mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-16 08:42:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add tests for periodic renegotiation

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-11-05 14:23:03 +01:00
parent 837f0fe831
commit 590f416142
2 changed files with 85 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
programs/ssl/ssl_server2.c
View File

@ -104,6 +104,7 @@ int main( int argc, char *argv[] )
#define DFL_ALLOW_LEGACY -2 #define DFL_ALLOW_LEGACY -2
#define DFL_RENEGOTIATE 0 #define DFL_RENEGOTIATE 0
#define DFL_RENEGO_DELAY -2 #define DFL_RENEGO_DELAY -2
#define DFL_RENEGO_PERIOD -1
#define DFL_EXCHANGES 1 #define DFL_EXCHANGES 1
#define DFL_MIN_VERSION -1 #define DFL_MIN_VERSION -1
#define DFL_MAX_VERSION -1 #define DFL_MAX_VERSION -1
@ -164,6 +165,7 @@ struct options
int allow_legacy; /* allow legacy renegotiation */ int allow_legacy; /* allow legacy renegotiation */
int renegotiate; /* attempt renegotiation? */ int renegotiate; /* attempt renegotiation? */
int renego_delay; /* delay before enforcing renegotiation */ int renego_delay; /* delay before enforcing renegotiation */
int renego_period; /* period for automatic renegotiation */
int exchanges; /* number of data exchanges */ int exchanges; /* number of data exchanges */
int min_version; /* minimum protocol version accepted */ int min_version; /* minimum protocol version accepted */
int max_version; /* maximum protocol version accepted */ int max_version; /* maximum protocol version accepted */
@ -303,7 +305,8 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len )
#define USAGE_RENEGO \ #define USAGE_RENEGO \
" renegotiation=%%d default: 0 (disabled)\n" \ " renegotiation=%%d default: 0 (disabled)\n" \
" renegotiate=%%d default: 0 (disabled)\n" \ " renegotiate=%%d default: 0 (disabled)\n" \
" renego_delay=%%d default: -2 (library default)\n" " renego_delay=%%d default: -2 (library default)\n" \
" renego_period=%%d default: (library default)\n"
#else #else
#define USAGE_RENEGO "" #define USAGE_RENEGO ""
#endif #endif
@ -608,6 +611,9 @@ int main( int argc, char *argv[] )
entropy_context entropy; entropy_context entropy;
ctr_drbg_context ctr_drbg; ctr_drbg_context ctr_drbg;
ssl_context ssl; ssl_context ssl;
#if defined(POLARSSL_SSL_RENEGOTIATION)
unsigned char renego_period[8] = { 0 };
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C) #if defined(POLARSSL_X509_CRT_PARSE_C)
x509_crt cacert; x509_crt cacert;
x509_crt srvcert; x509_crt srvcert;
@ -708,6 +714,7 @@ int main( int argc, char *argv[] )
opt.allow_legacy = DFL_ALLOW_LEGACY; opt.allow_legacy = DFL_ALLOW_LEGACY;
opt.renegotiate = DFL_RENEGOTIATE; opt.renegotiate = DFL_RENEGOTIATE;
opt.renego_delay = DFL_RENEGO_DELAY; opt.renego_delay = DFL_RENEGO_DELAY;
opt.renego_period = DFL_RENEGO_PERIOD;
opt.exchanges = DFL_EXCHANGES; opt.exchanges = DFL_EXCHANGES;
opt.min_version = DFL_MIN_VERSION; opt.min_version = DFL_MIN_VERSION;
opt.max_version = DFL_MAX_VERSION; opt.max_version = DFL_MAX_VERSION;
@ -806,6 +813,12 @@ int main( int argc, char *argv[] )
{ {
opt.renego_delay = atoi( q ); opt.renego_delay = atoi( q );
} }
else if( strcmp( p, "renego_period" ) == 0 )
{
opt.renego_period = atoi( q );
if( opt.renego_period < 2 || opt.renego_period > 255 )
goto usage;
}
else if( strcmp( p, "exchanges" ) == 0 ) else if( strcmp( p, "exchanges" ) == 0 )
{ {
opt.exchanges = atoi( q ); opt.exchanges = atoi( q );
@ -1325,8 +1338,15 @@ int main( int argc, char *argv[] )
ssl_legacy_renegotiation( &ssl, opt.allow_legacy ); ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
#if defined(POLARSSL_SSL_RENEGOTIATION) #if defined(POLARSSL_SSL_RENEGOTIATION)
ssl_set_renegotiation( &ssl, opt.renegotiation ); ssl_set_renegotiation( &ssl, opt.renegotiation );
if( opt.renego_delay != DFL_RENEGO_DELAY ) if( opt.renego_delay != DFL_RENEGO_DELAY )
ssl_set_renegotiation_enforced( &ssl, opt.renego_delay ); ssl_set_renegotiation_enforced( &ssl, opt.renego_delay );
if( opt.renego_period != DFL_RENEGO_PERIOD )
{
renego_period[7] = opt.renego_period;
ssl_set_renegotiation_period( &ssl, renego_period );
}
#endif #endif
#if defined(POLARSSL_X509_CRT_PARSE_C) #if defined(POLARSSL_X509_CRT_PARSE_C)

64
tests/ssl-opt.sh
View File

@ -770,6 +770,70 @@ run_test "Renegotiation: server-initiated, client-accepted, delay 0" \
-S "SSL - An unexpected message was received from our peer" \ -S "SSL - An unexpected message was received from our peer" \
-S "failed" -S "failed"
run_test "Renegotiation: periodic, just below period" \
"$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
0 \
-C "client hello, adding renegotiation extension" \
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-S "found renegotiation extension" \
-s "server hello, secure renegotiation extension" \
-c "found renegotiation extension" \
-S "record counter limit reached: renegotiate" \
-C "=> renegotiate" \
-S "=> renegotiate" \
-S "write hello request" \
-S "SSL - An unexpected message was received from our peer" \
-S "failed"
run_test "Renegotiation: periodic, just above period" \
"$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3" \
"$P_CLI debug_level=3 exchanges=3 renegotiation=1" \
0 \
-c "client hello, adding renegotiation extension" \
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-s "found renegotiation extension" \
-s "server hello, secure renegotiation extension" \
-c "found renegotiation extension" \
-s "record counter limit reached: renegotiate" \
-c "=> renegotiate" \
-s "=> renegotiate" \
-s "write hello request" \
-S "SSL - An unexpected message was received from our peer" \
-S "failed"
run_test "Renegotiation: periodic, two times period" \
"$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3" \
"$P_CLI debug_level=3 exchanges=6 renegotiation=1" \
0 \
-c "client hello, adding renegotiation extension" \
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-s "found renegotiation extension" \
-s "server hello, secure renegotiation extension" \
-c "found renegotiation extension" \
-s "record counter limit reached: renegotiate" \
-c "=> renegotiate" \
-s "=> renegotiate" \
-s "write hello request" \
-S "SSL - An unexpected message was received from our peer" \
-S "failed"
run_test "Renegotiation: periodic, above period, disabled" \
"$P_SRV debug_level=3 exchanges=9 renegotiation=0 renego_period=3" \
"$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
0 \
-C "client hello, adding renegotiation extension" \
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
-S "found renegotiation extension" \
-s "server hello, secure renegotiation extension" \
-c "found renegotiation extension" \
-S "record counter limit reached: renegotiate" \
-C "=> renegotiate" \
-S "=> renegotiate" \
-S "write hello request" \
-S "SSL - An unexpected message was received from our peer" \
-S "failed"
run_test "Renegotiation: nbio, client-initiated" \ run_test "Renegotiation: nbio, client-initiated" \
"$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1" \ "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1" \
"$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \ "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \