Extend ssl-opt testing for TLS HS defragmentation #10007
Conversation
minosgalanakis
changed the base branch from
development
to
features/tls-defragmentation/development
minosgalanakis
changed the title
minosgalanakis
force-pushed
the
task9887_extend_defragmentation_tests
branch
2 times, most recently
from
20501e7 to
d2ab8b5
Compare
minosgalanakis
force-pushed
the
task9887_extend_defragmentation_tests
branch
5 times, most recently
from
d93a7b2 to
8158b39
Compare
mpg
left a comment
mpg
left a comment
There was a problem hiding this comment.
Just a first pass, making myself familiar with things. I haven't looked at the buffer resizing part, only renego.
It seems to me that we need to distinguish two things:
- the party that fragments
- the party that initiates renegotiation
So far it looks like we're testing both options for the party that fragments, but the party that initiates the renegotiation is always the client. I'm not sure if we need the full matrix, but we need to make a conscious decision about our test plan.
IMO the hardest case is when the client is both initiating and fragmenting (tested in this PR), and the ClientHello that initiates the renegotiation is fragmented (not tested so far).
Server-initiated renego is very simple: it's just the server sending a HelloRequest (empty, so can't be fragmented) followed by a handshake that's identical to client-initiated renego. Basically, only the client can actually start the renego, all the server can do is ask the client to start it. So, I'm not overly worried about not having tests for server-initiated renego with fragmentation, though as a matter of principle it might be good to have one.
tests/ssl-opt.sh
Outdated
| "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ | ||
| "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ | ||
| requires_config_enabled MBEDTLS_SSL_RENEGOTIATION | ||
| run_test "Handshake defragmentation with client-initiated renegotation: len=256" \ |
There was a problem hiding this comment.
Typo: renegotIation (multiple occurrences).
There was a problem hiding this comment.
Looks promising at dee46de, but we're missing what's perhaps the most important case: a server receives a fragmented ClientHello for renegotiation.
| requires_protocol_version tls12 | ||
| requires_certificate_authentication | ||
| requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH | ||
| requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH |
There was a problem hiding this comment.
Why is buffer resizing relevant?
There was a problem hiding this comment.
It was requested by @mpg andscoped in as part of the possible extended tests in the design discussions. This PR is exploring how it could be introduced, but I am happy to move forward either way.
There was a problem hiding this comment.
Actually Gilles I think it was you who brought it up, back when the original PR was introducing a new pointer. IIRC the reasoning was that any new pointer comes with a risk of use-after-free, so what's the one thing that frees (reallocates) in_buf other than ssl_free() (which also sets all the pointers to NULL) - it's buffer resizing. Back then I think you said that based on reading the code it looked OK (pointer updated in the relevant place) but as a matter of principle we should have a test. After that I included it in my list of tests we wanted.
Now that we don't have an extra pointer any more, I agree it seems less important. However since Minos already wrote the tests cases, I'm inclined to keep them.
minosgalanakis
force-pushed
the
task9887_extend_defragmentation_tests
branch
from
dee46de to
92ec60f
Compare
|
The force push to 92ec60f is simply the rebase on updated feature branch. |
minosgalanakis
force-pushed
the
task9887_extend_defragmentation_tests
branch
from
92ec60f to
54e275d
Compare
minosgalanakis
added
size-s
github-project-automation
bot
moved this to In Development
in Roadmap pull requests (new board)
minosgalanakis
added
the
needs-review
|
@mpg , @gilles-peskine-arm All the comments have been addressed, and the CI is clear. |
mpg
changed the base branch from
features/tls-defragmentation/development
to
development
mpg
changed the base branch from
development
to
features/tls-defragmentation/development
mpg
changed the base branch from
features/tls-defragmentation/development
to
development
Signed-off-by: Minos Galanakis <[email protected]>
Signed-off-by: Minos Galanakis <[email protected]>
Signed-off-by: Minos Galanakis <[email protected]>
Signed-off-by: Minos Galanakis <[email protected]>
…ffer depth. Signed-off-by: Minos Galanakis <[email protected]>
…tiation delay Signed-off-by: Minos Galanakis <[email protected]>
minosgalanakis
force-pushed
the
task9887_extend_defragmentation_tests
branch
from
7949ab0 to
f475a15
Compare
minosgalanakis
moved this from In Development
to In Review
in Roadmap pull requests (new board)
gilles-peskine-arm
left a comment
gilles-peskine-arm
left a comment
There was a problem hiding this comment.
LGTM except for a typo that affects test case filtering.
| -c "client hello, adding renegotiation extension" \ | ||
| -c "found renegotiation extension" \ | ||
| -c "=> renegotiate" | ||
|
|
There was a problem hiding this comment.
There's no test case for renegotiation when Mbed TLS is the party that initiates the renegotiation. However, as noted by Manuel, server-initiated renegotiation just means a non-fragmentable (because empty) HelloRequest from the server, followed by the same exchanges as client-initiated renegotiation. So for our purposes here, testing both sides of the initiation doesn't really matter. What matters is testing both a fragmented renegotiation ClientHello (i.e. OpenSSL is the fragmenting client and Mbed TLS is the defragmenting server) and a fragmented renegotiation ServerHello (i.e. OpenSSL is the fragmenting server and Mbed TLS is the defragmenting client), and this is done.
There was a problem hiding this comment.
To be clear, this comment states that there's an apparent testing gap, but it's ok because it's not really an actual testing gap, so no action is needed.
github-project-automation
bot
moved this from In Review
to In Development
in Roadmap pull requests (new board)
gilles-peskine-arm
added
needs-work
and removed
needs-review
mpg
left a comment
mpg
left a comment
There was a problem hiding this comment.
Thanks for addressing my feedback, looks pretty good to me now!
Only left two minor comments that probably wouldn't be worth another round on their own, but since we already need another round for the filter-impacting typo found by Gilles, you may consider addressing those as well.
Signed-off-by: Minos Galanakis <[email protected]>
… initiated reneg Signed-off-by: Minos Galanakis <[email protected]>
mpg
left a comment
mpg
left a comment
There was a problem hiding this comment.
Looks all good to me now, thanks!
mpg
added
needs-review
| -c "client hello, adding renegotiation extension" \ | ||
| -c "found renegotiation extension" \ | ||
| -c "=> renegotiate" | ||
|
|
There was a problem hiding this comment.
To be clear, this comment states that there's an apparent testing gap, but it's ok because it's not really an actual testing gap, so no action is needed.
github-project-automation
bot
moved this from In Development
to Has Approval
in Roadmap pull requests (new board)
gilles-peskine-arm
added
approved
github-project-automation
bot
moved this from Has Approval
to Done
in Roadmap pull requests (new board)
3 participants
Description
Continue the work on #9928 adding more specially designed tests in ssl-opt.sh. Currently it is focused on buffer resizing and renegotiation for TLS 1.2. The scope may be expanded.
PR checklist
Please remove the segment/s on either side of the | symbol as appropriate, and add any relevant link/s to the end of the line.
If the provided content is part of the present PR remove the # symbol.