TEST_check(peer->status == PEER_RETRY);
TEST_check(test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER
- || test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT);
+ || test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT
+ || test_ctx->handshake_mode
+ == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER
+ || test_ctx->handshake_mode
+ == SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT);
+
+ /* Reset the count of the amount of app data we need to read/write */
+ peer->bytes_to_write = peer->bytes_to_read = test_ctx->app_data_size;
/* Check if we are the peer that is going to initiate */
if ((test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER
* session. The server may or may not resume dependant on the
* setting of SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
*/
- if (SSL_is_server(peer->ssl))
+ if (SSL_is_server(peer->ssl)) {
ret = SSL_renegotiate(peer->ssl);
- else
- ret = SSL_renegotiate_abbreviated(peer->ssl);
+ } else {
+ if (test_ctx->extra.client.reneg_ciphers != NULL) {
+ if (!SSL_set_cipher_list(peer->ssl,
+ test_ctx->extra.client.reneg_ciphers)) {
+ peer->status = PEER_ERROR;
+ return;
+ }
+ ret = SSL_renegotiate(peer->ssl);
+ } else {
+ ret = SSL_renegotiate_abbreviated(peer->ssl);
+ }
+ }
if (!ret) {
peer->status = PEER_ERROR;
return;
peer->status = PEER_RETRY;
return;
}
+ } else if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER
+ || test_ctx->handshake_mode
+ == SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT) {
+ if (SSL_is_server(peer->ssl)
+ != (test_ctx->handshake_mode
+ == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER)) {
+ peer->status = PEER_SUCCESS;
+ return;
+ }
+
+ ret = SSL_key_update(peer->ssl, test_ctx->key_update_type);
+ if (!ret) {
+ peer->status = PEER_ERROR;
+ return;
+ }
+ do_handshake_step(peer);
+ /*
+ * This is a one step handshake. We shouldn't get anything other than
+ * PEER_SUCCESS
+ */
+ if (peer->status != PEER_SUCCESS)
+ peer->status = PEER_ERROR;
+ return;
}
/*
peer->status = PEER_ERROR;
return;
}
- /* If we're no in init yet then we're not done with setup yet */
+ /* If we're not in init yet then we're not done with setup yet */
if (!SSL_in_init(peer->ssl))
return;
}
switch (phase) {
case HANDSHAKE:
if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER
- || test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT)
+ || test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT
+ || test_ctx->handshake_mode
+ == SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT
+ || test_ctx->handshake_mode
+ == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER)
return RENEG_APPLICATION_DATA;
return APPLICATION_DATA;
case RENEG_APPLICATION_DATA:
return RENEG_SETUP;
case RENEG_SETUP:
+ if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER
+ || test_ctx->handshake_mode
+ == SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT)
+ return APPLICATION_DATA;
return RENEG_HANDSHAKE;
case RENEG_HANDSHAKE:
return APPLICATION_DATA;