From 52f8491dc29e264897b62302f774b53b7300b14f Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 5 Oct 2018 07:53:40 -0400 Subject: [PATCH 01/12] ssl-opt.sh: adjust tests to fit slower targets Adjust mtu sizes to be able to pass tests using a full configuration --- tests/ssl-opt.sh | 124 +++++++++++++++++++++++++++++++---------------- 1 file changed, 81 insertions(+), 43 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ac3580a32..23c25afcb 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5731,10 +5731,12 @@ run_test "DTLS fragmenting: none (for reference)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ max_frag_len=4096" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ + hs_timeout=2500-60000 \ max_frag_len=4096" \ 0 \ -S "found fragmented DTLS handshake message" \ @@ -5749,10 +5751,12 @@ run_test "DTLS fragmenting: server only (max_frag_len)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ max_frag_len=1024" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ + hs_timeout=2500-60000 \ max_frag_len=2048" \ 0 \ -S "found fragmented DTLS handshake message" \ @@ -5771,10 +5775,12 @@ run_test "DTLS fragmenting: server only (more) (max_frag_len)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ max_frag_len=512" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ + hs_timeout=2500-60000 \ max_frag_len=4096" \ 0 \ -S "found fragmented DTLS handshake message" \ @@ -5789,12 +5795,14 @@ run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=none \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ max_frag_len=2048" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - max_frag_len=512" \ - 0 \ + hs_timeout=2500-60000 \ + max_frag_len=1024" \ + 0 \ -S "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ -C "error" @@ -5811,15 +5819,17 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \ - -p "$P_PXY mtu=560" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=none \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ max_frag_len=2048" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - max_frag_len=512" \ + hs_timeout=2500-60000 \ + max_frag_len=1024" \ 0 \ -S "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ @@ -5833,11 +5843,13 @@ run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ max_frag_len=2048" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - max_frag_len=512" \ + hs_timeout=2500-60000 \ + max_frag_len=1024" \ 0 \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ @@ -5855,15 +5867,17 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \ - -p "$P_PXY mtu=560" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ max_frag_len=2048" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - max_frag_len=512" \ + hs_timeout=2500-60000 \ + max_frag_len=1024" \ 0 \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ @@ -5876,10 +5890,12 @@ run_test "DTLS fragmenting: none (for reference) (MTU)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ mtu=4096" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ + hs_timeout=2500-60000 \ mtu=4096" \ 0 \ -S "found fragmented DTLS handshake message" \ @@ -5893,11 +5909,13 @@ run_test "DTLS fragmenting: client (MTU)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ mtu=4096" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - mtu=512" \ + hs_timeout=2500-60000 \ + mtu=1024" \ 0 \ -s "found fragmented DTLS handshake message" \ -C "found fragmented DTLS handshake message" \ @@ -5910,10 +5928,12 @@ run_test "DTLS fragmenting: server (MTU)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ mtu=512" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ + hs_timeout=2500-60000 \ mtu=2048" \ 0 \ -S "found fragmented DTLS handshake message" \ @@ -5924,15 +5944,17 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C run_test "DTLS fragmenting: both (MTU)" \ - -p "$P_PXY mtu=512" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ mtu=512" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - mtu=512" \ + hs_timeout=2500-60000 \ + mtu=1024" \ 0 \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ @@ -5944,15 +5966,15 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C run_test "DTLS fragmenting: proxy MTU: auto-reduction" \ - -p "$P_PXY mtu=508" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key\ - hs_timeout=100-400" \ + hs_timeout=100-10000" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - hs_timeout=100-400" \ + hs_timeout=100-10000" \ 0 \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ @@ -5985,15 +6007,17 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C run_test "DTLS fragmenting: proxy MTU, simple handshake" \ - -p "$P_PXY mtu=512" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ 0 \ -S "resend" \ -s "found fragmented DTLS handshake message" \ @@ -6005,15 +6029,17 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio" \ - -p "$P_PXY mtu=512" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ - mtu=512 nbio=2" \ + mtu=1024 nbio=2 \ + hs_timeout=15000-60000" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - mtu=512 nbio=2" \ + mtu=1024 nbio=2 \ + hs_timeout=15000-60000" \ 0 \ -S "resend" \ -s "found fragmented DTLS handshake message" \ @@ -6034,15 +6060,17 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ - -p "$P_PXY mtu=1450" \ + -p "$P_PXY mtu=1650" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ - mtu=1450" \ + hs_timeout=10000-60000 \ + mtu=1650" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - mtu=1450 reconnect=1 reco_delay=1" \ + hs_timeout=10000-60000 \ + mtu=1650 reconnect=1 reco_delay=1" \ 0 \ -S "resend" \ -s "found fragmented DTLS handshake message" \ @@ -6060,18 +6088,20 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_CHACHAPOLY_C run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ - -p "$P_PXY mtu=512" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ exchanges=2 renegotiation=1 \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ exchanges=2 renegotiation=1 renegotiate=1 \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ 0 \ -S "resend" \ -s "found fragmented DTLS handshake message" \ @@ -6090,18 +6120,20 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ - -p "$P_PXY mtu=512" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ exchanges=2 renegotiation=1 \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ exchanges=2 renegotiation=1 renegotiate=1 \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ 0 \ -S "resend" \ -s "found fragmented DTLS handshake message" \ @@ -6120,18 +6152,20 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CCM_C run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ - -p "$P_PXY mtu=512" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ exchanges=2 renegotiation=1 \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ exchanges=2 renegotiation=1 renegotiate=1 \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ 0 \ -S "resend" \ -s "found fragmented DTLS handshake message" \ @@ -6151,18 +6185,20 @@ requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CIPHER_MODE_CBC requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ - -p "$P_PXY mtu=512" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ exchanges=2 renegotiation=1 \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ exchanges=2 renegotiation=1 renegotiate=1 \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ 0 \ -S "resend" \ -s "found fragmented DTLS handshake message" \ @@ -6181,18 +6217,20 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CIPHER_MODE_CBC run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ - -p "$P_PXY mtu=512" \ + -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ exchanges=2 renegotiation=1 \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ exchanges=2 renegotiation=1 renegotiate=1 \ - mtu=512" \ + hs_timeout=10000-60000 \ + mtu=1024" \ 0 \ -S "resend" \ -s "found fragmented DTLS handshake message" \ @@ -6204,15 +6242,15 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C client_needs_more_time 2 run_test "DTLS fragmenting: proxy MTU + 3d" \ - -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ + -p "$P_PXY mtu=1024 drop=8 delay=8 duplicate=8" \ "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ - hs_timeout=250-10000 mtu=512" \ + hs_timeout=250-10000 mtu=1024" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - hs_timeout=250-10000 mtu=512" \ + hs_timeout=250-10000 mtu=1024" \ 0 \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ @@ -6223,15 +6261,15 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C client_needs_more_time 2 run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ - -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ + -p "$P_PXY mtu=1024 drop=8 delay=8 duplicate=8" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ - hs_timeout=250-10000 mtu=512 nbio=2" \ + hs_timeout=250-10000 mtu=1024 nbio=2" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - hs_timeout=250-10000 mtu=512 nbio=2" \ + hs_timeout=250-10000 mtu=1024 nbio=2" \ 0 \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ From 6290dae90946c88aa3c08693d01cb7d223053e13 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 5 Oct 2018 08:06:01 -0400 Subject: [PATCH 02/12] Disable dtls fragmentation for ClientHello messages Set the handshake mtu to unlimited when encountering a ClienHello message and reset it to its previous value after writing the record. --- library/ssl_tls.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8bd74db8d..38826f93f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -212,7 +212,10 @@ static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) * delivered) of any compliant IPv4 (and IPv6) network, and should work * on most non-IP stacks too. */ if( ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min ) + { ssl->handshake->mtu = 508; + MBEDTLS_SSL_DEBUG_MSG( 2, ( "mtu autoreduction to %d bytes", ssl->handshake->mtu ) ); + } new_timeout = 2 * ssl->handshake->retransmit_timeout; @@ -2945,6 +2948,7 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ) int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) { int ret; + uint16_t mtu_temp = 0; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) ); if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING ) @@ -2979,6 +2983,15 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) ssl_swap_epochs( ssl ); } + /* Disable handshake mtu for client hello message to avoid fragmentation. + * Setting it back after calling mbedtls_ssl_write_record */ + if( ssl->out_msg[0] == MBEDTLS_SSL_HS_CLIENT_HELLO ) + { + mtu_temp = ssl->handshake->mtu; + ssl->handshake->mtu = 0; + MBEDTLS_SSL_DEBUG_MSG( 2, ( "disabling fragmentation of ClientHello message" ) ); + } + ret = ssl_get_remaining_payload_in_datagram( ssl ); if( ret < 0 ) return( ret ); @@ -3077,6 +3090,12 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); return( ret ); } + + if( mtu_temp != 0 ) + { + ssl->handshake->mtu = mtu_temp; + mtu_temp = 0; + } } if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) From 948fe80f421f6e92726458db0ae2e0bbd235fc35 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 5 Oct 2018 15:42:44 -0400 Subject: [PATCH 03/12] ssl-opt.sh: adjust test timeouts to fit slower targets --- tests/ssl-opt.sh | 116 +++++++++++++++++++++++++++-------------------- 1 file changed, 66 insertions(+), 50 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 23c25afcb..9c904c391 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5909,12 +5909,12 @@ run_test "DTLS fragmenting: client (MTU)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ - hs_timeout=2500-60000 \ + hs_timeout=3500-60000 \ mtu=4096" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - hs_timeout=2500-60000 \ + hs_timeout=3500-60000 \ mtu=1024" \ 0 \ -s "found fragmented DTLS handshake message" \ @@ -6677,8 +6677,10 @@ run_test "DTLS proxy: delay ChangeCipherSpec" \ run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ -p "$P_PXY delay_srv=ServerHello" \ - "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \ + "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ 0 \ -c "Buffering HS message" \ -c "Next handshake message has been buffered - load"\ @@ -6691,8 +6693,10 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \ -p "$P_PXY delay_srv=ServerHello" \ - "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \ + "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ 0 \ -c "Buffering HS message" \ -c "found fragmented DTLS handshake message"\ @@ -6712,8 +6716,10 @@ run_test "DTLS reordering: Buffer out-of-order handshake message fragment on requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300 run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \ -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ - "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \ + "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ 0 \ -c "Buffering HS message" \ -c "Next handshake message has been buffered - load"\ @@ -6732,8 +6738,10 @@ requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900 requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299 run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \ -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ - "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \ + "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ 0 \ -c "Buffering HS message" \ -c "attempt to make space by freeing buffered future messages" \ @@ -6747,8 +6755,10 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ -p "$P_PXY delay_cli=Certificate" \ - "$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \ + "$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ 0 \ -C "Buffering HS message" \ -C "Next handshake message has been buffered - load"\ @@ -6761,8 +6771,10 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ -p "$P_PXY delay_srv=NewSessionTicket" \ - "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \ + "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ 0 \ -C "Buffering HS message" \ -C "Next handshake message has been buffered - load"\ @@ -6775,8 +6787,10 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ -p "$P_PXY delay_cli=ClientKeyExchange" \ - "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \ + "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ 0 \ -C "Buffering HS message" \ -C "Next handshake message has been buffered - load"\ @@ -6789,8 +6803,10 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ run_test "DTLS reordering: Buffer encrypted Finished message" \ -p "$P_PXY delay_ccs=1" \ - "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \ + "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ + hs_timeout=2500-60000" \ 0 \ -s "Buffer record from epoch 1" \ -s "Found buffered record from current epoch - load" \ @@ -6830,9 +6846,9 @@ run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragme client_needs_more_time 2 run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ psk=abc123" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ -s "Extra-header:" \ @@ -6841,8 +6857,8 @@ run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ client_needs_more_time 2 run_test "DTLS proxy: 3d, \"short\" RSA handshake" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -s "Extra-header:" \ @@ -6851,8 +6867,8 @@ run_test "DTLS proxy: 3d, \"short\" RSA handshake" \ client_needs_more_time 2 run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0" \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \ 0 \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" @@ -6860,8 +6876,8 @@ run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \ client_needs_more_time 2 run_test "DTLS proxy: 3d, FS, client auth" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=required" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0" \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=required" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \ 0 \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" @@ -6869,8 +6885,8 @@ run_test "DTLS proxy: 3d, FS, client auth" \ client_needs_more_time 2 run_test "DTLS proxy: 3d, FS, ticket" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=1 auth_mode=none" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=1" \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \ 0 \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" @@ -6878,8 +6894,8 @@ run_test "DTLS proxy: 3d, FS, ticket" \ client_needs_more_time 2 run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=1 auth_mode=required" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=1" \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \ 0 \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" @@ -6887,9 +6903,9 @@ run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \ client_needs_more_time 2 run_test "DTLS proxy: 3d, max handshake, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 nbio=2 tickets=1 \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \ auth_mode=required" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 nbio=2 tickets=1" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1" \ 0 \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" @@ -6897,9 +6913,9 @@ run_test "DTLS proxy: 3d, max handshake, nbio" \ client_needs_more_time 4 run_test "DTLS proxy: 3d, min handshake, resumption" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ psk=abc123 debug_level=3" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -6911,9 +6927,9 @@ run_test "DTLS proxy: 3d, min handshake, resumption" \ client_needs_more_time 4 run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ psk=abc123 debug_level=3 nbio=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \ 0 \ @@ -6926,9 +6942,9 @@ client_needs_more_time 4 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ psk=abc123 renegotiation=1 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ renegotiate=1 debug_level=2 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -6941,9 +6957,9 @@ client_needs_more_time 4 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ psk=abc123 renegotiation=1 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ renegotiate=1 debug_level=2 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -6956,10 +6972,10 @@ client_needs_more_time 4 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \ debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ renegotiation=1 exchanges=4 debug_level=2 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -6972,10 +6988,10 @@ client_needs_more_time 4 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \ debug_level=2 nbio=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ renegotiation=1 exchanges=4 debug_level=2 nbio=2 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -6989,7 +7005,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, openssl server" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ "$O_SRV -dtls1 -mtu 2048" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000 tickets=0" \ + "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ 0 \ -c "HTTP/1.0 200 OK" @@ -6998,7 +7014,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, openssl server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ "$O_SRV -dtls1 -mtu 768" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000 tickets=0" \ + "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ 0 \ -c "HTTP/1.0 200 OK" @@ -7007,7 +7023,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ "$O_SRV -dtls1 -mtu 768" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000 nbio=2 tickets=0" \ + "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \ 0 \ -c "HTTP/1.0 200 OK" @@ -7017,7 +7033,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, gnutls server" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_SRV -u --mtu 2048 -a" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000" \ + "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ 0 \ -s "Extra-header:" \ -c "Extra-header:" @@ -7028,7 +7044,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_SRV -u --mtu 512" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000" \ + "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ 0 \ -s "Extra-header:" \ -c "Extra-header:" @@ -7039,7 +7055,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_SRV -u --mtu 512" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000 nbio=2" \ + "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \ 0 \ -s "Extra-header:" \ -c "Extra-header:" From 0fc9cf40cfd0dc31a28006b8fbd1afff9805b954 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 9 Oct 2018 03:09:41 -0400 Subject: [PATCH 04/12] ssl-opt.sh: increase proxy mtu sizes to contain entire datagrams --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9c904c391..f70a85c1c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5819,7 +5819,7 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \ - -p "$P_PXY mtu=1024" \ + -p "$P_PXY mtu=1110" \ "$P_SRV dtls=1 debug_level=2 auth_mode=none \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ @@ -5867,7 +5867,7 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \ - -p "$P_PXY mtu=1024" \ + -p "$P_PXY mtu=1110" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ From ef43ce6e25054718cee7e0837f127b39b9cb34db Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 9 Oct 2018 08:24:12 -0400 Subject: [PATCH 05/12] Dtls: change the way unlimited mtu is set for client hello messages --- library/ssl_tls.c | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 38826f93f..353c3471b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2948,7 +2948,6 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ) int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) { int ret; - uint16_t mtu_temp = 0; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) ); if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING ) @@ -2983,15 +2982,6 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) ssl_swap_epochs( ssl ); } - /* Disable handshake mtu for client hello message to avoid fragmentation. - * Setting it back after calling mbedtls_ssl_write_record */ - if( ssl->out_msg[0] == MBEDTLS_SSL_HS_CLIENT_HELLO ) - { - mtu_temp = ssl->handshake->mtu; - ssl->handshake->mtu = 0; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "disabling fragmentation of ClientHello message" ) ); - } - ret = ssl_get_remaining_payload_in_datagram( ssl ); if( ret < 0 ) return( ret ); @@ -3090,12 +3080,6 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); return( ret ); } - - if( mtu_temp != 0 ) - { - ssl->handshake->mtu = mtu_temp; - mtu_temp = 0; - } } if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) @@ -7924,6 +7908,12 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_DTLS) static size_t ssl_get_current_mtu( const mbedtls_ssl_context *ssl ) { + /* Return unlimited mtu for client hello messages to avoid fragmentation. */ + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && + ( ssl->state == MBEDTLS_SSL_CLIENT_HELLO || + ssl->state == MBEDTLS_SSL_SERVER_HELLO ) ) + return ( 0 ); + if( ssl->handshake == NULL || ssl->handshake->mtu == 0 ) return( ssl->mtu ); From 35f2f300ca5724ab0389bed4ed3c7f9d25110290 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 9 Oct 2018 08:52:14 -0400 Subject: [PATCH 06/12] ssl-opt.sh: change expected pattern from 'resend' to 'autoreduction' --- tests/ssl-opt.sh | 74 ++++++++++++++++++++++++------------------------ 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f70a85c1c..079b0f61c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5551,21 +5551,21 @@ run_test "DTLS cookie: enabled, nbio" \ # Tests for client reconnecting from the same port with DTLS -not_with_valgrind # spurious resend +not_with_valgrind # spurious autoreduction run_test "DTLS client reconnect from same port: reference" \ "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000" \ 0 \ - -C "resend" \ + -C "autoreduction" \ -S "The operation timed out" \ -S "Client initiated reconnection from same port" -not_with_valgrind # spurious resend +not_with_valgrind # spurious autoreduction run_test "DTLS client reconnect from same port: reconnect" \ "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \ 0 \ - -C "resend" \ + -C "autoreduction" \ -S "The operation timed out" \ -s "Client initiated reconnection from same port" @@ -6002,7 +6002,7 @@ run_test "DTLS fragmenting: proxy MTU: auto-reduction" \ # the proxy shouldn't drop or mess up anything, so we shouldn't need to resend # OTOH the client might resend if the server is to slow to reset after sending # a HelloVerifyRequest, so only check for no retransmission server-side -not_with_valgrind # spurious resend due to timeout +not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6019,12 +6019,12 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake" \ hs_timeout=10000-60000 \ mtu=1024" \ 0 \ - -S "resend" \ + -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ -C "error" -not_with_valgrind # spurious resend due to timeout +not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6041,7 +6041,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio" \ mtu=1024 nbio=2 \ hs_timeout=15000-60000" \ 0 \ - -S "resend" \ + -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ -C "error" @@ -6051,11 +6051,11 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio" \ # Since we don't support reading fragmented ClientHello yet, # up the MTU to 1450 (larger than ClientHello with session ticket, # but still smaller than client's Certificate to ensure fragmentation). -# A resend on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "resend"' below. +# An autoreduction on the client-side might happen if the server is +# slow to reset, therefore omitting '-C "autoreduction"' below. # reco_delay avoids races where the client reconnects before the server has -# resumed listening, which would result in a spurious resend. -not_with_valgrind # spurious resend due to timeout +# resumed listening, which would result in a spurious autoreduction. +not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6072,14 +6072,14 @@ run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ hs_timeout=10000-60000 \ mtu=1650 reconnect=1 reco_delay=1" \ 0 \ - -S "resend" \ + -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ -C "error" -# A resend on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "resend"' below. -not_with_valgrind # spurious resend due to timeout +# An autoreduction on the client-side might happen if the server is +# slow to reset, therefore omitting '-C "autoreduction"' below. +not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6103,14 +6103,14 @@ run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ hs_timeout=10000-60000 \ mtu=1024" \ 0 \ - -S "resend" \ + -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ -C "error" -# A resend on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "resend"' below. -not_with_valgrind # spurious resend due to timeout +# An autoreduction on the client-side might happen if the server is +# slow to reset, therefore omitting '-C "autoreduction"' below. +not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6135,14 +6135,14 @@ run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ hs_timeout=10000-60000 \ mtu=1024" \ 0 \ - -S "resend" \ + -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ -C "error" -# A resend on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "resend"' below. -not_with_valgrind # spurious resend due to timeout +# An autoreduction on the client-side might happen if the server is +# slow to reset, therefore omitting '-C "autoreduction"' below. +not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6167,14 +6167,14 @@ run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ hs_timeout=10000-60000 \ mtu=1024" \ 0 \ - -S "resend" \ + -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ -C "error" -# A resend on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "resend"' below. -not_with_valgrind # spurious resend due to timeout +# An autoreduction on the client-side might happen if the server is +# slow to reset, therefore omitting '-C "autoreduction"' below. +not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6200,14 +6200,14 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ hs_timeout=10000-60000 \ mtu=1024" \ 0 \ - -S "resend" \ + -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ -C "error" -# A resend on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "resend"' below. -not_with_valgrind # spurious resend due to timeout +# An autoreduction on the client-side might happen if the server is +# slow to reset, therefore omitting '-C "autoreduction"' below. +not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6232,7 +6232,7 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ hs_timeout=10000-60000 \ mtu=1024" \ 0 \ - -S "resend" \ + -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ -C "error" @@ -6555,7 +6555,7 @@ run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \ # Tests for specific things with "unreliable" UDP connection -not_with_valgrind # spurious resend due to timeout +not_with_valgrind # spurious autoreduction due to timeout run_test "DTLS proxy: reference" \ -p "$P_PXY" \ "$P_SRV dtls=1 debug_level=2" \ @@ -6567,11 +6567,11 @@ run_test "DTLS proxy: reference" \ -S "record from another epoch" \ -C "discarding invalid record" \ -S "discarding invalid record" \ - -S "resend" \ + -S "autoreduction" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" -not_with_valgrind # spurious resend due to timeout +not_with_valgrind # spurious autoreduction due to timeout run_test "DTLS proxy: duplicate every packet" \ -p "$P_PXY duplicate=1" \ "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ @@ -6581,7 +6581,7 @@ run_test "DTLS proxy: duplicate every packet" \ -s "replayed record" \ -c "record from another epoch" \ -s "record from another epoch" \ - -S "resend" \ + -S "autoreduction" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" From 7311c78074b161c04f4036addea4e57866921aa7 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 11 Oct 2018 06:49:41 -0400 Subject: [PATCH 07/12] ssl-opt.sh: force ciphersuites to reduce mtu size --- tests/ssl-opt.sh | 164 ++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 134 insertions(+), 30 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 079b0f61c..ac2a7c07d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5943,7 +5943,7 @@ run_test "DTLS fragmenting: server (MTU)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -run_test "DTLS fragmenting: both (MTU)" \ +run_test "DTLS fragmenting: both (MTU=1024)" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ @@ -5960,21 +5960,54 @@ run_test "DTLS fragmenting: both (MTU)" \ -c "found fragmented DTLS handshake message" \ -C "error" -# Test for automatic MTU reduction on repeated resend +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_SHA256_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_AES_C +requires_config_enabled MBEDTLS_GCM_C +run_test "DTLS fragmenting: both (MTU=512)" \ + -p "$P_PXY mtu=512" \ + "$P_SRV dtls=1 debug_level=2 auth_mode=required \ + crt_file=data_files/server7_int-ca.crt \ + key_file=data_files/server7.key \ + hs_timeout=2500-60000 \ + mtu=512" \ + "$P_CLI dtls=1 debug_level=2 \ + crt_file=data_files/server8_int-ca2.crt \ + key_file=data_files/server8.key \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + hs_timeout=2500-60000 \ + mtu=512" \ + 0 \ + -s "found fragmented DTLS handshake message" \ + -c "found fragmented DTLS handshake message" \ + -C "error" + +# Test for automatic MTU reduction on repeated resend. +# The ratio of max/min timeout should ideally equal 4 to accept two +# retransmissions, but in some cases (like both the server and client using +# fragmentation and auto-reduction) an extra retransmission might occur, +# hence the ratio of 8. not_with_valgrind requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_AES_C +requires_config_enabled MBEDTLS_GCM_C run_test "DTLS fragmenting: proxy MTU: auto-reduction" \ - -p "$P_PXY mtu=1024" \ + -p "$P_PXY mtu=508" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ - key_file=data_files/server7.key\ - hs_timeout=100-10000" \ + key_file=data_files/server7.key \ + hs_timeout=400-3200" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - hs_timeout=100-10000" \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + hs_timeout=400-3200" \ 0 \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ @@ -5984,15 +6017,19 @@ only_with_valgrind requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_AES_C +requires_config_enabled MBEDTLS_GCM_C run_test "DTLS fragmenting: proxy MTU: auto-reduction" \ -p "$P_PXY mtu=508" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ - key_file=data_files/server7.key\ + key_file=data_files/server7.key \ hs_timeout=250-10000" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ hs_timeout=250-10000" \ 0 \ -s "found fragmented DTLS handshake message" \ @@ -6006,7 +6043,7 @@ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -run_test "DTLS fragmenting: proxy MTU, simple handshake" \ +run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ @@ -6024,22 +6061,77 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake" \ -c "found fragmented DTLS handshake message" \ -C "error" +# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend +# OTOH the client might resend if the server is to slow to reset after sending +# a HelloVerifyRequest, so only check for no retransmission server-side not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C -run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio" \ +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_AES_C +requires_config_enabled MBEDTLS_GCM_C +run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ + -p "$P_PXY mtu=512" \ + "$P_SRV dtls=1 debug_level=2 auth_mode=required \ + crt_file=data_files/server7_int-ca.crt \ + key_file=data_files/server7.key \ + hs_timeout=10000-60000 \ + mtu=512" \ + "$P_CLI dtls=1 debug_level=2 \ + crt_file=data_files/server8_int-ca2.crt \ + key_file=data_files/server8.key \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + hs_timeout=10000-60000 \ + mtu=512" \ + 0 \ + -S "autoreduction" \ + -s "found fragmented DTLS handshake message" \ + -c "found fragmented DTLS handshake message" \ + -C "error" + +not_with_valgrind # spurious autoreduction due to timeout +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_ECDSA_C +run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ - mtu=1024 nbio=2 \ - hs_timeout=15000-60000" \ + hs_timeout=10000-60000 \ + mtu=1024 nbio=2" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - mtu=1024 nbio=2 \ - hs_timeout=15000-60000" \ + hs_timeout=10000-60000 \ + mtu=1024 nbio=2" \ + 0 \ + -S "autoreduction" \ + -s "found fragmented DTLS handshake message" \ + -c "found fragmented DTLS handshake message" \ + -C "error" + +not_with_valgrind # spurious autoreduction due to timeout +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_AES_C +requires_config_enabled MBEDTLS_GCM_C +run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ + -p "$P_PXY mtu=512" \ + "$P_SRV dtls=1 debug_level=2 auth_mode=required \ + crt_file=data_files/server7_int-ca.crt \ + key_file=data_files/server7.key \ + hs_timeout=10000-60000 \ + mtu=512 nbio=2" \ + "$P_CLI dtls=1 debug_level=2 \ + crt_file=data_files/server8_int-ca2.crt \ + key_file=data_files/server8.key \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + hs_timeout=10000-60000 \ + mtu=512 nbio=2" \ 0 \ -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ @@ -6059,18 +6151,22 @@ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_AES_C +requires_config_enabled MBEDTLS_GCM_C run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ - -p "$P_PXY mtu=1650" \ + -p "$P_PXY mtu=1450" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ hs_timeout=10000-60000 \ - mtu=1650" \ + mtu=1450" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ hs_timeout=10000-60000 \ - mtu=1650 reconnect=1 reco_delay=1" \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + mtu=1450 reconnect=1 reco_delay=1" \ 0 \ -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ @@ -6088,20 +6184,20 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_CHACHAPOLY_C run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ - -p "$P_PXY mtu=1024" \ + -p "$P_PXY mtu=512" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ exchanges=2 renegotiation=1 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \ hs_timeout=10000-60000 \ - mtu=1024" \ + mtu=512" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ exchanges=2 renegotiation=1 renegotiate=1 \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ hs_timeout=10000-60000 \ - mtu=1024" \ + mtu=512" \ 0 \ -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ @@ -6120,20 +6216,20 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ - -p "$P_PXY mtu=1024" \ + -p "$P_PXY mtu=512" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ exchanges=2 renegotiation=1 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ hs_timeout=10000-60000 \ - mtu=1024" \ + mtu=512" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ exchanges=2 renegotiation=1 renegotiate=1 \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ hs_timeout=10000-60000 \ - mtu=1024" \ + mtu=512" \ 0 \ -S "autoreduction" \ -s "found fragmented DTLS handshake message" \ @@ -6240,17 +6336,21 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_AES_C +requires_config_enabled MBEDTLS_GCM_C client_needs_more_time 2 run_test "DTLS fragmenting: proxy MTU + 3d" \ - -p "$P_PXY mtu=1024 drop=8 delay=8 duplicate=8" \ + -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ - hs_timeout=250-10000 mtu=1024" \ + hs_timeout=250-10000 mtu=512" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - hs_timeout=250-10000 mtu=1024" \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + hs_timeout=250-10000 mtu=512" \ 0 \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ @@ -6259,17 +6359,21 @@ run_test "DTLS fragmenting: proxy MTU + 3d" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA +requires_config_enabled MBEDTLS_AES_C +requires_config_enabled MBEDTLS_GCM_C client_needs_more_time 2 run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ - -p "$P_PXY mtu=1024 drop=8 delay=8 duplicate=8" \ + -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ - hs_timeout=250-10000 mtu=1024 nbio=2" \ + hs_timeout=250-10000 mtu=512 nbio=2" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ - hs_timeout=250-10000 mtu=1024 nbio=2" \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + hs_timeout=250-10000 mtu=512 nbio=2" \ 0 \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ From 7c6df832ed339129b63e25d682bc2537de5d4031 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 11 Oct 2018 07:06:12 -0400 Subject: [PATCH 08/12] ssl-opt.sh: revert unnecessary "autoreduction" checks return to the initial check for "resend" --- tests/ssl-opt.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ac2a7c07d..e309f4291 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5551,21 +5551,21 @@ run_test "DTLS cookie: enabled, nbio" \ # Tests for client reconnecting from the same port with DTLS -not_with_valgrind # spurious autoreduction +not_with_valgrind # spurious resend run_test "DTLS client reconnect from same port: reference" \ "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000" \ 0 \ - -C "autoreduction" \ + -C "resend" \ -S "The operation timed out" \ -S "Client initiated reconnection from same port" -not_with_valgrind # spurious autoreduction +not_with_valgrind # spurious resend run_test "DTLS client reconnect from same port: reconnect" \ "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \ 0 \ - -C "autoreduction" \ + -C "resend" \ -S "The operation timed out" \ -s "Client initiated reconnection from same port" @@ -6659,7 +6659,7 @@ run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \ # Tests for specific things with "unreliable" UDP connection -not_with_valgrind # spurious autoreduction due to timeout +not_with_valgrind # spurious resend due to timeout run_test "DTLS proxy: reference" \ -p "$P_PXY" \ "$P_SRV dtls=1 debug_level=2" \ @@ -6671,11 +6671,11 @@ run_test "DTLS proxy: reference" \ -S "record from another epoch" \ -C "discarding invalid record" \ -S "discarding invalid record" \ - -S "autoreduction" \ + -S "resend" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" -not_with_valgrind # spurious autoreduction due to timeout +not_with_valgrind # spurious resend due to timeout run_test "DTLS proxy: duplicate every packet" \ -p "$P_PXY duplicate=1" \ "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ @@ -6685,7 +6685,7 @@ run_test "DTLS proxy: duplicate every packet" \ -s "replayed record" \ -c "record from another epoch" \ -s "record from another epoch" \ - -S "autoreduction" \ + -S "resend" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" From 748face36f508e7f7b11150a8023935fb11a1621 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 11 Oct 2018 07:20:19 -0400 Subject: [PATCH 09/12] ssl_tls: fix maximum output length set maximum output length to MBEDTLS_SSL_OUT_CONTENT_LEN instead of MBEDTLS_SSL_MAX_CONTENT_LEN. --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 353c3471b..9dfa05bc2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -151,7 +151,7 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl { int ret; size_t remaining, expansion; - size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN; + size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl ); From 7782605491f1b7e35bbba1d1c404933374aba672 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 11 Oct 2018 07:34:08 -0400 Subject: [PATCH 10/12] ssl-opt.sh: add comments regarding ciphersuite forcing --- tests/ssl-opt.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e309f4291..96f0ba061 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5960,6 +5960,7 @@ run_test "DTLS fragmenting: both (MTU=1024)" \ -c "found fragmented DTLS handshake message" \ -C "error" +# Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -5986,6 +5987,7 @@ run_test "DTLS fragmenting: both (MTU=512)" \ -C "error" # Test for automatic MTU reduction on repeated resend. +# Forcing ciphersuite for this test to fit the MTU of 508 with full config. # The ratio of max/min timeout should ideally equal 4 to accept two # retransmissions, but in some cases (like both the server and client using # fragmentation and auto-reduction) an extra retransmission might occur, @@ -6013,6 +6015,7 @@ run_test "DTLS fragmenting: proxy MTU: auto-reduction" \ -c "found fragmented DTLS handshake message" \ -C "error" +# Forcing ciphersuite for this test to fit the MTU of 508 with full config. only_with_valgrind requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C @@ -6061,6 +6064,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ -c "found fragmented DTLS handshake message" \ -C "error" +# Forcing ciphersuite for this test to fit the MTU of 512 with full config. # the proxy shouldn't drop or mess up anything, so we shouldn't need to resend # OTOH the client might resend if the server is to slow to reset after sending # a HelloVerifyRequest, so only check for no retransmission server-side @@ -6112,6 +6116,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ -c "found fragmented DTLS handshake message" \ -C "error" +# Forcing ciphersuite for this test to fit the MTU of 512 with full config. not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C @@ -6138,6 +6143,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ -c "found fragmented DTLS handshake message" \ -C "error" +# Forcing ciphersuite for this test to fit the MTU of 1450 with full config. # This ensures things still work after session_reset(). # It also exercises the "resumed handshake" flow. # Since we don't support reading fragmented ClientHello yet, @@ -6333,6 +6339,7 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ -c "found fragmented DTLS handshake message" \ -C "error" +# Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6356,6 +6363,7 @@ run_test "DTLS fragmenting: proxy MTU + 3d" \ -c "found fragmented DTLS handshake message" \ -C "error" +# Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C From b459346f67e3d9eaef8c1cff0386c31df6aff79c Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 11 Oct 2018 08:43:30 -0400 Subject: [PATCH 11/12] ssl-opt.sh: add a check for i686 targets Run DTLS fragmenting tests on non-i686 targets only. Remove reduntant gnutls requirements. --- tests/ssl-opt.sh | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 96f0ba061..548373418 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -262,6 +262,21 @@ requires_ipv6() { fi } +# skip next test if it's i686 or uname is not available +requires_not_i686() { + if [ -z "${IS_I686:-}" ]; then + IS_I686="YES" + if which "uname" >/dev/null 2>&1; then + if [ -z "$(uname -a | grep i686)" ]; then + IS_I686="NO" + fi + fi + fi + if [ "$IS_I686" = "YES" ]; then + SKIP_NEXT="YES" + fi +} + # Calculate the input & output maximum content lengths set in the config MAX_CONTENT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN || echo "16384") MAX_IN_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_IN_CONTENT_LEN || echo "$MAX_CONTENT_LEN") @@ -6391,7 +6406,6 @@ run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ # # here and below we just want to test that the we fragment in a way that # pleases other implementations, so we don't need the peer to fragment -requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6407,7 +6421,6 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ -c "fragmenting handshake message" \ -C "error" -requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6435,6 +6448,7 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_gnutls +requires_not_i686 run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ "$P_SRV dtls=1 debug_level=2 \ crt_file=data_files/server7_int-ca.crt \ @@ -6450,6 +6464,7 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 requires_gnutls +requires_not_i686 run_test "DTLS fragmenting: gnutls client, DTLS 1.0" \ "$P_SRV dtls=1 debug_level=2 \ crt_file=data_files/server7_int-ca.crt \ From 9580528248c3765abc59142e585b8bd29c4ce093 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 11 Oct 2018 08:55:37 -0400 Subject: [PATCH 12/12] ssl-opt.sh: fix typo in mtu settings --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 548373418..f02d2ec79 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5964,7 +5964,7 @@ run_test "DTLS fragmenting: both (MTU=1024)" \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ hs_timeout=2500-60000 \ - mtu=512" \ + mtu=1024" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \