TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c4595a4c6a9dd1b78cc63f871ff0874e28782907^! / .
commitc4595a4c6a9dd1b78cc63f871ff0874e28782907[log] [tgz]
authorMinos Galanakis <minos.galanakis@arm.com>Wed Feb 12 18:23:09 2025 +0000
committerMinos Galanakis <minos.galanakis@arm.com>Fri Mar 14 00:10:10 2025 +0000
tree283b225290f5db345b3765218e19d5056d87ff23
parent1e6438d8b9e9f57f066b57c62e55ae3d504e483e [diff]
ssl-opt: Added fragmented HS tests for client-initiated renegotiation.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index bcff90c..a9b4fee 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -103,12 +103,14 @@
     O_NEXT_SRV_NO_CERT="$OPENSSL_NEXT s_server -www "
     O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client -CAfile $DATA_FILES_PATH/test-ca_cat12.crt"
     O_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client"
+    O_NEXT_CLI_RENEGOTIATE="echo 'R' | $OPENSSL_NEXT s_client"
 else
     O_NEXT_SRV=false
     O_NEXT_SRV_NO_CERT=false
     O_NEXT_SRV_EARLY_DATA=false
     O_NEXT_CLI_NO_CERT=false
     O_NEXT_CLI=false
+    O_NEXT_CLI_RENEGOTIATE=false
 fi
 
 if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
@@ -14489,6 +14491,43 @@
             -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \
             -s "Consume: waiting for more handshake fragments 256/[0-9]\\+"
 
+# Test Client initiated renegotiation with fragmented handshake on TLS1.2
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test    "Handshake defragmentation with client-initiated renegotiation: len=256" \
+            "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \
+            "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \
+            0 \
+            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+            -s "found renegotiation extension" \
+            -s "server hello, secure renegotiation extension" \
+            -s "=> renegotiate" \
+            -S "write hello request" \
+            -s "reassembled record" \
+            -s "initial handshake fragment: 256, 0..256 of [0-9]\\+" \
+            -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \
+            -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" \
+
+requires_openssl_3_x
+requires_protocol_version tls12
+requires_certificate_authentication
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test    "Handshake defragmentation with client-initiated renegotiation: len=512" \
+            "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \
+            "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \
+            0 \
+            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+            -s "found renegotiation extension" \
+            -s "server hello, secure renegotiation extension" \
+            -s "=> renegotiate" \
+            -S "write hello request" \
+            -s "reassembled record" \
+            -s "initial handshake fragment: 512, 0..512 of [0-9]\\+" \
+            -s "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \
+            -s "Consume: waiting for more handshake fragments 512/[0-9]\\+" \
+
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_MEMORY_DEBUG