yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-19 10:21:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4696 from yutotakano/fix-ssl-opt.sh-hard-abort-2.x

Browse source 
Backport 2.x: ssl-opt.sh: Skip tests instead of conditional hard abort
This commit is contained in:
Gilles Peskine 2021-08-04 10:16:42 +02:00 committed by GitHub
parent a92a3e9290 75ab928496
commit 1b95b34c4b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 112 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

141
tests/ssl-opt.sh
View file

@ -242,6 +242,17 @@ requires_config_value_at_most() {
fi
}
requires_config_value_equals() {
VAL=$( get_config_value_or_default "$1" )
if [ -z "$VAL" ]; then
# Should never happen
echo "Mbed TLS configuration $1 is not defined"
exit 1
elif [ "$VAL" -ne "$2" ]; then
SKIP_NEXT="YES"
fi
}
# Space-separated list of ciphersuites supported by this build of
# Mbed TLS.
P_CIPHERSUITES=" $($P_CLI --help 2>/dev/null |
@ -296,6 +307,12 @@ requires_openssl_with_fallback_scsv() {
fi
}
# skip next test if either IN_CONTENT_LEN or MAX_CONTENT_LEN are below a value
requires_max_content_len() {
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" $1
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" $1
}
# skip next test if GnuTLS isn't available
requires_gnutls() {
if [ -z "${GNUTLS_AVAILABLE:-}" ]; then
@ -374,10 +391,11 @@ requires_not_i686() {
}
# Calculate the input & output maximum content lengths set in the config
MAX_CONTENT_LEN=$( ../scripts/config.py get MBEDTLS_SSL_MAX_CONTENT_LEN || echo "16384")
MAX_IN_LEN=$( ../scripts/config.py get MBEDTLS_SSL_IN_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
MAX_OUT_LEN=$( ../scripts/config.py get MBEDTLS_SSL_OUT_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
MAX_CONTENT_LEN=$( get_config_value_or_default "MBEDTLS_SSL_MAX_CONTENT_LEN" )
MAX_IN_LEN=$( get_config_value_or_default "MBEDTLS_SSL_IN_CONTENT_LEN" )
MAX_OUT_LEN=$( get_config_value_or_default "MBEDTLS_SSL_OUT_CONTENT_LEN" )
# Calculate the maximum content length that fits both
if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then
MAX_CONTENT_LEN="$MAX_IN_LEN"
fi
@ -2403,8 +2421,12 @@ run_test "Connection ID, 3D: Cli+Srv enabled, Srv disables on renegotiation"
-c "ignoring unexpected CID" \
-s "ignoring unexpected CID"
# This and the test below it require MAX_CONTENT_LEN to be at least MFL+1, because the
# tests check that the buffer contents are reallocated when the message is
# larger than the buffer.
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
requires_max_content_len 513
run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=512" \
"$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \
"$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=512 dtls=1 cid=1 cid_val=beef" \
@ -2418,6 +2440,7 @@ run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=512" \
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
requires_max_content_len 1025
run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=1024" \
"$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \
"$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=1024 dtls=1 cid=1 cid_val=beef" \
@ -3151,15 +3174,6 @@ run_test "Session resume using cache, DTLS: openssl server" \
# Tests for Max Fragment Length extension
if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then
printf '%s defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n' "${CONFIG_H}"
exit 1
fi
if [ $MAX_CONTENT_LEN -ne 16384 ]; then
echo "Using non-default maximum content length $MAX_CONTENT_LEN"
fi
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: enabled, default" \
"$P_SRV debug_level=3" \
@ -3224,7 +3238,7 @@ run_test "Max fragment length: disabled, larger message" \
-s "1 bytes read"
requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length DTLS: disabled, larger message" \
run_test "Max fragment length, DTLS: disabled, larger message" \
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
1 \
@ -3234,6 +3248,7 @@ run_test "Max fragment length DTLS: disabled, larger message" \
-S "Maximum output fragment length is 16384" \
-c "fragment larger than.*maximum "
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: used by client" \
"$P_SRV debug_level=3" \
@ -3248,6 +3263,7 @@ run_test "Max fragment length: used by client" \
-s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension"
requires_max_content_len 1024
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 512, server 1024" \
"$P_SRV debug_level=3 max_frag_len=1024" \
@ -3262,6 +3278,7 @@ run_test "Max fragment length: client 512, server 1024" \
-s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension"
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 512, server 2048" \
"$P_SRV debug_level=3 max_frag_len=2048" \
@ -3276,6 +3293,7 @@ run_test "Max fragment length: client 512, server 2048" \
-s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension"
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 512, server 4096" \
"$P_SRV debug_level=3 max_frag_len=4096" \
@ -3290,6 +3308,7 @@ run_test "Max fragment length: client 512, server 4096" \
-s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension"
requires_max_content_len 1024
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 1024, server 512" \
"$P_SRV debug_level=3 max_frag_len=512" \
@ -3304,6 +3323,7 @@ run_test "Max fragment length: client 1024, server 512" \
-s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension"
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 1024, server 2048" \
"$P_SRV debug_level=3 max_frag_len=2048" \
@ -3318,6 +3338,7 @@ run_test "Max fragment length: client 1024, server 2048" \
-s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension"
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 1024, server 4096" \
"$P_SRV debug_level=3 max_frag_len=4096" \
@ -3332,6 +3353,7 @@ run_test "Max fragment length: client 1024, server 4096" \
-s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension"
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 2048, server 512" \
"$P_SRV debug_level=3 max_frag_len=512" \
@ -3346,6 +3368,7 @@ run_test "Max fragment length: client 2048, server 512" \
-s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension"
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 2048, server 1024" \
"$P_SRV debug_level=3 max_frag_len=1024" \
@ -3360,6 +3383,7 @@ run_test "Max fragment length: client 2048, server 1024" \
-s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension"
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 2048, server 4096" \
"$P_SRV debug_level=3 max_frag_len=4096" \
@ -3374,6 +3398,7 @@ run_test "Max fragment length: client 2048, server 4096" \
-s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension"
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 4096, server 512" \
"$P_SRV debug_level=3 max_frag_len=512" \
@ -3388,6 +3413,7 @@ run_test "Max fragment length: client 4096, server 512" \
-s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension"
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 4096, server 1024" \
"$P_SRV debug_level=3 max_frag_len=1024" \
@ -3402,6 +3428,7 @@ run_test "Max fragment length: client 4096, server 1024" \
-s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension"
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client 4096, server 2048" \
"$P_SRV debug_level=3 max_frag_len=2048" \
@ -3416,6 +3443,7 @@ run_test "Max fragment length: client 4096, server 2048" \
-s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension"
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: used by server" \
"$P_SRV debug_level=3 max_frag_len=4096" \
@ -3430,6 +3458,7 @@ run_test "Max fragment length: used by server" \
-S "server hello, max_fragment_length extension" \
-C "found max_fragment_length extension"
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_gnutls
run_test "Max fragment length: gnutls server" \
@ -3441,6 +3470,7 @@ run_test "Max fragment length: gnutls server" \
-c "client hello, adding max_fragment_length extension" \
-c "found max_fragment_length extension"
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client, message just fits" \
"$P_SRV debug_level=3" \
@ -3457,6 +3487,7 @@ run_test "Max fragment length: client, message just fits" \
-c "2048 bytes written in 1 fragments" \
-s "2048 bytes read"
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client, larger message" \
"$P_SRV debug_level=3" \
@ -3474,6 +3505,7 @@ run_test "Max fragment length: client, larger message" \
-s "2048 bytes read" \
-s "297 bytes read"
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: DTLS client, larger message" \
"$P_SRV debug_level=3 dtls=1" \
@ -3585,6 +3617,7 @@ run_test "Renegotiation: double" \
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
run_test "Renegotiation with max fragment length: client 2048, server 512" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
@ -4304,24 +4337,17 @@ run_test "Authentication: client no cert, ssl3" \
-C "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed"
# The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its
# default value (8)
# This script assumes that MBEDTLS_X509_MAX_INTERMEDIATE_CA has its default
# value, defined here as MAX_IM_CA. Some test cases will be skipped if the
# library is configured with a different value.
MAX_IM_CA='8'
MAX_IM_CA_CONFIG=$( ../scripts/config.py get MBEDTLS_X509_MAX_INTERMEDIATE_CA)
if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then
cat <<EOF
${CONFIG_H} contains a value for the configuration of
MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script's
test value of ${MAX_IM_CA}.
The tests assume this value and if it changes, the tests in this
script should also be adjusted.
EOF
exit 1
fi
# The tests for the max_int tests can pass with any number higher than MAX_IM_CA
# because only a chain of MAX_IM_CA length is tested. Equally, the max_int+1
# tests can pass with any number less than MAX_IM_CA. However, stricter preconditions
# are in place so that the semantics are consistent with the test description.
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: server max_int chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
@ -4330,6 +4356,7 @@ run_test "Authentication: server max_int chain, client default" \
0 \
-C "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: server max_int+1 chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
@ -4338,6 +4365,7 @@ run_test "Authentication: server max_int+1 chain, client default" \
1 \
-c "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: server max_int+1 chain, client optional" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
@ -4347,6 +4375,7 @@ run_test "Authentication: server max_int+1 chain, client optional" \
1 \
-c "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: server max_int+1 chain, client none" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
@ -4356,6 +4385,7 @@ run_test "Authentication: server max_int+1 chain, client none" \
0 \
-C "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: client max_int+1 chain, server default" \
"$P_SRV ca_file=data_files/dir-maxpath/00.crt" \
@ -4364,6 +4394,7 @@ run_test "Authentication: client max_int+1 chain, server default" \
0 \
-S "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: client max_int+1 chain, server optional" \
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
@ -4372,6 +4403,7 @@ run_test "Authentication: client max_int+1 chain, server optional" \
1 \
-s "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: client max_int+1 chain, server required" \
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
@ -4380,6 +4412,7 @@ run_test "Authentication: client max_int+1 chain, server required" \
1 \
-s "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: client max_int chain, server required" \
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
@ -4557,6 +4590,7 @@ run_test "Authentication, CA callback: client badcert, server optional" \
-C "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int chain, client default" \
@ -4567,6 +4601,7 @@ run_test "Authentication, CA callback: server max_int chain, client default"
-c "use CA callback for X.509 CRT verification" \
-C "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int+1 chain, client default" \
@ -4577,6 +4612,7 @@ run_test "Authentication, CA callback: server max_int+1 chain, client default
-c "use CA callback for X.509 CRT verification" \
-c "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
@ -4588,6 +4624,7 @@ run_test "Authentication, CA callback: server max_int+1 chain, client optiona
-c "use CA callback for X.509 CRT verification" \
-c "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int+1 chain, server optional" \
@ -4598,6 +4635,7 @@ run_test "Authentication, CA callback: client max_int+1 chain, server optiona
-s "use CA callback for X.509 CRT verification" \
-s "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int+1 chain, server required" \
@ -4608,6 +4646,7 @@ run_test "Authentication, CA callback: client max_int+1 chain, server require
-s "use CA callback for X.509 CRT verification" \
-s "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int chain, server required" \
@ -6677,8 +6716,8 @@ run_test "Small server packet DTLS 1.2, without EtM, truncated MAC" \
-c "Read from server: 1 bytes read"
# A test for extensions in SSLv3
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
requires_max_content_len 4096
run_test "SSLv3 with extensions, server side" \
"$P_SRV min_version=ssl3 debug_level=3" \
"$P_CLI force_version=ssl3 tickets=1 max_frag_len=4096 alpn=abc,1234" \
@ -6927,6 +6966,7 @@ run_test "Large client packet TLS 1.2 AEAD shorter tag" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
# Test for large server packets
# The tests below fail when the server's OUT_CONTENT_LEN is less than 16384.
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
run_test "Large server packet SSLv3 StreamCipher" \
"$P_SRV response_size=16384 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
@ -7948,6 +7988,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 4096
run_test "DTLS fragmenting: none (for reference)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@ -7968,6 +8009,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
run_test "DTLS fragmenting: server only (max_frag_len)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@ -7992,6 +8034,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 4096
run_test "DTLS fragmenting: server only (more) (max_frag_len)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@ -8012,6 +8055,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=none \
crt_file=data_files/server7_int-ca.crt \
@ -8039,6 +8083,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \
-p "$P_PXY mtu=1110" \
"$P_SRV dtls=1 debug_level=2 auth_mode=none \
@ -8060,6 +8105,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@ -8087,6 +8133,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \
-p "$P_PXY mtu=1110" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@ -8107,6 +8154,7 @@ run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_max_content_len 4096
run_test "DTLS fragmenting: none (for reference) (MTU)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@ -8126,6 +8174,7 @@ run_test "DTLS fragmenting: none (for reference) (MTU)" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_max_content_len 4096
run_test "DTLS fragmenting: client (MTU)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@ -8145,6 +8194,7 @@ run_test "DTLS fragmenting: client (MTU)" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_max_content_len 2048
run_test "DTLS fragmenting: server (MTU)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@ -8164,6 +8214,7 @@ run_test "DTLS fragmenting: server (MTU)" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_max_content_len 2048
run_test "DTLS fragmenting: both (MTU=1024)" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@ -8189,6 +8240,7 @@ requires_config_enabled MBEDTLS_SHA256_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
run_test "DTLS fragmenting: both (MTU=512)" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@ -8220,6 +8272,7 @@ requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \
-p "$P_PXY mtu=508" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@ -8244,6 +8297,7 @@ requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \
-p "$P_PXY mtu=508" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@ -8267,6 +8321,7 @@ not_with_valgrind # spurious autoreduction due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@ -8296,6 +8351,7 @@ requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@ -8319,6 +8375,7 @@ not_with_valgrind # spurious autoreduction due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@ -8345,6 +8402,7 @@ requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@ -8381,6 +8439,7 @@ requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
-p "$P_PXY mtu=1450" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@ -8410,6 +8469,7 @@ requires_config_enabled MBEDTLS_SHA256_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_CHACHAPOLY_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@ -8442,6 +8502,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@ -8474,6 +8535,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_CCM_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@ -8507,6 +8569,7 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@ -8539,6 +8602,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@ -8568,6 +8632,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
client_needs_more_time 2
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU + 3d" \
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
"$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \
@ -8592,6 +8657,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
client_needs_more_time 2
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@ -8617,6 +8683,7 @@ requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_gnutls
requires_max_content_len 2048
run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
"$G_SRV -u" \
"$P_CLI dtls=1 debug_level=2 \
@ -8632,6 +8699,7 @@ requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
requires_gnutls
requires_max_content_len 2048
run_test "DTLS fragmenting: gnutls server, DTLS 1.0" \
"$G_SRV -u" \
"$P_CLI dtls=1 debug_level=2 \
@ -8655,6 +8723,7 @@ requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_gnutls
requires_not_i686
requires_max_content_len 2048
run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=data_files/server7_int-ca.crt \
@ -8671,6 +8740,7 @@ requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
requires_gnutls
requires_not_i686
requires_max_content_len 2048
run_test "DTLS fragmenting: gnutls client, DTLS 1.0" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=data_files/server7_int-ca.crt \
@ -8684,6 +8754,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_max_content_len 2048
run_test "DTLS fragmenting: openssl server, DTLS 1.2" \
"$O_SRV -dtls1_2 -verify 10" \
"$P_CLI dtls=1 debug_level=2 \
@ -8698,6 +8769,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
requires_max_content_len 2048
run_test "DTLS fragmenting: openssl server, DTLS 1.0" \
"$O_SRV -dtls1 -verify 10" \
"$P_CLI dtls=1 debug_level=2 \
@ -8712,6 +8784,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_max_content_len 2048
run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=data_files/server7_int-ca.crt \
@ -8725,6 +8798,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
requires_max_content_len 2048
run_test "DTLS fragmenting: openssl client, DTLS 1.0" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=data_files/server7_int-ca.crt \
@ -8744,6 +8818,7 @@ requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$G_NEXT_SRV -u" \
@ -8761,6 +8836,7 @@ requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$G_NEXT_SRV -u" \
@ -8778,6 +8854,7 @@ requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 \
@ -8794,6 +8871,7 @@ requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 \
@ -8815,6 +8893,7 @@ requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$O_SRV -dtls1_2 -verify 10" \
@ -8832,6 +8911,7 @@ requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$O_SRV -dtls1 -verify 10" \
@ -8849,6 +8929,7 @@ requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 \
@ -8867,6 +8948,7 @@ requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$P_SRV dgram_packing=0 dtls=1 debug_level=2 \
@ -9947,6 +10029,7 @@ run_test "export keys functionality" \
requires_config_enabled MBEDTLS_MEMORY_DEBUG
requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 16384
run_tests_memory_after_hanshake
# Final report