Add basic handshake defragmentation tests in ssl-opt #9989
Conversation
minosgalanakis
changed the base branch from
development
to
features/tls-defragmentation/development
minosgalanakis
force-pushed
the
issue9887_add_basic_defragmentation_tests
branch
from
6e261a1 to
aeba05a
Compare
minosgalanakis
force-pushed
the
issue9887_add_basic_defragmentation_tests
branch
2 times, most recently
from
5bf1ff3 to
5c8cbb2
Compare
minosgalanakis
force-pushed
the
issue9887_add_basic_defragmentation_tests
branch
5 times, most recently
from
aee03e9 to
765755a
Compare
|
Quick update: I have addressed all the comments, cleaned up the commit history to make it easier to review, and increased coverage. I will be sharing a table with what is covered for design review purposes. |
|
Thanks! Now that #9872 is merged, can you rebase on top of it? Also, can you add a commit disabling (by prepending Once we've agreed on a solution to the underlying problem, we'll re-enable those tests in some form (probably just assert failure when using 1.2 and with fragment length < 16, but we can't do that right now, as the handshake succeeds with ChachaPoly). |
Tests uses openssl s_server with a mix of max_send_frag and split_send_frag options. Signed-off-by: Waleed Elmelegy <[email protected]>
* Add tests for the server side. * Remove restriction for TLS 1.2 so that we can test TLS 1.2 & 1.3. * Use latest version of openSSL to make sure -max_send_frag & -split_send_frag flags are supported. Signed-off-by: Waleed Elmelegy <[email protected]>
Signed-off-by: Waleed Elmelegy <[email protected]>
Signed-off-by: Waleed Elmelegy <[email protected]>
Signed-off-by: Waleed Elmelegy <[email protected]>
Signed-off-by: Waleed Elmelegy <[email protected]>
Signed-off-by: Waleed Elmelegy <[email protected]>
Signed-off-by: Waleed Elmelegy <[email protected]>
…entation tests Signed-off-by: Waleed Elmelegy <[email protected]>
Signed-off-by: Waleed Elmelegy <[email protected]>
Signed-off-by: Waleed Elmelegy <[email protected]>
Signed-off-by: Waleed Elmelegy <[email protected]>
…on tests. Signed-off-by: Minos Galanakis <[email protected]>
gilles-peskine-arm
added
needs-work
needs-backports
github-project-automation
bot
moved this to In Development
in Roadmap pull requests (new board)
Signed-off-by: Minos Galanakis <[email protected]>
Signed-off-by: Minos Galanakis <[email protected]>
There was a problem hiding this comment.
There's still one spurious dependency on requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3: #9989 (comment) . Other than that LGTM
tests/ssl-opt.sh
Outdated
|
|
||
| requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 | ||
| requires_certificate_authentication | ||
| requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED |
There was a problem hiding this comment.
I had missed this spurious dependency, good call for removing it from the backport: the negative test for handshake too small doesn't require ECDSA support. In fact it doesn't need certificate authentication at all. We can fix this later.
Signed-off-by: Minos Galanakis <[email protected]>
gilles-peskine-arm
added
needs-review
|
One test failedin |
Signed-off-by: Minos Galanakis <[email protected]>
| @@ -14220,12 +14217,12 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ | |||
| -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ | |||
| -s "waiting for more fragments (128" | |||
|
|
|||
| # Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing | |||
| # Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing | |||
There was a problem hiding this comment.
Introducing a typo: missing space defragmentationis (no need to fix if there's nothing else).
github-project-automation
bot
moved this from In Development
to Has Approval
in Roadmap pull requests (new board)
gilles-peskine-arm
merged commit 6eabe58
into
Mbed-TLS:features/tls-defragmentation/development
github-project-automation
bot
moved this from Has Approval
to Done
in Roadmap pull requests (new board)
Description
Implements a portion of the testing needed for #9872. This pr extends #9928 and resolves #9887
PR checklist
Please remove the segment/s on either side of the | symbol as appropriate, and add any relevant link/s to the end of the line.
If the provided content is part of the present PR remove the # symbol.