QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-05-01 04:04:39 +00:00
Code Issues Projects Releases Wiki Activity

Add a test for renegotiation with EXTMS dropped

Browse Source 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12045)
This commit is contained in:
Tomas Mraz 2020-06-05 10:50:25 +02:00
parent 11d3235e2b
commit cd4afec69f
5 changed files with 67 additions and 4 deletions

14
test/handshake_helper.c

@ -938,16 +938,24 @@ static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer)
if (SSL_is_server(peer->ssl)) {
ret = SSL_renegotiate(peer->ssl);
} else {
int full_reneg = 0;
if (test_ctx->extra.client.no_extms_on_reneg) {
SSL_set_options(peer->ssl, SSL_OP_NO_EXTENDED_MASTER_SECRET);
full_reneg = 1;
}
if (test_ctx->extra.client.reneg_ciphers != NULL) {
if (!SSL_set_cipher_list(peer->ssl,
test_ctx->extra.client.reneg_ciphers)) {
peer->status = PEER_ERROR;
return;
}
ret = SSL_renegotiate(peer->ssl);
} else {
ret = SSL_renegotiate_abbreviated(peer->ssl);
full_reneg = 1;
}
if (full_reneg)
ret = SSL_renegotiate(peer->ssl);
else
ret = SSL_renegotiate_abbreviated(peer->ssl);
}
if (!ret) {
peer->status = PEER_ERROR;

35
test/ssl-tests/17-renegotiate.cnf

@ -1,6 +1,6 @@
# Generated with generate_ssl_tests.pl
num_tests = 14
num_tests = 15
test-0 = 0-renegotiate-client-no-resume
test-1 = 1-renegotiate-client-resume
@ -16,6 +16,7 @@ test-10 = 10-no-renegotiation-server-by-client
test-11 = 11-no-renegotiation-server-by-server
test-12 = 12-no-renegotiation-client-by-server
test-13 = 13-no-renegotiation-client-by-client
test-14 = 14-no-extms-on-renegotiation
# ===========================================================
[0-renegotiate-client-no-resume]
@ -430,3 +431,35 @@ Method = TLS
ResumptionExpected = No
# ===========================================================
[14-no-extms-on-renegotiation]
ssl_conf = 14-no-extms-on-renegotiation-ssl
[14-no-extms-on-renegotiation-ssl]
server = 14-no-extms-on-renegotiation-server
client = 14-no-extms-on-renegotiation-client
[14-no-extms-on-renegotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[14-no-extms-on-renegotiation-client]
CipherString = DEFAULT
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-14]
ExpectedResult = ServerFail
HandshakeMode = RenegotiateClient
Method = TLS
ResumptionExpected = No
client = 14-no-extms-on-renegotiation-client-extra
[14-no-extms-on-renegotiation-client-extra]
RenegotiateNoExtms = Yes

18
test/ssl-tests/17-renegotiate.cnf.in

@ -243,6 +243,24 @@ our @tests_tls1_2 = (
"ResumptionExpected" => "No",
"ExpectedResult" => "ClientFail"
}
},
{
name => "no-extms-on-renegotiation",
server => {
"MaxProtocol" => "TLSv1.2"
},
client => {
"MaxProtocol" => "TLSv1.2",
extra => {
"RenegotiateNoExtms" => "Yes"
}
},
test => {
"Method" => "TLS",
"HandshakeMode" => "RenegotiateClient",
"ResumptionExpected" => "No",
"ExpectedResult" => "ServerFail"
}
}
);

2
test/ssl_test_ctx.c

@ -638,6 +638,7 @@ IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_cipher)
IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CLIENT_CONF, client, enable_pha)
IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, force_pha)
IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CLIENT_CONF, client, no_extms_on_reneg)
/* Known test options and their corresponding parse methods. */
@ -697,6 +698,7 @@ static const ssl_test_client_option ssl_test_client_options[] = {
{ "SRPPassword", &parse_client_srp_password },
{ "MaxFragmentLenExt", &parse_max_fragment_len_mode },
{ "EnablePHA", &parse_client_enable_pha },
{ "RenegotiateNoExtms", &parse_client_no_extms_on_reneg },
};
/* Nested server options. */

2
test/ssl_test_ctx.h

@ -110,6 +110,8 @@ typedef struct {
char *srp_password;
/* PHA enabled */
int enable_pha;
/* Do not send extms on renegotiation */
int no_extms_on_reneg;
} SSL_TEST_CLIENT_CONF;
typedef struct {