Skip to content

Commit 03ef604

Browse files
mpgmpg
committed
Add test with non-HS record in-between HS fragments
Two of these tests reveal bugs in the code, so they're commented out for now. For the other tests, the high-level behaviour is OK (break the handshake) but the details of why are IMO not good: they should be rejected because interleaving non-HS record between HS fragments is not valid according to the spec. To be fixed in future commits. Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
1 parent 93374df commit 03ef604

File tree

1 file changed

+30
-0
lines changed

1 file changed

+30
-0
lines changed

tests/suites/test_suite_ssl.data

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3576,3 +3576,33 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160
35763576
Inject ClientHello - TLS 1.3 fragmented 73 + 1 OK
35773577
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1
35783578
inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"reassembled record":0
3579+
3580+
# See "ClientHello breakdown" above
3581+
# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256
3582+
Inject ClientHello - TLS 1.3 fragmented 4 + appdata + 72 rejected
3583+
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1
3584+
inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300040100004817030300020102160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"Receive unexpected handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE
3585+
3586+
# See "ClientHello breakdown" above
3587+
# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256
3588+
##Inject ClientHello - TLS 1.3 fragmented 4 + alert(warn) + 72 ~rejected~ (currently loops forever)
3589+
##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1
3590+
##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"received unexpected message type during handshake":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE
3591+
3592+
# See "ClientHello breakdown" above
3593+
# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256
3594+
Inject ClientHello - TLS 1.3 fragmented 4 + alert(fatal) + 72 rejected
3595+
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1
3596+
inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002025a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE
3597+
3598+
# See "ClientHello breakdown" above
3599+
# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256
3600+
##Inject ClientHello - TLS 1.3 fragmented 4 + CCS + 72 ~rejected~ (currently loops forever)
3601+
##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1
3602+
##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048140303000101160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE
3603+
3604+
# See "ClientHello breakdown" above
3605+
# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256
3606+
Inject ClientHello - TLS 1.3 fragmented 4 + invalid type + 72 rejected
3607+
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1
3608+
inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481003030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"unknown record type":MBEDTLS_ERR_SSL_INVALID_RECORD

0 commit comments

Comments
 (0)