From 135ebd3241b3f817d03fe7f609036bb6613fe1bd Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 14:03:38 +0000 Subject: [PATCH] ssl-opt: Removed mock-tests from HS renegotiation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 44 ++++++-------------------------------------- 1 file changed, 6 insertions(+), 38 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7ea00d2bb..19e4b9561 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13781,13 +13781,13 @@ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with server-initiated renegotiation: len=300" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 300 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ +run_test "Handshake defragmentation with server-initiated renegotiation: len=256" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$P_CLI debug_level=3 renegotiation=1 renego_delay=32 request_page=/reneg" \ 0 \ - -c "initial handshake fragment: 300, 0..300 of [0-9]\\+" \ - -c "Prepare: waiting for more handshake fragments 300/[0-9]\\+" \ - -c "Consume: waiting for more handshake fragments 300/[0-9]\\+" \ + -c "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ + -c "Consume: waiting for more handshake fragments 256/[0-9]\\+" \ -c "client hello, adding renegotiation extension" \ -c "found renegotiation extension" \ -c "=> renegotiate" @@ -13807,38 +13807,6 @@ run_test "Handshake defragmentation with server-initiated renegotiation: len= -c "found renegotiation extension" \ -c "=> renegotiate" -# Mock negative test to demonstrate the failure with n-bit sized fragments, where ClientHello < n. -requires_openssl_3_x -requires_protocol_version tls12 -requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation mock with server-initiated renegotation: len=256 renego_delay=default(16)" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ - 1 \ - -c "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ - -c "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ - -c "Consume: waiting for more handshake fragments 256/[0-9]\\+" \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "renegotiation requested, but not honored by server" - -# Fixing the above mock negative using the new renego_delay parameter -requires_openssl_3_x -requires_protocol_version tls12 -requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation mock with server-initiated renegotiation: len=256 renego_delay=32" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 allow_legacy=1 renegotiation=1 renego_delay=32 request_page=/reneg" \ - 0 \ - -c "initial handshake fragment: 200, 0..200 of [0-9]\\+" \ - -c "Prepare: waiting for more handshake fragments 200/[0-9]\\+" \ - -c "Consume: waiting for more handshake fragments 200/[0-9]\\+" \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" - # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG