-
Notifications
You must be signed in to change notification settings - Fork 2.7k
Add basic handshake defragmentation tests in ssl-opt #9989
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
gilles-peskine-arm
merged 33 commits into
Mbed-TLS:features/tls-defragmentation/development
from
minosgalanakis:issue9887_add_basic_defragmentation_tests
Feb 28, 2025
Merged
Changes from 31 commits
Commits
Show all changes
33 commits
Select commit
Hold shift + click to select a range
79a8ded
Add TLS Hanshake defragmentation tests
waleed-elmelegy-arm 0e0d5d4
Improve TLS handshake defragmentation tests
waleed-elmelegy-arm c0118d8
Fix typo in TLS Handshake defrafmentation tests
waleed-elmelegy-arm fccd014
Remove unnecessary string check in handshake defragmentation tests
waleed-elmelegy-arm f912031
Require openssl to support TLS 1.3 in handshake defragmentation tests
waleed-elmelegy-arm 48874b3
Add client authentication to handshake defragmentation tests
waleed-elmelegy-arm 39d83dd
Remove unneeded mtu option from handshake fragmentation tests
waleed-elmelegy-arm 61b8e2d
Enforce client authentication in handshake fragmentation tests
waleed-elmelegy-arm f162249
Add a comment to elaborate using split_send_frag in handshake defragm…
waleed-elmelegy-arm a75c7e0
Add guard to handshake defragmentation tests for client certificate
waleed-elmelegy-arm 5f21537
Test Handshake defragmentation only for TLS 1.3 only for small values
waleed-elmelegy-arm 4028cfd
Add missing client certificate check in handshake defragmentation tests
waleed-elmelegy-arm 270dd74
ssl-opt: Updated the keywords to look up during handshake fragmentati…
minosgalanakis a1b9117
ssl-opt: Added requires_openssl_3_x to defragmentation tests.
minosgalanakis a8a298c
ssl-opt: Adjusted the wording on handshake fragmentation tests.
minosgalanakis a4dde77
ssl-opt: Dependency resolving set to use to requires_protocol_version…
minosgalanakis 85fe73d
ssl-opt: Added tls 1.2 tests for HS defragmentation.
minosgalanakis 41782a9
ssl-opt: Added negative-assertion testing, (HS Fragmentation disabled)
minosgalanakis 1c106af
ssl-opt: Added handshake fragmentation tests for 4 byte fragments.
minosgalanakis 74ce749
ssl-opt: Added negative tests for handshake fragmentation.
minosgalanakis 36c81f5
ssl-opt: Added DSA-RSA dependency on TLS1.2 defragmentation testing.
minosgalanakis d708a63
ssl-opt: Updated documentation.
minosgalanakis eddbb5a
ChangeLog: Updated the entry for tls-hs-defragmentation
minosgalanakis a5a8c9f
ssl-opt: Added coverage for hs defragmentation TLS 1.2 tests.
minosgalanakis 99ca668
ssl-opt: Replaced max_send_frag with split_send_frag
minosgalanakis cd6a24b
ssl-opt.sh: Disabled HS Defrag Tests for TLS1.2 where len < 16
minosgalanakis c8709c6
ssl-opt: Removed redundant dependencies: requires_openssl_3_x
minosgalanakis 17170a5
ssl-opt: Updated documentation of HS-Defrag tests.
minosgalanakis 19dbbe0
analyze_outcomes: Temporary disabled 3 HS Degragmentation tests.
minosgalanakis 76957cc
ssl-opt: Minor typos and documentation fixes.
minosgalanakis d01ac30
ssl-opt: Adjusted reference hs defragmentation tests.
minosgalanakis 0dd57a9
ssl-opt: Removed dependencies for HS defrag negative tests.
minosgalanakis 4354dc6
ssl-opt: Re-introduce certificate dependency for HS negative tests.
minosgalanakis File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For a follow-up: I think we should document the limitations of defragmentation in the versioned, rendered documentation — so presumably in a Doxygen comment in
ssl.h. Especially if this evolves over time, users and maintainers shouldn't have to puzzle out the result from a series of changelog entries. And we then don't need to list all the limitations in the changelog entry.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point. Generally speaking, we (and I'm as guilty of it as anyone) tend to put too much information in the ChangeLog that should really be in the documentation.
In this case though, I'm not entirely sure where this would fit in
ssl.h. In the documentation ofssl_handshake()?Ideally, I think in addition to doxygen comments, we should have a (versioned) summary document for what's implemented or not or partially for TLS 1.2, DTLS and for X.509. I think we have something like this for TLS 1.3 (
docs/architecture/tls13-support.md). For TLS 1.2 I thought there was something (as list of implemented RFCs, probably outdated) in the old Knowledge Base but I can't find it any more.