Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
e42c4544
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
e42c4544
编写于
9月 26, 2016
作者:
M
Matt Caswell
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add support for testing renegotiation
Reviewed-by:
N
Rich Salz
<
rsalz@openssl.org
>
上级
2f97192c
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
132 addition
and
7 deletion
+132
-7
test/handshake_helper.c
test/handshake_helper.c
+72
-5
test/recipes/80-test_ssl_new.t
test/recipes/80-test_ssl_new.t
+1
-1
test/ssl-tests/17-renegotiate.conf
test/ssl-tests/17-renegotiate.conf
+30
-0
test/ssl-tests/17-renegotiate.conf.in
test/ssl-tests/17-renegotiate.conf.in
+29
-0
test/ssl_test_ctx.h
test/ssl_test_ctx.h
+0
-1
未找到文件。
test/handshake_helper.c
浏览文件 @
e42c4544
...
...
@@ -583,6 +583,54 @@ static void do_app_data_step(PEER *peer)
}
}
static
void
do_reneg_setup_step
(
PEER
*
peer
)
{
int
ret
;
char
buf
;
TEST_check
(
peer
->
status
==
PEER_RETRY
);
/* We only support client initiated reneg at the moment */
/* TODO: server side */
if
(
!
SSL_is_server
(
peer
->
ssl
))
{
ret
=
SSL_renegotiate
(
peer
->
ssl
);
if
(
!
ret
)
{
peer
->
status
=
PEER_ERROR
;
return
;
}
do_handshake_step
(
peer
);
/*
* If status is PEER_RETRY it means we're waiting on the server to
* continue the handshake. As far as setting up the renegotiation is
* concerned that is a success. The next step will continue the
* handshake to its conclusion.
*/
if
(
peer
->
status
==
PEER_RETRY
)
peer
->
status
=
PEER_SUCCESS
;
return
;
}
/*
* The SSL object is still expecting app data, even though it's going to
* get a handshake message. We try to read, and it should fail - after which
* we should be in a handshake
*/
ret
=
SSL_read
(
peer
->
ssl
,
&
buf
,
sizeof
(
buf
));
if
(
ret
>=
0
)
{
/* We're not actually expecting data - we're expect a reneg to start */
peer
->
status
=
PEER_ERROR
;
return
;
}
else
{
int
error
=
SSL_get_error
(
peer
->
ssl
,
ret
);
if
(
error
!=
SSL_ERROR_WANT_READ
||
!
SSL_in_init
(
peer
->
ssl
))
{
peer
->
status
=
PEER_ERROR
;
return
;
}
}
peer
->
status
=
PEER_SUCCESS
;
}
/*
* RFC 5246 says:
*
...
...
@@ -617,15 +665,27 @@ static void do_shutdown_step(PEER *peer)
typedef
enum
{
HANDSHAKE
,
RENEG_APPLICATION_DATA
,
RENEG_SETUP
,
RENEG_HANDSHAKE
,
APPLICATION_DATA
,
SHUTDOWN
,
CONNECTION_DONE
}
connect_phase_t
;
static
connect_phase_t
next_phase
(
connect_phase_t
phase
)
static
connect_phase_t
next_phase
(
const
SSL_TEST_CTX
*
test_ctx
,
connect_phase_t
phase
)
{
switch
(
phase
)
{
case
HANDSHAKE
:
if
(
test_ctx
->
handshake_mode
==
SSL_TEST_HANDSHAKE_RENEGOTIATE
)
return
RENEG_APPLICATION_DATA
;
return
APPLICATION_DATA
;
case
RENEG_APPLICATION_DATA
:
return
RENEG_SETUP
;
case
RENEG_SETUP
:
return
RENEG_HANDSHAKE
;
case
RENEG_HANDSHAKE
:
return
APPLICATION_DATA
;
case
APPLICATION_DATA
:
return
SHUTDOWN
;
...
...
@@ -644,6 +704,15 @@ static void do_connect_step(PEER *peer, connect_phase_t phase)
case
HANDSHAKE
:
do_handshake_step
(
peer
);
break
;
case
RENEG_APPLICATION_DATA
:
do_app_data_step
(
peer
);
break
;
case
RENEG_SETUP
:
do_reneg_setup_step
(
peer
);
break
;
case
RENEG_HANDSHAKE
:
do_handshake_step
(
peer
);
break
;
case
APPLICATION_DATA
:
do_app_data_step
(
peer
);
break
;
...
...
@@ -857,7 +926,7 @@ static HANDSHAKE_RESULT *do_handshake_internal(
switch
(
status
)
{
case
HANDSHAKE_SUCCESS
:
phase
=
next_phase
(
phase
);
phase
=
next_phase
(
test_ctx
,
phase
);
if
(
phase
==
CONNECTION_DONE
)
{
ret
->
result
=
SSL_TEST_SUCCESS
;
goto
err
;
...
...
@@ -945,11 +1014,9 @@ HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
result
=
do_handshake_internal
(
server_ctx
,
server2_ctx
,
client_ctx
,
test_ctx
,
&
test_ctx
->
extra
,
NULL
,
&
session
);
if
(
test_ctx
->
handshake_mode
==
SSL_TEST_HANDSHAKE_SIMPL
E
)
if
(
test_ctx
->
handshake_mode
!=
SSL_TEST_HANDSHAKE_RESUM
E
)
goto
end
;
TEST_check
(
test_ctx
->
handshake_mode
==
SSL_TEST_HANDSHAKE_RESUME
);
if
(
result
->
result
!=
SSL_TEST_SUCCESS
)
{
result
->
result
=
SSL_TEST_FIRST_HANDSHAKE_FAILED
;
goto
end
;
...
...
test/recipes/80-test_ssl_new.t
浏览文件 @
e42c4544
...
...
@@ -29,7 +29,7 @@ map { s/\.in// } @conf_files;
# We hard-code the number of tests to double-check that the globbing above
# finds all files as expected.
plan
tests
=>
1
6
;
# = scalar @conf_srcs
plan
tests
=>
1
7
;
# = scalar @conf_srcs
# Some test results depend on the configuration of enabled protocols. We only
# verify generated sources in the default configuration.
...
...
test/ssl-tests/17-renegotiate.conf
0 → 100644
浏览文件 @
e42c4544
# Generated with generate_ssl_tests.pl
num_tests
=
1
test
-
0
=
0
-
renegotiate
# ===========================================================
[
0
-
renegotiate
]
ssl_conf
=
0
-
renegotiate
-
ssl
[
0
-
renegotiate
-
ssl
]
server
=
0
-
renegotiate
-
server
client
=
0
-
renegotiate
-
client
[
0
-
renegotiate
-
server
]
Certificate
= ${
ENV
::
TEST_CERTS_DIR
}/
servercert
.
pem
CipherString
=
DEFAULT
PrivateKey
= ${
ENV
::
TEST_CERTS_DIR
}/
serverkey
.
pem
[
0
-
renegotiate
-
client
]
CipherString
=
DEFAULT
VerifyCAFile
= ${
ENV
::
TEST_CERTS_DIR
}/
rootcert
.
pem
VerifyMode
=
Peer
[
test
-
0
]
ExpectedResult
=
Success
HandshakeMode
=
Renegotiate
Method
=
TLS
test/ssl-tests/17-renegotiate.conf.in
0 → 100644
浏览文件 @
e42c4544
# -*- mode: perl; -*-
# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
## Test Renegotiation
use
strict
;
use
warnings
;
package
ssltests
;
our
@tests
=
(
{
name
=>
"
renegotiate
",
server
=>
{},
client
=>
{},
test
=>
{
"
Method
"
=>
"
TLS
",
"
HandshakeMode
"
=>
"
Renegotiate
",
"
ExpectedResult
"
=>
"
Success
"
}
},
);
test/ssl_test_ctx.h
浏览文件 @
e42c4544
...
...
@@ -56,7 +56,6 @@ typedef enum {
typedef
enum
{
SSL_TEST_HANDSHAKE_SIMPLE
=
0
,
/* Default */
SSL_TEST_HANDSHAKE_RESUME
,
/* Not yet implemented */
SSL_TEST_HANDSHAKE_RENEGOTIATE
}
ssl_handshake_mode_t
;
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录