Merge pull request #9989 from minosgalanakis/issue9887_add_basic_defragmentation_tests

Add basic handshake defragmentation tests in ssl-opt

Author: gilles-peskine-arm

ChangeLog.d/tls-hs-defrag-in.txt

@@ -3,3 +3,10 @@ Bugfix
      by the spec. Lack of support was causing handshake failures with some
      servers, especially with TLS 1.3 in practice (though both protocol
      version could be affected in principle, and both are fixed now).
+     The initial fragment for each handshake message must be at least 4 bytes.
+
+     Server-side, defragmentation of the ClientHello message is only
+     supported if the server accepts TLS 1.3 (regardless of whether the
+     ClientHello is 1.3 or 1.2). That is, servers configured (either
+     at compile time or at runtime) to only accept TLS 1.2 will
+     still fail the handshake if the ClientHello message is fragmented.

tests/scripts/analyze_outcomes.py

@@ -50,6 +50,11 @@ def _has_word_re(words: typing.Iterable[str],
             # TLS doesn't use restartable ECDH yet.
             # https://github.com/Mbed-TLS/mbedtls/issues/7294
             re.compile(r'EC restart:.*no USE_PSA.*'),
+            # Temporary disable Handshake defragmentation tests until mbedtls
+            # pr #10011 has been merged.
+            'Handshake defragmentation on client: len=4, TLS 1.2',
+            'Handshake defragmentation on client: len=5, TLS 1.2',
+            'Handshake defragmentation on client: len=13, TLS 1.2'
         ],
         'test_suite_config.mbedtls_boolean': [
             # Missing coverage of test configurations.