Ything-RepoMirrors/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-01-25 02:56:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

The PSK tests were disabled cause of a Proxy issue, but that has

Browse Source 
been resolved. They were failing now because of a PQ issue and
the TLS Proxy. In a nutshell the TLS Proxy doesn't handle
repacking correctly for fragmented packets.

Fixes: openssl/project/#1791

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Thu Jan 22 10:08:46 2026
(Merged from https://github.com/openssl/openssl/pull/29606)
This commit is contained in:
Ryan Hooper
2026-01-12 10:12:04 -05:00
committed by Norbert Pocs
parent ccc132989e
commit 1f0c23c4c8
1 changed files with 15 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
test/recipes/70-test_tls13psk.t
View File

@@ -46,8 +46,6 @@ SKIP: {
}
SKIP: {
skip "TODO(DTLSv1.3): When enabling sessionfile and dtls TLSProxy hangs after"
." the handshake.", $testcount;
skip "DTLS 1.3 is disabled", $testcount if disabled("dtls1_3");
skip "DTLSProxy does not work on Windows", $testcount if $^O =~ /^(MSWin32)$/;
run_tests(1);
@@ -78,14 +76,21 @@ sub run_tests
);
}
my $groups_list = "-groups " .
(!disabled("ec") ? "P-256:P-384:" : "") .
(!disabled("ecx") ? "X25519:X448:" : "") .
(!disabled("dh") ? "ffdhe2048:ffdhe3072" : "");
# Remove trailing colon if present
$groups_list =~ s/:$//;
#Most PSK tests are done in test_ssl_new. This tests various failure scenarios
#around PSK
#Test 1: First get a session
$proxy->clear();
(undef, my $session) = tempfile();
$proxy->clientflags("-sess_out " . $session);
$proxy->serverflags("-servername localhost");
$proxy->clientflags($groups_list . " -sess_out " . $session);
$proxy->serverflags($groups_list . " -servername localhost");
$proxy->sessionfile($session);
$proxy_start_success = $proxy->start();
skip "TLSProxy did not start correctly", $testcount if $proxy_start_success == 0;
@@ -93,7 +98,8 @@ sub run_tests
#Test 2: Attempt a resume with PSK not in last place. Should fail
$proxy->clear();
$proxy->clientflags("-sess_in " . $session);
$proxy->clientflags($groups_list . " -sess_in " . $session);
$proxy->serverflags($groups_list);
$proxy->filter(\&modify_psk_filter);
$testtype = PSK_LAST_FIRST_CH;
$proxy->start();
@@ -102,7 +108,7 @@ sub run_tests
#Test 3: Attempt a resume after an HRR where PSK hash matches selected
# ciphersuite. Should see PSK on second ClientHello
$proxy->clear();
$proxy->clientflags("-sess_in " . $session);
$proxy->clientflags($groups_list . " -sess_in " . $session);
if (disabled("ec")) {
$proxy->serverflags("-curves ffdhe3072");
}
@@ -121,7 +127,7 @@ sub run_tests
#Test 4: Attempt a resume after an HRR where PSK hash does not match selected
# ciphersuite. Should not see PSK on second ClientHello
$proxy->clear();
$proxy->clientflags("-sess_in " . $session);
$proxy->clientflags($groups_list . " -sess_in " . $session);
$proxy->filter(\&modify_psk_filter);
if (disabled("ec")) {
$proxy->serverflags("-curves ffdhe3072");
@@ -145,7 +151,8 @@ sub run_tests
#Test 5: Attempt a resume without a sig agls extension. Should succeed because
# sig algs is not needed in a resumption.
$proxy->clear();
$proxy->clientflags("-sess_in " . $session);
$proxy->clientflags($groups_list . " -sess_in " . $session);
$proxy->serverflags($groups_list);
$proxy->filter(\&remove_sig_algs_filter);
$proxy->start();
ok(TLSProxy::Message->success(), "Remove sig algs");