ssl-opt: Refactored fragmented HS renegotiation tests.
- Switched to using MBEDTLS_SSL_PROTO_TLS1_2 for dependency.
- Re-ordered tests.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index e8fe077..ac21e68 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -14475,7 +14475,7 @@
# Test server-side buffer resizing with fragmented handshake on TLS1.2
requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
@@ -14493,25 +14493,7 @@
# Test client-initiated renegotiation with fragmented handshake on TLS1.2
requires_openssl_3_x
-requires_protocol_version tls12
-requires_certificate_authentication
-requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Handshake defragmentation with client-initiated renegotiation: len=256" \
- "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \
- "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \
- 0 \
- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
- -s "found renegotiation extension" \
- -s "server hello, secure renegotiation extension" \
- -s "=> renegotiate" \
- -S "write hello request" \
- -s "reassembled record" \
- -s "initial handshake fragment: 256, 0..256 of [0-9]\\+" \
- -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \
- -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" \
-
-requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Handshake defragmentation with client-initiated renegotiation: len=512" \
@@ -14528,30 +14510,27 @@
-s "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \
-s "Consume: waiting for more handshake fragments 512/[0-9]\\+" \
-# Test server-initiated renegotiation with fragmented handshake on TLS1.2
-# Note: The /reneg endpoint serves as a directive for OpenSSL's s_server
-# to initiate a handshake renegotiation.
-# Note: Adjusting the renegotiation delay beyond the library's default value
-# of 16 is necessary, as it sets the maximum record depth to match it.
-# Splitting messages during the renegotiation process requires a deeper
-# stack to accommodate the increased processing complexity.
requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test "Handshake defragmentation with server-initiated renegotiation: len=256" \
- "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
- "$P_CLI debug_level=3 renegotiation=1 renego_delay=32 request_page=/reneg" \
+run_test "Handshake defragmentation with client-initiated renegotiation: len=256" \
+ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \
+ "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \
0 \
- -c "initial handshake fragment: 256, 0..256 of [0-9]\\+" \
- -c "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \
- -c "Consume: waiting for more handshake fragments 256/[0-9]\\+" \
- -c "client hello, adding renegotiation extension" \
- -c "found renegotiation extension" \
- -c "=> renegotiate"
+ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+ -s "found renegotiation extension" \
+ -s "server hello, secure renegotiation extension" \
+ -s "=> renegotiate" \
+ -S "write hello request" \
+ -s "reassembled record" \
+ -s "initial handshake fragment: 256, 0..256 of [0-9]\\+" \
+ -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \
+ -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" \
+# Test server-initiated renegotiation with fragmented handshake on TLS1.2
requires_openssl_3_x
-requires_protocol_version tls12
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Handshake defragmentation with server-initiated renegotiation: len=512" \
@@ -14565,6 +14544,28 @@
-c "found renegotiation extension" \
-c "=> renegotiate"
+
+# Note: The /reneg endpoint serves as a directive for OpenSSL's s_server
+# to initiate a handshake renegotiation.
+# Note: Adjusting the renegotiation delay beyond the library's default value
+# of 16 is necessary, as it sets the maximum record depth to match it.
+# Splitting messages during the renegotiation process requires a deeper
+# stack to accommodate the increased processing complexity.
+requires_openssl_3_x
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Handshake defragmentation with server-initiated renegotiation: len=256" \
+ "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
+ "$P_CLI debug_level=3 renegotiation=1 renego_delay=32 request_page=/reneg" \
+ 0 \
+ -c "initial handshake fragment: 256, 0..256 of [0-9]\\+" \
+ -c "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \
+ -c "Consume: waiting for more handshake fragments 256/[0-9]\\+" \
+ -c "client hello, adding renegotiation extension" \
+ -c "found renegotiation extension" \
+ -c "=> renegotiate"
+
# Test heap memory usage after handshake
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_MEMORY_DEBUG