Basic ssl-opt testing for TLS HS defragmentation

[mpg]

#9872 is currently in good shape except for the lack of automated tests (it was tested manually though and confirmed to resolve the issue). If the OP doesn't add automated tests, we'll add them ourselves.

Note: since we'll only have support for defragmenting incoming messages, not fragmenting outgoing, we'll need to use another implementation for testing - for example, openssl s_server -mtu <low_value> will fragment in TLS as well (see https://github.com/Mbed-TLS/mbedtls/pull/3817/files#diff-54a2261aca14ebb2491a1584cc3351a458487c23c25f90df08de2573cd705e32R9806 for example).

Note: if such tests are added 9872, then we can mark it as resolving this issue as well.

Edit: this issue is now only about basic testing, see this comment.

[rojer]

some thoughts on testing: obviously this should be tested against widely used implementations such as openssl
but in my experience it's not sufficient. for example, the bug found while running older version of this code in the wild was against Amazon Greengrass, that for some reason decided to chop up messages in a weird way where record and message boundaries weren't lining up (to be clear, #9872 does not have this bug anymore).
so my idea of properly testing it involved writing a "record chopper" i/o proxy that would chop up messages into records of varying sizes, from 1 to N, or something like that.

[mpg]

Thanks for sharing your thoughts and experience! I think a "record chopper" would indeed be ideal for testing. However I'm afraid it is going to be more work than we can reasonably include in the upcoming 3.6.3 release.

In the short term, I think we'll probably have to be satisfied with testing against OpenSSL, but we can probably have a larger number of test cases than in #3817, with varying values of mtu - in particular, not just powers of 2 or multiples of 8 :)

[mpg]

Re-estimating size to M, as we had missed some of the testing needs, such as interactions with other TLS features such as renegotiation or buffer resizing.

[mpg]

Splitting testing into multiple issues:

• This one is now about basic testing with ssl-opt: just default handshakes with various TLS versions, sides (client/server) and fragment sizes.
• Extended ssl-opt tests for TLS HS defragmentation #9987 is about other cases that can be (conveniently) tested with ssl-opt.
• Extended test_suite_ssl testing for TLS HS defragmentation #9968 is about other cases that need custom test functions in test_suite_ssl.