yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-09 15:45:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'prr_428' into mbedtls-2.1-proposed

Browse source
This commit is contained in:
Gilles Peskine 2018-02-22 16:24:13 +01:00
parent 011943f561 f599026248
commit 25ec9cc9b3
6 changed files with 424 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
ChangeLog
View file

@ -2,6 +2,22 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.1.11 branch released xxxx-xx-xx = mbed TLS 2.1.11 branch released xxxx-xx-xx
Default behavior changes
* The truncated HMAC extension now conforms to RFC 6066. This means
that when both sides of a TLS connection negotiate the truncated
HMAC extension, Mbed TLS can now interoperate with other
compliant implementations, but this breaks interoperability with
prior versions of Mbed TLS. To restore the old behavior, enable
the (deprecated) option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT in
config.h. Found by Andreas Walz (ivESK, Offenburg University of
Applied Sciences).
Security
* Fix implementation of the truncated HMAC extension. The previous
implementation allowed an offline 2^80 brute force attack on the
HMAC key of a single, uninterrupted connection (with no
resumption of the session).
Bugfix Bugfix
* Fix assembly sequences in bn_mul.h and aesni.c to avoid segmentation * Fix assembly sequences in bn_mul.h and aesni.c to avoid segmentation
faults and errors when building for the 64-bit ILP32 ABI. Found and fixed faults and errors when building for the 64-bit ILP32 ABI. Found and fixed

4
include/mbedtls/check_config.h
View file

@ -77,6 +77,10 @@
#error "MBEDTLS_DHM_C defined, but not all prerequisites" #error "MBEDTLS_DHM_C defined, but not all prerequisites"
#endif #endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) && !defined(MBEDTLS_SSL_TRUNCATED_HMAC)
#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
#error "MBEDTLS_ECDH_C defined, but not all prerequisites" #error "MBEDTLS_ECDH_C defined, but not all prerequisites"
#endif #endif

21
include/mbedtls/config.h
View file

@ -1198,6 +1198,27 @@
*/ */
#define MBEDTLS_SSL_TRUNCATED_HMAC #define MBEDTLS_SSL_TRUNCATED_HMAC
/**
* \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
*
* Fallback to old (pre-2.1.10), non-conforming implementation of the truncated
* HMAC extension which also truncates the HMAC key. Note that this option is
* only meant for a transitory upgrade period and is likely to be removed in
* a future version of the library.
*
* \warning The old implementation is non-compliant and has a security weakness
* (2^80 brute force attack on the HMAC key used for a single,
* uninterrupted connection). This should only be enabled temporarily
* when (1) the use of truncated HMAC is essential in order to save
* bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use
* the fixed implementation yet (pre-2.1.10).
*
* Uncomment to fallback to old, non-compliant truncated HMAC implementation.
*
* Requires: MBEDTLS_SSL_TRUNCATED_HMAC
*/
//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
/** /**
* \def MBEDTLS_THREADING_ALT * \def MBEDTLS_THREADING_ALT
* *

37
library/ssl_tls.c
View file

@ -491,6 +491,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
unsigned char *key2; unsigned char *key2;
unsigned char *mac_enc; unsigned char *mac_enc;
unsigned char *mac_dec; unsigned char *mac_dec;
size_t mac_key_len;
size_t iv_copy_len; size_t iv_copy_len;
const mbedtls_cipher_info_t *cipher_info; const mbedtls_cipher_info_t *cipher_info;
const mbedtls_md_info_t *md_info; const mbedtls_md_info_t *md_info;
@ -682,6 +683,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
cipher_info->mode == MBEDTLS_MODE_CCM ) cipher_info->mode == MBEDTLS_MODE_CCM )
{ {
transform->maclen = 0; transform->maclen = 0;
mac_key_len = 0;
transform->ivlen = 12; transform->ivlen = 12;
transform->fixed_ivlen = 4; transform->fixed_ivlen = 4;
@ -702,7 +704,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
} }
/* Get MAC length */ /* Get MAC length */
transform->maclen = mbedtls_md_get_size( md_info ); mac_key_len = mbedtls_md_get_size( md_info );
transform->maclen = mac_key_len;
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
/* /*
@ -711,7 +714,15 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
* so we only need to adjust the length here. * so we only need to adjust the length here.
*/ */
if( session->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED ) if( session->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
{
transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN; transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN;
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
/* Fall back to old, non-compliant version of the truncated
* HMAC implementation which also truncates the key (pre 2.1.10) */
mac_key_len = transform->maclen;
#endif
}
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
/* IV length */ /* IV length */
@ -773,11 +784,11 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_CLI_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
{ {
key1 = keyblk + transform->maclen * 2; key1 = keyblk + mac_key_len * 2;
key2 = keyblk + transform->maclen * 2 + transform->keylen; key2 = keyblk + mac_key_len * 2 + transform->keylen;
mac_enc = keyblk; mac_enc = keyblk;
mac_dec = keyblk + transform->maclen; mac_dec = keyblk + mac_key_len;
/* /*
* This is not used in TLS v1.1. * This is not used in TLS v1.1.
@ -793,10 +804,10 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_SRV_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
{ {
key1 = keyblk + transform->maclen * 2 + transform->keylen; key1 = keyblk + mac_key_len * 2 + transform->keylen;
key2 = keyblk + transform->maclen * 2; key2 = keyblk + mac_key_len * 2;
mac_enc = keyblk + transform->maclen; mac_enc = keyblk + mac_key_len;
mac_dec = keyblk; mac_dec = keyblk;
/* /*
@ -818,14 +829,14 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_PROTO_SSL3) #if defined(MBEDTLS_SSL_PROTO_SSL3)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{ {
if( transform->maclen > sizeof transform->mac_enc ) if( mac_key_len > sizeof transform->mac_enc )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
memcpy( transform->mac_enc, mac_enc, transform->maclen ); memcpy( transform->mac_enc, mac_enc, mac_key_len );
memcpy( transform->mac_dec, mac_dec, transform->maclen ); memcpy( transform->mac_dec, mac_dec, mac_key_len );
} }
else else
#endif /* MBEDTLS_SSL_PROTO_SSL3 */ #endif /* MBEDTLS_SSL_PROTO_SSL3 */
@ -833,8 +844,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
defined(MBEDTLS_SSL_PROTO_TLS1_2) defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
{ {
mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, transform->maclen ); mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, transform->maclen ); mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
} }
else else
#endif #endif
@ -854,7 +865,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
transform->iv_enc, transform->iv_dec, transform->iv_enc, transform->iv_dec,
iv_copy_len, iv_copy_len,
mac_enc, mac_dec, mac_enc, mac_dec,
transform->maclen ) ) != 0 ) mac_key_len ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret );
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );

3
library/version_features.c
View file

@ -381,6 +381,9 @@ static const char *features[] = {
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
"MBEDTLS_SSL_TRUNCATED_HMAC", "MBEDTLS_SSL_TRUNCATED_HMAC",
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
"MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT",
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT */
#if defined(MBEDTLS_THREADING_ALT) #if defined(MBEDTLS_THREADING_ALT)
"MBEDTLS_THREADING_ALT", "MBEDTLS_THREADING_ALT",
#endif /* MBEDTLS_THREADING_ALT */ #endif /* MBEDTLS_THREADING_ALT */

414
tests/ssl-opt.sh
View file

@ -713,34 +713,89 @@ run_test "Truncated HMAC: client default, server default" \
-s "dumping 'expected mac' (20 bytes)" \ -s "dumping 'expected mac' (20 bytes)" \
-S "dumping 'expected mac' (10 bytes)" -S "dumping 'expected mac' (10 bytes)"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Truncated HMAC: client disabled, server default" \ run_test "Truncated HMAC: client disabled, server default" \
"$P_SRV debug_level=4" \ "$P_SRV debug_level=4" \
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
trunc_hmac=0" \
0 \ 0 \
-s "dumping 'expected mac' (20 bytes)" \ -s "dumping 'expected mac' (20 bytes)" \
-S "dumping 'expected mac' (10 bytes)" -S "dumping 'expected mac' (10 bytes)"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Truncated HMAC: client enabled, server default" \ run_test "Truncated HMAC: client enabled, server default" \
"$P_SRV debug_level=4" \ "$P_SRV debug_level=4" \
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
trunc_hmac=1" \
0 \ 0 \
-s "dumping 'expected mac' (20 bytes)" \ -s "dumping 'expected mac' (20 bytes)" \
-S "dumping 'expected mac' (10 bytes)" -S "dumping 'expected mac' (10 bytes)"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Truncated HMAC: client enabled, server disabled" \ run_test "Truncated HMAC: client enabled, server disabled" \
"$P_SRV debug_level=4 trunc_hmac=0" \ "$P_SRV debug_level=4 trunc_hmac=0" \
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
trunc_hmac=1" \
0 \ 0 \
-s "dumping 'expected mac' (20 bytes)" \ -s "dumping 'expected mac' (20 bytes)" \
-S "dumping 'expected mac' (10 bytes)" -S "dumping 'expected mac' (10 bytes)"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Truncated HMAC: client disabled, server enabled" \
"$P_SRV debug_level=4 trunc_hmac=1" \
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
0 \
-s "dumping 'expected mac' (20 bytes)" \
-S "dumping 'expected mac' (10 bytes)"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Truncated HMAC: client enabled, server enabled" \ run_test "Truncated HMAC: client enabled, server enabled" \
"$P_SRV debug_level=4 trunc_hmac=1" \ "$P_SRV debug_level=4 trunc_hmac=1" \
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
trunc_hmac=1" \ 0 \
-S "dumping 'expected mac' (20 bytes)" \
-s "dumping 'expected mac' (10 bytes)"
run_test "Truncated HMAC, DTLS: client default, server default" \
"$P_SRV dtls=1 debug_level=4" \
"$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
0 \
-s "dumping 'expected mac' (20 bytes)" \
-S "dumping 'expected mac' (10 bytes)"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Truncated HMAC, DTLS: client disabled, server default" \
"$P_SRV dtls=1 debug_level=4" \
"$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
0 \
-s "dumping 'expected mac' (20 bytes)" \
-S "dumping 'expected mac' (10 bytes)"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Truncated HMAC, DTLS: client enabled, server default" \
"$P_SRV dtls=1 debug_level=4" \
"$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
0 \
-s "dumping 'expected mac' (20 bytes)" \
-S "dumping 'expected mac' (10 bytes)"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Truncated HMAC, DTLS: client enabled, server disabled" \
"$P_SRV dtls=1 debug_level=4 trunc_hmac=0" \
"$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
0 \
-s "dumping 'expected mac' (20 bytes)" \
-S "dumping 'expected mac' (10 bytes)"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Truncated HMAC, DTLS: client disabled, server enabled" \
"$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \
"$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
0 \
-s "dumping 'expected mac' (20 bytes)" \
-S "dumping 'expected mac' (10 bytes)"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Truncated HMAC, DTLS: client enabled, server enabled" \
"$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \
"$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
0 \ 0 \
-S "dumping 'expected mac' (20 bytes)" \ -S "dumping 'expected mac' (20 bytes)" \
-s "dumping 'expected mac' (10 bytes)" -s "dumping 'expected mac' (10 bytes)"
@ -3037,26 +3092,56 @@ run_test "Small packet TLS 1.0 BlockCipher" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.0 BlockCipher without EtM" \ run_test "Small packet TLS 1.0 BlockCipher, without EtM" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=1 force_version=tls1 etm=0 \ "$P_CLI request_size=1 force_version=tls1 etm=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
"$P_SRV" \ run_test "Small packet TLS 1.0 BlockCipher, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1 \ "$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
trunc_hmac=1" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
0 \
-s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.0 StreamCipher" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1 \ "$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
trunc_hmac=1" \ 0 \
-s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.0 StreamCipher, without EtM" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.0 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1 etm=0" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
@ -3067,10 +3152,26 @@ run_test "Small packet TLS 1.1 BlockCipher" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.1 BlockCipher without EtM" \ run_test "Small packet TLS 1.1 BlockCipher, without EtM" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_1 etm=0 \ "$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.1 BlockCipher, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
@ -3081,19 +3182,26 @@ run_test "Small packet TLS 1.1 StreamCipher" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.1 BlockCipher truncated MAC" \ run_test "Small packet TLS 1.1 StreamCipher, without EtM" \
"$P_SRV" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_1 \ "$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
trunc_hmac=1" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ run_test "Small packet TLS 1.1 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1_1 \ "$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
trunc_hmac=1" \ 0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
@ -3104,10 +3212,10 @@ run_test "Small packet TLS 1.2 BlockCipher" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.2 BlockCipher without EtM" \ run_test "Small packet TLS 1.2 BlockCipher, without EtM" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 etm=0 \ "$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
@ -3118,11 +3226,19 @@ run_test "Small packet TLS 1.2 BlockCipher larger MAC" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
"$P_SRV" \ run_test "Small packet TLS 1.2 BlockCipher, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
trunc_hmac=1" \ 0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
@ -3133,11 +3249,26 @@ run_test "Small packet TLS 1.2 StreamCipher" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \ run_test "Small packet TLS 1.2 StreamCipher, without EtM" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
trunc_hmac=1" \ 0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.2 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
@ -3155,6 +3286,76 @@ run_test "Small packet TLS 1.2 AEAD shorter tag" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
# Tests for small packets in DTLS
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
run_test "Small packet DTLS 1.0" \
"$P_SRV dtls=1 force_version=dtls1" \
"$P_CLI dtls=1 request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
run_test "Small packet DTLS 1.0, without EtM" \
"$P_SRV dtls=1 force_version=dtls1 etm=0" \
"$P_CLI dtls=1 request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet DTLS 1.0, truncated hmac" \
"$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1" \
"$P_CLI dtls=1 request_size=1 trunc_hmac=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet DTLS 1.0, without EtM, truncated MAC" \
"$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1 etm=0" \
"$P_CLI dtls=1 request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
run_test "Small packet DTLS 1.2" \
"$P_SRV dtls=1 force_version=dtls1_2" \
"$P_CLI dtls=1 request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
run_test "Small packet DTLS 1.2, without EtM" \
"$P_SRV dtls=1 force_version=dtls1_2 etm=0" \
"$P_CLI dtls=1 request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet DTLS 1.2, truncated hmac" \
"$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1" \
"$P_CLI dtls=1 request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Small packet DTLS 1.2, without EtM, truncated MAC" \
"$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \
"$P_CLI dtls=1 request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
0 \
-s "Read from client: 1 bytes read"
# A test for extensions in SSLv3 # A test for extensions in SSLv3
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
@ -3193,20 +3394,57 @@ run_test "Large packet TLS 1.0 BlockCipher" \
-c "16384 bytes written in 1 fragments" \ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \ run_test "Large packet TLS 1.0 BlockCipher, without EtM" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.0 BlockCipher, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1 recsplit=0 \ "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
trunc_hmac=1" \
0 \ 0 \
-c "16384 bytes written in 1 fragments" \ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
0 \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.0 StreamCipher" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1 \ "$P_CLI request_size=16384 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
trunc_hmac=1" \ 0 \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.0 StreamCipher, without EtM" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
0 \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.0 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
0 \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
0 \ 0 \
-c "16384 bytes written in 1 fragments" \ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
@ -3219,6 +3457,29 @@ run_test "Large packet TLS 1.1 BlockCipher" \
-c "16384 bytes written in 1 fragments" \ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.1 BlockCipher, without EtM" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_1 etm=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.1 BlockCipher, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
0 \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
0 \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.1 StreamCipher" \ run_test "Large packet TLS 1.1 StreamCipher" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1_1 \ "$P_CLI request_size=16384 force_version=tls1_1 \
@ -3227,20 +3488,27 @@ run_test "Large packet TLS 1.1 StreamCipher" \
-c "16384 bytes written in 1 fragments" \ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \ run_test "Large packet TLS 1.1 StreamCipher, without EtM" \
"$P_SRV" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1_1 \ "$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
trunc_hmac=1" \
0 \ 0 \
-c "16384 bytes written in 1 fragments" \ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ run_test "Large packet TLS 1.1 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_1 \ "$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
trunc_hmac=1" \ 0 \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
0 \ 0 \
-c "16384 bytes written in 1 fragments" \ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
@ -3253,6 +3521,13 @@ run_test "Large packet TLS 1.2 BlockCipher" \
-c "16384 bytes written in 1 fragments" \ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 BlockCipher, without EtM" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 etm=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 BlockCipher larger MAC" \ run_test "Large packet TLS 1.2 BlockCipher larger MAC" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 \ "$P_CLI request_size=16384 force_version=tls1_2 \
@ -3261,11 +3536,19 @@ run_test "Large packet TLS 1.2 BlockCipher larger MAC" \
-c "16384 bytes written in 1 fragments" \ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
"$P_SRV" \ run_test "Large packet TLS 1.2 BlockCipher, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_2 \ "$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
trunc_hmac=1" \ 0 \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
0 \ 0 \
-c "16384 bytes written in 1 fragments" \ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
@ -3278,11 +3561,26 @@ run_test "Large packet TLS 1.2 StreamCipher" \
-c "16384 bytes written in 1 fragments" \ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \ run_test "Large packet TLS 1.2 StreamCipher, without EtM" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1_2 \ "$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
trunc_hmac=1" \ 0 \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.2 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
0 \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
0 \ 0 \
-c "16384 bytes written in 1 fragments" \ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"