
||||||
{
|
{
|
||||||
if( ( ret = ssl_flight_append( ssl ) ) != 0 )
|
if( ( ret = ssl_flight_append( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
|
@ -3026,7 +3151,39 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else
|
||||||
#endif
|
#endif
|
||||||
|
{
|
||||||
|
if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_record", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write handshake message" ) );
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Record layer functions
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Write current record.
|
||||||
|
*
|
||||||
|
* Uses:
|
||||||
|
* - ssl->out_msgtype: type of the message (AppData, Handshake, Alert, CCS)
|
||||||
|
* - ssl->out_msglen: length of the record content (excl headers)
|
||||||
|
* - ssl->out_msg: record content
|
||||||
|
*/
|
||||||
|
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
|
||||||
|
{
|
||||||
|
int ret, done = 0;
|
||||||
|
size_t len = ssl->out_msglen;
|
||||||
|
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||||
if( ssl->transform_out != NULL &&
|
if( ssl->transform_out != NULL &&
|
||||||
|
@ -4542,9 +4699,9 @@ write_msg:
|
||||||
|
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -4955,9 +5112,9 @@ int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -5583,12 +5740,21 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
|
||||||
mbedtls_ssl_send_flight_completed( ssl );
|
mbedtls_ssl_send_flight_completed( ssl );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||||
|
( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
@ -6112,6 +6278,13 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
|
||||||
ssl->f_recv_timeout = f_recv_timeout;
|
ssl->f_recv_timeout = f_recv_timeout;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu )
|
||||||
|
{
|
||||||
|
ssl->mtu = mtu;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout )
|
void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout )
|
||||||
{
|
{
|
||||||
conf->read_timeout = timeout;
|
conf->read_timeout = timeout;
|
||||||
|
@ -6852,6 +7025,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
|
||||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||||
if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
|
if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
|
||||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
|
switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
|
||||||
|
@ -6903,19 +7077,64 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
|
||||||
*/
|
*/
|
||||||
max_len = ssl_mfl_code_to_length( ssl->conf->mfl_code );
|
max_len = ssl_mfl_code_to_length( ssl->conf->mfl_code );
|
||||||
|
|
||||||
/*
|
/* Check if a smaller max length was negotiated */
|
||||||
* Check if a smaller max length was negotiated
|
|
||||||
*/
|
|
||||||
if( ssl->session_out != NULL &&
|
if( ssl->session_out != NULL &&
|
||||||
ssl_mfl_code_to_length( ssl->session_out->mfl_code ) < max_len )
|
ssl_mfl_code_to_length( ssl->session_out->mfl_code ) < max_len )
|
||||||
{
|
{
|
||||||
max_len = ssl_mfl_code_to_length( ssl->session_out->mfl_code );
|
max_len = ssl_mfl_code_to_length( ssl->session_out->mfl_code );
|
||||||
}
|
}
|
||||||
|
|
||||||
return max_len;
|
/* During a handshake, use the value being negotiated */
|
||||||
|
if( ssl->session_negotiate != NULL &&
|
||||||
|
ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code ) < max_len )
|
||||||
|
{
|
||||||
|
max_len = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code );
|
||||||
|
}
|
||||||
|
|
||||||
|
return( max_len );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||||
|
|
||||||
|
int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl )
|
||||||
|
{
|
||||||
|
size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \
|
||||||
|
!defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
(void) ssl;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
|
const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl );
|
||||||
|
|
||||||
|
if( max_len > mfl )
|
||||||
|
max_len = mfl;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
if( ssl->mtu != 0 )
|
||||||
|
{
|
||||||
|
const size_t mtu = ssl->mtu;
|
||||||
|
const int ret = mbedtls_ssl_get_record_expansion( ssl );
|
||||||
|
const size_t overhead = (size_t) ret;
|
||||||
|
|
||||||
|
if( ret < 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
if( mtu <= overhead )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "MTU too low for record expansion" ) );
|
||||||
|
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( max_len > mtu - overhead )
|
||||||
|
max_len = mtu - overhead;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
return( (int) max_len );
|
||||||
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl )
|
const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
|
@ -7003,9 +7222,9 @@ static int ssl_write_hello_request( mbedtls_ssl_context *ssl )
|
||||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
||||||
ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST;
|
ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST;
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -7170,7 +7389,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
||||||
if( ssl->handshake != NULL &&
|
if( ssl->handshake != NULL &&
|
||||||
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
||||||
{
|
{
|
||||||
if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -7467,12 +7686,15 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
||||||
static int ssl_write_real( mbedtls_ssl_context *ssl,
|
static int ssl_write_real( mbedtls_ssl_context *ssl,
|
||||||
const unsigned char *buf, size_t len )
|
const unsigned char *buf, size_t len )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret = mbedtls_ssl_get_max_out_record_payload( ssl );
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
const size_t max_len = (size_t) ret;
|
||||||
size_t max_len = mbedtls_ssl_get_max_frag_len( ssl );
|
|
||||||
#else
|
if( ret < 0 )
|
||||||
size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
|
{
|
||||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_get_max_out_record_payload", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
if( len > max_len )
|
if( len > max_len )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
|
|
@ -106,6 +106,7 @@ int main( void )
|
||||||
#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
|
#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
|
||||||
#define DFL_HS_TO_MIN 0
|
#define DFL_HS_TO_MIN 0
|
||||||
#define DFL_HS_TO_MAX 0
|
#define DFL_HS_TO_MAX 0
|
||||||
|
#define DFL_DTLS_MTU -1
|
||||||
#define DFL_FALLBACK -1
|
#define DFL_FALLBACK -1
|
||||||
#define DFL_EXTENDED_MS -1
|
#define DFL_EXTENDED_MS -1
|
||||||
#define DFL_ETM -1
|
#define DFL_ETM -1
|
||||||
|
@ -198,7 +199,8 @@ int main( void )
|
||||||
#define USAGE_DTLS \
|
#define USAGE_DTLS \
|
||||||
" dtls=%%d default: 0 (TLS)\n" \
|
" dtls=%%d default: 0 (TLS)\n" \
|
||||||
" hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
|
" hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
|
||||||
" range of DTLS handshake timeouts in millisecs\n"
|
" range of DTLS handshake timeouts in millisecs\n" \
|
||||||
|
" mtu=%%d default: (library default: unlimited)\n"
|
||||||
#else
|
#else
|
||||||
#define USAGE_DTLS ""
|
#define USAGE_DTLS ""
|
||||||
#endif
|
#endif
|
||||||
|
@ -345,6 +347,7 @@ struct options
|
||||||
int transport; /* TLS or DTLS? */
|
int transport; /* TLS or DTLS? */
|
||||||
uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
|
uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
|
||||||
uint32_t hs_to_max; /* Max value of DTLS handshake timer */
|
uint32_t hs_to_max; /* Max value of DTLS handshake timer */
|
||||||
|
int dtls_mtu; /* UDP Maximum tranport unit for DTLS */
|
||||||
int fallback; /* is this a fallback connection? */
|
int fallback; /* is this a fallback connection? */
|
||||||
int extended_ms; /* negotiate extended master secret? */
|
int extended_ms; /* negotiate extended master secret? */
|
||||||
int etm; /* negotiate encrypt then mac? */
|
int etm; /* negotiate encrypt then mac? */
|
||||||
|
@ -617,6 +620,7 @@ int main( int argc, char *argv[] )
|
||||||
opt.transport = DFL_TRANSPORT;
|
opt.transport = DFL_TRANSPORT;
|
||||||
opt.hs_to_min = DFL_HS_TO_MIN;
|
opt.hs_to_min = DFL_HS_TO_MIN;
|
||||||
opt.hs_to_max = DFL_HS_TO_MAX;
|
opt.hs_to_max = DFL_HS_TO_MAX;
|
||||||
|
opt.dtls_mtu = DFL_DTLS_MTU;
|
||||||
opt.fallback = DFL_FALLBACK;
|
opt.fallback = DFL_FALLBACK;
|
||||||
opt.extended_ms = DFL_EXTENDED_MS;
|
opt.extended_ms = DFL_EXTENDED_MS;
|
||||||
opt.etm = DFL_ETM;
|
opt.etm = DFL_ETM;
|
||||||
|
@ -927,6 +931,12 @@ int main( int argc, char *argv[] )
|
||||||
if( opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min )
|
if( opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min )
|
||||||
goto usage;
|
goto usage;
|
||||||
}
|
}
|
||||||
|
else if( strcmp( p, "mtu" ) == 0 )
|
||||||
|
{
|
||||||
|
opt.dtls_mtu = atoi( q );
|
||||||
|
if( opt.dtls_mtu < 0 )
|
||||||
|
goto usage;
|
||||||
|
}
|
||||||
else if( strcmp( p, "recsplit" ) == 0 )
|
else if( strcmp( p, "recsplit" ) == 0 )
|
||||||
{
|
{
|
||||||
opt.recsplit = atoi( q );
|
opt.recsplit = atoi( q );
|
||||||
|
@ -1327,7 +1337,7 @@ int main( int argc, char *argv[] )
|
||||||
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
|
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
|
||||||
mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min,
|
mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min,
|
||||||
opt.hs_to_max );
|
opt.hs_to_max );
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 )
|
if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 )
|
||||||
|
@ -1485,6 +1495,11 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_net_send, mbedtls_net_recv,
|
mbedtls_net_send, mbedtls_net_recv,
|
||||||
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
|
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
if( opt.dtls_mtu != DFL_DTLS_MTU )
|
||||||
|
mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_TIMING_C)
|
#if defined(MBEDTLS_TIMING_C)
|
||||||
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
|
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
|
||||||
mbedtls_timing_get_delay );
|
mbedtls_timing_get_delay );
|
||||||
|
|
|
@ -150,6 +150,7 @@ int main( void )
|
||||||
#define DFL_ANTI_REPLAY -1
|
#define DFL_ANTI_REPLAY -1
|
||||||
#define DFL_HS_TO_MIN 0
|
#define DFL_HS_TO_MIN 0
|
||||||
#define DFL_HS_TO_MAX 0
|
#define DFL_HS_TO_MAX 0
|
||||||
|
#define DFL_DTLS_MTU -1
|
||||||
#define DFL_BADMAC_LIMIT -1
|
#define DFL_BADMAC_LIMIT -1
|
||||||
#define DFL_EXTENDED_MS -1
|
#define DFL_EXTENDED_MS -1
|
||||||
#define DFL_ETM -1
|
#define DFL_ETM -1
|
||||||
|
@ -297,7 +298,8 @@ int main( void )
|
||||||
#define USAGE_DTLS \
|
#define USAGE_DTLS \
|
||||||
" dtls=%%d default: 0 (TLS)\n" \
|
" dtls=%%d default: 0 (TLS)\n" \
|
||||||
" hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
|
" hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
|
||||||
" range of DTLS handshake timeouts in millisecs\n"
|
" range of DTLS handshake timeouts in millisecs\n" \
|
||||||
|
" mtu=%%d default: (library default: unlimited)\n"
|
||||||
#else
|
#else
|
||||||
#define USAGE_DTLS ""
|
#define USAGE_DTLS ""
|
||||||
#endif
|
#endif
|
||||||
|
@ -470,6 +472,7 @@ struct options
|
||||||
int anti_replay; /* Use anti-replay for DTLS? -1 for default */
|
int anti_replay; /* Use anti-replay for DTLS? -1 for default */
|
||||||
uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
|
uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
|
||||||
uint32_t hs_to_max; /* Max value of DTLS handshake timer */
|
uint32_t hs_to_max; /* Max value of DTLS handshake timer */
|
||||||
|
int dtls_mtu; /* UDP Maximum tranport unit for DTLS */
|
||||||
int badmac_limit; /* Limit of records with bad MAC */
|
int badmac_limit; /* Limit of records with bad MAC */
|
||||||
} opt;
|
} opt;
|
||||||
|
|
||||||
|
@ -1338,6 +1341,7 @@ int main( int argc, char *argv[] )
|
||||||
opt.anti_replay = DFL_ANTI_REPLAY;
|
opt.anti_replay = DFL_ANTI_REPLAY;
|
||||||
opt.hs_to_min = DFL_HS_TO_MIN;
|
opt.hs_to_min = DFL_HS_TO_MIN;
|
||||||
opt.hs_to_max = DFL_HS_TO_MAX;
|
opt.hs_to_max = DFL_HS_TO_MAX;
|
||||||
|
opt.dtls_mtu = DFL_DTLS_MTU;
|
||||||
opt.badmac_limit = DFL_BADMAC_LIMIT;
|
opt.badmac_limit = DFL_BADMAC_LIMIT;
|
||||||
opt.extended_ms = DFL_EXTENDED_MS;
|
opt.extended_ms = DFL_EXTENDED_MS;
|
||||||
opt.etm = DFL_ETM;
|
opt.etm = DFL_ETM;
|
||||||
|
@ -1684,6 +1688,12 @@ int main( int argc, char *argv[] )
|
||||||
if( opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min )
|
if( opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min )
|
||||||
goto usage;
|
goto usage;
|
||||||
}
|
}
|
||||||
|
else if( strcmp( p, "mtu" ) == 0 )
|
||||||
|
{
|
||||||
|
opt.dtls_mtu = atoi( q );
|
||||||
|
if( opt.dtls_mtu < 0 )
|
||||||
|
goto usage;
|
||||||
|
}
|
||||||
else if( strcmp( p, "sni" ) == 0 )
|
else if( strcmp( p, "sni" ) == 0 )
|
||||||
{
|
{
|
||||||
opt.sni = q;
|
opt.sni = q;
|
||||||
|
@ -2473,6 +2483,11 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv,
|
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv,
|
||||||
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
|
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
if( opt.dtls_mtu != DFL_DTLS_MTU )
|
||||||
|
mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_TIMING_C)
|
#if defined(MBEDTLS_TIMING_C)
|
||||||
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
|
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
|
||||||
mbedtls_timing_get_delay );
|
mbedtls_timing_get_delay );
|
||||||
|
|
776
tests/ssl-opt.sh
776
tests/ssl-opt.sh
|
@ -41,6 +41,28 @@ G_SRV="$GNUTLS_SERV --x509certfile data_files/server5.crt --x509keyfile data_fil
|
||||||
G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile data_files/test-ca_cat12.crt"
|
G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile data_files/test-ca_cat12.crt"
|
||||||
TCP_CLIENT="$PERL scripts/tcp_client.pl"
|
TCP_CLIENT="$PERL scripts/tcp_client.pl"
|
||||||
|
|
||||||
|
# alternative versions of OpenSSL and GnuTLS (no default path)
|
||||||
|
|
||||||
|
if [ -n "${OPENSSL_LEGACY:-}" ]; then
|
||||||
|
O_LEGACY_SRV="$OPENSSL_LEGACY s_server -www -cert data_files/server5.crt -key data_files/server5.key"
|
||||||
|
O_LEGACY_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_LEGACY s_client"
|
||||||
|
else
|
||||||
|
O_LEGACY_SRV=false
|
||||||
|
O_LEGACY_CLI=false
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
|
||||||
|
G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
|
||||||
|
else
|
||||||
|
G_NEXT_SRV=false
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
|
||||||
|
G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile data_files/test-ca_cat12.crt"
|
||||||
|
else
|
||||||
|
G_NEXT_CLI=false
|
||||||
|
fi
|
||||||
|
|
||||||
TESTS=0
|
TESTS=0
|
||||||
FAILS=0
|
FAILS=0
|
||||||
SKIPS=0
|
SKIPS=0
|
||||||
|
@ -163,6 +185,34 @@ requires_gnutls() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# skip next test if GnuTLS-next isn't available
|
||||||
|
requires_gnutls_next() {
|
||||||
|
if [ -z "${GNUTLS_NEXT_AVAILABLE:-}" ]; then
|
||||||
|
if ( which "${GNUTLS_NEXT_CLI:-}" && which "${GNUTLS_NEXT_SERV:-}" ) >/dev/null 2>&1; then
|
||||||
|
GNUTLS_NEXT_AVAILABLE="YES"
|
||||||
|
else
|
||||||
|
GNUTLS_NEXT_AVAILABLE="NO"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
|
||||||
|
SKIP_NEXT="YES"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# skip next test if OpenSSL-legacy isn't available
|
||||||
|
requires_openssl_legacy() {
|
||||||
|
if [ -z "${OPENSSL_LEGACY_AVAILABLE:-}" ]; then
|
||||||
|
if which "${OPENSSL_LEGACY:-}" >/dev/null 2>&1; then
|
||||||
|
OPENSSL_LEGACY_AVAILABLE="YES"
|
||||||
|
else
|
||||||
|
OPENSSL_LEGACY_AVAILABLE="NO"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ "$OPENSSL_LEGACY_AVAILABLE" = "NO" ]; then
|
||||||
|
SKIP_NEXT="YES"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
# skip next test if IPv6 isn't available on this host
|
# skip next test if IPv6 isn't available on this host
|
||||||
requires_ipv6() {
|
requires_ipv6() {
|
||||||
if [ -z "${HAS_IPV6:-}" ]; then
|
if [ -z "${HAS_IPV6:-}" ]; then
|
||||||
|
@ -718,7 +768,20 @@ P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1
|
||||||
O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
|
O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
|
||||||
O_CLI="$O_CLI -connect localhost:+SRV_PORT"
|
O_CLI="$O_CLI -connect localhost:+SRV_PORT"
|
||||||
G_SRV="$G_SRV -p $SRV_PORT"
|
G_SRV="$G_SRV -p $SRV_PORT"
|
||||||
G_CLI="$G_CLI -p +SRV_PORT localhost"
|
G_CLI="$G_CLI -p +SRV_PORT"
|
||||||
|
|
||||||
|
if [ -n "${OPENSSL_LEGACY:-}" ]; then
|
||||||
|
O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
|
||||||
|
O_LEGACY_CLI="$O_LEGACY_CLI -connect localhost:+SRV_PORT"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
|
||||||
|
G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
|
||||||
|
G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT"
|
||||||
|
fi
|
||||||
|
|
||||||
# Allow SHA-1, because many of our test certificates use it
|
# Allow SHA-1, because many of our test certificates use it
|
||||||
P_SRV="$P_SRV allow_sha1=1"
|
P_SRV="$P_SRV allow_sha1=1"
|
||||||
|
@ -2074,7 +2137,7 @@ run_test "Renego ext: gnutls server unsafe, client break legacy" \
|
||||||
requires_gnutls
|
requires_gnutls
|
||||||
run_test "Renego ext: gnutls client strict, server default" \
|
run_test "Renego ext: gnutls client strict, server default" \
|
||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
"$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION" \
|
"$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \
|
||||||
0 \
|
0 \
|
||||||
-s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
|
-s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
|
||||||
-s "server hello, secure renegotiation extension"
|
-s "server hello, secure renegotiation extension"
|
||||||
|
@ -2082,7 +2145,7 @@ run_test "Renego ext: gnutls client strict, server default" \
|
||||||
requires_gnutls
|
requires_gnutls
|
||||||
run_test "Renego ext: gnutls client unsafe, server default" \
|
run_test "Renego ext: gnutls client unsafe, server default" \
|
||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
"$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
|
"$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
|
||||||
0 \
|
0 \
|
||||||
-S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
|
-S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
|
||||||
-S "server hello, secure renegotiation extension"
|
-S "server hello, secure renegotiation extension"
|
||||||
|
@ -2090,7 +2153,7 @@ run_test "Renego ext: gnutls client unsafe, server default" \
|
||||||
requires_gnutls
|
requires_gnutls
|
||||||
run_test "Renego ext: gnutls client unsafe, server break legacy" \
|
run_test "Renego ext: gnutls client unsafe, server break legacy" \
|
||||||
"$P_SRV debug_level=3 allow_legacy=-1" \
|
"$P_SRV debug_level=3 allow_legacy=-1" \
|
||||||
"$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
|
"$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
|
||||||
1 \
|
1 \
|
||||||
-S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
|
-S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
|
||||||
-S "server hello, secure renegotiation extension"
|
-S "server hello, secure renegotiation extension"
|
||||||
|
@ -2101,7 +2164,7 @@ requires_gnutls
|
||||||
run_test "DER format: no trailing bytes" \
|
run_test "DER format: no trailing bytes" \
|
||||||
"$P_SRV crt_file=data_files/server5-der0.crt \
|
"$P_SRV crt_file=data_files/server5-der0.crt \
|
||||||
key_file=data_files/server5.key" \
|
key_file=data_files/server5.key" \
|
||||||
"$G_CLI " \
|
"$G_CLI localhost" \
|
||||||
0 \
|
0 \
|
||||||
-c "Handshake was completed" \
|
-c "Handshake was completed" \
|
||||||
|
|
||||||
|
@ -2109,7 +2172,7 @@ requires_gnutls
|
||||||
run_test "DER format: with a trailing zero byte" \
|
run_test "DER format: with a trailing zero byte" \
|
||||||
"$P_SRV crt_file=data_files/server5-der1a.crt \
|
"$P_SRV crt_file=data_files/server5-der1a.crt \
|
||||||
key_file=data_files/server5.key" \
|
key_file=data_files/server5.key" \
|
||||||
"$G_CLI " \
|
"$G_CLI localhost" \
|
||||||
0 \
|
0 \
|
||||||
-c "Handshake was completed" \
|
-c "Handshake was completed" \
|
||||||
|
|
||||||
|
@ -2117,7 +2180,7 @@ requires_gnutls
|
||||||
run_test "DER format: with a trailing random byte" \
|
run_test "DER format: with a trailing random byte" \
|
||||||
"$P_SRV crt_file=data_files/server5-der1b.crt \
|
"$P_SRV crt_file=data_files/server5-der1b.crt \
|
||||||
key_file=data_files/server5.key" \
|
key_file=data_files/server5.key" \
|
||||||
"$G_CLI " \
|
"$G_CLI localhost" \
|
||||||
0 \
|
0 \
|
||||||
-c "Handshake was completed" \
|
-c "Handshake was completed" \
|
||||||
|
|
||||||
|
@ -2125,7 +2188,7 @@ requires_gnutls
|
||||||
run_test "DER format: with 2 trailing random bytes" \
|
run_test "DER format: with 2 trailing random bytes" \
|
||||||
"$P_SRV crt_file=data_files/server5-der2.crt \
|
"$P_SRV crt_file=data_files/server5-der2.crt \
|
||||||
key_file=data_files/server5.key" \
|
key_file=data_files/server5.key" \
|
||||||
"$G_CLI " \
|
"$G_CLI localhost" \
|
||||||
0 \
|
0 \
|
||||||
-c "Handshake was completed" \
|
-c "Handshake was completed" \
|
||||||
|
|
||||||
|
@ -2133,7 +2196,7 @@ requires_gnutls
|
||||||
run_test "DER format: with 4 trailing random bytes" \
|
run_test "DER format: with 4 trailing random bytes" \
|
||||||
"$P_SRV crt_file=data_files/server5-der4.crt \
|
"$P_SRV crt_file=data_files/server5-der4.crt \
|
||||||
key_file=data_files/server5.key" \
|
key_file=data_files/server5.key" \
|
||||||
"$G_CLI " \
|
"$G_CLI localhost" \
|
||||||
0 \
|
0 \
|
||||||
-c "Handshake was completed" \
|
-c "Handshake was completed" \
|
||||||
|
|
||||||
|
@ -2141,7 +2204,7 @@ requires_gnutls
|
||||||
run_test "DER format: with 8 trailing random bytes" \
|
run_test "DER format: with 8 trailing random bytes" \
|
||||||
"$P_SRV crt_file=data_files/server5-der8.crt \
|
"$P_SRV crt_file=data_files/server5-der8.crt \
|
||||||
key_file=data_files/server5.key" \
|
key_file=data_files/server5.key" \
|
||||||
"$G_CLI " \
|
"$G_CLI localhost" \
|
||||||
0 \
|
0 \
|
||||||
-c "Handshake was completed" \
|
-c "Handshake was completed" \
|
||||||
|
|
||||||
|
@ -2149,7 +2212,7 @@ requires_gnutls
|
||||||
run_test "DER format: with 9 trailing random bytes" \
|
run_test "DER format: with 9 trailing random bytes" \
|
||||||
"$P_SRV crt_file=data_files/server5-der9.crt \
|
"$P_SRV crt_file=data_files/server5-der9.crt \
|
||||||
key_file=data_files/server5.key" \
|
key_file=data_files/server5.key" \
|
||||||
"$G_CLI " \
|
"$G_CLI localhost" \
|
||||||
0 \
|
0 \
|
||||||
-c "Handshake was completed" \
|
-c "Handshake was completed" \
|
||||||
|
|
||||||
|
@ -3714,14 +3777,14 @@ run_test "Per-version suites: TLS 1.2" \
|
||||||
requires_gnutls
|
requires_gnutls
|
||||||
run_test "ClientHello without extensions, SHA-1 allowed" \
|
run_test "ClientHello without extensions, SHA-1 allowed" \
|
||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION" \
|
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
|
||||||
0 \
|
0 \
|
||||||
-s "dumping 'client hello extensions' (0 bytes)"
|
-s "dumping 'client hello extensions' (0 bytes)"
|
||||||
|
|
||||||
requires_gnutls
|
requires_gnutls
|
||||||
run_test "ClientHello without extensions, SHA-1 forbidden in certificates on server" \
|
run_test "ClientHello without extensions, SHA-1 forbidden in certificates on server" \
|
||||||
"$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt allow_sha1=0" \
|
"$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt allow_sha1=0" \
|
||||||
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION" \
|
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
|
||||||
0 \
|
0 \
|
||||||
-s "dumping 'client hello extensions' (0 bytes)"
|
-s "dumping 'client hello extensions' (0 bytes)"
|
||||||
|
|
||||||
|
@ -4896,6 +4959,693 @@ run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \
|
||||||
-c "found fragmented DTLS handshake message" \
|
-c "found fragmented DTLS handshake message" \
|
||||||
-C "error"
|
-C "error"
|
||||||
|
|
||||||
|
# Tests for sending fragmented handshake messages with DTLS
|
||||||
|
#
|
||||||
|
# Use client auth when we need the client to send large messages,
|
||||||
|
# and use large cert chains on both sides too (the long chains we have all use
|
||||||
|
# both RSA and ECDSA, but ideally we should have long chains with either).
|
||||||
|
# Sizes reached (UDP payload):
|
||||||
|
# - 2037B for server certificate
|
||||||
|
# - 1542B for client certificate
|
||||||
|
# - 1013B for newsessionticket
|
||||||
|
# - all others below 512B
|
||||||
|
# All those tests assume MAX_CONTENT_LEN is at least 2048
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
run_test "DTLS fragmenting: none (for reference)" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
max_frag_len=2048" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
max_frag_len=2048" \
|
||||||
|
0 \
|
||||||
|
-S "found fragmented DTLS handshake message" \
|
||||||
|
-C "found fragmented DTLS handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
run_test "DTLS fragmenting: server only (max_frag_len)" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
max_frag_len=1024" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
max_frag_len=2048" \
|
||||||
|
0 \
|
||||||
|
-S "found fragmented DTLS handshake message" \
|
||||||
|
-c "found fragmented DTLS handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
run_test "DTLS fragmenting: server only (more) (max_frag_len)" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
max_frag_len=512" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
max_frag_len=2048" \
|
||||||
|
0 \
|
||||||
|
-S "found fragmented DTLS handshake message" \
|
||||||
|
-c "found fragmented DTLS handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 auth_mode=none \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
max_frag_len=2048" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
max_frag_len=512" \
|
||||||
|
0 \
|
||||||
|
-S "found fragmented DTLS handshake message" \
|
||||||
|
-c "found fragmented DTLS handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
max_frag_len=2048" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
max_frag_len=512" \
|
||||||
|
0 \
|
||||||
|
-s "found fragmented DTLS handshake message" \
|
||||||
|
-c "found fragmented DTLS handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
run_test "DTLS fragmenting: none (for reference) (MTU)" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
mtu=2048" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
mtu=2048" \
|
||||||
|
0 \
|
||||||
|
-S "found fragmented DTLS handshake message" \
|
||||||
|
-C "found fragmented DTLS handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
run_test "DTLS fragmenting: client (MTU)" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
mtu=2048" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
mtu=512" \
|
||||||
|
0 \
|
||||||
|
-s "found fragmented DTLS handshake message" \
|
||||||
|
-C "found fragmented DTLS handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
run_test "DTLS fragmenting: server (MTU)" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
mtu=512" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
mtu=2048" \
|
||||||
|
0 \
|
||||||
|
-S "found fragmented DTLS handshake message" \
|
||||||
|
-c "found fragmented DTLS handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
run_test "DTLS fragmenting: both (MTU)" \
|
||||||
|
-p "$P_PXY mtu=512" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
mtu=512" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
mtu=512" \
|
||||||
|
0 \
|
||||||
|
-s "found fragmented DTLS handshake message" \
|
||||||
|
-c "found fragmented DTLS handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend
|
||||||
|
# OTOH the client might resend if the server is to slow to reset after sending
|
||||||
|
# a HelloVerifyRequest, so only check for no retransmission server-side
|
||||||
|
not_with_valgrind # spurious resend due to timeout
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
run_test "DTLS fragmenting: proxy MTU, simple handshake" \
|
||||||
|
-p "$P_PXY mtu=512" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
mtu=512" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
mtu=512" \
|
||||||
|
0 \
|
||||||
|
-S "resend" \
|
||||||
|
-s "found fragmented DTLS handshake message" \
|
||||||
|
-c "found fragmented DTLS handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
not_with_valgrind # spurious resend due to timeout
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio" \
|
||||||
|
-p "$P_PXY mtu=512" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
mtu=512 nbio=2" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
mtu=512 nbio=2" \
|
||||||
|
0 \
|
||||||
|
-S "resend" \
|
||||||
|
-s "found fragmented DTLS handshake message" \
|
||||||
|
-c "found fragmented DTLS handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
# This ensures things still work after session_reset(),
|
||||||
|
# for example it would have caught #1941.
|
||||||
|
# It also exercises the "resumed hanshake" flow.
|
||||||
|
# Since we don't support reading fragmented ClientHello yet,
|
||||||
|
# up the MTU to 1450 (larger than ClientHello with session ticket,
|
||||||
|
# but still smaller than client's Certificate to ensure fragmentation).
|
||||||
|
# reco_delay avoids races where the client reconnects before the server has
|
||||||
|
# resumed listening, which would result in a spurious resend.
|
||||||
|
not_with_valgrind # spurious resend due to timeout
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
|
||||||
|
-p "$P_PXY mtu=1450" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
mtu=1450" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
mtu=1450 reconnect=1 reco_delay=1" \
|
||||||
|
0 \
|
||||||
|
-S "resend" \
|
||||||
|
-s "found fragmented DTLS handshake message" \
|
||||||
|
-c "found fragmented DTLS handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
not_with_valgrind # spurious resend due to timeout
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SHA256_C
|
||||||
|
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
|
||||||
|
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||||
|
requires_config_enabled MBEDTLS_CHACHAPOLY_C
|
||||||
|
run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
|
||||||
|
-p "$P_PXY mtu=512" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
exchanges=2 renegotiation=1 \
|
||||||
|
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
|
||||||
|
mtu=512" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
exchanges=2 renegotiation=1 renegotiate=1 \
|
||||||
|
mtu=512" \
|
||||||
|
0 \
|
||||||
|
-S "resend" \
|
||||||
|
-s "found fragmented DTLS handshake message" \
|
||||||
|
-c "found fragmented DTLS handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
not_with_valgrind # spurious resend due to timeout
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SHA256_C
|
||||||
|
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
|
||||||
|
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||||
|
requires_config_enabled MBEDTLS_AES_C
|
||||||
|
requires_config_enabled MBEDTLS_GCM_C
|
||||||
|
run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \
|
||||||
|
-p "$P_PXY mtu=512" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
exchanges=2 renegotiation=1 \
|
||||||
|
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||||
|
mtu=512" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
exchanges=2 renegotiation=1 renegotiate=1 \
|
||||||
|
mtu=512" \
|
||||||
|
0 \
|
||||||
|
-S "resend" \
|
||||||
|
-s "found fragmented DTLS handshake message" \
|
||||||
|
-c "found fragmented DTLS handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
not_with_valgrind # spurious resend due to timeout
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SHA256_C
|
||||||
|
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
|
||||||
|
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||||
|
requires_config_enabled MBEDTLS_AES_C
|
||||||
|
requires_config_enabled MBEDTLS_CCM_C
|
||||||
|
run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \
|
||||||
|
-p "$P_PXY mtu=512" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
exchanges=2 renegotiation=1 \
|
||||||
|
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
|
||||||
|
mtu=512" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
exchanges=2 renegotiation=1 renegotiate=1 \
|
||||||
|
mtu=512" \
|
||||||
|
0 \
|
||||||
|
-S "resend" \
|
||||||
|
-s "found fragmented DTLS handshake message" \
|
||||||
|
-c "found fragmented DTLS handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
not_with_valgrind # spurious resend due to timeout
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SHA256_C
|
||||||
|
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
|
||||||
|
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||||
|
requires_config_enabled MBEDTLS_AES_C
|
||||||
|
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||||
|
requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
|
run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
|
||||||
|
-p "$P_PXY mtu=512" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
exchanges=2 renegotiation=1 \
|
||||||
|
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
|
||||||
|
mtu=512" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
exchanges=2 renegotiation=1 renegotiate=1 \
|
||||||
|
mtu=512" \
|
||||||
|
0 \
|
||||||
|
-S "resend" \
|
||||||
|
-s "found fragmented DTLS handshake message" \
|
||||||
|
-c "found fragmented DTLS handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
not_with_valgrind # spurious resend due to timeout
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SHA256_C
|
||||||
|
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
|
||||||
|
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||||
|
requires_config_enabled MBEDTLS_AES_C
|
||||||
|
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||||
|
run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
|
||||||
|
-p "$P_PXY mtu=512" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
exchanges=2 renegotiation=1 \
|
||||||
|
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \
|
||||||
|
mtu=512" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
exchanges=2 renegotiation=1 renegotiate=1 \
|
||||||
|
mtu=512" \
|
||||||
|
0 \
|
||||||
|
-S "resend" \
|
||||||
|
-s "found fragmented DTLS handshake message" \
|
||||||
|
-c "found fragmented DTLS handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
client_needs_more_time 2
|
||||||
|
run_test "DTLS fragmenting: proxy MTU + 3d" \
|
||||||
|
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
hs_timeout=250-10000 mtu=512" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
hs_timeout=250-10000 mtu=512" \
|
||||||
|
0 \
|
||||||
|
-s "found fragmented DTLS handshake message" \
|
||||||
|
-c "found fragmented DTLS handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
client_needs_more_time 2
|
||||||
|
run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \
|
||||||
|
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
hs_timeout=250-10000 mtu=512 nbio=2" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
hs_timeout=250-10000 mtu=512 nbio=2" \
|
||||||
|
0 \
|
||||||
|
-s "found fragmented DTLS handshake message" \
|
||||||
|
-c "found fragmented DTLS handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
# interop tests for DTLS fragmentating with reliable connection
|
||||||
|
#
|
||||||
|
# here and below we just want to test that the we fragment in a way that
|
||||||
|
# pleases other implementations, so we don't need the peer to fragment
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
|
requires_gnutls
|
||||||
|
run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
|
||||||
|
"$G_SRV -u" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
mtu=512 force_version=dtls1_2" \
|
||||||
|
0 \
|
||||||
|
-c "fragmenting handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
|
requires_gnutls
|
||||||
|
run_test "DTLS fragmenting: gnutls server, DTLS 1.0" \
|
||||||
|
"$G_SRV -u" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
mtu=512 force_version=dtls1" \
|
||||||
|
0 \
|
||||||
|
-c "fragmenting handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
|
requires_gnutls
|
||||||
|
run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
mtu=512 force_version=dtls1_2" \
|
||||||
|
"$G_CLI -u --insecure 127.0.0.1" \
|
||||||
|
0 \
|
||||||
|
-s "fragmenting handshake message"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
|
requires_gnutls
|
||||||
|
run_test "DTLS fragmenting: gnutls client, DTLS 1.0" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
mtu=512 force_version=dtls1" \
|
||||||
|
"$G_CLI -u --insecure 127.0.0.1" \
|
||||||
|
0 \
|
||||||
|
-s "fragmenting handshake message"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
|
run_test "DTLS fragmenting: openssl server, DTLS 1.2" \
|
||||||
|
"$O_SRV -dtls1_2 -verify 10" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
mtu=512 force_version=dtls1_2" \
|
||||||
|
0 \
|
||||||
|
-c "fragmenting handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
|
run_test "DTLS fragmenting: openssl server, DTLS 1.0" \
|
||||||
|
"$O_SRV -dtls1 -verify 10" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
mtu=512 force_version=dtls1" \
|
||||||
|
0 \
|
||||||
|
-c "fragmenting handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
|
run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
mtu=512 force_version=dtls1_2" \
|
||||||
|
"$O_CLI -dtls1_2" \
|
||||||
|
0 \
|
||||||
|
-s "fragmenting handshake message"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
|
run_test "DTLS fragmenting: openssl client, DTLS 1.0" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
mtu=512 force_version=dtls1" \
|
||||||
|
"$O_CLI -dtls1" \
|
||||||
|
0 \
|
||||||
|
-s "fragmenting handshake message"
|
||||||
|
|
||||||
|
# interop tests for DTLS fragmentating with unreliable connection
|
||||||
|
#
|
||||||
|
# again we just want to test that the we fragment in a way that
|
||||||
|
# pleases other implementations, so we don't need the peer to fragment
|
||||||
|
requires_gnutls_next
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
|
client_needs_more_time 4
|
||||||
|
run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
|
||||||
|
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
|
"$G_NEXT_SRV -u" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
|
||||||
|
0 \
|
||||||
|
-c "fragmenting handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
requires_gnutls_next
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
|
client_needs_more_time 4
|
||||||
|
run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
|
||||||
|
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
|
"$G_NEXT_SRV -u" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
hs_timeout=250-60000 mtu=512 force_version=dtls1" \
|
||||||
|
0 \
|
||||||
|
-c "fragmenting handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
## The two tests below are disabled due to a bug in GnuTLS client that causes
|
||||||
|
## handshake failures when the NewSessionTicket message is lost, see
|
||||||
|
## https://gitlab.com/gnutls/gnutls/issues/543
|
||||||
|
## We can re-enable them when a fixed version fo GnuTLS is available
|
||||||
|
## and installed in our CI system.
|
||||||
|
##
|
||||||
|
## requires_gnutls
|
||||||
|
## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
## requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
## requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
|
## client_needs_more_time 4
|
||||||
|
## run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
|
||||||
|
## -p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
|
## "$P_SRV dtls=1 debug_level=2 \
|
||||||
|
## crt_file=data_files/server7_int-ca.crt \
|
||||||
|
## key_file=data_files/server7.key \
|
||||||
|
## hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
|
||||||
|
## "$G_CLI -u --insecure 127.0.0.1" \
|
||||||
|
## 0 \
|
||||||
|
## -s "fragmenting handshake message"
|
||||||
|
##
|
||||||
|
## requires_gnutls
|
||||||
|
## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
## requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
## requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
|
## client_needs_more_time 4
|
||||||
|
## run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
|
||||||
|
## -p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
|
## "$P_SRV dtls=1 debug_level=2 \
|
||||||
|
## crt_file=data_files/server7_int-ca.crt \
|
||||||
|
## key_file=data_files/server7.key \
|
||||||
|
## hs_timeout=250-60000 mtu=512 force_version=dtls1" \
|
||||||
|
## "$G_CLI -u --insecure 127.0.0.1" \
|
||||||
|
## 0 \
|
||||||
|
## -s "fragmenting handshake message"
|
||||||
|
|
||||||
|
## Interop test with OpenSSL might triger a bug in recent versions (that
|
||||||
|
## probably won't be fixed before 1.1.1X), so we use an old version that
|
||||||
|
## doesn't have this bug, but unfortunately it doesn't have support for DTLS
|
||||||
|
## 1.2 either, so the DTLS 1.2 tests are commented for now.
|
||||||
|
## Bug report: https://github.com/openssl/openssl/issues/6902
|
||||||
|
## They should be re-enabled (and the DTLS 1.0 switched back to a non-legacy
|
||||||
|
## version of OpenSSL once a fixed version of OpenSSL is available)
|
||||||
|
##
|
||||||
|
## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
## requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
## requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
|
## client_needs_more_time 4
|
||||||
|
## run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
|
||||||
|
## -p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
|
## "$O_SRV -dtls1_2 -verify 10" \
|
||||||
|
## "$P_CLI dtls=1 debug_level=2 \
|
||||||
|
## crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
## key_file=data_files/server8.key \
|
||||||
|
## hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
|
||||||
|
## 0 \
|
||||||
|
## -c "fragmenting handshake message" \
|
||||||
|
## -C "error"
|
||||||
|
|
||||||
|
requires_openssl_legacy
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
|
client_needs_more_time 4
|
||||||
|
run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
|
||||||
|
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
|
"$O_LEGACY_SRV -dtls1 -verify 10" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
|
key_file=data_files/server8.key \
|
||||||
|
hs_timeout=250-60000 mtu=512 force_version=dtls1" \
|
||||||
|
0 \
|
||||||
|
-c "fragmenting handshake message" \
|
||||||
|
-C "error"
|
||||||
|
|
||||||
|
## see comment on the previous-previous test
|
||||||
|
## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
## requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
## requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
|
## client_needs_more_time 4
|
||||||
|
## run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
|
||||||
|
## -p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
|
## "$P_SRV dtls=1 debug_level=2 \
|
||||||
|
## crt_file=data_files/server7_int-ca.crt \
|
||||||
|
## key_file=data_files/server7.key \
|
||||||
|
## hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
|
||||||
|
## "$O_CLI -dtls1_2" \
|
||||||
|
## 0 \
|
||||||
|
## -s "fragmenting handshake message"
|
||||||
|
|
||||||
|
# -nbio is added to prevent s_client from blocking in case of duplicated
|
||||||
|
# messages at the end of the handshake
|
||||||
|
requires_openssl_legacy
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
|
client_needs_more_time 4
|
||||||
|
run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \
|
||||||
|
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 \
|
||||||
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
key_file=data_files/server7.key \
|
||||||
|
hs_timeout=250-60000 mtu=512 force_version=dtls1" \
|
||||||
|
"$O_LEGACY_CLI -nbio -dtls1" \
|
||||||
|
0 \
|
||||||
|
-s "fragmenting handshake message"
|
||||||
|
|
||||||
# Tests for specific things with "unreliable" UDP connection
|
# Tests for specific things with "unreliable" UDP connection
|
||||||
|
|
||||||
not_with_valgrind # spurious resend due to timeout
|
not_with_valgrind # spurious resend due to timeout
|
||||||
|
|
Loading…
Reference in a new issue