Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Non MPS ssl-opt.sh test failed with nbio=2 #238

Closed
lhuang04 opened this issue Apr 27, 2021 · 2 comments · Fixed by #346
Closed

Non MPS ssl-opt.sh test failed with nbio=2 #238

lhuang04 opened this issue Apr 27, 2021 · 2 comments · Fixed by #346
Assignees
@lhuang04

Comments

@lhuang04
Copy link
Collaborator

When I disable MBEDTLS_SSL_USE_MPS.

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 9a8cd63ad..73b4a6cb8 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1453,7 +1453,7 @@
  *
  * TODO: Document
  */
-#define MBEDTLS_SSL_USE_MPS
+//#define MBEDTLS_SSL_USE_MPS

The ssl-opt.sh run failed for all cases.
One example is the following:

tests/ssl-opt.sh  -s -p -f "default suite, PSK"

server log

# TLS 1.3, default suite, PSK
../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=17115 allow_sha1=1 nbio=2 debug_level=5 force_version=tls1_3 psk=010203 psk_identity=0a0b0c key_exchange_modes=psk

  . Seeding the random number generator... ok
  . Loading the CA root certificate ... ok (0 skipped)
  . Loading the server cert. and key... ok                                           
  . Bind on tcp://127.0.0.1:17115/ ... ok
  . Setting up the SSL/TLS structure...ssl_msg.c:0073: |3| set_timer to 0 ms
 ok
ssl_msg.c:0073: |3| set_timer to 0 ms
  . Waiting for a remote connection ... ok
  . Performing the SSL/TLS handshake...ssl_tls.c:6780: |2| => handshake 
ssl_tls13_server.c:4280: |2| server state: 0 
ssl_msg.c:2319: |2| => flush output 
ssl_msg.c:2331: |2| <= flush output 
ssl_tls13_server.c:4280: |2| server state: 1 
ssl_msg.c:2319: |2| => flush output 
ssl_msg.c:2331: |2| <= flush output 
ssl_tls13_server.c:2113: |2| => parse client hello 
ssl_msg.c:2080: |2| => fetch input
ssl_msg.c:2242: |2| in_left: 0, nb_want: 5
ssl_msg.c:2266: |2| in_left: 0, nb_want: 5
ssl_tls13_server.c:2142: |2| <= parse client hello
ssl_tls13_server.c:4311: |1| ssl_client_hello_process() returned -30976 (-0x7900)
ssl_tls.c:6808: |2| <= handshake
 failed
  ! mbedtls_ssl_handshake returned -0x7900

Last error was: -30976 - SSL - Processing of the ClientHello handshake message failed

ssl_msg.c:0073: |3| set_timer to 0 ms
  . Waiting for a remote connection ... interrupted by SIGTERM (in net_accept())
  . Cleaning up...ssl_tls.c:7830: |2| => free
ssl_tls.c:7937: |2| <= free
 done.

client log

ssl_tls13_client.c:1452: |3| 0040:  58 e3 55 3d 5e 34 73 00 02 13 03 01 00 00 42 00  X.U=^4s.......B.
ssl_tls13_client.c:1452: |3| 0050:  2b 00 03 02 03 04 00 2d 00 02 01 00 00 29 00 31  +......-.....).1
ssl_tls13_client.c:1452: |3| 0060:  00 0c 00 06 30 61 30 62 30 63 00 00 00 00 00 21  ....0a0b0c.....!
ssl_tls13_client.c:1452: |3| 0070:  20 8b 90 ce 1e 34 01 af 5a a9 29 48 66 ef 5d 4a   ....4..Z.)Hf.]J
ssl_tls13_client.c:1452: |3| 0080:  51 99 cc 83 a3 98 d6 fe a8 03 50 e3 4b d1 3d 73  Q.........P.K.=s
ssl_tls13_client.c:1452: |3| 0090:  27                                               '
ssl_msg.c:2763: |2| => write handshake message
ssl_msg.c:2925: |2| => write record
ssl_msg.c:3043: |3| output record: msgtype = 22, version = [3:3], msglen = 145
ssl_msg.c:3046: |4| dumping 'output record sent to network' (150 bytes)
ssl_msg.c:3046: |4| 0000:  16 03 03 00 91 01 00 00 8d 03 03 75 ce af b8 bb  ...........u....
ssl_msg.c:3046: |4| 0010:  fb c8 a7 7a 45 c0 03 c6 f2 b1 51 98 fb 93 81 68  ...zE.....Q....h
ssl_msg.c:3046: |4| 0020:  b2 d2 d2 9f bf a7 d6 01 0c c2 9e 20 67 f1 fa 4d  ........... g..M
ssl_msg.c:3046: |4| 0030:  a5 b7 ca 6b 10 36 4d ed 79 67 d5 a5 ad 3a 52 91  ...k.6M.yg...:R.
ssl_msg.c:3046: |4| 0040:  d8 07 e2 22 71 58 e3 55 3d 5e 34 73 00 02 13 03  ..."qX.U=^4s....
ssl_msg.c:3046: |4| 0050:  01 00 00 42 00 2b 00 03 02 03 04 00 2d 00 02 01  ...B.+......-...
ssl_msg.c:3046: |4| 0060:  00 00 29 00 31 00 0c 00 06 30 61 30 62 30 63 00  ..).1....0a0b0c.
ssl_msg.c:3046: |4| 0070:  00 00 00 00 21 20 8b 90 ce 1e 34 01 af 5a a9 29  ....! ....4..Z.)
ssl_msg.c:3046: |4| 0080:  48 66 ef 5d 4a 51 99 cc 83 a3 98 d6 fe a8 03 50  Hf.]JQ.........P
ssl_msg.c:3046: |4| 0090:  e3 4b d1 3d 73 27                                .K.=s'
ssl_msg.c:2319: |2| => flush output
ssl_msg.c:2338: |2| message length: 150, out_left: 150
ssl_msg.c:2343: |2| ssl->f_send() returned -26752 (-0x6880)
ssl_msg.c:3092: |1| mbedtls_ssl_flush_output() returned -26752 (-0x6880)
ssl_msg.c:2897: |1| ssl_write_record() returned -26752 (-0x6880)
ssl_tls13_client.c:1476: |2| <= write client hello
ssl_tls13_client.c:3835: |1| ssl_write_client_hello() returned -26752 (-0x6880)
ssl_tls.c:6808: |2| <= handshake
ssl_tls.c:6780: |2| => handshake
ssl_tls13_client.c:3792: |2| client state: 1
ssl_msg.c:2319: |2| => flush output
ssl_msg.c:2338: |2| message length: 150, out_left: 150
ssl_msg.c:2343: |2| ssl->f_send() returned -80 (-0x0050)
ssl_tls.c:6808: |2| <= handshake
failed
 ! mbedtls_ssl_handshake returned -0x50

Last error was: -0x50 - NET - Connection was reset by peer

ssl_tls.c:7830: |2| => free
ssl_tls.c:7937: |2| <= free
EXIT: 1

It seems related to nbio change. When I remove the nbio=2. The test passed again.

--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1128,16 +1128,16 @@ trap cleanup INT TERM HUP
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_disabled MBEDTLS_RSA_C
run_test    "TLS 1.3, default suite, PSK" \
-            "$P_SRV nbio=2 debug_level=5 force_version=tls1_3 psk=010203 psk_identity=0a0b0c key_exchange_modes=psk" \
-            "$P_CLI nbio=2 debug_level=5 force_version=tls1_3 psk=010203 psk_identity=0a0b0c key_exchange_modes=psk" \
+            "$P_SRV  debug_level=5 force_version=tls1_3 psk=010203 psk_identity=0a0b0c key_exchange_modes=psk" \
+            "$P_CLI  debug_level=5 force_version=tls1_3 psk=010203 psk_identity=0a0b0c key_exchange_modes=psk" \
            0 \
            -s "Protocol is TLSv1.3"
@lhuang04 lhuang04 changed the title non MPS ssl-opt.sh test failed with nbio=2 Non MPS ssl-opt.sh test failed with nbio=2 Apr 27, 2021
@lhuang04 lhuang04 self-assigned this Jun 21, 2021
yuhaoth added a commit to yuhaoth/mbedtls1.3 that referenced this issue Jul 13, 2021
@yuhaoth
[WIP]Fix test fail without mps
6969096 
Now, not all test pass , there are still
9 test fail.
issues: hannestschofenig#238


Change-Id: Ifb8b96e552897412c060dcc70fdda48944869499
CustomizedGitHooks: yes
Signed-off-by: Jerry Yu <[email protected]>
@yuhaoth yuhaoth mentioned this issue Jul 13, 2021
Closed
@yuhaoth
Copy link
Collaborator

yuhaoth commented Jul 13, 2021

not only nbio=2 will fail. nbio=1 will fail also .

@yuhaoth yuhaoth mentioned this issue Jul 16, 2021
Closed
@yuhaoth
Copy link
Collaborator

yuhaoth commented Jul 20, 2021

That is part of #15. The cases is

#undef MBEDTLS_SSL_USE_MPS

@yuhaoth yuhaoth mentioned this issue Jul 21, 2021
Open
yuhaoth added a commit to yuhaoth/mbedtls1.3 that referenced this issue Jul 21, 2021
@yuhaoth
Add different options test script
52ee126 
According to hannestschofenig#15, different options report
fail. To fix the issue we should not break
passed options. The script is to make sure
current status.

If all relative issues are resolved, This
patch should be removed or re-considered.

issues: hannestschofenig#15, hannestschofenig#297,hannestschofenig#238,hannestschofenig#298

Change-Id: Iaebbdaa5861802f2a48e6bca238a94672ddfaf70
CustomizedGitHooks: yes
Signed-off-by: Jerry Yu <[email protected]>
yuhaoth added a commit to yuhaoth/mbedtls1.3 that referenced this issue Jul 21, 2021
@yuhaoth
Add different options test script
d12d784 
According to hannestschofenig#15, different options report
fail. To fix the issue we should not break
passed options. The script is to make sure
current status.

If all relative issues are resolved, This
patch should be removed or re-considered.

issues: hannestschofenig#15, hannestschofenig#297,hannestschofenig#238,hannestschofenig#298,hannestschofenig#301

Change-Id: Iaebbdaa5861802f2a48e6bca238a94672ddfaf70
CustomizedGitHooks: yes
Signed-off-by: Jerry Yu <[email protected]>
yuhaoth added a commit to yuhaoth/mbedtls1.3 that referenced this issue Jul 22, 2021
@yuhaoth
Add different options test script
f51b47c 
According to hannestschofenig#15, different options report
fail. To fix the issue we should not break
passed options. The script is to make sure
current status.

If all relative issues are resolved, This
patch should be removed or re-considered.

issues: hannestschofenig#15, hannestschofenig#297,hannestschofenig#238,hannestschofenig#298,hannestschofenig#301

Change-Id: Iaebbdaa5861802f2a48e6bca238a94672ddfaf70
CustomizedGitHooks: yes
Signed-off-by: Jerry Yu <[email protected]>
yuhaoth added a commit to yuhaoth/mbedtls1.3 that referenced this issue Jul 23, 2021
@yuhaoth
Add different options test script
d855fa9 
According to hannestschofenig#15, different options report
fail. To fix the issue we should not break
passed options. The script is to make sure
current status.

If all relative issues are resolved, This
patch should be removed or re-considered.

issues: hannestschofenig#15, hannestschofenig#297,hannestschofenig#238,hannestschofenig#298,hannestschofenig#301

Change-Id: Iaebbdaa5861802f2a48e6bca238a94672ddfaf70
CustomizedGitHooks: yes
Signed-off-by: Jerry Yu <[email protected]>
@yuhaoth yuhaoth mentioned this issue Aug 4, 2021
Closed
@hanno-becker hanno-becker mentioned this issue Aug 7, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lhuang04 lhuang04

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix re-entrancy of non-MPS handshake state machine hanno-becker/mbedtls
2 participants
@yuhaoth @lhuang04