Backport 3.6: test sample programs in ssl-opt.sh

[gilles-peskine-arm]

Test the SSL sample programs (ssl_client1, dtls_client, ssl_server, ssl_fork_server, ssl_pthread_server, dtls_server) in ssl-opt.sh. Test against both GnuTLS and OpenSSL. Test with all relevant protocol versions (TLS 1.2/1.3; DTLS 1.2 only).

mini_client is excluded because it's complicated, see this comment. It's also not part of the deliverable we want, which is primarily ssl_client1 and ssl_server interoperabiliy with TLS 1.3, and secondarily (because that part is not much more effort) those programs and dtls_client and dtls_server with (D)TLS 1.2. (I'm still throwing in ssl_pthread_server and ssl_fork_server because they're really easy.)

The TLS 1.3 test cases are non-regression tests for #9072 and #8749.

Fixes #9072 in the sense that when this pull request passes the CI, it means the issue is fixed. (The actual fixes are in previous PR: #9501 and #9507.)

The sample programs hard-code port 4433, so these tests can't run concurrently. This may be a problem for CI reliability (although in principle it shouldn't be since each test run runs alone in a Docker instance). If it's a problem, the obvious solution is to make the port configurable in each program (and remove the forced-port hacks in ssl-opt.sh).

Prerequisites:

• [3.6] ssl-opt: improve PSK mode detection #9546 — Sorting out the failures when some key exchanges are excluded got me into a nasty bag of worms around dependency calculations in ssl-opt.sh that warrants its own pull request.
• Fix interoperability when MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled #9563 — fix middlebox compatibility mode, rather than figure out what depends on it and write alternative test cases when it's disabled.

Status: ready except for a final rebase once #9563 is merged.

PR checklist

• changelog not required because: test only. (I don't think the improvements in compile-time dependencies in sample programs warrant a changelog entry.)
• development PR TODO
• framework PR not required
• 3.6 PR here
• 2.28 PR TBD — useful in principle, but we might not bother at this stage
• tests provided

[mpg]

Just a first pass, will make another when the pre-requisite is in, but looking pretty good to me so far!

[mpg]

Not on this line: copy-pasta in the commit message, says pthread when it's about fork.

[gilles-peskine-arm]

Changed in my latest rebase.

Note that I intend more rebases. Both after #9546 is merged, and also because my latest batch of commits has broken something (still puzzling out what).

[gilles-peskine-arm]

This and some other test cases are skipped in builds with only TLS 1.3. This is due to #9560, which is a preexisting bug affecting many preexisting test cases, and I will not fix it here.

[gilles-peskine-arm]

This is getting too large: 29 commits (not counting the ones from #9556). So I intend to split this in two pieces. Probably all except mini_client, then mini_client, which brings in issues with PSK builds. Or maybe also do mini_client in the first PR, but excluding PSK builds.

Last version with the mini_client work: https://github.com/gilles-peskine-arm/mbedtls/tree/ssl-opt-mini_client-3.6-1 . This is https://github.com/gilles-peskine-arm/mbedtls/tree/ssl-opt-sample-programs-3.6-4 with commits restructured to put all the work related to mini_client after the rest. Completely untested.

[gilles-peskine-arm]

So this innocent-looking change (at least it looked innocent to me) is causing a bunch more test cases to be executed in config-suite-b, config-ccm-psk-tls1_2.h and config-ccm-psk-dtls1_2.h. And some are failing because a genuine requirement isn't declared. The joys of ssl-opt.

[gilles-peskine-arm]

And by the way, maybe we should enable MBEDTLS_FS_IO in test-ref-configs when we run ssl-opt (we already add MBEDTLS_DEBUG_C and MBEDTLS_ERROR_C)?

[mpg]

Aw, let's not do that now, then.

The joys of ssl-opt.

Yeah, it was designed to only work in the default config, and dependency declarations were added later as an after-thought, and for some time the target was it should run in the default and full configs, then perhaps a few others that are close enough... but we never took the time to think it through, and here we are now.

And by the way, maybe we should enable MBEDTLS_FS_IO in test-ref-configs when we run ssl-opt (we already add MBEDTLS_DEBUG_C and MBEDTLS_ERROR_C)?

Yeah, I think that would make sense. Perhaps for your other PR that splits test-ref-configs? (Unless it turns out to be another can of worms.)

[gilles-peskine-arm]

Perhaps for your other PR that splits test-ref-configs? (Unless it turns out to be another can of worms.)

No, because a lot of the worms are test cases that currently don't run in the reference configs because they lack MBEDTLS_FS_IO. When we turn this on, they get executed, which fails for a variety of reasons: some other obvious-in-hindsight dependency is missing, or we have unfragmentable handshake packets that go over the message limit, or the DTLS adaptation code does something wrong, or …

I've filed #9595 and added it to our tech debt pile.

[gilles-peskine-arm]

I've removed all the mini_client and I'm still at 23 commits (not counting #9556), plus a few more (I think at this point all that's failing is config-suite-b.h). The commits are mostly small and focused, but it's still a lot. @mpg How do you feel about the length of this PR? I'm thinking of breaking out another PR of preliminaries (compatibility mode, consequences of finer MBEDTLS_FS_IO detection, test-ref-configs).

[mpg]

The commits are mostly small and focused, but it's still a lot. @mpg How do you feel about the length of this PR?

I'm happy to review this PR as it is (plus the few commits needed for it to pass CI). I don't feel splitting it just for the sake of it would significantly help, unless there's a breaking point that really makes sense.

However, I'm wondering about PSK-only mode, which seems to be bringing a lot of issues. Would it make sense to have a first step where we only test the programs with cert-based (or if it helps, even signature-based, that is cert-based + ephemeral as opposed to static ECDH or RSA encryption) key exchanges, and leave PSK-only for step 2? (That's a real question, the answer might be no, you know better than me at this point.)

[gilles-peskine-arm]

Would it make sense to have a first step where we only test the programs with cert-based (or if it helps, even signature-based, that is cert-based + ephemeral as opposed to static ECDH or RSA encryption) key exchanges, and leave PSK-only for step 2?

mini_client is the only sample program that can work with PSK at all. So my first split was already doing that. I only realized yesterday that some of the failures I had seen earlier were not due to #9556 or to the changes I made for the sake of mini_client test cases, but due to changing MBEDTLS_FS_IO detection. Given that yesterday's CI had further failures that I hadn't expected, I'm going to split this again with another preliminary that handles MBEDTLS_FS_IO detection and related changes, plus possibly MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE changes. At this point I'm still not planning to tackle #9560.

[gilles-peskine-arm]

preliminary that handles MBEDTLS_FS_IO detection and related changes

Come to think of it, the only purpose of improving MBEDTLS_FS_IO detection was to run more tests in config-ccm-psk-dtls1_2. And that was only useful for the mini_client PSK tests. While these changes are desirable, they're technical debt, not on the critical path for the deliverable. So I'm going to remove that and its consequences, file a tech debt issue with pointers, and hopefully the delivery can converge quickly. It was already passing everything except test-ref-configs.pl at one point.

[mpg]

Checking changes since my last (partial review). It seems that the following change has been removed:

-    # Check if test uses files
-    case "$SRV_CMD $CLI_CMD" in
-        *$DATA_FILES_PATH/*)
+    # Check if our test programs use files.
+    case "$CLI_CMD" in
+        *programs/ssl/*"$DATA_FILES_PATH/"*)
+            requires_config_enabled MBEDTLS_FS_IO;;
+    esac
+    case "$SRV_CMD" in
+        *programs/ssl/*"$DATA_FILES_PATH/"*)

I thought that was a good change, why did you remove it?

[mpg]

Incremental review since my previous partial review, not complete yet, but looking pretty good so far.

[mpg]

Out of curiosity: why do we need server_addr=localhost here?

[gilles-peskine-arm]

By default, on my machine, ssl_server2 only listens on IPv4. I actually don't understand why: I would have thought it would prioritize IPv6. dtls_client connects to localhost, whatever it is. I remember it took me a little while to find something that would minimize changes in the test programs, have the tests pass on my machine (where localhost resolves to ::1), and have the tests pass on the CI (where IPv6 is disabled).

I don't know why this isn't necessary for ssl_client1.

[mpg]

Minor: naming is inconsistent. Not sure it matters though.

[gilles-peskine-arm]

There are two naming patterns: “Sample: PROGRAM, PEER” for testing a sample program against a peer that isn't a sample program (OpenSSL, GnuTLS or Mbed TLS's fancy programs), and “Sample: PROGRAM1 with PROGRAM2” for testing two sample programs against each other. I'm open to other naming conventions if you have suggestions.

[mpg]

Note: this is going to conflict with the PR that removes this script. I'd suggest removing this commit to avoid the conflict.

[gilles-peskine-arm]

I wanted to get detailed CI feedback here for as long as test-ref-configs failed. Changing the script is out of scope here and I'll remove it in the next rebase (there'll be a next rebase once #9563 is merged).

[mpg]

I've completed my review, this looks good to me.

I've also checked that the new tests are passing locally on my machine, fwiw.

[gilles-peskine-arm]

[FS_IO change]

I thought that was a good change, why did you remove it?

It turned out to be a huge can of worms. See #9541 (comment)