Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS 1.3: Reproduce and fix anti replay fail #6712

Closed
wants to merge 10 commits into from
Closed

TLS 1.3: Reproduce and fix anti replay fail #6712

wants to merge 10 commits into from

Conversation

yuhaoth
Copy link
Contributor

@yuhaoth yuhaoth commented Dec 2, 2022
edited
Loading

Description

fix #6623

  • Remove all test cases except TLS 1.3 m->G: EarlyData: basic check, good .

That try to reproduce the issue as quick as possible. According to previous experience, the issue might appear about 1 times per 100 times. With the script, I found the fail rate is about 4% in my local test, so I add a 400 times loop.

To reproduce locally, just call ssl-opt.sh , I have change ssl-opt.sh to run only the test case for 400 times.

Future topic

  • Add script to summary fail rate.
  • Try increase the fail rate
  • Fix the issue.

Gatekeeper checklist

  • changelog provided, or not required
  • backport done, or not required
  • tests provided, or not required

Notes for the submitter

Please refer to the contributing guidelines, especially the
checklist for PR contributors.

@yuhaoth yuhaoth force-pushed the tests/reproduce-fix-anti_replay_fail branch 5 times, most recently from 8de6b84 to 77a50b6 Compare December 15, 2022 02:32
yuhaoth added a commit to yuhaoth/mbedtls1.3 that referenced this pull request Dec 15, 2022
@yuhaoth
Change time resolution of reco_delay from second to millionseconds
a282f6c 
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.

From test result of Mbed-TLS#6712, this commit can improve the fail rate from 4%
to 92%.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
@yuhaoth yuhaoth mentioned this pull request Dec 15, 2022
Merged
3 tasks
@yuhaoth yuhaoth force-pushed the tests/reproduce-fix-anti_replay_fail branch from 77a50b6 to 42081df Compare December 15, 2022 03:17
@yuhaoth yuhaoth mentioned this pull request Dec 15, 2022
Merged
5 tasks
@yuhaoth yuhaoth force-pushed the tests/reproduce-fix-anti_replay_fail branch from 42081df to c8ace54 Compare December 15, 2022 10:50
yuhaoth added a commit to yuhaoth/mbedtls1.3 that referenced this pull request Dec 15, 2022
@yuhaoth
Change time resolution of reco_delay from second to millionseconds
7d74900 
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.

From test result of Mbed-TLS#6712, this commit can improve the fail rate from 4%
to 92%.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
yuhaoth added a commit to yuhaoth/mbedtls1.3 that referenced this pull request Dec 15, 2022
@yuhaoth
Change time resolution of reco_delay from second to millionseconds
32467e1 
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.

From test result of Mbed-TLS#6712, this commit can improve the fail rate from 4%
to 92%.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
@yuhaoth yuhaoth force-pushed the tests/reproduce-fix-anti_replay_fail branch 2 times, most recently from 34e96ef to c5c9113 Compare December 16, 2022 05:28
yuhaoth added a commit to yuhaoth/mbedtls1.3 that referenced this pull request Dec 16, 2022
@yuhaoth
Change time resolution of reco_delay from second to millionseconds
ea57e30 
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.

From test result of Mbed-TLS#6712, this commit can improve the fail rate from 4%
to 92%.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
yuhaoth added a commit to yuhaoth/mbedtls1.3 that referenced this pull request Dec 17, 2022
@yuhaoth
Change time resolution of reco_delay from second to millionseconds
4d8ac72 
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.

From test result of Mbed-TLS#6712, this can improve the fail rate from 4%
to 92%.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
@yuhaoth
Copy link
Contributor Author

yuhaoth commented Dec 17, 2022

The solution has been verified

@yuhaoth yuhaoth closed this Dec 17, 2022
yuhaoth added a commit to yuhaoth/mbedtls1.3 that referenced this pull request Dec 18, 2022
@yuhaoth
Change time resolution of reco_delay from second to millionseconds
84647b6 
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.

From test result of Mbed-TLS#6712, this can improve the fail rate from 4%
to 92%.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
yuhaoth added a commit to yuhaoth/mbedtls1.3 that referenced this pull request Jan 3, 2023
@yuhaoth
Change time resolution of reco_delay from second to millionseconds
1eee94e 
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.

From test result of Mbed-TLS#6712, this can improve the fail rate from 4%
to 92%.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
yuhaoth added a commit to yuhaoth/mbedtls1.3 that referenced this pull request Jan 7, 2023
@yuhaoth
Change time resolution of reco_delay from second to millionseconds
a15af37 
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.

From test result of Mbed-TLS#6712, this can improve the fail rate from 4%
to 92%.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
yuhaoth added a commit to yuhaoth/mbedtls1.3 that referenced this pull request Jan 7, 2023
@yuhaoth
Change time resolution of reco_delay from second to millionseconds
1953373 
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.

From test result of Mbed-TLS#6712, this can improve the fail rate from 4%
to 92%.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
@yuhaoth
Copy link
Contributor Author

yuhaoth commented Jan 7, 2023

Reopen to verify commit

@yuhaoth yuhaoth reopened this Jan 7, 2023
@yuhaoth yuhaoth force-pushed the tests/reproduce-fix-anti_replay_fail branch from c5c9113 to 1f4f7a7 Compare January 7, 2023 08:45
yuhaoth added 3 commits January 7, 2023 16:46
@yuhaoth
Revert "Skip early data basic check temp"
4f3ca88 
This reverts commit 4e83173.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
@yuhaoth
Add test-suite parameter to filter tests
802f712 
Filter tests base on TEST_SUITE_NAME

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
@yuhaoth
skip test suite if it is excluded
86e2aba 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
yuhaoth added 6 commits January 7, 2023 16:46
@yuhaoth
Do not check testsuite in test case
ea3a50d 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
@yuhaoth
[DO-NOT-MERGE]: move test cases
aa716f4 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
@yuhaoth
[DO-NOT-MERGE] Disable all test-suite
3890d40 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
@yuhaoth
[DO-NOT-MERGE]Add EarlyData basic check
d2ed20c 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
@yuhaoth
Change time resolution of reco_delay from second to millionseconds
de09681 
- Improve test speed. we do not need 2 seconds delay
- Adjust reco_delay time to improve fail raite.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
@yuhaoth
[DO-NOT-MERGE]add test fail log
b58ace6 
from https://jenkins-mbedtls.oss.arm.com/blue/rest/organizations/jenkins/pipelines/mbed-tls-pr-merge/branches/PR-6712-merge/runs/8/nodes/449/steps/4945/log/?start=0

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
@yuhaoth yuhaoth force-pushed the tests/reproduce-fix-anti_replay_fail branch 2 times, most recently from ebe352f to 404cc87 Compare January 7, 2023 08:51
@yuhaoth
Workaround anti replay fail of GnuTLS
5b3790a 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
@yuhaoth yuhaoth force-pushed the tests/reproduce-fix-anti_replay_fail branch from 404cc87 to 5b3790a Compare January 7, 2023 12:19
@yuhaoth
Copy link
Contributor Author

yuhaoth commented Jan 9, 2023

The workaround solution has been verified. Close this PR

@yuhaoth yuhaoth closed this Jan 9, 2023
AndrzejKurek pushed a commit to AndrzejKurek/mbedtls that referenced this pull request Jan 17, 2023
@yuhaoth
Change time resolution of reco_delay from second to millionseconds
f4c4503 
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.

From test result of Mbed-TLS#6712, this can improve the fail rate from 4%
to 92%.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
component-tls13 DO-NOT-MERGE
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Early data test case will fail randomly cause the anti-play protection from gnutls server
1 participant
@yuhaoth