]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/sslapitest.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Flush server side unauthenticated writes
[thirdparty/openssl.git] / test / sslapitest.c
CommitLineData
2cb4b5f6 1/*
6738bf14 2 * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
2cb4b5f6
MC		 3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
ba881d3b
MC		 10#include <string.h>
11
2cb4b5f6
MC		 12#include <openssl/opensslconf.h>
13#include <openssl/bio.h>
14#include <openssl/crypto.h>
15#include <openssl/ssl.h>
ba881d3b 16#include <openssl/ocsp.h>
76fd7a1d
MC		 17#include <openssl/srp.h>
18#include <openssl/txt_db.h>
2cb4b5f6
MC		 19
20#include "ssltestlib.h"
c887104f 21#include "testutil.h"
f297e4ec 22#include "testutil/output.h"
176db6dc 23#include "internal/nelem.h"
ca0413ae 24#include "../ssl/ssl_locl.h"
2cb4b5f6
MC		 25
26static char *cert = NULL;
27static char *privkey = NULL;
76fd7a1d
MC		 28static char *srpvfile = NULL;
29static char *tmpfilename = NULL;
2cb4b5f6 30
cffe973c 31#define LOG_BUFFER_SIZE 2048
6acdd3e5 32static char server_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
710756a9 33static size_t server_log_buffer_index = 0;
6acdd3e5 34static char client_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
710756a9 35static size_t client_log_buffer_index = 0;
6acdd3e5
CB		 36static int error_writing_log = 0;
37
8f8c11d8 38#ifndef OPENSSL_NO_OCSP
ba881d3b
MC		 39static const unsigned char orespder[] = "Dummy OCSP Response";
40static int ocsp_server_called = 0;
41static int ocsp_client_called = 0;
42
43static int cdummyarg = 1;
44static X509 *ocspcert = NULL;
8f8c11d8 45#endif
ba881d3b 46
84d5549e 47#define NUM_EXTRA_CERTS 40
cf72c757 48#define CLIENT_VERSION_LEN 2
84d5549e 49
f1a5939f
CB		 50/*
51 * This structure is used to validate that the correct number of log messages
52 * of various types are emitted when emitting secret logs.
53 */
54struct sslapitest_log_counts {
55 unsigned int rsa_key_exchange_count;
56 unsigned int master_secret_count;
cffe973c 57 unsigned int client_early_secret_count;
f1a5939f
CB		 58 unsigned int client_handshake_secret_count;
59 unsigned int server_handshake_secret_count;
60 unsigned int client_application_secret_count;
61 unsigned int server_application_secret_count;
01a2a654 62 unsigned int early_exporter_secret_count;
6329ce8f 63 unsigned int exporter_secret_count;
f1a5939f
CB		 64};
65
16afd71c
MC		 66
67static unsigned char serverinfov1[] = {
68 0xff, 0xff, /* Dummy extension type */
69 0x00, 0x01, /* Extension length is 1 byte */
70 0xff /* Dummy extension data */
71};
72
73static unsigned char serverinfov2[] = {
74 0x00, 0x00, 0x00,
75 (unsigned char)(SSL_EXT_CLIENT_HELLO & 0xff), /* Dummy context - 4 bytes */
76 0xff, 0xff, /* Dummy extension type */
77 0x00, 0x01, /* Extension length is 1 byte */
78 0xff /* Dummy extension data */
79};
80
710756a9
RS		 81static void client_keylog_callback(const SSL *ssl, const char *line)
82{
6acdd3e5
CB		 83 int line_length = strlen(line);
84
85 /* If the log doesn't fit, error out. */
710756a9
RS		 86 if (client_log_buffer_index + line_length > sizeof(client_log_buffer) - 1) {
87 TEST_info("Client log too full");
6acdd3e5
CB		 88 error_writing_log = 1;
89 return;
90 }
91
92 strcat(client_log_buffer, line);
93 client_log_buffer_index += line_length;
710756a9 94 client_log_buffer[client_log_buffer_index++] = '\n';
6acdd3e5
CB		 95}
96
710756a9
RS		 97static void server_keylog_callback(const SSL *ssl, const char *line)
98{
6acdd3e5
CB		 99 int line_length = strlen(line);
100
101 /* If the log doesn't fit, error out. */
710756a9 102 if (server_log_buffer_index + line_length > sizeof(server_log_buffer) - 1) {
bdcacd93 103 TEST_info("Server log too full");
6acdd3e5
CB		 104 error_writing_log = 1;
105 return;
106 }
107
108 strcat(server_log_buffer, line);
109 server_log_buffer_index += line_length;
710756a9 110 server_log_buffer[server_log_buffer_index++] = '\n';
6acdd3e5
CB		 111}
112
113static int compare_hex_encoded_buffer(const char *hex_encoded,
114 size_t hex_length,
115 const uint8_t *raw,
710756a9
RS		 116 size_t raw_length)
117{
118 size_t i, j;
119 char hexed[3];
6acdd3e5 120
710756a9 121 if (!TEST_size_t_eq(raw_length * 2, hex_length))
6acdd3e5 122 return 1;
6acdd3e5 123
710756a9 124 for (i = j = 0; i < raw_length && j + 1 < hex_length; i++, j += 2) {
6acdd3e5 125 sprintf(hexed, "%02x", raw[i]);
710756a9
RS		 126 if (!TEST_int_eq(hexed[0], hex_encoded[j])
127 || !TEST_int_eq(hexed[1], hex_encoded[j + 1]))
6acdd3e5 128 return 1;
6acdd3e5
CB		 129 }
130
131 return 0;
132}
133
134static int test_keylog_output(char *buffer, const SSL *ssl,
f1a5939f 135 const SSL_SESSION *session,
710756a9
RS		 136 struct sslapitest_log_counts *expected)
137{
6acdd3e5
CB		 138 char *token = NULL;
139 unsigned char actual_client_random[SSL3_RANDOM_SIZE] = {0};
140 size_t client_random_size = SSL3_RANDOM_SIZE;
141 unsigned char actual_master_key[SSL_MAX_MASTER_KEY_LENGTH] = {0};
142 size_t master_key_size = SSL_MAX_MASTER_KEY_LENGTH;
f1a5939f
CB		 143 unsigned int rsa_key_exchange_count = 0;
144 unsigned int master_secret_count = 0;
cffe973c 145 unsigned int client_early_secret_count = 0;
f1a5939f
CB		 146 unsigned int client_handshake_secret_count = 0;
147 unsigned int server_handshake_secret_count = 0;
148 unsigned int client_application_secret_count = 0;
149 unsigned int server_application_secret_count = 0;
01a2a654 150 unsigned int early_exporter_secret_count = 0;
6329ce8f 151 unsigned int exporter_secret_count = 0;
6acdd3e5 152
710756a9
RS		 153 for (token = strtok(buffer, " \n"); token != NULL;
154 token = strtok(NULL, " \n")) {
6acdd3e5 155 if (strcmp(token, "RSA") == 0) {
f1a5939f
CB		 156 /*
157 * Premaster secret. Tokens should be: 16 ASCII bytes of
6acdd3e5
CB		 158 * hex-encoded encrypted secret, then the hex-encoded pre-master
159 * secret.
160 */
710756a9 161 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 162 return 0;
710756a9 163 if (!TEST_size_t_eq(strlen(token), 16))
f1a5939f 164 return 0;
710756a9 165 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 166 return 0;
f1a5939f
CB		 167 /*
168 * We can't sensibly check the log because the premaster secret is
169 * transient, and OpenSSL doesn't keep hold of it once the master
170 * secret is generated.
171 */
172 rsa_key_exchange_count++;
6acdd3e5 173 } else if (strcmp(token, "CLIENT_RANDOM") == 0) {
f1a5939f
CB		 174 /*
175 * Master secret. Tokens should be: 64 ASCII bytes of hex-encoded
6acdd3e5
CB		 176 * client random, then the hex-encoded master secret.
177 */
178 client_random_size = SSL_get_client_random(ssl,
179 actual_client_random,
180 SSL3_RANDOM_SIZE);
710756a9 181 if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE))
f1a5939f 182 return 0;
6acdd3e5 183
710756a9 184 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 185 return 0;
710756a9 186 if (!TEST_size_t_eq(strlen(token), 64))
f1a5939f 187 return 0;
710756a9
RS		 188 if (!TEST_false(compare_hex_encoded_buffer(token, 64,
189 actual_client_random,
190 client_random_size)))
f1a5939f 191 return 0;
6acdd3e5 192
710756a9 193 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 194 return 0;
6acdd3e5
CB		 195 master_key_size = SSL_SESSION_get_master_key(session,
196 actual_master_key,
197 master_key_size);
710756a9 198 if (!TEST_size_t_ne(master_key_size, 0))
f1a5939f 199 return 0;
710756a9
RS		 200 if (!TEST_false(compare_hex_encoded_buffer(token, strlen(token),
201 actual_master_key,
202 master_key_size)))
f1a5939f 203 return 0;
f1a5939f 204 master_secret_count++;
cffe973c
PW		 205 } else if (strcmp(token, "CLIENT_EARLY_TRAFFIC_SECRET") == 0
206 || strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0
710756a9
RS		 207 || strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0
208 || strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0
6329ce8f 209 || strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0
01a2a654 210 || strcmp(token, "EARLY_EXPORTER_SECRET") == 0
6329ce8f 211 || strcmp(token, "EXPORTER_SECRET") == 0) {
f1a5939f
CB		 212 /*
213 * TLSv1.3 secret. Tokens should be: 64 ASCII bytes of hex-encoded
214 * client random, and then the hex-encoded secret. In this case,
215 * we treat all of these secrets identically and then just
216 * distinguish between them when counting what we saw.
217 */
cffe973c
PW		 218 if (strcmp(token, "CLIENT_EARLY_TRAFFIC_SECRET") == 0)
219 client_early_secret_count++;
220 else if (strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0)
f1a5939f
CB		 221 client_handshake_secret_count++;
222 else if (strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0)
223 server_handshake_secret_count++;
224 else if (strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0)
225 client_application_secret_count++;
226 else if (strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0)
227 server_application_secret_count++;
01a2a654
PW		 228 else if (strcmp(token, "EARLY_EXPORTER_SECRET") == 0)
229 early_exporter_secret_count++;
6329ce8f
PW		 230 else if (strcmp(token, "EXPORTER_SECRET") == 0)
231 exporter_secret_count++;
f1a5939f
CB		 232
233 client_random_size = SSL_get_client_random(ssl,
234 actual_client_random,
235 SSL3_RANDOM_SIZE);
710756a9 236 if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE))
f1a5939f 237 return 0;
f1a5939f 238
710756a9 239 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 240 return 0;
710756a9 241 if (!TEST_size_t_eq(strlen(token), 64))
f1a5939f 242 return 0;
710756a9
RS		 243 if (!TEST_false(compare_hex_encoded_buffer(token, 64,
244 actual_client_random,
245 client_random_size)))
f1a5939f 246 return 0;
6acdd3e5 247
710756a9 248 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 249 return 0;
f1a5939f
CB		 250
251 /*
252 * TODO(TLS1.3): test that application traffic secrets are what
253 * we expect */
6acdd3e5 254 } else {
710756a9 255 TEST_info("Unexpected token %s\n", token);
f1a5939f 256 return 0;
6acdd3e5 257 }
6acdd3e5
CB		 258 }
259
710756a9
RS		 260 /* Got what we expected? */
261 if (!TEST_size_t_eq(rsa_key_exchange_count,
262 expected->rsa_key_exchange_count)
263 || !TEST_size_t_eq(master_secret_count,
264 expected->master_secret_count)
cffe973c
PW		 265 || !TEST_size_t_eq(client_early_secret_count,
266 expected->client_early_secret_count)
710756a9
RS		 267 || !TEST_size_t_eq(client_handshake_secret_count,
268 expected->client_handshake_secret_count)
269 || !TEST_size_t_eq(server_handshake_secret_count,
270 expected->server_handshake_secret_count)
271 || !TEST_size_t_eq(client_application_secret_count,
272 expected->client_application_secret_count)
273 || !TEST_size_t_eq(server_application_secret_count,
6329ce8f 274 expected->server_application_secret_count)
01a2a654
PW		 275 || !TEST_size_t_eq(early_exporter_secret_count,
276 expected->early_exporter_secret_count)
6329ce8f
PW		 277 || !TEST_size_t_eq(exporter_secret_count,
278 expected->exporter_secret_count))
710756a9
RS		 279 return 0;
280 return 1;
6acdd3e5
CB		 281}
282
c423ecaa 283#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
710756a9
RS		 284static int test_keylog(void)
285{
6acdd3e5
CB		 286 SSL_CTX *cctx = NULL, *sctx = NULL;
287 SSL *clientssl = NULL, *serverssl = NULL;
288 int testresult = 0;
f1a5939f 289 struct sslapitest_log_counts expected = {0};
6acdd3e5
CB		 290
291 /* Clean up logging space */
710756a9
RS		 292 memset(client_log_buffer, 0, sizeof(client_log_buffer));
293 memset(server_log_buffer, 0, sizeof(server_log_buffer));
6acdd3e5
CB		 294 client_log_buffer_index = 0;
295 server_log_buffer_index = 0;
296 error_writing_log = 0;
297
710756a9
RS		 298 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
299 TLS_client_method(),
7d7f6834 300 TLS1_VERSION, TLS_MAX_VERSION,
710756a9 301 &sctx, &cctx, cert, privkey)))
6acdd3e5 302 return 0;
6acdd3e5
CB		 303
304 /* We cannot log the master secret for TLSv1.3, so we should forbid it. */
305 SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
306 SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
307
f0deb4d3 308 /* We also want to ensure that we use RSA-based key exchange. */
710756a9 309 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "RSA")))
f0deb4d3 310 goto end;
f0deb4d3 311
cf10df81
RS		 312 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL)
313 || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL))
6acdd3e5 314 goto end;
6acdd3e5 315 SSL_CTX_set_keylog_callback(cctx, client_keylog_callback);
cf10df81
RS		 316 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx)
317 == client_keylog_callback))
6acdd3e5 318 goto end;
710756a9 319 SSL_CTX_set_keylog_callback(sctx, server_keylog_callback);
cf10df81
RS		 320 if (!TEST_true(SSL_CTX_get_keylog_callback(sctx)
321 == server_keylog_callback))
6acdd3e5 322 goto end;
6acdd3e5 323
710756a9
RS		 324 /* Now do a handshake and check that the logs have been written to. */
325 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
326 &clientssl, NULL, NULL))
327 || !TEST_true(create_ssl_connection(serverssl, clientssl,
328 SSL_ERROR_NONE))
329 || !TEST_false(error_writing_log)
330 || !TEST_int_gt(client_log_buffer_index, 0)
331 || !TEST_int_gt(server_log_buffer_index, 0))
6acdd3e5 332 goto end;
6acdd3e5 333
f1a5939f
CB		 334 /*
335 * Now we want to test that our output data was vaguely sensible. We
6acdd3e5 336 * do that by using strtok and confirming that we have more or less the
f1a5939f
CB		 337 * data we expect. For both client and server, we expect to see one master
338 * secret. The client should also see a RSA key exchange.
6acdd3e5 339 */
f1a5939f
CB		 340 expected.rsa_key_exchange_count = 1;
341 expected.master_secret_count = 1;
710756a9
RS		 342 if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
343 SSL_get_session(clientssl), &expected)))
6acdd3e5 344 goto end;
f1a5939f
CB		 345
346 expected.rsa_key_exchange_count = 0;
710756a9
RS		 347 if (!TEST_true(test_keylog_output(server_log_buffer, serverssl,
348 SSL_get_session(serverssl), &expected)))
6acdd3e5 349 goto end;
6acdd3e5
CB		 350
351 testresult = 1;
352
353end:
354 SSL_free(serverssl);
355 SSL_free(clientssl);
356 SSL_CTX_free(sctx);
357 SSL_CTX_free(cctx);
358
359 return testresult;
360}
c423ecaa 361#endif
6acdd3e5
CB		 362
363#ifndef OPENSSL_NO_TLS1_3
710756a9
RS		 364static int test_keylog_no_master_key(void)
365{
6acdd3e5
CB		 366 SSL_CTX *cctx = NULL, *sctx = NULL;
367 SSL *clientssl = NULL, *serverssl = NULL;
cffe973c 368 SSL_SESSION *sess = NULL;
6acdd3e5 369 int testresult = 0;
f1a5939f 370 struct sslapitest_log_counts expected = {0};
cffe973c
PW		 371 unsigned char buf[1];
372 size_t readbytes, written;
6acdd3e5
CB		 373
374 /* Clean up logging space */
710756a9
RS		 375 memset(client_log_buffer, 0, sizeof(client_log_buffer));
376 memset(server_log_buffer, 0, sizeof(server_log_buffer));
6acdd3e5
CB		 377 client_log_buffer_index = 0;
378 server_log_buffer_index = 0;
379 error_writing_log = 0;
380
7d7f6834
RL		 381 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
382 TLS1_VERSION, TLS_MAX_VERSION,
cffe973c
PW		 383 &sctx, &cctx, cert, privkey))
384 || !TEST_true(SSL_CTX_set_max_early_data(sctx,
cffe973c 385 SSL3_RT_MAX_PLAIN_LENGTH)))
6acdd3e5 386 return 0;
6acdd3e5 387
cf10df81
RS		 388 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL)
389 || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL))
6acdd3e5 390 goto end;
6acdd3e5
CB		 391
392 SSL_CTX_set_keylog_callback(cctx, client_keylog_callback);
cf10df81
RS		 393 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx)
394 == client_keylog_callback))
6acdd3e5 395 goto end;
6acdd3e5 396
710756a9 397 SSL_CTX_set_keylog_callback(sctx, server_keylog_callback);
cf10df81
RS		 398 if (!TEST_true(SSL_CTX_get_keylog_callback(sctx)
399 == server_keylog_callback))
6acdd3e5 400 goto end;
6acdd3e5 401
710756a9
RS		 402 /* Now do a handshake and check that the logs have been written to. */
403 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
404 &clientssl, NULL, NULL))
405 || !TEST_true(create_ssl_connection(serverssl, clientssl,
406 SSL_ERROR_NONE))
407 || !TEST_false(error_writing_log))
6acdd3e5 408 goto end;
6acdd3e5 409
f1a5939f
CB		 410 /*
411 * Now we want to test that our output data was vaguely sensible. For this
69687aa8 412 * test, we expect no CLIENT_RANDOM entry because it doesn't make sense for
f1a5939f 413 * TLSv1.3, but we do expect both client and server to emit keys.
6acdd3e5 414 */
f1a5939f
CB		 415 expected.client_handshake_secret_count = 1;
416 expected.server_handshake_secret_count = 1;
417 expected.client_application_secret_count = 1;
418 expected.server_application_secret_count = 1;
6329ce8f 419 expected.exporter_secret_count = 1;
710756a9
RS		 420 if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
421 SSL_get_session(clientssl), &expected))
422 || !TEST_true(test_keylog_output(server_log_buffer, serverssl,
423 SSL_get_session(serverssl),
424 &expected)))
6acdd3e5 425 goto end;
6acdd3e5 426
cffe973c
PW		 427 /* Terminate old session and resume with early data. */
428 sess = SSL_get1_session(clientssl);
429 SSL_shutdown(clientssl);
430 SSL_shutdown(serverssl);
431 SSL_free(serverssl);
432 SSL_free(clientssl);
433 serverssl = clientssl = NULL;
434
435 /* Reset key log */
436 memset(client_log_buffer, 0, sizeof(client_log_buffer));
437 memset(server_log_buffer, 0, sizeof(server_log_buffer));
438 client_log_buffer_index = 0;
439 server_log_buffer_index = 0;
440
441 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
442 &clientssl, NULL, NULL))
443 || !TEST_true(SSL_set_session(clientssl, sess))
444 /* Here writing 0 length early data is enough. */
445 || !TEST_true(SSL_write_early_data(clientssl, NULL, 0, &written))
446 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
447 &readbytes),
448 SSL_READ_EARLY_DATA_ERROR)
449 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
450 SSL_EARLY_DATA_ACCEPTED)
451 || !TEST_true(create_ssl_connection(serverssl, clientssl,
452 SSL_ERROR_NONE))
453 || !TEST_true(SSL_session_reused(clientssl)))
454 goto end;
455
456 /* In addition to the previous entries, expect early secrets. */
457 expected.client_early_secret_count = 1;
01a2a654 458 expected.early_exporter_secret_count = 1;
cffe973c
PW		 459 if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
460 SSL_get_session(clientssl), &expected))
461 || !TEST_true(test_keylog_output(server_log_buffer, serverssl,
462 SSL_get_session(serverssl),
463 &expected)))
464 goto end;
465
6acdd3e5
CB		 466 testresult = 1;
467
468end:
cffe973c 469 SSL_SESSION_free(sess);
6acdd3e5
CB		 470 SSL_free(serverssl);
471 SSL_free(clientssl);
472 SSL_CTX_free(sctx);
473 SSL_CTX_free(cctx);
474
475 return testresult;
476}
477#endif
478
e9ee6536 479#ifndef OPENSSL_NO_TLS1_2
a9c0d8be 480static int full_client_hello_callback(SSL *s, int *al, void *arg)
2afaee51
BK		 481{
482 int *ctr = arg;
483 const unsigned char *p;
8ea404fb 484 int *exts;
2afaee51
BK		 485 /* We only configure two ciphers, but the SCSV is added automatically. */
486#ifdef OPENSSL_NO_EC
487 const unsigned char expected_ciphers[] = {0x00, 0x9d, 0x00, 0xff};
488#else
489 const unsigned char expected_ciphers[] = {0x00, 0x9d, 0xc0,
490 0x2c, 0x00, 0xff};
491#endif
8ea404fb
BK		 492 const int expected_extensions[] = {
493#ifndef OPENSSL_NO_EC
494 11, 10,
495#endif
10ed1b72 496 35, 22, 23, 13};
2afaee51
BK		 497 size_t len;
498
499 /* Make sure we can defer processing and get called back. */
500 if ((*ctr)++ == 0)
f1b97da1 501 return SSL_CLIENT_HELLO_RETRY;
2afaee51 502
a9c0d8be 503 len = SSL_client_hello_get0_ciphers(s, &p);
710756a9 504 if (!TEST_mem_eq(p, len, expected_ciphers, sizeof(expected_ciphers))
a9c0d8be
DB		 505 || !TEST_size_t_eq(
506 SSL_client_hello_get0_compression_methods(s, &p), 1)
710756a9 507 || !TEST_int_eq(*p, 0))
f1b97da1 508 return SSL_CLIENT_HELLO_ERROR;
a9c0d8be 509 if (!SSL_client_hello_get1_extensions_present(s, &exts, &len))
f1b97da1 510 return SSL_CLIENT_HELLO_ERROR;
8ea404fb
BK		 511 if (len != OSSL_NELEM(expected_extensions) ||
512 memcmp(exts, expected_extensions, len * sizeof(*exts)) != 0) {
a9c0d8be 513 printf("ClientHello callback expected extensions mismatch\n");
8ea404fb 514 OPENSSL_free(exts);
f1b97da1 515 return SSL_CLIENT_HELLO_ERROR;
8ea404fb
BK		 516 }
517 OPENSSL_free(exts);
f1b97da1 518 return SSL_CLIENT_HELLO_SUCCESS;
2afaee51
BK		 519}
520
a9c0d8be 521static int test_client_hello_cb(void)
710756a9 522{
2afaee51
BK		 523 SSL_CTX *cctx = NULL, *sctx = NULL;
524 SSL *clientssl = NULL, *serverssl = NULL;
525 int testctr = 0, testresult = 0;
526
7d7f6834
RL		 527 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
528 TLS1_VERSION, TLS_MAX_VERSION,
529 &sctx, &cctx, cert, privkey)))
2afaee51 530 goto end;
a9c0d8be 531 SSL_CTX_set_client_hello_cb(sctx, full_client_hello_callback, &testctr);
710756a9 532
2afaee51
BK		 533 /* The gimpy cipher list we configure can't do TLS 1.3. */
534 SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
2afaee51 535
710756a9
RS		 536 if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
537 "AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384"))
538 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
539 &clientssl, NULL, NULL))
540 || !TEST_false(create_ssl_connection(serverssl, clientssl,
a9c0d8be 541 SSL_ERROR_WANT_CLIENT_HELLO_CB))
710756a9
RS		 542 /*
543 * Passing a -1 literal is a hack since
544 * the real value was lost.
545 * */
a9c0d8be
DB		 546 || !TEST_int_eq(SSL_get_error(serverssl, -1),
547 SSL_ERROR_WANT_CLIENT_HELLO_CB)
710756a9
RS		 548 || !TEST_true(create_ssl_connection(serverssl, clientssl,
549 SSL_ERROR_NONE)))
2afaee51 550 goto end;
2afaee51
BK		 551
552 testresult = 1;
553
554end:
555 SSL_free(serverssl);
556 SSL_free(clientssl);
557 SSL_CTX_free(sctx);
558 SSL_CTX_free(cctx);
559
560 return testresult;
561}
e9ee6536 562#endif
2afaee51 563
84d5549e 564static int execute_test_large_message(const SSL_METHOD *smeth,
7d7f6834
RL		 565 const SSL_METHOD *cmeth,
566 int min_version, int max_version,
567 int read_ahead)
84d5549e
MC		 568{
569 SSL_CTX *cctx = NULL, *sctx = NULL;
570 SSL *clientssl = NULL, *serverssl = NULL;
571 int testresult = 0;
572 int i;
710756a9 573 BIO *certbio = NULL;
84d5549e
MC		 574 X509 *chaincert = NULL;
575 int certlen;
576
710756a9 577 if (!TEST_ptr(certbio = BIO_new_file(cert, "r")))
84d5549e 578 goto end;
84d5549e 579 chaincert = PEM_read_bio_X509(certbio, NULL, NULL, NULL);
fa454945
MC		 580 BIO_free(certbio);
581 certbio = NULL;
710756a9 582 if (!TEST_ptr(chaincert))
fa454945 583 goto end;
84d5549e 584
7d7f6834
RL		 585 if (!TEST_true(create_ssl_ctx_pair(smeth, cmeth, min_version, max_version,
586 &sctx, &cctx, cert, privkey)))
84d5549e 587 goto end;
84d5549e 588
710756a9 589 if (read_ahead) {
7856332e
MC		 590 /*
591 * Test that read_ahead works correctly when dealing with large
592 * records
593 */
594 SSL_CTX_set_read_ahead(cctx, 1);
595 }
596
84d5549e
MC		 597 /*
598 * We assume the supplied certificate is big enough so that if we add
599 * NUM_EXTRA_CERTS it will make the overall message large enough. The
600 * default buffer size is requested to be 16k, but due to the way BUF_MEM
710756a9
RS		 601 * works, it ends up allocating a little over 21k (16 * 4/3). So, in this
602 * test we need to have a message larger than that.
84d5549e
MC		 603 */
604 certlen = i2d_X509(chaincert, NULL);
710756a9
RS		 605 OPENSSL_assert(certlen * NUM_EXTRA_CERTS >
606 (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3);
84d5549e 607 for (i = 0; i < NUM_EXTRA_CERTS; i++) {
710756a9 608 if (!X509_up_ref(chaincert))
84d5549e 609 goto end;
84d5549e 610 if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) {
84d5549e
MC		 611 X509_free(chaincert);
612 goto end;
613 }
614 }
615
710756a9
RS		 616 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
617 NULL, NULL))
618 || !TEST_true(create_ssl_connection(serverssl, clientssl,
619 SSL_ERROR_NONE)))
84d5549e 620 goto end;
84d5549e 621
4bf08600
MC		 622 /*
623 * Calling SSL_clear() first is not required but this tests that SSL_clear()
624 * doesn't leak (when using enable-crypto-mdebug).
625 */
710756a9 626 if (!TEST_true(SSL_clear(serverssl)))
4bf08600 627 goto end;
84d5549e 628
4bf08600 629 testresult = 1;
84d5549e
MC		 630 end:
631 X509_free(chaincert);
632 SSL_free(serverssl);
633 SSL_free(clientssl);
634 SSL_CTX_free(sctx);
635 SSL_CTX_free(cctx);
636
637 return testresult;
638}
639
640static int test_large_message_tls(void)
641{
7856332e 642 return execute_test_large_message(TLS_server_method(), TLS_client_method(),
7d7f6834 643 TLS1_VERSION, TLS_MAX_VERSION,
7856332e
MC		 644 0);
645}
646
647static int test_large_message_tls_read_ahead(void)
648{
649 return execute_test_large_message(TLS_server_method(), TLS_client_method(),
7d7f6834 650 TLS1_VERSION, TLS_MAX_VERSION,
7856332e 651 1);
84d5549e
MC		 652}
653
55386bef 654#ifndef OPENSSL_NO_DTLS
84d5549e
MC		 655static int test_large_message_dtls(void)
656{
7856332e
MC		 657 /*
658 * read_ahead is not relevant to DTLS because DTLS always acts as if
659 * read_ahead is set.
660 */
84d5549e 661 return execute_test_large_message(DTLS_server_method(),
7d7f6834
RL		 662 DTLS_client_method(),
663 DTLS1_VERSION, DTLS_MAX_VERSION,
664 0);
84d5549e 665}
55386bef 666#endif
84d5549e 667
8f8c11d8 668#ifndef OPENSSL_NO_OCSP
ba881d3b
MC		 669static int ocsp_server_cb(SSL *s, void *arg)
670{
671 int *argi = (int *)arg;
710756a9 672 unsigned char *copy = NULL;
ba881d3b
MC		 673 STACK_OF(OCSP_RESPID) *ids = NULL;
674 OCSP_RESPID *id = NULL;
675
676 if (*argi == 2) {
677 /* In this test we are expecting exactly 1 OCSP_RESPID */
678 SSL_get_tlsext_status_ids(s, &ids);
679 if (ids == NULL || sk_OCSP_RESPID_num(ids) != 1)
680 return SSL_TLSEXT_ERR_ALERT_FATAL;
681
682 id = sk_OCSP_RESPID_value(ids, 0);
683 if (id == NULL || !OCSP_RESPID_match(id, ocspcert))
684 return SSL_TLSEXT_ERR_ALERT_FATAL;
685 } else if (*argi != 1) {
686 return SSL_TLSEXT_ERR_ALERT_FATAL;
687 }
688
710756a9 689 if (!TEST_ptr(copy = OPENSSL_memdup(orespder, sizeof(orespder))))
ba881d3b
MC		 690 return SSL_TLSEXT_ERR_ALERT_FATAL;
691
710756a9 692 SSL_set_tlsext_status_ocsp_resp(s, copy, sizeof(orespder));
ba881d3b 693 ocsp_server_called = 1;
ba881d3b
MC		 694 return SSL_TLSEXT_ERR_OK;
695}
696
697static int ocsp_client_cb(SSL *s, void *arg)
698{
699 int *argi = (int *)arg;
700 const unsigned char *respderin;
701 size_t len;
702
703 if (*argi != 1 && *argi != 2)
704 return 0;
705
706 len = SSL_get_tlsext_status_ocsp_resp(s, &respderin);
710756a9 707 if (!TEST_mem_eq(orespder, len, respderin, len))
ba881d3b
MC		 708 return 0;
709
710 ocsp_client_called = 1;
ba881d3b
MC		 711 return 1;
712}
713
2cb4b5f6
MC		 714static int test_tlsext_status_type(void)
715{
ba881d3b
MC		 716 SSL_CTX *cctx = NULL, *sctx = NULL;
717 SSL *clientssl = NULL, *serverssl = NULL;
2cb4b5f6 718 int testresult = 0;
ba881d3b
MC		 719 STACK_OF(OCSP_RESPID) *ids = NULL;
720 OCSP_RESPID *id = NULL;
721 BIO *certbio = NULL;
2cb4b5f6 722
7d7f6834
RL		 723 if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
724 TLS1_VERSION, TLS_MAX_VERSION,
725 &sctx, &cctx, cert, privkey))
ba881d3b 726 return 0;
2cb4b5f6 727
710756a9 728 if (SSL_CTX_get_tlsext_status_type(cctx) != -1)
2cb4b5f6 729 goto end;
2cb4b5f6 730
ba881d3b 731 /* First just do various checks getting and setting tlsext_status_type */
2cb4b5f6 732
ba881d3b 733 clientssl = SSL_new(cctx);
710756a9
RS		 734 if (!TEST_int_eq(SSL_get_tlsext_status_type(clientssl), -1)
735 || !TEST_true(SSL_set_tlsext_status_type(clientssl,
736 TLSEXT_STATUSTYPE_ocsp))
737 || !TEST_int_eq(SSL_get_tlsext_status_type(clientssl),
738 TLSEXT_STATUSTYPE_ocsp))
2cb4b5f6 739 goto end;
2cb4b5f6 740
ba881d3b
MC		 741 SSL_free(clientssl);
742 clientssl = NULL;
2cb4b5f6 743
710756a9
RS		 744 if (!SSL_CTX_set_tlsext_status_type(cctx, TLSEXT_STATUSTYPE_ocsp)
745 || SSL_CTX_get_tlsext_status_type(cctx) != TLSEXT_STATUSTYPE_ocsp)
2cb4b5f6 746 goto end;
2cb4b5f6 747
ba881d3b 748 clientssl = SSL_new(cctx);
710756a9 749 if (SSL_get_tlsext_status_type(clientssl) != TLSEXT_STATUSTYPE_ocsp)
2cb4b5f6 750 goto end;
ba881d3b
MC		 751 SSL_free(clientssl);
752 clientssl = NULL;
753
754 /*
755 * Now actually do a handshake and check OCSP information is exchanged and
756 * the callbacks get called
757 */
ba881d3b
MC		 758 SSL_CTX_set_tlsext_status_cb(cctx, ocsp_client_cb);
759 SSL_CTX_set_tlsext_status_arg(cctx, &cdummyarg);
760 SSL_CTX_set_tlsext_status_cb(sctx, ocsp_server_cb);
761 SSL_CTX_set_tlsext_status_arg(sctx, &cdummyarg);
710756a9
RS		 762 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
763 &clientssl, NULL, NULL))
764 || !TEST_true(create_ssl_connection(serverssl, clientssl,
765 SSL_ERROR_NONE))
766 || !TEST_true(ocsp_client_called)
767 || !TEST_true(ocsp_server_called))
ba881d3b 768 goto end;
ba881d3b
MC		 769 SSL_free(serverssl);
770 SSL_free(clientssl);
771 serverssl = NULL;
772 clientssl = NULL;
773
774 /* Try again but this time force the server side callback to fail */
775 ocsp_client_called = 0;
776 ocsp_server_called = 0;
777 cdummyarg = 0;
710756a9
RS		 778 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
779 &clientssl, NULL, NULL))
780 /* This should fail because the callback will fail */
781 || !TEST_false(create_ssl_connection(serverssl, clientssl,
782 SSL_ERROR_NONE))
783 || !TEST_false(ocsp_client_called)
784 || !TEST_false(ocsp_server_called))
ba881d3b 785 goto end;
ba881d3b
MC		 786 SSL_free(serverssl);
787 SSL_free(clientssl);
788 serverssl = NULL;
789 clientssl = NULL;
790
791 /*
792 * This time we'll get the client to send an OCSP_RESPID that it will
793 * accept.
794 */
795 ocsp_client_called = 0;
796 ocsp_server_called = 0;
797 cdummyarg = 2;
710756a9
RS		 798 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
799 &clientssl, NULL, NULL)))
ba881d3b 800 goto end;
ba881d3b
MC		 801
802 /*
803 * We'll just use any old cert for this test - it doesn't have to be an OCSP
69687aa8 804 * specific one. We'll use the server cert.
ba881d3b 805 */
710756a9
RS		 806 if (!TEST_ptr(certbio = BIO_new_file(cert, "r"))
807 || !TEST_ptr(id = OCSP_RESPID_new())
808 || !TEST_ptr(ids = sk_OCSP_RESPID_new_null())
809 || !TEST_ptr(ocspcert = PEM_read_bio_X509(certbio,
810 NULL, NULL, NULL))
811 || !TEST_true(OCSP_RESPID_set_by_key(id, ocspcert))
812 || !TEST_true(sk_OCSP_RESPID_push(ids, id)))
ba881d3b 813 goto end;
ba881d3b
MC		 814 id = NULL;
815 SSL_set_tlsext_status_ids(clientssl, ids);
816 /* Control has been transferred */
817 ids = NULL;
818
819 BIO_free(certbio);
820 certbio = NULL;
821
710756a9
RS		 822 if (!TEST_true(create_ssl_connection(serverssl, clientssl,
823 SSL_ERROR_NONE))
824 || !TEST_true(ocsp_client_called)
825 || !TEST_true(ocsp_server_called))
ba881d3b 826 goto end;
ba881d3b 827
2cb4b5f6
MC		 828 testresult = 1;
829
830 end:
ba881d3b
MC		 831 SSL_free(serverssl);
832 SSL_free(clientssl);
833 SSL_CTX_free(sctx);
834 SSL_CTX_free(cctx);
835 sk_OCSP_RESPID_pop_free(ids, OCSP_RESPID_free);
836 OCSP_RESPID_free(id);
837 BIO_free(certbio);
838 X509_free(ocspcert);
839 ocspcert = NULL;
2cb4b5f6
MC		 840
841 return testresult;
842}
8f8c11d8 843#endif
2cb4b5f6 844
bf208d95 845#if !defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)
0afca811 846static int new_called, remove_called, get_called;
eaa776da 847
eaa776da
MC		 848static int new_session_cb(SSL *ssl, SSL_SESSION *sess)
849{
850 new_called++;
c0537ebd
MC		 851 /*
852 * sess has been up-refed for us, but we don't actually need it so free it
853 * immediately.
854 */
855 SSL_SESSION_free(sess);
eaa776da
MC		 856 return 1;
857}
858
859static void remove_session_cb(SSL_CTX *ctx, SSL_SESSION *sess)
860{
861 remove_called++;
862}
863
7a301f08
MC		 864static SSL_SESSION *get_sess_val = NULL;
865
866static SSL_SESSION *get_session_cb(SSL *ssl, const unsigned char *id, int len,
867 int *copy)
868{
0afca811 869 get_called++;
7a301f08
MC		 870 *copy = 1;
871 return get_sess_val;
872}
873
7a301f08
MC		 874static int execute_test_session(int maxprot, int use_int_cache,
875 int use_ext_cache)
2cb4b5f6
MC		 876{
877 SSL_CTX *sctx = NULL, *cctx = NULL;
878 SSL *serverssl1 = NULL, *clientssl1 = NULL;
879 SSL *serverssl2 = NULL, *clientssl2 = NULL;
bf208d95 880# ifndef OPENSSL_NO_TLS1_1
eaa776da 881 SSL *serverssl3 = NULL, *clientssl3 = NULL;
bf208d95 882# endif
2cb4b5f6
MC		 883 SSL_SESSION *sess1 = NULL, *sess2 = NULL;
884 int testresult = 0;
885
7e885b7b
P		 886 new_called = remove_called = 0;
887
7d7f6834
RL		 888 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
889 TLS1_VERSION, TLS_MAX_VERSION,
890 &sctx, &cctx, cert, privkey)))
2cb4b5f6 891 return 0;
2cb4b5f6 892
7a301f08
MC		 893 /*
894 * Only allow the max protocol version so we can force a connection failure
895 * later
896 */
897 SSL_CTX_set_min_proto_version(cctx, maxprot);
898 SSL_CTX_set_max_proto_version(cctx, maxprot);
eaa776da
MC		 899
900 /* Set up session cache */
7e885b7b 901 if (use_ext_cache) {
eaa776da
MC		 902 SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
903 SSL_CTX_sess_set_remove_cb(cctx, remove_session_cb);
904 }
7e885b7b 905 if (use_int_cache) {
eaa776da
MC		 906 /* Also covers instance where both are set */
907 SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT);
908 } else {
909 SSL_CTX_set_session_cache_mode(cctx,
910 SSL_SESS_CACHE_CLIENT
911 | SSL_SESS_CACHE_NO_INTERNAL_STORE);
912 }
2cb4b5f6 913
710756a9
RS		 914 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
915 NULL, NULL))
916 || !TEST_true(create_ssl_connection(serverssl1, clientssl1,
917 SSL_ERROR_NONE))
918 || !TEST_ptr(sess1 = SSL_get1_session(clientssl1)))
2cb4b5f6 919 goto end;
2cb4b5f6 920
710756a9 921 /* Should fail because it should already be in the cache */
7e885b7b 922 if (use_int_cache && !TEST_false(SSL_CTX_add_session(cctx, sess1)))
eaa776da 923 goto end;
7a301f08
MC		 924 if (use_ext_cache
925 && (!TEST_int_eq(new_called, 1) || !TEST_int_eq(remove_called, 0)))
b4982125 926 goto end;
b4982125 927
c0537ebd
MC		 928 new_called = remove_called = 0;
929 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
930 &clientssl2, NULL, NULL))
931 || !TEST_true(SSL_set_session(clientssl2, sess1))
932 || !TEST_true(create_ssl_connection(serverssl2, clientssl2,
933 SSL_ERROR_NONE))
934 || !TEST_true(SSL_session_reused(clientssl2)))
935 goto end;
936
7a301f08
MC		 937 if (maxprot == TLS1_3_VERSION) {
938 /*
939 * In TLSv1.3 we should have created a new session even though we have
940 * resumed. The original session should also have been removed.
941 */
942 if (use_ext_cache
943 && (!TEST_int_eq(new_called, 1)
944 || !TEST_int_eq(remove_called, 1)))
945 goto end;
946 } else {
947 /*
948 * In TLSv1.2 we expect to have resumed so no sessions added or
949 * removed.
950 */
951 if (use_ext_cache
952 && (!TEST_int_eq(new_called, 0)
953 || !TEST_int_eq(remove_called, 0)))
954 goto end;
955 }
c0537ebd
MC		 956
957 SSL_SESSION_free(sess1);
958 if (!TEST_ptr(sess1 = SSL_get1_session(clientssl2)))
959 goto end;
960 shutdown_ssl_connection(serverssl2, clientssl2);
961 serverssl2 = clientssl2 = NULL;
c0537ebd
MC		 962
963 new_called = remove_called = 0;
710756a9
RS		 964 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
965 &clientssl2, NULL, NULL))
966 || !TEST_true(create_ssl_connection(serverssl2, clientssl2,
967 SSL_ERROR_NONE)))
2cb4b5f6 968 goto end;
2cb4b5f6 969
710756a9 970 if (!TEST_ptr(sess2 = SSL_get1_session(clientssl2)))
2cb4b5f6 971 goto end;
2cb4b5f6 972
7a301f08
MC		 973 if (use_ext_cache
974 && (!TEST_int_eq(new_called, 1) || !TEST_int_eq(remove_called, 0)))
eaa776da 975 goto end;
eaa776da 976
c0537ebd 977 new_called = remove_called = 0;
2cb4b5f6 978 /*
710756a9
RS		 979 * This should clear sess2 from the cache because it is a "bad" session.
980 * See SSL_set_session() documentation.
2cb4b5f6 981 */
710756a9 982 if (!TEST_true(SSL_set_session(clientssl2, sess1)))
2cb4b5f6 983 goto end;
7a301f08
MC		 984 if (use_ext_cache
985 && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1)))
eaa776da 986 goto end;
710756a9 987 if (!TEST_ptr_eq(SSL_get_session(clientssl2), sess1))
2cb4b5f6 988 goto end;
2cb4b5f6 989
7e885b7b 990 if (use_int_cache) {
710756a9
RS		 991 /* Should succeeded because it should not already be in the cache */
992 if (!TEST_true(SSL_CTX_add_session(cctx, sess2))
993 || !TEST_true(SSL_CTX_remove_session(cctx, sess2)))
eaa776da 994 goto end;
eaa776da
MC		 995 }
996
c0537ebd 997 new_called = remove_called = 0;
eaa776da 998 /* This shouldn't be in the cache so should fail */
710756a9 999 if (!TEST_false(SSL_CTX_remove_session(cctx, sess2)))
2cb4b5f6 1000 goto end;
2cb4b5f6 1001
7a301f08
MC		 1002 if (use_ext_cache
1003 && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1)))
2cb4b5f6 1004 goto end;
2cb4b5f6 1005
bf208d95 1006# if !defined(OPENSSL_NO_TLS1_1)
c0537ebd 1007 new_called = remove_called = 0;
eaa776da
MC		 1008 /* Force a connection failure */
1009 SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION);
710756a9
RS		 1010 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl3,
1011 &clientssl3, NULL, NULL))
1012 || !TEST_true(SSL_set_session(clientssl3, sess1))
c0537ebd 1013 /* This should fail because of the mismatched protocol versions */
710756a9
RS		 1014 || !TEST_false(create_ssl_connection(serverssl3, clientssl3,
1015 SSL_ERROR_NONE)))
eaa776da 1016 goto end;
b4982125 1017
eaa776da 1018 /* We should have automatically removed the session from the cache */
7a301f08
MC		 1019 if (use_ext_cache
1020 && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1)))
2cb4b5f6 1021 goto end;
2cb4b5f6 1022
710756a9 1023 /* Should succeed because it should not already be in the cache */
7e885b7b 1024 if (use_int_cache && !TEST_true(SSL_CTX_add_session(cctx, sess2)))
eaa776da 1025 goto end;
bf208d95 1026# endif
eaa776da 1027
7a301f08
MC		 1028 /* Now do some tests for server side caching */
1029 if (use_ext_cache) {
1030 SSL_CTX_sess_set_new_cb(cctx, NULL);
1031 SSL_CTX_sess_set_remove_cb(cctx, NULL);
1032 SSL_CTX_sess_set_new_cb(sctx, new_session_cb);
1033 SSL_CTX_sess_set_remove_cb(sctx, remove_session_cb);
1034 SSL_CTX_sess_set_get_cb(sctx, get_session_cb);
1035 get_sess_val = NULL;
1036 }
1037
1038 SSL_CTX_set_session_cache_mode(cctx, 0);
1039 /* Internal caching is the default on the server side */
1040 if (!use_int_cache)
1041 SSL_CTX_set_session_cache_mode(sctx,
1042 SSL_SESS_CACHE_SERVER
1043 | SSL_SESS_CACHE_NO_INTERNAL_STORE);
1044
1045 SSL_free(serverssl1);
1046 SSL_free(clientssl1);
1047 serverssl1 = clientssl1 = NULL;
1048 SSL_free(serverssl2);
1049 SSL_free(clientssl2);
1050 serverssl2 = clientssl2 = NULL;
1051 SSL_SESSION_free(sess1);
1052 sess1 = NULL;
1053 SSL_SESSION_free(sess2);
1054 sess2 = NULL;
1055
1056 SSL_CTX_set_max_proto_version(sctx, maxprot);
1057 SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET);
0afca811 1058 new_called = remove_called = get_called = 0;
7a301f08
MC		 1059 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
1060 NULL, NULL))
1061 || !TEST_true(create_ssl_connection(serverssl1, clientssl1,
1062 SSL_ERROR_NONE))
1063 || !TEST_ptr(sess1 = SSL_get1_session(clientssl1))
1064 || !TEST_ptr(sess2 = SSL_get1_session(serverssl1)))
1065 goto end;
1066
1067 /* Should fail because it should already be in the cache */
1068 if (use_int_cache && !TEST_false(SSL_CTX_add_session(sctx, sess2)))
1069 goto end;
1070
1071 if (use_ext_cache) {
1072 SSL_SESSION *tmp = sess2;
1073
0afca811
KY		 1074 if (!TEST_int_eq(new_called, 1)
1075 || !TEST_int_eq(remove_called, 0)
1076 || !TEST_int_eq(get_called, 0))
7a301f08
MC		 1077 goto end;
1078 /*
1079 * Delete the session from the internal cache to force a lookup from
1080 * the external cache. We take a copy first because
1081 * SSL_CTX_remove_session() also marks the session as non-resumable.
1082 */
3cb6a4d6
BK		 1083 if (use_int_cache) {
1084 if (!TEST_ptr(tmp = SSL_SESSION_dup(sess2))
1085 || !TEST_true(SSL_CTX_remove_session(sctx, sess2)))
1086 goto end;
1087 SSL_SESSION_free(sess2);
1088 }
7a301f08
MC		 1089 sess2 = tmp;
1090 }
1091
0afca811 1092 new_called = remove_called = get_called = 0;
7a301f08
MC		 1093 get_sess_val = sess2;
1094 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
1095 &clientssl2, NULL, NULL))
1096 || !TEST_true(SSL_set_session(clientssl2, sess1))
1097 || !TEST_true(create_ssl_connection(serverssl2, clientssl2,
1098 SSL_ERROR_NONE))
1099 || !TEST_true(SSL_session_reused(clientssl2)))
1100 goto end;
1101
0afca811 1102 if (use_ext_cache) {
32305f88 1103 if (!TEST_int_eq(remove_called, 0))
0afca811
KY		 1104 goto end;
1105
1106 if (maxprot == TLS1_3_VERSION) {
32305f88
MC		 1107 /*
1108 * Every time we issue a NewSessionTicket we are creating a new
1109 * session for next time in TLSv1.3
1110 */
1111 if (!TEST_int_eq(new_called, 1)
1112 || !TEST_int_eq(get_called, 0))
0afca811
KY		 1113 goto end;
1114 } else {
32305f88
MC		 1115 if (!TEST_int_eq(new_called, 0)
1116 || !TEST_int_eq(get_called, 1))
0afca811
KY		 1117 goto end;
1118 }
1119 }
7a301f08 1120
2cb4b5f6 1121 testresult = 1;
eaa776da 1122
2cb4b5f6
MC		 1123 end:
1124 SSL_free(serverssl1);
1125 SSL_free(clientssl1);
1126 SSL_free(serverssl2);
1127 SSL_free(clientssl2);
bf208d95 1128# ifndef OPENSSL_NO_TLS1_1
eaa776da
MC		 1129 SSL_free(serverssl3);
1130 SSL_free(clientssl3);
bf208d95 1131# endif
2cb4b5f6
MC		 1132 SSL_SESSION_free(sess1);
1133 SSL_SESSION_free(sess2);
1134 SSL_CTX_free(sctx);
1135 SSL_CTX_free(cctx);
1136
1137 return testresult;
1138}
bf208d95 1139#endif /* !defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) */
2cb4b5f6 1140
7fb4c820
MC		 1141static int test_session_with_only_int_cache(void)
1142{
7a301f08
MC		 1143#ifndef OPENSSL_NO_TLS1_3
1144 if (!execute_test_session(TLS1_3_VERSION, 1, 0))
1145 return 0;
1146#endif
1147
1148#ifndef OPENSSL_NO_TLS1_2
1149 return execute_test_session(TLS1_2_VERSION, 1, 0);
1150#else
1151 return 1;
1152#endif
eaa776da
MC		 1153}
1154
7fb4c820
MC		 1155static int test_session_with_only_ext_cache(void)
1156{
7a301f08
MC		 1157#ifndef OPENSSL_NO_TLS1_3
1158 if (!execute_test_session(TLS1_3_VERSION, 0, 1))
1159 return 0;
1160#endif
1161
1162#ifndef OPENSSL_NO_TLS1_2
1163 return execute_test_session(TLS1_2_VERSION, 0, 1);
1164#else
1165 return 1;
1166#endif
eaa776da
MC		 1167}
1168
7fb4c820
MC		 1169static int test_session_with_both_cache(void)
1170{
7a301f08
MC		 1171#ifndef OPENSSL_NO_TLS1_3
1172 if (!execute_test_session(TLS1_3_VERSION, 1, 1))
1173 return 0;
1174#endif
1175
1176#ifndef OPENSSL_NO_TLS1_2
1177 return execute_test_session(TLS1_2_VERSION, 1, 1);
1178#else
1179 return 1;
1180#endif
eaa776da
MC		 1181}
1182
7d4488bb
MC		 1183#define USE_NULL 0
1184#define USE_BIO_1 1
1185#define USE_BIO_2 2
1186#define USE_DEFAULT 3
1187
1188#define CONNTYPE_CONNECTION_SUCCESS 0
1189#define CONNTYPE_CONNECTION_FAIL 1
1190#define CONNTYPE_NO_CONNECTION 2
1191
1192#define TOTAL_NO_CONN_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3)
1193#define TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS (2 * 2)
1194#if !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_2)
1195# define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS (2 * 2)
1196#else
1197# define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS 0
1198#endif
1199
7fb4c820 1200
7d4488bb
MC		 1201#define TOTAL_SSL_SET_BIO_TESTS TOTAL_NO_CONN_SSL_SET_BIO_TESTS \
1202 + TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS \
1203 + TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS
7fb4c820
MC		 1204
1205static void setupbio(BIO **res, BIO *bio1, BIO *bio2, int type)
1206{
1207 switch (type) {
1208 case USE_NULL:
1209 *res = NULL;
1210 break;
1211 case USE_BIO_1:
1212 *res = bio1;
1213 break;
1214 case USE_BIO_2:
1215 *res = bio2;
1216 break;
1217 }
1218}
1219
7d4488bb
MC		 1220
1221/*
1222 * Tests calls to SSL_set_bio() under various conditions.
1223 *
1224 * For the first 3 * 3 * 3 * 3 = 81 tests we do 2 calls to SSL_set_bio() with
1225 * various combinations of valid BIOs or NULL being set for the rbio/wbio. We
1226 * then do more tests where we create a successful connection first using our
1227 * standard connection setup functions, and then call SSL_set_bio() with
1228 * various combinations of valid BIOs or NULL. We then repeat these tests
1229 * following a failed connection. In this last case we are looking to check that
1230 * SSL_set_bio() functions correctly in the case where s->bbio is not NULL.
1231 */
7fb4c820
MC		 1232static int test_ssl_set_bio(int idx)
1233{
7d4488bb 1234 SSL_CTX *sctx = NULL, *cctx = NULL;
7fb4c820
MC		 1235 BIO *bio1 = NULL;
1236 BIO *bio2 = NULL;
0fae8150 1237 BIO *irbio = NULL, *iwbio = NULL, *nrbio = NULL, *nwbio = NULL;
7d4488bb
MC		 1238 SSL *serverssl = NULL, *clientssl = NULL;
1239 int initrbio, initwbio, newrbio, newwbio, conntype;
7fb4c820
MC		 1240 int testresult = 0;
1241
7d4488bb
MC		 1242 if (idx < TOTAL_NO_CONN_SSL_SET_BIO_TESTS) {
1243 initrbio = idx % 3;
1244 idx /= 3;
1245 initwbio = idx % 3;
1246 idx /= 3;
1247 newrbio = idx % 3;
1248 idx /= 3;
1249 newwbio = idx % 3;
1250 conntype = CONNTYPE_NO_CONNECTION;
1251 } else {
1252 idx -= TOTAL_NO_CONN_SSL_SET_BIO_TESTS;
1253 initrbio = initwbio = USE_DEFAULT;
1254 newrbio = idx % 2;
1255 idx /= 2;
1256 newwbio = idx % 2;
1257 idx /= 2;
1258 conntype = idx % 2;
1259 }
710756a9 1260
7d4488bb
MC		 1261 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
1262 TLS1_VERSION, TLS_MAX_VERSION,
1263 &sctx, &cctx, cert, privkey)))
1264 goto end;
1265
1266 if (conntype == CONNTYPE_CONNECTION_FAIL) {
1267 /*
1268 * We won't ever get here if either TLSv1.3 or TLSv1.2 is disabled
1269 * because we reduced the number of tests in the definition of
1270 * TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS to avoid this scenario. By setting
1271 * mismatched protocol versions we will force a connection failure.
1272 */
1273 SSL_CTX_set_min_proto_version(sctx, TLS1_3_VERSION);
1274 SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
1275 }
1276
1277 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
1278 NULL, NULL)))
710756a9 1279 goto end;
7fb4c820 1280
710756a9
RS		 1281 if (initrbio == USE_BIO_1
1282 || initwbio == USE_BIO_1
1283 || newrbio == USE_BIO_1
7fb4c820 1284 || newwbio == USE_BIO_1) {
710756a9 1285 if (!TEST_ptr(bio1 = BIO_new(BIO_s_mem())))
7fb4c820 1286 goto end;
7fb4c820
MC		 1287 }
1288
710756a9
RS		 1289 if (initrbio == USE_BIO_2
1290 || initwbio == USE_BIO_2
1291 || newrbio == USE_BIO_2
7fb4c820 1292 || newwbio == USE_BIO_2) {
710756a9 1293 if (!TEST_ptr(bio2 = BIO_new(BIO_s_mem())))
7fb4c820 1294 goto end;
7fb4c820
MC		 1295 }
1296
7d4488bb
MC		 1297 if (initrbio != USE_DEFAULT) {
1298 setupbio(&irbio, bio1, bio2, initrbio);
1299 setupbio(&iwbio, bio1, bio2, initwbio);
1300 SSL_set_bio(clientssl, irbio, iwbio);
7fb4c820 1301
7d4488bb
MC		 1302 /*
1303 * We want to maintain our own refs to these BIO, so do an up ref for
1304 * each BIO that will have ownership transferred in the SSL_set_bio()
1305 * call
1306 */
1307 if (irbio != NULL)
1308 BIO_up_ref(irbio);
1309 if (iwbio != NULL && iwbio != irbio)
1310 BIO_up_ref(iwbio);
1311 }
7fb4c820 1312
7d4488bb
MC		 1313 if (conntype != CONNTYPE_NO_CONNECTION
1314 && !TEST_true(create_ssl_connection(serverssl, clientssl,
1315 SSL_ERROR_NONE)
1316 == (conntype == CONNTYPE_CONNECTION_SUCCESS)))
1317 goto end;
7fb4c820
MC		 1318
1319 setupbio(&nrbio, bio1, bio2, newrbio);
1320 setupbio(&nwbio, bio1, bio2, newwbio);
1321
1322 /*
1323 * We will (maybe) transfer ownership again so do more up refs.
1324 * SSL_set_bio() has some really complicated ownership rules where BIOs have
1325 * already been set!
1326 */
710756a9
RS		 1327 if (nrbio != NULL
1328 && nrbio != irbio
1329 && (nwbio != iwbio || nrbio != nwbio))
7fb4c820 1330 BIO_up_ref(nrbio);
710756a9
RS		 1331 if (nwbio != NULL
1332 && nwbio != nrbio
1333 && (nwbio != iwbio || (nwbio == iwbio && irbio == iwbio)))
7fb4c820
MC		 1334 BIO_up_ref(nwbio);
1335
7d4488bb 1336 SSL_set_bio(clientssl, nrbio, nwbio);
7fb4c820
MC		 1337
1338 testresult = 1;
1339
1340 end:
7fb4c820
MC		 1341 BIO_free(bio1);
1342 BIO_free(bio2);
710756a9 1343
7fb4c820
MC		 1344 /*
1345 * This test is checking that the ref counting for SSL_set_bio is correct.
1346 * If we get here and we did too many frees then we will fail in the above
1347 * functions. If we haven't done enough then this will only be detected in
1348 * a crypto-mdebug build
1349 */
7d4488bb
MC		 1350 SSL_free(serverssl);
1351 SSL_free(clientssl);
1352 SSL_CTX_free(sctx);
1353 SSL_CTX_free(cctx);
7fb4c820
MC		 1354 return testresult;
1355}
1356
7e885b7b 1357typedef enum { NO_BIO_CHANGE, CHANGE_RBIO, CHANGE_WBIO } bio_change_t;
9a716987 1358
7e885b7b 1359static int execute_test_ssl_bio(int pop_ssl, bio_change_t change_bio)
9a716987
MC		 1360{
1361 BIO *sslbio = NULL, *membio1 = NULL, *membio2 = NULL;
710756a9 1362 SSL_CTX *ctx;
9a716987
MC		 1363 SSL *ssl = NULL;
1364 int testresult = 0;
1365
710756a9
RS		 1366 if (!TEST_ptr(ctx = SSL_CTX_new(TLS_method()))
1367 || !TEST_ptr(ssl = SSL_new(ctx))
1368 || !TEST_ptr(sslbio = BIO_new(BIO_f_ssl()))
1369 || !TEST_ptr(membio1 = BIO_new(BIO_s_mem())))
9a716987 1370 goto end;
9a716987
MC		 1371
1372 BIO_set_ssl(sslbio, ssl, BIO_CLOSE);
1373
1374 /*
1375 * If anything goes wrong here then we could leak memory, so this will
1376 * be caught in a crypto-mdebug build
1377 */
1378 BIO_push(sslbio, membio1);
1379
69687aa8 1380 /* Verify changing the rbio/wbio directly does not cause leaks */
7e885b7b 1381 if (change_bio != NO_BIO_CHANGE) {
710756a9 1382 if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem())))
9a716987 1383 goto end;
7e885b7b 1384 if (change_bio == CHANGE_RBIO)
65e2d672 1385 SSL_set0_rbio(ssl, membio2);
9a716987 1386 else
65e2d672 1387 SSL_set0_wbio(ssl, membio2);
9a716987
MC		 1388 }
1389 ssl = NULL;
1390
7e885b7b 1391 if (pop_ssl)
9a716987
MC		 1392 BIO_pop(sslbio);
1393 else
1394 BIO_pop(membio1);
1395
1396 testresult = 1;
1397 end:
1398 BIO_free(membio1);
1399 BIO_free(sslbio);
1400 SSL_free(ssl);
1401 SSL_CTX_free(ctx);
1402
1403 return testresult;
1404}
1405
1406static int test_ssl_bio_pop_next_bio(void)
1407{
7e885b7b 1408 return execute_test_ssl_bio(0, NO_BIO_CHANGE);
9a716987
MC		 1409}
1410
1411static int test_ssl_bio_pop_ssl_bio(void)
1412{
7e885b7b 1413 return execute_test_ssl_bio(1, NO_BIO_CHANGE);
9a716987
MC		 1414}
1415
1416static int test_ssl_bio_change_rbio(void)
1417{
7e885b7b 1418 return execute_test_ssl_bio(0, CHANGE_RBIO);
9a716987
MC		 1419}
1420
1421static int test_ssl_bio_change_wbio(void)
1422{
7e885b7b 1423 return execute_test_ssl_bio(0, CHANGE_WBIO);
9a716987
MC		 1424}
1425
c423ecaa 1426#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
f1b25aae
MC		 1427typedef struct {
1428 /* The list of sig algs */
1429 const int *list;
1430 /* The length of the list */
1431 size_t listlen;
1432 /* A sigalgs list in string format */
1433 const char *liststr;
1434 /* Whether setting the list should succeed */
1435 int valid;
1436 /* Whether creating a connection with the list should succeed */
1437 int connsuccess;
1438} sigalgs_list;
1439
1440static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA};
c423ecaa 1441# ifndef OPENSSL_NO_EC
f1b25aae
MC		 1442static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC};
1443static const int validlist3[] = {NID_sha512, EVP_PKEY_EC};
c423ecaa 1444# endif
f1b25aae
MC		 1445static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA};
1446static const int invalidlist2[] = {NID_sha256, NID_undef};
1447static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256};
1448static const int invalidlist4[] = {NID_sha256};
1449static const sigalgs_list testsigalgs[] = {
1450 {validlist1, OSSL_NELEM(validlist1), NULL, 1, 1},
c423ecaa 1451# ifndef OPENSSL_NO_EC
f1b25aae
MC		 1452 {validlist2, OSSL_NELEM(validlist2), NULL, 1, 1},
1453 {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0},
c423ecaa 1454# endif
f1b25aae 1455 {NULL, 0, "RSA+SHA256", 1, 1},
c423ecaa 1456# ifndef OPENSSL_NO_EC
f1b25aae
MC		 1457 {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
1458 {NULL, 0, "ECDSA+SHA512", 1, 0},
c423ecaa 1459# endif
f1b25aae
MC		 1460 {invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0},
1461 {invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0},
1462 {invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0},
1463 {invalidlist4, OSSL_NELEM(invalidlist4), NULL, 0, 0},
1464 {NULL, 0, "RSA", 0, 0},
1465 {NULL, 0, "SHA256", 0, 0},
1466 {NULL, 0, "RSA+SHA256:SHA256", 0, 0},
710756a9
RS		 1467 {NULL, 0, "Invalid", 0, 0}
1468};
f1b25aae
MC		 1469
1470static int test_set_sigalgs(int idx)
1471{
1472 SSL_CTX *cctx = NULL, *sctx = NULL;
1473 SSL *clientssl = NULL, *serverssl = NULL;
1474 int testresult = 0;
1475 const sigalgs_list *curr;
1476 int testctx;
1477
1478 /* Should never happen */
710756a9 1479 if (!TEST_size_t_le((size_t)idx, OSSL_NELEM(testsigalgs) * 2))
f1b25aae
MC		 1480 return 0;
1481
1482 testctx = ((size_t)idx < OSSL_NELEM(testsigalgs));
1483 curr = testctx ? &testsigalgs[idx]
1484 : &testsigalgs[idx - OSSL_NELEM(testsigalgs)];
1485
7d7f6834
RL		 1486 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
1487 TLS1_VERSION, TLS_MAX_VERSION,
1488 &sctx, &cctx, cert, privkey)))
f1b25aae 1489 return 0;
f1b25aae 1490
d2e491f2
MC		 1491 /*
1492 * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test it
1493 * for TLSv1.2 for now until we add a new API.
1494 */
1495 SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
1496
f1b25aae
MC		 1497 if (testctx) {
1498 int ret;
710756a9 1499
f1b25aae
MC		 1500 if (curr->list != NULL)
1501 ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen);
1502 else
1503 ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr);
1504
1505 if (!ret) {
1506 if (curr->valid)
710756a9 1507 TEST_info("Failure setting sigalgs in SSL_CTX (%d)\n", idx);
f1b25aae
MC		 1508 else
1509 testresult = 1;
1510 goto end;
1511 }
1512 if (!curr->valid) {
710756a9 1513 TEST_info("Not-failed setting sigalgs in SSL_CTX (%d)\n", idx);
f1b25aae
MC		 1514 goto end;
1515 }
1516 }
1517
710756a9
RS		 1518 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1519 &clientssl, NULL, NULL)))
f1b25aae 1520 goto end;
f1b25aae
MC		 1521
1522 if (!testctx) {
1523 int ret;
1524
1525 if (curr->list != NULL)
1526 ret = SSL_set1_sigalgs(clientssl, curr->list, curr->listlen);
1527 else
1528 ret = SSL_set1_sigalgs_list(clientssl, curr->liststr);
1529 if (!ret) {
1530 if (curr->valid)
710756a9 1531 TEST_info("Failure setting sigalgs in SSL (%d)\n", idx);
f1b25aae
MC		 1532 else
1533 testresult = 1;
1534 goto end;
1535 }
710756a9 1536 if (!curr->valid)
f1b25aae 1537 goto end;
f1b25aae
MC		 1538 }
1539
710756a9
RS		 1540 if (!TEST_int_eq(create_ssl_connection(serverssl, clientssl,
1541 SSL_ERROR_NONE),
1542 curr->connsuccess))
f1b25aae 1543 goto end;
f1b25aae
MC		 1544
1545 testresult = 1;
1546
1547 end:
1548 SSL_free(serverssl);
1549 SSL_free(clientssl);
1550 SSL_CTX_free(sctx);
1551 SSL_CTX_free(cctx);
1552
1553 return testresult;
1554}
c423ecaa 1555#endif
f1b25aae 1556
fff202e5
MC		 1557#ifndef OPENSSL_NO_TLS1_3
1558
57dee9bb
MC		 1559static SSL_SESSION *clientpsk = NULL;
1560static SSL_SESSION *serverpsk = NULL;
02a3ed5a
MC		 1561static const char *pskid = "Identity";
1562static const char *srvid;
1563
1564static int use_session_cb_cnt = 0;
1565static int find_session_cb_cnt = 0;
532f9578
MC		 1566static int psk_client_cb_cnt = 0;
1567static int psk_server_cb_cnt = 0;
02a3ed5a
MC		 1568
1569static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id,
1570 size_t *idlen, SSL_SESSION **sess)
1571{
1572 switch (++use_session_cb_cnt) {
1573 case 1:
1574 /* The first call should always have a NULL md */
1575 if (md != NULL)
1576 return 0;
1577 break;
1578
1579 case 2:
1580 /* The second call should always have an md */
1581 if (md == NULL)
1582 return 0;
1583 break;
1584
1585 default:
1586 /* We should only be called a maximum of twice */
1587 return 0;
1588 }
1589
57dee9bb
MC		 1590 if (clientpsk != NULL)
1591 SSL_SESSION_up_ref(clientpsk);
02a3ed5a 1592
57dee9bb 1593 *sess = clientpsk;
02a3ed5a
MC		 1594 *id = (const unsigned char *)pskid;
1595 *idlen = strlen(pskid);
1596
1597 return 1;
1598}
1599
c2b290c3 1600#ifndef OPENSSL_NO_PSK
532f9578
MC		 1601static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *id,
1602 unsigned int max_id_len,
1603 unsigned char *psk,
1604 unsigned int max_psk_len)
1605{
1606 unsigned int psklen = 0;
1607
1608 psk_client_cb_cnt++;
1609
1610 if (strlen(pskid) + 1 > max_id_len)
1611 return 0;
1612
1613 /* We should only ever be called a maximum of twice per connection */
1614 if (psk_client_cb_cnt > 2)
1615 return 0;
1616
1617 if (clientpsk == NULL)
1618 return 0;
1619
1620 /* We'll reuse the PSK we set up for TLSv1.3 */
1621 if (SSL_SESSION_get_master_key(clientpsk, NULL, 0) > max_psk_len)
1622 return 0;
1623 psklen = SSL_SESSION_get_master_key(clientpsk, psk, max_psk_len);
1624 strncpy(id, pskid, max_id_len);
1625
1626 return psklen;
1627}
c2b290c3 1628#endif /* OPENSSL_NO_PSK */
532f9578 1629
02a3ed5a
MC		 1630static int find_session_cb(SSL *ssl, const unsigned char *identity,
1631 size_t identity_len, SSL_SESSION **sess)
1632{
1633 find_session_cb_cnt++;
1634
1635 /* We should only ever be called a maximum of twice per connection */
1636 if (find_session_cb_cnt > 2)
1637 return 0;
1638
57dee9bb 1639 if (serverpsk == NULL)
02a3ed5a
MC		 1640 return 0;
1641
1642 /* Identity should match that set by the client */
1643 if (strlen(srvid) != identity_len
1644 || strncmp(srvid, (const char *)identity, identity_len) != 0) {
1645 /* No PSK found, continue but without a PSK */
1646 *sess = NULL;
1647 return 1;
1648 }
1649
57dee9bb
MC		 1650 SSL_SESSION_up_ref(serverpsk);
1651 *sess = serverpsk;
02a3ed5a
MC		 1652
1653 return 1;
1654}
1655
c2b290c3 1656#ifndef OPENSSL_NO_PSK
532f9578
MC		 1657static unsigned int psk_server_cb(SSL *ssl, const char *identity,
1658 unsigned char *psk, unsigned int max_psk_len)
1659{
1660 unsigned int psklen = 0;
1661
1662 psk_server_cb_cnt++;
1663
1664 /* We should only ever be called a maximum of twice per connection */
1665 if (find_session_cb_cnt > 2)
1666 return 0;
1667
1668 if (serverpsk == NULL)
1669 return 0;
1670
1671 /* Identity should match that set by the client */
1672 if (strcmp(srvid, identity) != 0) {
1673 return 0;
1674 }
1675
1676 /* We'll reuse the PSK we set up for TLSv1.3 */
1677 if (SSL_SESSION_get_master_key(serverpsk, NULL, 0) > max_psk_len)
1678 return 0;
1679 psklen = SSL_SESSION_get_master_key(serverpsk, psk, max_psk_len);
1680
1681 return psklen;
1682}
c2b290c3 1683#endif /* OPENSSL_NO_PSK */
532f9578 1684
5f982038
MC		 1685#define MSG1 "Hello"
1686#define MSG2 "World."
1687#define MSG3 "This"
1688#define MSG4 "is"
1689#define MSG5 "a"
90049cea
MC		 1690#define MSG6 "test"
1691#define MSG7 "message."
5f982038 1692
02a3ed5a 1693#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02")
532f9578 1694#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01")
02a3ed5a 1695
5f982038
MC		 1696/*
1697 * Helper method to setup objects for early data test. Caller frees objects on
1698 * error.
1699 */
1700static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl,
3cb47b4e 1701 SSL **serverssl, SSL_SESSION **sess, int idx)
5f982038 1702{
7d7f6834
RL		 1703 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
1704 TLS1_VERSION, TLS_MAX_VERSION,
1705 sctx, cctx, cert, privkey))
c39e4048 1706 || !TEST_true(SSL_CTX_set_max_early_data(*sctx,
c39e4048 1707 SSL3_RT_MAX_PLAIN_LENGTH)))
5f982038 1708 return 0;
5f982038 1709
02a3ed5a
MC		 1710 if (idx == 1) {
1711 /* When idx == 1 we repeat the tests with read_ahead set */
3cb47b4e
MC		 1712 SSL_CTX_set_read_ahead(*cctx, 1);
1713 SSL_CTX_set_read_ahead(*sctx, 1);
02a3ed5a
MC		 1714 } else if (idx == 2) {
1715 /* When idx == 2 we are doing early_data with a PSK. Set up callbacks */
1716 SSL_CTX_set_psk_use_session_callback(*cctx, use_session_cb);
1717 SSL_CTX_set_psk_find_session_callback(*sctx, find_session_cb);
1718 use_session_cb_cnt = 0;
1719 find_session_cb_cnt = 0;
1720 srvid = pskid;
3cb47b4e
MC		 1721 }
1722
710756a9 1723 if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl, clientssl,
02a3ed5a
MC		 1724 NULL, NULL)))
1725 return 0;
1726
141e4709
MC		 1727 /*
1728 * For one of the run throughs (doesn't matter which one), we'll try sending
1729 * some SNI data in the initial ClientHello. This will be ignored (because
1730 * there is no SNI cb set up by the server), so it should not impact
1731 * early_data.
1732 */
1733 if (idx == 1
1734 && !TEST_true(SSL_set_tlsext_host_name(*clientssl, "localhost")))
1735 return 0;
1736
02a3ed5a
MC		 1737 if (idx == 2) {
1738 /* Create the PSK */
1739 const SSL_CIPHER *cipher = NULL;
1740 const unsigned char key[] = {
1741 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
1742 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
1743 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
1744 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
1745 0x2c, 0x2d, 0x2e, 0x2f
1746 };
1747
1748 cipher = SSL_CIPHER_find(*clientssl, TLS13_AES_256_GCM_SHA384_BYTES);
57dee9bb
MC		 1749 clientpsk = SSL_SESSION_new();
1750 if (!TEST_ptr(clientpsk)
02a3ed5a 1751 || !TEST_ptr(cipher)
57dee9bb 1752 || !TEST_true(SSL_SESSION_set1_master_key(clientpsk, key,
02a3ed5a 1753 sizeof(key)))
57dee9bb 1754 || !TEST_true(SSL_SESSION_set_cipher(clientpsk, cipher))
02a3ed5a 1755 || !TEST_true(
57dee9bb 1756 SSL_SESSION_set_protocol_version(clientpsk,
02a3ed5a
MC		 1757 TLS1_3_VERSION))
1758 /*
1759 * We just choose an arbitrary value for max_early_data which
1760 * should be big enough for testing purposes.
1761 */
57dee9bb
MC		 1762 || !TEST_true(SSL_SESSION_set_max_early_data(clientpsk,
1763 0x100))
1764 || !TEST_true(SSL_SESSION_up_ref(clientpsk))) {
1765 SSL_SESSION_free(clientpsk);
1766 clientpsk = NULL;
02a3ed5a
MC		 1767 return 0;
1768 }
57dee9bb 1769 serverpsk = clientpsk;
02a3ed5a
MC		 1770
1771 if (sess != NULL)
57dee9bb 1772 *sess = clientpsk;
02a3ed5a
MC		 1773 return 1;
1774 }
1775
1776 if (sess == NULL)
1777 return 1;
1778
1779 if (!TEST_true(create_ssl_connection(*serverssl, *clientssl,
1780 SSL_ERROR_NONE)))
5f982038 1781 return 0;
5f982038
MC		 1782
1783 *sess = SSL_get1_session(*clientssl);
5f982038
MC		 1784 SSL_shutdown(*clientssl);
1785 SSL_shutdown(*serverssl);
5f982038
MC		 1786 SSL_free(*serverssl);
1787 SSL_free(*clientssl);
1788 *serverssl = *clientssl = NULL;
1789
710756a9
RS		 1790 if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl,
1791 clientssl, NULL, NULL))
1792 || !TEST_true(SSL_set_session(*clientssl, *sess)))
5f982038 1793 return 0;
5f982038
MC		 1794
1795 return 1;
1796}
1797
3cb47b4e 1798static int test_early_data_read_write(int idx)
5f982038
MC		 1799{
1800 SSL_CTX *cctx = NULL, *sctx = NULL;
1801 SSL *clientssl = NULL, *serverssl = NULL;
1802 int testresult = 0;
1803 SSL_SESSION *sess = NULL;
9b5c865d
MC		 1804 unsigned char buf[20], data[1024];
1805 size_t readbytes, written, eoedlen, rawread, rawwritten;
1806 BIO *rbio;
5f982038 1807
710756a9
RS		 1808 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
1809 &serverssl, &sess, idx)))
5f982038
MC		 1810 goto end;
1811
1812 /* Write and read some early data */
710756a9
RS		 1813 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1814 &written))
1815 || !TEST_size_t_eq(written, strlen(MSG1))
1816 || !TEST_int_eq(SSL_read_early_data(serverssl, buf,
1817 sizeof(buf), &readbytes),
1818 SSL_READ_EARLY_DATA_SUCCESS)
1819 || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
1820 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1821 SSL_EARLY_DATA_ACCEPTED))
5f982038 1822 goto end;
5f982038
MC		 1823
1824 /*
09f28874 1825 * Server should be able to write data, and client should be able to
5f982038
MC		 1826 * read it.
1827 */
710756a9
RS		 1828 if (!TEST_true(SSL_write_early_data(serverssl, MSG2, strlen(MSG2),
1829 &written))
1830 || !TEST_size_t_eq(written, strlen(MSG2))
1831 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1832 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 1833 goto end;
5f982038
MC		 1834
1835 /* Even after reading normal data, client should be able write early data */
710756a9
RS		 1836 if (!TEST_true(SSL_write_early_data(clientssl, MSG3, strlen(MSG3),
1837 &written))
1838 || !TEST_size_t_eq(written, strlen(MSG3)))
5f982038 1839 goto end;
5f982038 1840
09f28874 1841 /* Server should still be able read early data after writing data */
710756a9
RS		 1842 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1843 &readbytes),
1844 SSL_READ_EARLY_DATA_SUCCESS)
1845 || !TEST_mem_eq(buf, readbytes, MSG3, strlen(MSG3)))
5f982038 1846 goto end;
5f982038 1847
09f28874 1848 /* Write more data from server and read it from client */
710756a9
RS		 1849 if (!TEST_true(SSL_write_early_data(serverssl, MSG4, strlen(MSG4),
1850 &written))
1851 || !TEST_size_t_eq(written, strlen(MSG4))
1852 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1853 || !TEST_mem_eq(buf, readbytes, MSG4, strlen(MSG4)))
5f982038 1854 goto end;
5f982038
MC		 1855
1856 /*
1857 * If client writes normal data it should mean writing early data is no
1858 * longer possible.
1859 */
710756a9
RS		 1860 if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written))
1861 || !TEST_size_t_eq(written, strlen(MSG5))
1862 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1863 SSL_EARLY_DATA_ACCEPTED))
5f982038 1864 goto end;
5f982038 1865
9b5c865d
MC		 1866 /*
1867 * At this point the client has written EndOfEarlyData, ClientFinished and
1868 * normal (fully protected) data. We are going to cause a delay between the
1869 * arrival of EndOfEarlyData and ClientFinished. We read out all the data
1870 * in the read BIO, and then just put back the EndOfEarlyData message.
1871 */
1872 rbio = SSL_get_rbio(serverssl);
710756a9
RS		 1873 if (!TEST_true(BIO_read_ex(rbio, data, sizeof(data), &rawread))
1874 || !TEST_size_t_lt(rawread, sizeof(data))
1875 || !TEST_size_t_gt(rawread, SSL3_RT_HEADER_LENGTH))
9b5c865d 1876 goto end;
710756a9 1877
9b5c865d
MC		 1878 /* Record length is in the 4th and 5th bytes of the record header */
1879 eoedlen = SSL3_RT_HEADER_LENGTH + (data[3] << 8 | data[4]);
710756a9
RS		 1880 if (!TEST_true(BIO_write_ex(rbio, data, eoedlen, &rawwritten))
1881 || !TEST_size_t_eq(rawwritten, eoedlen))
9b5c865d 1882 goto end;
9b5c865d 1883
5f982038 1884 /* Server should be told that there is no more early data */
710756a9
RS		 1885 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1886 &readbytes),
1887 SSL_READ_EARLY_DATA_FINISH)
1888 || !TEST_size_t_eq(readbytes, 0))
5f982038 1889 goto end;
5f982038 1890
9b5c865d
MC		 1891 /*
1892 * Server has not finished init yet, so should still be able to write early
1893 * data.
1894 */
710756a9
RS		 1895 if (!TEST_true(SSL_write_early_data(serverssl, MSG6, strlen(MSG6),
1896 &written))
1897 || !TEST_size_t_eq(written, strlen(MSG6)))
9b5c865d 1898 goto end;
9b5c865d 1899
f8a303fa 1900 /* Push the ClientFinished and the normal data back into the server rbio */
710756a9
RS		 1901 if (!TEST_true(BIO_write_ex(rbio, data + eoedlen, rawread - eoedlen,
1902 &rawwritten))
1903 || !TEST_size_t_eq(rawwritten, rawread - eoedlen))
f8a303fa 1904 goto end;
f8a303fa 1905
5f982038 1906 /* Server should be able to read normal data */
710756a9
RS		 1907 if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1908 || !TEST_size_t_eq(readbytes, strlen(MSG5)))
5f982038 1909 goto end;
5f982038 1910
09f28874 1911 /* Client and server should not be able to write/read early data now */
710756a9
RS		 1912 if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6),
1913 &written)))
5f982038 1914 goto end;
5f982038 1915 ERR_clear_error();
710756a9
RS		 1916 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1917 &readbytes),
1918 SSL_READ_EARLY_DATA_ERROR))
5f982038 1919 goto end;
5f982038
MC		 1920 ERR_clear_error();
1921
9b5c865d 1922 /* Client should be able to read the data sent by the server */
710756a9
RS		 1923 if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1924 || !TEST_mem_eq(buf, readbytes, MSG6, strlen(MSG6)))
9b5c865d 1925 goto end;
710756a9 1926
f8a303fa
MC		 1927 /*
1928 * Make sure we process the NewSessionTicket. This arrives post-handshake.
1929 * We attempt a read which we do not expect to return any data.
1930 */
710756a9 1931 if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)))
f8a303fa 1932 goto end;
5f982038 1933
90049cea 1934 /* Server should be able to write normal data */
710756a9
RS		 1935 if (!TEST_true(SSL_write_ex(serverssl, MSG7, strlen(MSG7), &written))
1936 || !TEST_size_t_eq(written, strlen(MSG7))
1937 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1938 || !TEST_mem_eq(buf, readbytes, MSG7, strlen(MSG7)))
90049cea 1939 goto end;
90049cea 1940
02a3ed5a
MC		 1941 /* We keep the PSK session around if using PSK */
1942 if (idx != 2)
1943 SSL_SESSION_free(sess);
5f982038 1944 sess = SSL_get1_session(clientssl);
02a3ed5a
MC		 1945 use_session_cb_cnt = 0;
1946 find_session_cb_cnt = 0;
5f982038
MC		 1947
1948 SSL_shutdown(clientssl);
1949 SSL_shutdown(serverssl);
5f982038
MC		 1950 SSL_free(serverssl);
1951 SSL_free(clientssl);
1952 serverssl = clientssl = NULL;
710756a9
RS		 1953 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1954 &clientssl, NULL, NULL))
1955 || !TEST_true(SSL_set_session(clientssl, sess)))
5f982038 1956 goto end;
5f982038
MC		 1957
1958 /* Write and read some early data */
710756a9
RS		 1959 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1960 &written))
1961 || !TEST_size_t_eq(written, strlen(MSG1))
1962 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1963 &readbytes),
1964 SSL_READ_EARLY_DATA_SUCCESS)
1965 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)))
5f982038 1966 goto end;
5f982038 1967
710756a9
RS		 1968 if (!TEST_int_gt(SSL_connect(clientssl), 0)
1969 || !TEST_int_gt(SSL_accept(serverssl), 0))
5f982038 1970 goto end;
5f982038 1971
09f28874 1972 /* Client and server should not be able to write/read early data now */
710756a9
RS		 1973 if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6),
1974 &written)))
5f982038 1975 goto end;
5f982038 1976 ERR_clear_error();
710756a9
RS		 1977 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1978 &readbytes),
1979 SSL_READ_EARLY_DATA_ERROR))
5f982038 1980 goto end;
5f982038
MC		 1981 ERR_clear_error();
1982
1983 /* Client and server should be able to write/read normal data */
710756a9
RS		 1984 if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written))
1985 || !TEST_size_t_eq(written, strlen(MSG5))
1986 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1987 || !TEST_size_t_eq(readbytes, strlen(MSG5)))
5f982038 1988 goto end;
5f982038
MC		 1989
1990 testresult = 1;
1991
1992 end:
57dee9bb
MC		 1993 if (sess != clientpsk)
1994 SSL_SESSION_free(sess);
1995 SSL_SESSION_free(clientpsk);
1996 SSL_SESSION_free(serverpsk);
1997 clientpsk = serverpsk = NULL;
5f982038
MC		 1998 SSL_free(serverssl);
1999 SSL_free(clientssl);
2000 SSL_CTX_free(sctx);
2001 SSL_CTX_free(cctx);
5f982038
MC		 2002 return testresult;
2003}
2004
78fb5374
MC		 2005static int test_early_data_replay(int idx)
2006{
2007 SSL_CTX *cctx = NULL, *sctx = NULL;
2008 SSL *clientssl = NULL, *serverssl = NULL;
2009 int testresult = 0;
2010 SSL_SESSION *sess = NULL;
2011
2012 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
2013 &serverssl, &sess, idx)))
2014 goto end;
2015
2016 /*
2017 * The server is configured to accept early data. Create a connection to
2018 * "use up" the ticket
2019 */
2020 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
2021 || !TEST_true(SSL_session_reused(clientssl)))
2022 goto end;
2023
2024 SSL_shutdown(clientssl);
2025 SSL_shutdown(serverssl);
2026 SSL_free(serverssl);
2027 SSL_free(clientssl);
2028 serverssl = clientssl = NULL;
2029
2030 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
2031 &clientssl, NULL, NULL))
2032 || !TEST_true(SSL_set_session(clientssl, sess))
2033 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2034 SSL_ERROR_NONE))
2035 /*
2036 * This time we should not have resumed the session because we
2037 * already used it once.
2038 */
2039 || !TEST_false(SSL_session_reused(clientssl)))
2040 goto end;
2041
2042 testresult = 1;
2043
2044 end:
2045 if (sess != clientpsk)
2046 SSL_SESSION_free(sess);
2047 SSL_SESSION_free(clientpsk);
2048 SSL_SESSION_free(serverpsk);
2049 clientpsk = serverpsk = NULL;
2050 SSL_free(serverssl);
2051 SSL_free(clientssl);
2052 SSL_CTX_free(sctx);
2053 SSL_CTX_free(cctx);
2054 return testresult;
2055}
2056
710756a9 2057/*
6b84e6bf
MC		 2058 * Helper function to test that a server attempting to read early data can
2059 * handle a connection from a client where the early data should be skipped.
710756a9 2060 */
6b84e6bf 2061static int early_data_skip_helper(int hrr, int idx)
5f982038
MC		 2062{
2063 SSL_CTX *cctx = NULL, *sctx = NULL;
2064 SSL *clientssl = NULL, *serverssl = NULL;
2065 int testresult = 0;
018fcbec 2066 SSL_SESSION *sess = NULL;
5f982038
MC		 2067 unsigned char buf[20];
2068 size_t readbytes, written;
2069
710756a9
RS		 2070 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
2071 &serverssl, &sess, idx)))
5f982038
MC		 2072 goto end;
2073
6b84e6bf
MC		 2074 if (hrr) {
2075 /* Force an HRR to occur */
2076 if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
2077 goto end;
02a3ed5a
MC		 2078 } else if (idx == 2) {
2079 /*
2080 * We force early_data rejection by ensuring the PSK identity is
2081 * unrecognised
2082 */
2083 srvid = "Dummy Identity";
6b84e6bf
MC		 2084 } else {
2085 /*
2086 * Deliberately corrupt the creation time. We take 20 seconds off the
2087 * time. It could be any value as long as it is not within tolerance.
2088 * This should mean the ticket is rejected.
2089 */
5d99881e 2090 if (!TEST_true(SSL_SESSION_set_time(sess, (long)(time(NULL) - 20))))
6b84e6bf
MC		 2091 goto end;
2092 }
5f982038
MC		 2093
2094 /* Write some early data */
710756a9
RS		 2095 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
2096 &written))
2097 || !TEST_size_t_eq(written, strlen(MSG1)))
5f982038 2098 goto end;
5f982038
MC		 2099
2100 /* Server should reject the early data and skip over it */
710756a9
RS		 2101 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
2102 &readbytes),
2103 SSL_READ_EARLY_DATA_FINISH)
2104 || !TEST_size_t_eq(readbytes, 0)
2105 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
2106 SSL_EARLY_DATA_REJECTED))
5f982038 2107 goto end;
5f982038 2108
6b84e6bf
MC		 2109 if (hrr) {
2110 /*
2111 * Finish off the handshake. We perform the same writes and reads as
2112 * further down but we expect them to fail due to the incomplete
2113 * handshake.
2114 */
2115 if (!TEST_false(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
2116 || !TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf),
2117 &readbytes)))
2118 goto end;
2119 }
2120
710756a9
RS		 2121 /* Should be able to send normal data despite rejection of early data */
2122 if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
2123 || !TEST_size_t_eq(written, strlen(MSG2))
2124 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
2125 SSL_EARLY_DATA_REJECTED)
2126 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
2127 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 2128 goto end;
5f982038
MC		 2129
2130 testresult = 1;
2131
2132 end:
57dee9bb
MC		 2133 if (sess != clientpsk)
2134 SSL_SESSION_free(clientpsk);
2135 SSL_SESSION_free(serverpsk);
2136 clientpsk = serverpsk = NULL;
5f982038
MC		 2137 SSL_SESSION_free(sess);
2138 SSL_free(serverssl);
2139 SSL_free(clientssl);
2140 SSL_CTX_free(sctx);
2141 SSL_CTX_free(cctx);
5f982038
MC		 2142 return testresult;
2143}
2144
6b84e6bf
MC		 2145/*
2146 * Test that a server attempting to read early data can handle a connection
2147 * from a client where the early data is not acceptable.
2148 */
2149static int test_early_data_skip(int idx)
2150{
2151 return early_data_skip_helper(0, idx);
2152}
2153
2154/*
2155 * Test that a server attempting to read early data can handle a connection
2156 * from a client where an HRR occurs.
2157 */
2158static int test_early_data_skip_hrr(int idx)
2159{
2160 return early_data_skip_helper(1, idx);
2161}
2162
710756a9
RS		 2163/*
2164 * Test that a server attempting to read early data can handle a connection
2165 * from a client that doesn't send any.
2166 */
3cb47b4e 2167static int test_early_data_not_sent(int idx)
5f982038
MC		 2168{
2169 SSL_CTX *cctx = NULL, *sctx = NULL;
2170 SSL *clientssl = NULL, *serverssl = NULL;
2171 int testresult = 0;
018fcbec 2172 SSL_SESSION *sess = NULL;
5f982038
MC		 2173 unsigned char buf[20];
2174 size_t readbytes, written;
2175
710756a9
RS		 2176 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
2177 &serverssl, &sess, idx)))
5f982038
MC		 2178 goto end;
2179
2180 /* Write some data - should block due to handshake with server */
2181 SSL_set_connect_state(clientssl);
710756a9 2182 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)))
5f982038 2183 goto end;
5f982038
MC		 2184
2185 /* Server should detect that early data has not been sent */
710756a9
RS		 2186 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
2187 &readbytes),
2188 SSL_READ_EARLY_DATA_FINISH)
2189 || !TEST_size_t_eq(readbytes, 0)
2190 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
2191 SSL_EARLY_DATA_NOT_SENT)
2192 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
2193 SSL_EARLY_DATA_NOT_SENT))
5f982038 2194 goto end;
5f982038
MC		 2195
2196 /* Continue writing the message we started earlier */
710756a9
RS		 2197 if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
2198 || !TEST_size_t_eq(written, strlen(MSG1))
2199 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
2200 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
2201 || !SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written)
2202 || !TEST_size_t_eq(written, strlen(MSG2)))
5f982038 2203 goto end;
5f982038 2204
3cb47b4e
MC		 2205 /*
2206 * Should block due to the NewSessionTicket arrival unless we're using
2207 * read_ahead
2208 */
02a3ed5a 2209 if (idx != 1) {
710756a9 2210 if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)))
3cb47b4e 2211 goto end;
5f982038
MC		 2212 }
2213
710756a9
RS		 2214 if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
2215 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 2216 goto end;
5f982038
MC		 2217
2218 testresult = 1;
2219
2220 end:
57dee9bb 2221 /* If using PSK then clientpsk and sess are the same */
5f982038 2222 SSL_SESSION_free(sess);
57dee9bb
MC		 2223 SSL_SESSION_free(serverpsk);
2224 clientpsk = serverpsk = NULL;
5f982038
MC		 2225 SSL_free(serverssl);
2226 SSL_free(clientssl);
2227 SSL_CTX_free(sctx);
2228 SSL_CTX_free(cctx);
5f982038
MC		 2229 return testresult;
2230}
2231
976e5323
MC		 2232static int hostname_cb(SSL *s, int *al, void *arg)
2233{
2234 const char *hostname = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
2235
281bf233 2236 if (hostname != NULL && strcmp(hostname, "goodhost") == 0)
976e5323
MC		 2237 return SSL_TLSEXT_ERR_OK;
2238
2239 return SSL_TLSEXT_ERR_NOACK;
2240}
2241
2242static const char *servalpn;
2243
c7558d5b
PY		 2244static int alpn_select_cb(SSL *ssl, const unsigned char **out,
2245 unsigned char *outlen, const unsigned char *in,
2246 unsigned int inlen, void *arg)
976e5323 2247{
c7558d5b 2248 unsigned int protlen = 0;
976e5323
MC		 2249 const unsigned char *prot;
2250
c7558d5b
PY		 2251 for (prot = in; prot < in + inlen; prot += protlen) {
2252 protlen = *prot++;
5d99881e 2253 if (in + inlen < prot + protlen)
976e5323
MC		 2254 return SSL_TLSEXT_ERR_NOACK;
2255
2256 if (protlen == strlen(servalpn)
0bd42fde 2257 && memcmp(prot, servalpn, protlen) == 0) {
976e5323
MC		 2258 *out = prot;
2259 *outlen = protlen;
2260 return SSL_TLSEXT_ERR_OK;
2261 }
2262 }
2263
2264 return SSL_TLSEXT_ERR_NOACK;
2265}
2266
57dee9bb 2267/* Test that a PSK can be used to send early_data */
976e5323
MC		 2268static int test_early_data_psk(int idx)
2269{
2270 SSL_CTX *cctx = NULL, *sctx = NULL;
2271 SSL *clientssl = NULL, *serverssl = NULL;
2272 int testresult = 0;
2273 SSL_SESSION *sess = NULL;
57dee9bb
MC		 2274 unsigned char alpnlist[] = {
2275 0x08, 'g', 'o', 'o', 'd', 'a', 'l', 'p', 'n', 0x07, 'b', 'a', 'd', 'a',
2276 'l', 'p', 'n'
2277 };
2278#define GOODALPNLEN 9
2279#define BADALPNLEN 8
2280#define GOODALPN (alpnlist)
2281#define BADALPN (alpnlist + GOODALPNLEN)
2282 int err = 0;
976e5323
MC		 2283 unsigned char buf[20];
2284 size_t readbytes, written;
57dee9bb 2285 int readearlyres = SSL_READ_EARLY_DATA_SUCCESS, connectres = 1;
976e5323
MC		 2286 int edstatus = SSL_EARLY_DATA_ACCEPTED;
2287
2288 /* We always set this up with a final parameter of "2" for PSK */
2289 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
2290 &serverssl, &sess, 2)))
2291 goto end;
2292
976e5323
MC		 2293 servalpn = "goodalpn";
2294
57dee9bb
MC		 2295 /*
2296 * Note: There is no test for inconsistent SNI with late client detection.
2297 * This is because servers do not acknowledge SNI even if they are using
2298 * it in a resumption handshake - so it is not actually possible for a
2299 * client to detect a problem.
2300 */
976e5323
MC		 2301 switch (idx) {
2302 case 0:
57dee9bb 2303 /* Set inconsistent SNI (early client detection) */
976e5323
MC		 2304 err = SSL_R_INCONSISTENT_EARLY_DATA_SNI;
2305 if (!TEST_true(SSL_SESSION_set1_hostname(sess, "goodhost"))
2306 || !TEST_true(SSL_set_tlsext_host_name(clientssl, "badhost")))
2307 goto end;
2308 break;
2309
2310 case 1:
57dee9bb 2311 /* Set inconsistent ALPN (early client detection) */
976e5323
MC		 2312 err = SSL_R_INCONSISTENT_EARLY_DATA_ALPN;
2313 /* SSL_set_alpn_protos returns 0 for success and 1 for failure */
57dee9bb
MC		 2314 if (!TEST_true(SSL_SESSION_set1_alpn_selected(sess, GOODALPN,
2315 GOODALPNLEN))
2316 || !TEST_false(SSL_set_alpn_protos(clientssl, BADALPN,
2317 BADALPNLEN)))
976e5323
MC		 2318 goto end;
2319 break;
2320
2321 case 2:
2322 /*
2323 * Set invalid protocol version. Technically this affects PSKs without
2324 * early_data too, but we test it here because it is similar to the
2325 * SNI/ALPN consistency tests.
2326 */
2327 err = SSL_R_BAD_PSK;
2328 if (!TEST_true(SSL_SESSION_set_protocol_version(sess, TLS1_2_VERSION)))
2329 goto end;
2330 break;
2331
2332 case 3:
2333 /*
2334 * Set inconsistent SNI (server detected). In this case the connection
2335 * will succeed but reject early_data.
2336 */
281bf233
MC		 2337 SSL_SESSION_free(serverpsk);
2338 serverpsk = SSL_SESSION_dup(clientpsk);
2339 if (!TEST_ptr(serverpsk)
2340 || !TEST_true(SSL_SESSION_set1_hostname(serverpsk, "badhost")))
2341 goto end;
976e5323
MC		 2342 edstatus = SSL_EARLY_DATA_REJECTED;
2343 readearlyres = SSL_READ_EARLY_DATA_FINISH;
2344 /* Fall through */
2345 case 4:
2346 /* Set consistent SNI */
976e5323
MC		 2347 if (!TEST_true(SSL_SESSION_set1_hostname(sess, "goodhost"))
2348 || !TEST_true(SSL_set_tlsext_host_name(clientssl, "goodhost"))
2349 || !TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx,
2350 hostname_cb)))
2351 goto end;
2352 break;
2353
2354 case 5:
2355 /*
2356 * Set inconsistent ALPN (server detected). In this case the connection
2357 * will succeed but reject early_data.
2358 */
2359 servalpn = "badalpn";
2360 edstatus = SSL_EARLY_DATA_REJECTED;
2361 readearlyres = SSL_READ_EARLY_DATA_FINISH;
2362 /* Fall through */
2363 case 6:
976e5323 2364 /*
57dee9bb 2365 * Set consistent ALPN.
976e5323
MC		 2366 * SSL_set_alpn_protos returns 0 for success and 1 for failure. It
2367 * accepts a list of protos (each one length prefixed).
2368 * SSL_set1_alpn_selected accepts a single protocol (not length
2369 * prefixed)
2370 */
57dee9bb
MC		 2371 if (!TEST_true(SSL_SESSION_set1_alpn_selected(sess, GOODALPN + 1,
2372 GOODALPNLEN - 1))
2373 || !TEST_false(SSL_set_alpn_protos(clientssl, GOODALPN,
2374 GOODALPNLEN)))
976e5323
MC		 2375 goto end;
2376
2377 SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb, NULL);
2378 break;
2379
57dee9bb
MC		 2380 case 7:
2381 /* Set inconsistent ALPN (late client detection) */
2382 SSL_SESSION_free(serverpsk);
2383 serverpsk = SSL_SESSION_dup(clientpsk);
2384 if (!TEST_ptr(serverpsk)
2385 || !TEST_true(SSL_SESSION_set1_alpn_selected(clientpsk,
2386 BADALPN + 1,
2387 BADALPNLEN - 1))
2388 || !TEST_true(SSL_SESSION_set1_alpn_selected(serverpsk,
2389 GOODALPN + 1,
2390 GOODALPNLEN - 1))
2391 || !TEST_false(SSL_set_alpn_protos(clientssl, alpnlist,
2392 sizeof(alpnlist))))
2393 goto end;
2394 SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb, NULL);
2395 edstatus = SSL_EARLY_DATA_ACCEPTED;
2396 readearlyres = SSL_READ_EARLY_DATA_SUCCESS;
2397 /* SSL_connect() call should fail */
2398 connectres = -1;
2399 break;
2400
976e5323
MC		 2401 default:
2402 TEST_error("Bad test index");
2403 goto end;
2404 }
2405
2406 SSL_set_connect_state(clientssl);
2407 if (err != 0) {
2408 if (!TEST_false(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
2409 &written))
2410 || !TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_SSL)
2411 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), err))
2412 goto end;
2413 } else {
2414 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
57dee9bb
MC		 2415 &written)))
2416 goto end;
2417
2418 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
2419 &readbytes), readearlyres)
976e5323
MC		 2420 || (readearlyres == SSL_READ_EARLY_DATA_SUCCESS
2421 && !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)))
57dee9bb
MC		 2422 || !TEST_int_eq(SSL_get_early_data_status(serverssl), edstatus)
2423 || !TEST_int_eq(SSL_connect(clientssl), connectres))
976e5323
MC		 2424 goto end;
2425 }
2426
2427 testresult = 1;
2428
2429 end:
57dee9bb
MC		 2430 SSL_SESSION_free(clientpsk);
2431 SSL_SESSION_free(serverpsk);
2432 clientpsk = serverpsk = NULL;
976e5323
MC		 2433 SSL_free(serverssl);
2434 SSL_free(clientssl);
2435 SSL_CTX_free(sctx);
2436 SSL_CTX_free(cctx);
2437 return testresult;
2438}
2439
710756a9
RS		 2440/*
2441 * Test that a server that doesn't try to read early data can handle a
2442 * client sending some.
2443 */
3cb47b4e 2444static int test_early_data_not_expected(int idx)
5f982038
MC		 2445{
2446 SSL_CTX *cctx = NULL, *sctx = NULL;
2447 SSL *clientssl = NULL, *serverssl = NULL;
2448 int testresult = 0;
018fcbec 2449 SSL_SESSION *sess = NULL;
5f982038
MC		 2450 unsigned char buf[20];
2451 size_t readbytes, written;
2452
710756a9
RS		 2453 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
2454 &serverssl, &sess, idx)))
5f982038
MC		 2455 goto end;
2456
2457 /* Write some early data */
710756a9
RS		 2458 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
2459 &written)))
5f982038 2460 goto end;
5f982038
MC		 2461
2462 /*
2463 * Server should skip over early data and then block waiting for client to
2464 * continue handshake
2465 */
710756a9
RS		 2466 if (!TEST_int_le(SSL_accept(serverssl), 0)
2467 || !TEST_int_gt(SSL_connect(clientssl), 0)
2468 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
2469 SSL_EARLY_DATA_REJECTED)
2470 || !TEST_int_gt(SSL_accept(serverssl), 0)
2471 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
2472 SSL_EARLY_DATA_REJECTED))
5f982038 2473 goto end;
5f982038
MC		 2474
2475 /* Send some normal data from client to server */
710756a9
RS		 2476 if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
2477 || !TEST_size_t_eq(written, strlen(MSG2)))
5f982038 2478 goto end;
5f982038 2479
710756a9
RS		 2480 if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
2481 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 2482 goto end;
5f982038
MC		 2483
2484 testresult = 1;
2485
2486 end:
57dee9bb 2487 /* If using PSK then clientpsk and sess are the same */
5f982038 2488 SSL_SESSION_free(sess);
57dee9bb
MC		 2489 SSL_SESSION_free(serverpsk);
2490 clientpsk = serverpsk = NULL;
5f982038
MC		 2491 SSL_free(serverssl);
2492 SSL_free(clientssl);
2493 SSL_CTX_free(sctx);
2494 SSL_CTX_free(cctx);
5f982038
MC		 2495 return testresult;
2496}
2497
2498
2499# ifndef OPENSSL_NO_TLS1_2
710756a9
RS		 2500/*
2501 * Test that a server attempting to read early data can handle a connection
2502 * from a TLSv1.2 client.
2503 */
3cb47b4e 2504static int test_early_data_tls1_2(int idx)
5f982038
MC		 2505{
2506 SSL_CTX *cctx = NULL, *sctx = NULL;
2507 SSL *clientssl = NULL, *serverssl = NULL;
2508 int testresult = 0;
2509 unsigned char buf[20];
2510 size_t readbytes, written;
2511
02a3ed5a
MC		 2512 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
2513 &serverssl, NULL, idx)))
5f982038 2514 goto end;
5f982038
MC		 2515
2516 /* Write some data - should block due to handshake with server */
2517 SSL_set_max_proto_version(clientssl, TLS1_2_VERSION);
2518 SSL_set_connect_state(clientssl);
710756a9 2519 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)))
5f982038 2520 goto end;
5f982038
MC		 2521
2522 /*
2523 * Server should do TLSv1.2 handshake. First it will block waiting for more
f533fbd4
MC		 2524 * messages from client after ServerDone. Then SSL_read_early_data should
2525 * finish and detect that early data has not been sent
5f982038 2526 */
710756a9
RS		 2527 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
2528 &readbytes),
2529 SSL_READ_EARLY_DATA_ERROR))
5f982038 2530 goto end;
5f982038
MC		 2531
2532 /*
2533 * Continue writing the message we started earlier. Will still block waiting
2534 * for the CCS/Finished from server
2535 */
710756a9
RS		 2536 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
2537 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
2538 &readbytes),
2539 SSL_READ_EARLY_DATA_FINISH)
2540 || !TEST_size_t_eq(readbytes, 0)
2541 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
2542 SSL_EARLY_DATA_NOT_SENT))
5f982038 2543 goto end;
5f982038
MC		 2544
2545 /* Continue writing the message we started earlier */
710756a9
RS		 2546 if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
2547 || !TEST_size_t_eq(written, strlen(MSG1))
2548 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
2549 SSL_EARLY_DATA_NOT_SENT)
2550 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
2551 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
2552 || !TEST_true(SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written))
2553 || !TEST_size_t_eq(written, strlen(MSG2))
2554 || !SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)
2555 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 2556 goto end;
5f982038
MC		 2557
2558 testresult = 1;
2559
2560 end:
57dee9bb
MC		 2561 /* If using PSK then clientpsk and sess are the same */
2562 SSL_SESSION_free(clientpsk);
2563 SSL_SESSION_free(serverpsk);
2564 clientpsk = serverpsk = NULL;
5f982038
MC		 2565 SSL_free(serverssl);
2566 SSL_free(clientssl);
2567 SSL_CTX_free(sctx);
2568 SSL_CTX_free(cctx);
2569
2570 return testresult;
2571}
ca0413ae
MC		 2572# endif /* OPENSSL_NO_TLS1_2 */
2573
034cb87b
MC		 2574/*
2575 * Test configuring the TLSv1.3 ciphersuites
2576 *
2577 * Test 0: Set a default ciphersuite in the SSL_CTX (no explicit cipher_list)
2578 * Test 1: Set a non-default ciphersuite in the SSL_CTX (no explicit cipher_list)
2579 * Test 2: Set a default ciphersuite in the SSL (no explicit cipher_list)
2580 * Test 3: Set a non-default ciphersuite in the SSL (no explicit cipher_list)
2581 * Test 4: Set a default ciphersuite in the SSL_CTX (SSL_CTX cipher_list)
2582 * Test 5: Set a non-default ciphersuite in the SSL_CTX (SSL_CTX cipher_list)
2583 * Test 6: Set a default ciphersuite in the SSL (SSL_CTX cipher_list)
2584 * Test 7: Set a non-default ciphersuite in the SSL (SSL_CTX cipher_list)
2585 * Test 8: Set a default ciphersuite in the SSL (SSL cipher_list)
2586 * Test 9: Set a non-default ciphersuite in the SSL (SSL cipher_list)
2587 */
2588static int test_set_ciphersuite(int idx)
2589{
2590 SSL_CTX *cctx = NULL, *sctx = NULL;
2591 SSL *clientssl = NULL, *serverssl = NULL;
2592 int testresult = 0;
2593
2594 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
2595 TLS1_VERSION, TLS_MAX_VERSION,
2596 &sctx, &cctx, cert, privkey))
2597 || !TEST_true(SSL_CTX_set_ciphersuites(sctx,
2598 "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256")))
2599 goto end;
2600
2601 if (idx >=4 && idx <= 7) {
2602 /* SSL_CTX explicit cipher list */
2603 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES256-GCM-SHA384")))
2604 goto end;
2605 }
2606
2607 if (idx == 0 || idx == 4) {
2608 /* Default ciphersuite */
2609 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
2610 "TLS_AES_128_GCM_SHA256")))
2611 goto end;
2612 } else if (idx == 1 || idx == 5) {
2613 /* Non default ciphersuite */
2614 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
2615 "TLS_AES_128_CCM_SHA256")))
2616 goto end;
2617 }
2618
2619 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
2620 &clientssl, NULL, NULL)))
2621 goto end;
2622
2623 if (idx == 8 || idx == 9) {
2624 /* SSL explicit cipher list */
2625 if (!TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384")))
2626 goto end;
2627 }
2628
2629 if (idx == 2 || idx == 6 || idx == 8) {
2630 /* Default ciphersuite */
2631 if (!TEST_true(SSL_set_ciphersuites(clientssl,
2632 "TLS_AES_128_GCM_SHA256")))
2633 goto end;
2634 } else if (idx == 3 || idx == 7 || idx == 9) {
2635 /* Non default ciphersuite */
2636 if (!TEST_true(SSL_set_ciphersuites(clientssl,
2637 "TLS_AES_128_CCM_SHA256")))
2638 goto end;
2639 }
2640
2641 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
2642 goto end;
2643
2644 testresult = 1;
2645
2646 end:
2647 SSL_free(serverssl);
2648 SSL_free(clientssl);
2649 SSL_CTX_free(sctx);
2650 SSL_CTX_free(cctx);
2651
2652 return testresult;
2653}
2654
ca0413ae
MC		 2655static int test_ciphersuite_change(void)
2656{
2657 SSL_CTX *cctx = NULL, *sctx = NULL;
2658 SSL *clientssl = NULL, *serverssl = NULL;
2659 SSL_SESSION *clntsess = NULL;
2660 int testresult = 0;
2661 const SSL_CIPHER *aes_128_gcm_sha256 = NULL;
2662
2663 /* Create a session based on SHA-256 */
7d7f6834
RL		 2664 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
2665 TLS1_VERSION, TLS_MAX_VERSION,
2666 &sctx, &cctx, cert, privkey))
f865b081
MC		 2667 || !TEST_true(SSL_CTX_set_ciphersuites(cctx,
2668 "TLS_AES_128_GCM_SHA256"))
ca0413ae
MC		 2669 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
2670 &clientssl, NULL, NULL))
2671 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2672 SSL_ERROR_NONE)))
2673 goto end;
2674
2675 clntsess = SSL_get1_session(clientssl);
2676 /* Save for later */
2677 aes_128_gcm_sha256 = SSL_SESSION_get0_cipher(clntsess);
2678 SSL_shutdown(clientssl);
2679 SSL_shutdown(serverssl);
2680 SSL_free(serverssl);
2681 SSL_free(clientssl);
2682 serverssl = clientssl = NULL;
2683
71cff963 2684# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
ca0413ae 2685 /* Check we can resume a session with a different SHA-256 ciphersuite */
f865b081
MC		 2686 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
2687 "TLS_CHACHA20_POLY1305_SHA256"))
ca0413ae
MC		 2688 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2689 NULL, NULL))
2690 || !TEST_true(SSL_set_session(clientssl, clntsess))
2691 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2692 SSL_ERROR_NONE))
2693 || !TEST_true(SSL_session_reused(clientssl)))
2694 goto end;
2695
2696 SSL_SESSION_free(clntsess);
2697 clntsess = SSL_get1_session(clientssl);
2698 SSL_shutdown(clientssl);
2699 SSL_shutdown(serverssl);
2700 SSL_free(serverssl);
2701 SSL_free(clientssl);
2702 serverssl = clientssl = NULL;
71cff963 2703# endif
ca0413ae
MC		 2704
2705 /*
2706 * Check attempting to resume a SHA-256 session with no SHA-256 ciphersuites
0de6d66d 2707 * succeeds but does not resume.
ca0413ae 2708 */
f865b081 2709 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_256_GCM_SHA384"))
ca0413ae
MC		 2710 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2711 NULL, NULL))
2712 || !TEST_true(SSL_set_session(clientssl, clntsess))
0de6d66d 2713 || !TEST_true(create_ssl_connection(serverssl, clientssl,
ca0413ae 2714 SSL_ERROR_SSL))
0de6d66d 2715 || !TEST_false(SSL_session_reused(clientssl)))
ca0413ae
MC		 2716 goto end;
2717
2718 SSL_SESSION_free(clntsess);
2719 clntsess = NULL;
2720 SSL_shutdown(clientssl);
2721 SSL_shutdown(serverssl);
2722 SSL_free(serverssl);
2723 SSL_free(clientssl);
2724 serverssl = clientssl = NULL;
2725
2726 /* Create a session based on SHA384 */
f865b081 2727 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_256_GCM_SHA384"))
ca0413ae
MC		 2728 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
2729 &clientssl, NULL, NULL))
2730 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2731 SSL_ERROR_NONE)))
2732 goto end;
2733
2734 clntsess = SSL_get1_session(clientssl);
2735 SSL_shutdown(clientssl);
2736 SSL_shutdown(serverssl);
2737 SSL_free(serverssl);
2738 SSL_free(clientssl);
2739 serverssl = clientssl = NULL;
2740
f865b081
MC		 2741 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
2742 "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384"))
2743 || !TEST_true(SSL_CTX_set_ciphersuites(sctx,
2744 "TLS_AES_256_GCM_SHA384"))
ca0413ae
MC		 2745 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2746 NULL, NULL))
2747 || !TEST_true(SSL_set_session(clientssl, clntsess))
3b0e88d3
MC		 2748 /*
2749 * We use SSL_ERROR_WANT_READ below so that we can pause the
2750 * connection after the initial ClientHello has been sent to
2751 * enable us to make some session changes.
2752 */
ca0413ae
MC		 2753 || !TEST_false(create_ssl_connection(serverssl, clientssl,
2754 SSL_ERROR_WANT_READ)))
2755 goto end;
2756
2757 /* Trick the client into thinking this session is for a different digest */
2758 clntsess->cipher = aes_128_gcm_sha256;
2759 clntsess->cipher_id = clntsess->cipher->id;
2760
2761 /*
3b0e88d3
MC		 2762 * Continue the previously started connection. Server has selected a SHA-384
2763 * ciphersuite, but client thinks the session is for SHA-256, so it should
2764 * bail out.
ca0413ae
MC		 2765 */
2766 if (!TEST_false(create_ssl_connection(serverssl, clientssl,
2767 SSL_ERROR_SSL))
2768 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()),
2769 SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED))
2770 goto end;
2771
2772 testresult = 1;
2773
2774 end:
2775 SSL_SESSION_free(clntsess);
2776 SSL_free(serverssl);
2777 SSL_free(clientssl);
2778 SSL_CTX_free(sctx);
2779 SSL_CTX_free(cctx);
2780
2781 return testresult;
2782}
2783
0d8da779
MC		 2784/*
2785 * Test TLSv1.3 PSKs
2786 * Test 0 = Test new style callbacks
2787 * Test 1 = Test both new and old style callbacks
2788 * Test 2 = Test old style callbacks
2789 * Test 3 = Test old style callbacks with no certificate
2790 */
532f9578 2791static int test_tls13_psk(int idx)
ca8c71ba
MC		 2792{
2793 SSL_CTX *sctx = NULL, *cctx = NULL;
2794 SSL *serverssl = NULL, *clientssl = NULL;
2795 const SSL_CIPHER *cipher = NULL;
2796 const unsigned char key[] = {
2797 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2798 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
de2f409e
MC		 2799 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
2800 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f
ca8c71ba
MC		 2801 };
2802 int testresult = 0;
2803
7d7f6834
RL		 2804 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
2805 TLS1_VERSION, TLS_MAX_VERSION,
0d8da779
MC		 2806 &sctx, &cctx, idx == 3 ? NULL : cert,
2807 idx == 3 ? NULL : privkey)))
ca8c71ba
MC		 2808 goto end;
2809
0d8da779
MC		 2810 if (idx != 3) {
2811 /*
2812 * We use a ciphersuite with SHA256 to ease testing old style PSK
2813 * callbacks which will always default to SHA256. This should not be
2814 * necessary if we have no cert/priv key. In that case the server should
2815 * prefer SHA256 automatically.
2816 */
2817 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
2818 "TLS_AES_128_GCM_SHA256")))
2819 goto end;
2820 }
532f9578
MC		 2821
2822 /*
2823 * Test 0: New style callbacks only
2824 * Test 1: New and old style callbacks (only the new ones should be used)
2825 * Test 2: Old style callbacks only
2826 */
2827 if (idx == 0 || idx == 1) {
2828 SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb);
2829 SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb);
2830 }
c2b290c3 2831#ifndef OPENSSL_NO_PSK
0d8da779 2832 if (idx >= 1) {
532f9578
MC		 2833 SSL_CTX_set_psk_client_callback(cctx, psk_client_cb);
2834 SSL_CTX_set_psk_server_callback(sctx, psk_server_cb);
2835 }
c2b290c3 2836#endif
ca8c71ba 2837 srvid = pskid;
02a3ed5a
MC		 2838 use_session_cb_cnt = 0;
2839 find_session_cb_cnt = 0;
532f9578
MC		 2840 psk_client_cb_cnt = 0;
2841 psk_server_cb_cnt = 0;
ca8c71ba 2842
0d8da779
MC		 2843 if (idx != 3) {
2844 /*
2845 * Check we can create a connection if callback decides not to send a
2846 * PSK
2847 */
2848 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2849 NULL, NULL))
2850 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2851 SSL_ERROR_NONE))
2852 || !TEST_false(SSL_session_reused(clientssl))
2853 || !TEST_false(SSL_session_reused(serverssl)))
532f9578 2854 goto end;
532f9578 2855
0d8da779
MC		 2856 if (idx == 0 || idx == 1) {
2857 if (!TEST_true(use_session_cb_cnt == 1)
2858 || !TEST_true(find_session_cb_cnt == 0)
2859 /*
2860 * If no old style callback then below should be 0
2861 * otherwise 1
2862 */
2863 || !TEST_true(psk_client_cb_cnt == idx)
2864 || !TEST_true(psk_server_cb_cnt == 0))
2865 goto end;
2866 } else {
2867 if (!TEST_true(use_session_cb_cnt == 0)
2868 || !TEST_true(find_session_cb_cnt == 0)
2869 || !TEST_true(psk_client_cb_cnt == 1)
2870 || !TEST_true(psk_server_cb_cnt == 0))
2871 goto end;
2872 }
2873
2874 shutdown_ssl_connection(serverssl, clientssl);
2875 serverssl = clientssl = NULL;
2876 use_session_cb_cnt = psk_client_cb_cnt = 0;
2877 }
ca8c71ba
MC		 2878
2879 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2880 NULL, NULL)))
2881 goto end;
2882
2883 /* Create the PSK */
532f9578 2884 cipher = SSL_CIPHER_find(clientssl, TLS13_AES_128_GCM_SHA256_BYTES);
57dee9bb
MC		 2885 clientpsk = SSL_SESSION_new();
2886 if (!TEST_ptr(clientpsk)
ca8c71ba 2887 || !TEST_ptr(cipher)
57dee9bb
MC		 2888 || !TEST_true(SSL_SESSION_set1_master_key(clientpsk, key,
2889 sizeof(key)))
2890 || !TEST_true(SSL_SESSION_set_cipher(clientpsk, cipher))
2891 || !TEST_true(SSL_SESSION_set_protocol_version(clientpsk,
2892 TLS1_3_VERSION))
2893 || !TEST_true(SSL_SESSION_up_ref(clientpsk)))
ca8c71ba 2894 goto end;
57dee9bb 2895 serverpsk = clientpsk;
ca8c71ba
MC		 2896
2897 /* Check we can create a connection and the PSK is used */
2898 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
2899 || !TEST_true(SSL_session_reused(clientssl))
532f9578 2900 || !TEST_true(SSL_session_reused(serverssl)))
ca8c71ba
MC		 2901 goto end;
2902
532f9578
MC		 2903 if (idx == 0 || idx == 1) {
2904 if (!TEST_true(use_session_cb_cnt == 1)
2905 || !TEST_true(find_session_cb_cnt == 1)
2906 || !TEST_true(psk_client_cb_cnt == 0)
2907 || !TEST_true(psk_server_cb_cnt == 0))
2908 goto end;
2909 } else {
2910 if (!TEST_true(use_session_cb_cnt == 0)
2911 || !TEST_true(find_session_cb_cnt == 0)
2912 || !TEST_true(psk_client_cb_cnt == 1)
2913 || !TEST_true(psk_server_cb_cnt == 1))
2914 goto end;
2915 }
2916
ca8c71ba
MC		 2917 shutdown_ssl_connection(serverssl, clientssl);
2918 serverssl = clientssl = NULL;
2919 use_session_cb_cnt = find_session_cb_cnt = 0;
532f9578 2920 psk_client_cb_cnt = psk_server_cb_cnt = 0;
ca8c71ba
MC		 2921
2922 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2923 NULL, NULL)))
2924 goto end;
2925
2926 /* Force an HRR */
2927 if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
2928 goto end;
2929
2930 /*
2931 * Check we can create a connection, the PSK is used and the callbacks are
2932 * called twice.
2933 */
2934 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
2935 || !TEST_true(SSL_session_reused(clientssl))
532f9578 2936 || !TEST_true(SSL_session_reused(serverssl)))
ca8c71ba
MC		 2937 goto end;
2938
532f9578
MC		 2939 if (idx == 0 || idx == 1) {
2940 if (!TEST_true(use_session_cb_cnt == 2)
2941 || !TEST_true(find_session_cb_cnt == 2)
2942 || !TEST_true(psk_client_cb_cnt == 0)
2943 || !TEST_true(psk_server_cb_cnt == 0))
2944 goto end;
2945 } else {
2946 if (!TEST_true(use_session_cb_cnt == 0)
2947 || !TEST_true(find_session_cb_cnt == 0)
2948 || !TEST_true(psk_client_cb_cnt == 2)
2949 || !TEST_true(psk_server_cb_cnt == 2))
2950 goto end;
2951 }
2952
ca8c71ba
MC		 2953 shutdown_ssl_connection(serverssl, clientssl);
2954 serverssl = clientssl = NULL;
2955 use_session_cb_cnt = find_session_cb_cnt = 0;
532f9578 2956 psk_client_cb_cnt = psk_server_cb_cnt = 0;
ca8c71ba 2957
0d8da779
MC		 2958 if (idx != 3) {
2959 /*
2960 * Check that if the server rejects the PSK we can still connect, but with
2961 * a full handshake
2962 */
2963 srvid = "Dummy Identity";
2964 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2965 NULL, NULL))
2966 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2967 SSL_ERROR_NONE))
2968 || !TEST_false(SSL_session_reused(clientssl))
2969 || !TEST_false(SSL_session_reused(serverssl)))
532f9578 2970 goto end;
532f9578 2971
0d8da779
MC		 2972 if (idx == 0 || idx == 1) {
2973 if (!TEST_true(use_session_cb_cnt == 1)
2974 || !TEST_true(find_session_cb_cnt == 1)
2975 || !TEST_true(psk_client_cb_cnt == 0)
2976 /*
2977 * If no old style callback then below should be 0
2978 * otherwise 1
2979 */
2980 || !TEST_true(psk_server_cb_cnt == idx))
2981 goto end;
2982 } else {
2983 if (!TEST_true(use_session_cb_cnt == 0)
2984 || !TEST_true(find_session_cb_cnt == 0)
2985 || !TEST_true(psk_client_cb_cnt == 1)
2986 || !TEST_true(psk_server_cb_cnt == 1))
2987 goto end;
2988 }
2989
2990 shutdown_ssl_connection(serverssl, clientssl);
2991 serverssl = clientssl = NULL;
2992 }
ca8c71ba
MC		 2993 testresult = 1;
2994
2995 end:
57dee9bb
MC		 2996 SSL_SESSION_free(clientpsk);
2997 SSL_SESSION_free(serverpsk);
2998 clientpsk = serverpsk = NULL;
ca8c71ba
MC		 2999 SSL_free(serverssl);
3000 SSL_free(clientssl);
3001 SSL_CTX_free(sctx);
3002 SSL_CTX_free(cctx);
3003 return testresult;
3004}
3005
c7b8ff25
MC		 3006static unsigned char cookie_magic_value[] = "cookie magic";
3007
3008static int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
3009 unsigned int *cookie_len)
3010{
3011 /*
3012 * Not suitable as a real cookie generation function but good enough for
3013 * testing!
3014 */
97ea1e7f
MC		 3015 memcpy(cookie, cookie_magic_value, sizeof(cookie_magic_value) - 1);
3016 *cookie_len = sizeof(cookie_magic_value) - 1;
c7b8ff25
MC		 3017
3018 return 1;
3019}
3020
3021static int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
3022 unsigned int cookie_len)
3023{
97ea1e7f 3024 if (cookie_len == sizeof(cookie_magic_value) - 1
c7b8ff25
MC		 3025 && memcmp(cookie, cookie_magic_value, cookie_len) == 0)
3026 return 1;
3027
3028 return 0;
3029}
3030
3fa2812f
BS		 3031static int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
3032 size_t *cookie_len)
3033{
3034 unsigned int temp;
3035 int res = generate_cookie_callback(ssl, cookie, &temp);
3036 *cookie_len = temp;
3037 return res;
3038}
3039
3040static int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
3041 size_t cookie_len)
3042{
3043 return verify_cookie_callback(ssl, cookie, cookie_len);
3044}
3045
c7b8ff25
MC		 3046static int test_stateless(void)
3047{
3048 SSL_CTX *sctx = NULL, *cctx = NULL;
3049 SSL *serverssl = NULL, *clientssl = NULL;
3050 int testresult = 0;
3051
7d7f6834
RL		 3052 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
3053 TLS1_VERSION, TLS_MAX_VERSION,
3054 &sctx, &cctx, cert, privkey)))
c7b8ff25
MC		 3055 goto end;
3056
e440f513
MC		 3057 /* The arrival of CCS messages can confuse the test */
3058 SSL_CTX_clear_options(cctx, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
3059
3060 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
3061 NULL, NULL))
3062 /* Send the first ClientHello */
3063 || !TEST_false(create_ssl_connection(serverssl, clientssl,
3064 SSL_ERROR_WANT_READ))
3065 /*
3066 * This should fail with a -1 return because we have no callbacks
3067 * set up
3068 */
3069 || !TEST_int_eq(SSL_stateless(serverssl), -1))
3070 goto end;
3071
3072 /* Fatal error so abandon the connection from this client */
3073 SSL_free(clientssl);
3074 clientssl = NULL;
3075
c7b8ff25 3076 /* Set up the cookie generation and verification callbacks */
3fa2812f
BS		 3077 SSL_CTX_set_stateless_cookie_generate_cb(sctx, generate_stateless_cookie_callback);
3078 SSL_CTX_set_stateless_cookie_verify_cb(sctx, verify_stateless_cookie_callback);
c7b8ff25 3079
e440f513
MC		 3080 /*
3081 * Create a new connection from the client (we can reuse the server SSL
3082 * object).
3083 */
c7b8ff25
MC		 3084 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
3085 NULL, NULL))
3086 /* Send the first ClientHello */
3087 || !TEST_false(create_ssl_connection(serverssl, clientssl,
3088 SSL_ERROR_WANT_READ))
3089 /* This should fail because there is no cookie */
e440f513 3090 || !TEST_int_eq(SSL_stateless(serverssl), 0))
c7b8ff25
MC		 3091 goto end;
3092
3093 /* Abandon the connection from this client */
3094 SSL_free(clientssl);
3095 clientssl = NULL;
3096
3097 /*
3098 * Now create a connection from a new client but with the same server SSL
3099 * object
3100 */
3101 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
3102 NULL, NULL))
3103 /* Send the first ClientHello */
3104 || !TEST_false(create_ssl_connection(serverssl, clientssl,
3105 SSL_ERROR_WANT_READ))
3106 /* This should fail because there is no cookie */
e440f513 3107 || !TEST_int_eq(SSL_stateless(serverssl), 0)
c7b8ff25
MC		 3108 /* Send the second ClientHello */
3109 || !TEST_false(create_ssl_connection(serverssl, clientssl,
3110 SSL_ERROR_WANT_READ))
3111 /* This should succeed because a cookie is now present */
e440f513 3112 || !TEST_int_eq(SSL_stateless(serverssl), 1)
c7b8ff25
MC		 3113 /* Complete the connection */
3114 || !TEST_true(create_ssl_connection(serverssl, clientssl,
3115 SSL_ERROR_NONE)))
3116 goto end;
3117
3118 shutdown_ssl_connection(serverssl, clientssl);
3119 serverssl = clientssl = NULL;
3120 testresult = 1;
3121
3122 end:
3123 SSL_free(serverssl);
3124 SSL_free(clientssl);
3125 SSL_CTX_free(sctx);
3126 SSL_CTX_free(cctx);
3127 return testresult;
3128
3129}
ca0413ae 3130#endif /* OPENSSL_NO_TLS1_3 */
5f982038 3131
a37008d9
MC		 3132static int clntaddoldcb = 0;
3133static int clntparseoldcb = 0;
3134static int srvaddoldcb = 0;
3135static int srvparseoldcb = 0;
3136static int clntaddnewcb = 0;
3137static int clntparsenewcb = 0;
3138static int srvaddnewcb = 0;
3139static int srvparsenewcb = 0;
bb01ef3f 3140static int snicb = 0;
a37008d9
MC		 3141
3142#define TEST_EXT_TYPE1 0xff00
3143
3144static int old_add_cb(SSL *s, unsigned int ext_type, const unsigned char **out,
3145 size_t *outlen, int *al, void *add_arg)
3146{
3147 int *server = (int *)add_arg;
3148 unsigned char *data;
3149
3150 if (SSL_is_server(s))
3151 srvaddoldcb++;
3152 else
3153 clntaddoldcb++;
3154
710756a9
RS		 3155 if (*server != SSL_is_server(s)
3156 || (data = OPENSSL_malloc(sizeof(*data))) == NULL)
a37008d9
MC		 3157 return -1;
3158
3159 *data = 1;
3160 *out = data;
3161 *outlen = sizeof(char);
a37008d9
MC		 3162 return 1;
3163}
3164
3165static void old_free_cb(SSL *s, unsigned int ext_type, const unsigned char *out,
3166 void *add_arg)
3167{
3168 OPENSSL_free((unsigned char *)out);
3169}
3170
3171static int old_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in,
3172 size_t inlen, int *al, void *parse_arg)
3173{
3174 int *server = (int *)parse_arg;
3175
3176 if (SSL_is_server(s))
3177 srvparseoldcb++;
3178 else
3179 clntparseoldcb++;
3180
710756a9
RS		 3181 if (*server != SSL_is_server(s)
3182 || inlen != sizeof(char)
3183 || *in != 1)
a37008d9
MC		 3184 return -1;
3185
3186 return 1;
3187}
3188
3189static int new_add_cb(SSL *s, unsigned int ext_type, unsigned int context,
3190 const unsigned char **out, size_t *outlen, X509 *x,
3191 size_t chainidx, int *al, void *add_arg)
3192{
3193 int *server = (int *)add_arg;
3194 unsigned char *data;
3195
3196 if (SSL_is_server(s))
3197 srvaddnewcb++;
3198 else
3199 clntaddnewcb++;
3200
710756a9
RS		 3201 if (*server != SSL_is_server(s)
3202 || (data = OPENSSL_malloc(sizeof(*data))) == NULL)
a37008d9
MC		 3203 return -1;
3204
3205 *data = 1;
3206 *out = data;
710756a9 3207 *outlen = sizeof(*data);
a37008d9
MC		 3208 return 1;
3209}
3210
3211static void new_free_cb(SSL *s, unsigned int ext_type, unsigned int context,
3212 const unsigned char *out, void *add_arg)
3213{
3214 OPENSSL_free((unsigned char *)out);
3215}
3216
3217static int new_parse_cb(SSL *s, unsigned int ext_type, unsigned int context,
3218 const unsigned char *in, size_t inlen, X509 *x,
3219 size_t chainidx, int *al, void *parse_arg)
3220{
3221 int *server = (int *)parse_arg;
3222
3223 if (SSL_is_server(s))
3224 srvparsenewcb++;
3225 else
3226 clntparsenewcb++;
3227
710756a9
RS		 3228 if (*server != SSL_is_server(s)
3229 || inlen != sizeof(char) || *in != 1)
a37008d9
MC		 3230 return -1;
3231
3232 return 1;
3233}
bb01ef3f
MC		 3234
3235static int sni_cb(SSL *s, int *al, void *arg)
3236{
3237 SSL_CTX *ctx = (SSL_CTX *)arg;
3238
3239 if (SSL_set_SSL_CTX(s, ctx) == NULL) {
3240 *al = SSL_AD_INTERNAL_ERROR;
3241 return SSL_TLSEXT_ERR_ALERT_FATAL;
3242 }
3243 snicb++;
3244 return SSL_TLSEXT_ERR_OK;
3245}
3246
a37008d9
MC		 3247/*
3248 * Custom call back tests.
3249 * Test 0: Old style callbacks in TLSv1.2
3250 * Test 1: New style callbacks in TLSv1.2
bb01ef3f
MC		 3251 * Test 2: New style callbacks in TLSv1.2 with SNI
3252 * Test 3: New style callbacks in TLSv1.3. Extensions in CH and EE
3253 * Test 4: New style callbacks in TLSv1.3. Extensions in CH, SH, EE, Cert + NST
a37008d9 3254 */
710756a9
RS		 3255static int test_custom_exts(int tst)
3256{
bb01ef3f 3257 SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
a37008d9
MC		 3258 SSL *clientssl = NULL, *serverssl = NULL;
3259 int testresult = 0;
3260 static int server = 1;
3261 static int client = 0;
3262 SSL_SESSION *sess = NULL;
3263 unsigned int context;
3264
c423ecaa
MC		 3265#if defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_3)
3266 /* Skip tests for TLSv1.2 and below in this case */
3267 if (tst < 3)
3268 return 1;
3269#endif
3270
a37008d9
MC		 3271 /* Reset callback counters */
3272 clntaddoldcb = clntparseoldcb = srvaddoldcb = srvparseoldcb = 0;
3273 clntaddnewcb = clntparsenewcb = srvaddnewcb = srvparsenewcb = 0;
bb01ef3f 3274 snicb = 0;
a37008d9 3275
7d7f6834
RL		 3276 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
3277 TLS1_VERSION, TLS_MAX_VERSION,
3278 &sctx, &cctx, cert, privkey)))
710756a9 3279 goto end;
a37008d9 3280
bb01ef3f 3281 if (tst == 2
7d7f6834
RL		 3282 && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL,
3283 TLS1_VERSION, TLS_MAX_VERSION,
3284 &sctx2, NULL, cert, privkey)))
bb01ef3f
MC		 3285 goto end;
3286
3287
3288 if (tst < 3) {
a37008d9
MC		 3289 SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
3290 SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
bb01ef3f
MC		 3291 if (sctx2 != NULL)
3292 SSL_CTX_set_options(sctx2, SSL_OP_NO_TLSv1_3);
a37008d9
MC		 3293 }
3294
bb01ef3f 3295 if (tst == 4) {
710756a9
RS		 3296 context = SSL_EXT_CLIENT_HELLO
3297 | SSL_EXT_TLS1_2_SERVER_HELLO
a37008d9
MC		 3298 | SSL_EXT_TLS1_3_SERVER_HELLO
3299 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
3300 | SSL_EXT_TLS1_3_CERTIFICATE
3301 | SSL_EXT_TLS1_3_NEW_SESSION_TICKET;
3302 } else {
710756a9
RS		 3303 context = SSL_EXT_CLIENT_HELLO
3304 | SSL_EXT_TLS1_2_SERVER_HELLO
a37008d9
MC		 3305 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS;
3306 }
3307
3308 /* Create a client side custom extension */
3309 if (tst == 0) {
710756a9
RS		 3310 if (!TEST_true(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1,
3311 old_add_cb, old_free_cb,
3312 &client, old_parse_cb,
3313 &client)))
3314 goto end;
a37008d9 3315 } else {
710756a9
RS		 3316 if (!TEST_true(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1, context,
3317 new_add_cb, new_free_cb,
3318 &client, new_parse_cb, &client)))
3319 goto end;
a37008d9
MC		 3320 }
3321
3322 /* Should not be able to add duplicates */
710756a9
RS		 3323 if (!TEST_false(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1,
3324 old_add_cb, old_free_cb,
3325 &client, old_parse_cb,
3326 &client))
3327 || !TEST_false(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1,
3328 context, new_add_cb,
3329 new_free_cb, &client,
3330 new_parse_cb, &client)))
3331 goto end;
a37008d9
MC		 3332
3333 /* Create a server side custom extension */
3334 if (tst == 0) {
710756a9
RS		 3335 if (!TEST_true(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1,
3336 old_add_cb, old_free_cb,
3337 &server, old_parse_cb,
3338 &server)))
3339 goto end;
a37008d9 3340 } else {
710756a9
RS		 3341 if (!TEST_true(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1, context,
3342 new_add_cb, new_free_cb,
3343 &server, new_parse_cb, &server)))
3344 goto end;
bb01ef3f
MC		 3345 if (sctx2 != NULL
3346 && !TEST_true(SSL_CTX_add_custom_ext(sctx2, TEST_EXT_TYPE1,
3347 context, new_add_cb,
3348 new_free_cb, &server,
3349 new_parse_cb, &server)))
3350 goto end;
a37008d9
MC		 3351 }
3352
3353 /* Should not be able to add duplicates */
710756a9
RS		 3354 if (!TEST_false(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1,
3355 old_add_cb, old_free_cb,
3356 &server, old_parse_cb,
3357 &server))
3358 || !TEST_false(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1,
3359 context, new_add_cb,
3360 new_free_cb, &server,
3361 new_parse_cb, &server)))
a37008d9 3362 goto end;
a37008d9 3363
bb01ef3f
MC		 3364 if (tst == 2) {
3365 /* Set up SNI */
3366 if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb))
3367 || !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2)))
3368 goto end;
3369 }
3370
710756a9
RS		 3371 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
3372 &clientssl, NULL, NULL))
3373 || !TEST_true(create_ssl_connection(serverssl, clientssl,
3374 SSL_ERROR_NONE)))
a37008d9 3375 goto end;
a37008d9
MC		 3376
3377 if (tst == 0) {
710756a9
RS		 3378 if (clntaddoldcb != 1
3379 || clntparseoldcb != 1
3380 || srvaddoldcb != 1
3381 || srvparseoldcb != 1)
a37008d9 3382 goto end;
bb01ef3f 3383 } else if (tst == 1 || tst == 2 || tst == 3) {
710756a9
RS		 3384 if (clntaddnewcb != 1
3385 || clntparsenewcb != 1
3386 || srvaddnewcb != 1
bb01ef3f
MC		 3387 || srvparsenewcb != 1
3388 || (tst != 2 && snicb != 0)
3389 || (tst == 2 && snicb != 1))
a37008d9 3390 goto end;
a37008d9 3391 } else {
710756a9
RS		 3392 if (clntaddnewcb != 1
3393 || clntparsenewcb != 4
3394 || srvaddnewcb != 4
3395 || srvparsenewcb != 1)
a37008d9 3396 goto end;
a37008d9
MC		 3397 }
3398
3399 sess = SSL_get1_session(clientssl);
a37008d9
MC		 3400 SSL_shutdown(clientssl);
3401 SSL_shutdown(serverssl);
a37008d9
MC		 3402 SSL_free(serverssl);
3403 SSL_free(clientssl);
3404 serverssl = clientssl = NULL;
3405
bb01ef3f
MC		 3406 if (tst == 3) {
3407 /* We don't bother with the resumption aspects for this test */
3408 testresult = 1;
3409 goto end;
3410 }
3411
710756a9
RS		 3412 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
3413 NULL, NULL))
3414 || !TEST_true(SSL_set_session(clientssl, sess))
3415 || !TEST_true(create_ssl_connection(serverssl, clientssl,
3416 SSL_ERROR_NONE)))
a37008d9 3417 goto end;
a37008d9
MC		 3418
3419 /*
3420 * For a resumed session we expect to add the ClientHello extension. For the
3421 * old style callbacks we ignore it on the server side because they set
3422 * SSL_EXT_IGNORE_ON_RESUMPTION. The new style callbacks do not ignore
3423 * them.
3424 */
3425 if (tst == 0) {
710756a9
RS		 3426 if (clntaddoldcb != 2
3427 || clntparseoldcb != 1
3428 || srvaddoldcb != 1
3429 || srvparseoldcb != 1)
a37008d9 3430 goto end;
bb01ef3f 3431 } else if (tst == 1 || tst == 2 || tst == 3) {
710756a9
RS		 3432 if (clntaddnewcb != 2
3433 || clntparsenewcb != 2
3434 || srvaddnewcb != 2
3435 || srvparsenewcb != 2)
a37008d9 3436 goto end;
a37008d9
MC		 3437 } else {
3438 /* No Certificate message extensions in the resumption handshake */
710756a9
RS		 3439 if (clntaddnewcb != 2
3440 || clntparsenewcb != 7
3441 || srvaddnewcb != 7
3442 || srvparsenewcb != 2)
a37008d9 3443 goto end;
a37008d9
MC		 3444 }
3445
3446 testresult = 1;
3447
3448end:
3449 SSL_SESSION_free(sess);
3450 SSL_free(serverssl);
3451 SSL_free(clientssl);
bb01ef3f 3452 SSL_CTX_free(sctx2);
a37008d9
MC		 3453 SSL_CTX_free(sctx);
3454 SSL_CTX_free(cctx);
a37008d9
MC		 3455 return testresult;
3456}
3457
16afd71c
MC		 3458/*
3459 * Test loading of serverinfo data in various formats. test_sslmessages actually
3460 * tests to make sure the extensions appear in the handshake
3461 */
3462static int test_serverinfo(int tst)
3463{
3464 unsigned int version;
3465 unsigned char *sibuf;
3466 size_t sibuflen;
3467 int ret, expected, testresult = 0;
3468 SSL_CTX *ctx;
3469
3470 ctx = SSL_CTX_new(TLS_method());
3471 if (!TEST_ptr(ctx))
3472 goto end;
3473
3474 if ((tst & 0x01) == 0x01)
3475 version = SSL_SERVERINFOV2;
3476 else
3477 version = SSL_SERVERINFOV1;
3478
3479 if ((tst & 0x02) == 0x02) {
3480 sibuf = serverinfov2;
3481 sibuflen = sizeof(serverinfov2);
3482 expected = (version == SSL_SERVERINFOV2);
3483 } else {
3484 sibuf = serverinfov1;
3485 sibuflen = sizeof(serverinfov1);
3486 expected = (version == SSL_SERVERINFOV1);
3487 }
3488
3489 if ((tst & 0x04) == 0x04) {
3490 ret = SSL_CTX_use_serverinfo_ex(ctx, version, sibuf, sibuflen);
3491 } else {
3492 ret = SSL_CTX_use_serverinfo(ctx, sibuf, sibuflen);
3493
3494 /*
3495 * The version variable is irrelevant in this case - it's what is in the
3496 * buffer that matters
3497 */
3498 if ((tst & 0x02) == 0x02)
3499 expected = 0;
3500 else
3501 expected = 1;
3502 }
3503
3504 if (!TEST_true(ret == expected))
3505 goto end;
3506
3507 testresult = 1;
3508
3509 end:
3510 SSL_CTX_free(ctx);
3511
3512 return testresult;
3513}
3514
2197d1df
MC		 3515/*
3516 * Test that SSL_export_keying_material() produces expected results. There are
3517 * no test vectors so all we do is test that both sides of the communication
3518 * produce the same results for different protocol versions.
3519 */
3520static int test_export_key_mat(int tst)
3521{
a599574b 3522 int testresult = 0;
2197d1df
MC		 3523 SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
3524 SSL *clientssl = NULL, *serverssl = NULL;
3525 const char label[] = "test label";
3526 const unsigned char context[] = "context";
3527 const unsigned char *emptycontext = NULL;
3528 unsigned char ckeymat1[80], ckeymat2[80], ckeymat3[80];
3529 unsigned char skeymat1[80], skeymat2[80], skeymat3[80];
a599574b
MC		 3530 const int protocols[] = {
3531 TLS1_VERSION,
3532 TLS1_1_VERSION,
3533 TLS1_2_VERSION,
3534 TLS1_3_VERSION
3535 };
2197d1df
MC		 3536
3537#ifdef OPENSSL_NO_TLS1
3538 if (tst == 0)
3539 return 1;
3540#endif
3541#ifdef OPENSSL_NO_TLS1_1
3542 if (tst == 1)
3543 return 1;
3544#endif
3545#ifdef OPENSSL_NO_TLS1_2
3546 if (tst == 2)
3547 return 1;
3548#endif
3549#ifdef OPENSSL_NO_TLS1_3
3550 if (tst == 3)
3551 return 1;
3552#endif
7d7f6834
RL		 3553 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
3554 TLS1_VERSION, TLS_MAX_VERSION,
3555 &sctx, &cctx, cert, privkey)))
2197d1df
MC		 3556 goto end;
3557
a599574b
MC		 3558 OPENSSL_assert(tst >= 0 && (size_t)tst < OSSL_NELEM(protocols));
3559 SSL_CTX_set_max_proto_version(cctx, protocols[tst]);
3560 SSL_CTX_set_min_proto_version(cctx, protocols[tst]);
2197d1df
MC		 3561
3562 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
3563 NULL))
3564 || !TEST_true(create_ssl_connection(serverssl, clientssl,
3565 SSL_ERROR_NONE)))
3566 goto end;
3567
3568 if (!TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat1,
3569 sizeof(ckeymat1), label,
3570 sizeof(label) - 1, context,
3571 sizeof(context) - 1, 1), 1)
3572 || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat2,
3573 sizeof(ckeymat2), label,
3574 sizeof(label) - 1,
3575 emptycontext,
3576 0, 1), 1)
3577 || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat3,
3578 sizeof(ckeymat3), label,
3579 sizeof(label) - 1,
3580 NULL, 0, 0), 1)
3581 || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat1,
3582 sizeof(skeymat1), label,
3583 sizeof(label) - 1,
3584 context,
3585 sizeof(context) -1, 1),
3586 1)
3587 || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat2,
3588 sizeof(skeymat2), label,
3589 sizeof(label) - 1,
3590 emptycontext,
3591 0, 1), 1)
3592 || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat3,
3593 sizeof(skeymat3), label,
3594 sizeof(label) - 1,
3595 NULL, 0, 0), 1)
3596 /*
3597 * Check that both sides created the same key material with the
3598 * same context.
3599 */
3600 || !TEST_mem_eq(ckeymat1, sizeof(ckeymat1), skeymat1,
3601 sizeof(skeymat1))
3602 /*
3603 * Check that both sides created the same key material with an
3604 * empty context.
3605 */
3606 || !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), skeymat2,
3607 sizeof(skeymat2))
3608 /*
3609 * Check that both sides created the same key material without a
3610 * context.
3611 */
3612 || !TEST_mem_eq(ckeymat3, sizeof(ckeymat3), skeymat3,
3613 sizeof(skeymat3))
3614 /* Different contexts should produce different results */
3615 || !TEST_mem_ne(ckeymat1, sizeof(ckeymat1), ckeymat2,
3616 sizeof(ckeymat2)))
3617 goto end;
3618
3619 /*
3620 * Check that an empty context and no context produce different results in
3621 * protocols less than TLSv1.3. In TLSv1.3 they should be the same.
3622 */
3623 if ((tst != 3 && !TEST_mem_ne(ckeymat2, sizeof(ckeymat2), ckeymat3,
3624 sizeof(ckeymat3)))
3625 || (tst ==3 && !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), ckeymat3,
3626 sizeof(ckeymat3))))
3627 goto end;
3628
3629 testresult = 1;
3630
3631 end:
3632 SSL_free(serverssl);
3633 SSL_free(clientssl);
3634 SSL_CTX_free(sctx2);
3635 SSL_CTX_free(sctx);
3636 SSL_CTX_free(cctx);
3637
3638 return testresult;
3639}
3640
b38ede80
TT		 3641#ifndef OPENSSL_NO_TLS1_3
3642/*
3643 * Test that SSL_export_keying_material_early() produces expected
3644 * results. There are no test vectors so all we do is test that both
3645 * sides of the communication produce the same results for different
3646 * protocol versions.
3647 */
3648static int test_export_key_mat_early(int idx)
3649{
3650 static const char label[] = "test label";
3651 static const unsigned char context[] = "context";
3652 int testresult = 0;
3653 SSL_CTX *cctx = NULL, *sctx = NULL;
3654 SSL *clientssl = NULL, *serverssl = NULL;
3655 SSL_SESSION *sess = NULL;
3656 const unsigned char *emptycontext = NULL;
3657 unsigned char ckeymat1[80], ckeymat2[80];
3658 unsigned char skeymat1[80], skeymat2[80];
3659 unsigned char buf[1];
3660 size_t readbytes, written;
3661
3662 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, &serverssl,
3663 &sess, idx)))
3664 goto end;
3665
3666 /* Here writing 0 length early data is enough. */
3667 if (!TEST_true(SSL_write_early_data(clientssl, NULL, 0, &written))
3668 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
3669 &readbytes),
3670 SSL_READ_EARLY_DATA_ERROR)
3671 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
3672 SSL_EARLY_DATA_ACCEPTED))
3673 goto end;
3674
3675 if (!TEST_int_eq(SSL_export_keying_material_early(
3676 clientssl, ckeymat1, sizeof(ckeymat1), label,
3677 sizeof(label) - 1, context, sizeof(context) - 1), 1)
3678 || !TEST_int_eq(SSL_export_keying_material_early(
3679 clientssl, ckeymat2, sizeof(ckeymat2), label,
3680 sizeof(label) - 1, emptycontext, 0), 1)
3681 || !TEST_int_eq(SSL_export_keying_material_early(
3682 serverssl, skeymat1, sizeof(skeymat1), label,
3683 sizeof(label) - 1, context, sizeof(context) - 1), 1)
3684 || !TEST_int_eq(SSL_export_keying_material_early(
3685 serverssl, skeymat2, sizeof(skeymat2), label,
3686 sizeof(label) - 1, emptycontext, 0), 1)
3687 /*
3688 * Check that both sides created the same key material with the
3689 * same context.
3690 */
3691 || !TEST_mem_eq(ckeymat1, sizeof(ckeymat1), skeymat1,
3692 sizeof(skeymat1))
3693 /*
3694 * Check that both sides created the same key material with an
3695 * empty context.
3696 */
3697 || !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), skeymat2,
3698 sizeof(skeymat2))
3699 /* Different contexts should produce different results */
3700 || !TEST_mem_ne(ckeymat1, sizeof(ckeymat1), ckeymat2,
3701 sizeof(ckeymat2)))
3702 goto end;
3703
3704 testresult = 1;
3705
3706 end:
3707 if (sess != clientpsk)
3708 SSL_SESSION_free(sess);
3709 SSL_SESSION_free(clientpsk);
3710 SSL_SESSION_free(serverpsk);
34ff74eb 3711 clientpsk = serverpsk = NULL;
b38ede80
TT		 3712 SSL_free(serverssl);
3713 SSL_free(clientssl);
3714 SSL_CTX_free(sctx);
3715 SSL_CTX_free(cctx);
3716
3717 return testresult;
3718}
3719#endif /* OPENSSL_NO_TLS1_3 */
3720
e11b6aa4
MC		 3721static int test_ssl_clear(int idx)
3722{
3723 SSL_CTX *cctx = NULL, *sctx = NULL;
3724 SSL *clientssl = NULL, *serverssl = NULL;
3725 int testresult = 0;
3726
3727#ifdef OPENSSL_NO_TLS1_2
3728 if (idx == 1)
3729 return 1;
3730#endif
3731
3732 /* Create an initial connection */
7d7f6834
RL		 3733 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
3734 TLS1_VERSION, TLS_MAX_VERSION,
3735 &sctx, &cctx, cert, privkey))
e11b6aa4
MC		 3736 || (idx == 1
3737 && !TEST_true(SSL_CTX_set_max_proto_version(cctx,
3738 TLS1_2_VERSION)))
3739 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
3740 &clientssl, NULL, NULL))
3741 || !TEST_true(create_ssl_connection(serverssl, clientssl,
3742 SSL_ERROR_NONE)))
3743 goto end;
3744
3745 SSL_shutdown(clientssl);
3746 SSL_shutdown(serverssl);
3747 SSL_free(serverssl);
3748 serverssl = NULL;
3749
3750 /* Clear clientssl - we're going to reuse the object */
3751 if (!TEST_true(SSL_clear(clientssl)))
3752 goto end;
3753
3754 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
3755 NULL, NULL))
3756 || !TEST_true(create_ssl_connection(serverssl, clientssl,
3757 SSL_ERROR_NONE))
3758 || !TEST_true(SSL_session_reused(clientssl)))
3759 goto end;
3760
3761 SSL_shutdown(clientssl);
3762 SSL_shutdown(serverssl);
3763
3764 testresult = 1;
3765
3766 end:
3767 SSL_free(serverssl);
3768 SSL_free(clientssl);
3769 SSL_CTX_free(sctx);
3770 SSL_CTX_free(cctx);
3771
3772 return testresult;
3773}
3774
cf72c757
F		 3775/* Parse CH and retrieve any MFL extension value if present */
3776static int get_MFL_from_client_hello(BIO *bio, int *mfl_codemfl_code)
3777{
3778 long len;
3779 unsigned char *data;
3780 PACKET pkt = {0}, pkt2 = {0}, pkt3 = {0};
3781 unsigned int MFL_code = 0, type = 0;
3782
3783 if (!TEST_uint_gt( len = BIO_get_mem_data( bio, (char **) &data ), 0 ) )
3784 goto end;
3785
3786 if (!TEST_true( PACKET_buf_init( &pkt, data, len ) )
3787 /* Skip the record header */
3788 || !PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH)
3789 /* Skip the handshake message header */
3790 || !TEST_true(PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH))
3791 /* Skip client version and random */
3792 || !TEST_true(PACKET_forward(&pkt, CLIENT_VERSION_LEN
3793 + SSL3_RANDOM_SIZE))
3794 /* Skip session id */
3795 || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2))
3796 /* Skip ciphers */
3797 || !TEST_true(PACKET_get_length_prefixed_2(&pkt, &pkt2))
3798 /* Skip compression */
3799 || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2))
3800 /* Extensions len */
3801 || !TEST_true(PACKET_as_length_prefixed_2(&pkt, &pkt2)))
3802 goto end;
3803
3804 /* Loop through all extensions */
3805 while (PACKET_remaining(&pkt2)) {
3806 if (!TEST_true(PACKET_get_net_2(&pkt2, &type))
3807 || !TEST_true(PACKET_get_length_prefixed_2(&pkt2, &pkt3)))
3808 goto end;
3809
3810 if (type == TLSEXT_TYPE_max_fragment_length) {
3811 if (!TEST_uint_ne(PACKET_remaining(&pkt3), 0)
3812 || !TEST_true(PACKET_get_1(&pkt3, &MFL_code)))
3813 goto end;
3814
3815 *mfl_codemfl_code = MFL_code;
3816 return 1;
3817 }
3818 }
3819
3820 end:
3821 return 0;
3822}
3823
3824/* Maximum-Fragment-Length TLS extension mode to test */
3825static const unsigned char max_fragment_len_test[] = {
3826 TLSEXT_max_fragment_length_512,
3827 TLSEXT_max_fragment_length_1024,
3828 TLSEXT_max_fragment_length_2048,
3829 TLSEXT_max_fragment_length_4096
3830};
3831
3832static int test_max_fragment_len_ext(int idx_tst)
3833{
3834 SSL_CTX *ctx;
3835 SSL *con = NULL;
3836 int testresult = 0, MFL_mode = 0;
3837 BIO *rbio, *wbio;
3838
3839 ctx = SSL_CTX_new(TLS_method());
3840 if (!TEST_ptr(ctx))
3841 goto end;
3842
3843 if (!TEST_true(SSL_CTX_set_tlsext_max_fragment_length(
3844 ctx, max_fragment_len_test[idx_tst])))
3845 goto end;
3846
3847 con = SSL_new(ctx);
3848 if (!TEST_ptr(con))
3849 goto end;
3850
3851 rbio = BIO_new(BIO_s_mem());
3852 wbio = BIO_new(BIO_s_mem());
3853 if (!TEST_ptr(rbio)|| !TEST_ptr(wbio)) {
3854 BIO_free(rbio);
3855 BIO_free(wbio);
3856 goto end;
3857 }
3858
3859 SSL_set_bio(con, rbio, wbio);
3860 SSL_set_connect_state(con);
3861
3862 if (!TEST_int_le(SSL_connect(con), 0)) {
3863 /* This shouldn't succeed because we don't have a server! */
3864 goto end;
3865 }
3866
3867 if (!TEST_true(get_MFL_from_client_hello(wbio, &MFL_mode)))
3868 /* no MFL in client hello */
3869 goto end;
3870 if (!TEST_true(max_fragment_len_test[idx_tst] == MFL_mode))
3871 goto end;
3872
3873 testresult = 1;
3874
3875end:
3876 SSL_free(con);
3877 SSL_CTX_free(ctx);
3878
3879 return testresult;
3880}
3881
9d75dce3
TS		 3882#ifndef OPENSSL_NO_TLS1_3
3883static int test_pha_key_update(void)
3884{
3885 SSL_CTX *cctx = NULL, *sctx = NULL;
3886 SSL *clientssl = NULL, *serverssl = NULL;
3887 int testresult = 0;
3888
7d7f6834
RL		 3889 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
3890 TLS1_VERSION, TLS_MAX_VERSION,
9d75dce3
TS		 3891 &sctx, &cctx, cert, privkey)))
3892 return 0;
3893
3894 if (!TEST_true(SSL_CTX_set_min_proto_version(sctx, TLS1_3_VERSION))
3895 || !TEST_true(SSL_CTX_set_max_proto_version(sctx, TLS1_3_VERSION))
3896 || !TEST_true(SSL_CTX_set_min_proto_version(cctx, TLS1_3_VERSION))
3897 || !TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_3_VERSION)))
3898 goto end;
3899
3900
3901 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
3902 NULL, NULL)))
3903 goto end;
3904
3905 SSL_force_post_handshake_auth(clientssl);
3906
3907 if (!TEST_true(create_ssl_connection(serverssl, clientssl,
3908 SSL_ERROR_NONE)))
3909 goto end;
3910
3911 SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL);
3912 if (!TEST_true(SSL_verify_client_post_handshake(serverssl)))
3913 goto end;
3914
3915 if (!TEST_true(SSL_key_update(clientssl, SSL_KEY_UPDATE_NOT_REQUESTED)))
3916 goto end;
3917
3918 /* Start handshake on the server */
3919 if (!TEST_int_eq(SSL_do_handshake(serverssl), 1))
3920 goto end;
3921
3922 /* Starts with SSL_connect(), but it's really just SSL_do_handshake() */
3923 if (!TEST_true(create_ssl_connection(serverssl, clientssl,
3924 SSL_ERROR_NONE)))
3925 goto end;
3926
3927 SSL_shutdown(clientssl);
3928 SSL_shutdown(serverssl);
3929
3930 testresult = 1;
3931
3932 end:
3933 SSL_free(serverssl);
3934 SSL_free(clientssl);
3935 SSL_CTX_free(sctx);
3936 SSL_CTX_free(cctx);
3937 return testresult;
3938}
3939#endif
3940
76fd7a1d
MC		 3941#if !defined(OPENSSL_NO_SRP) && !defined(OPENSSL_NO_TLS1_2)
3942
3943static SRP_VBASE *vbase = NULL;
3944
3945static int ssl_srp_cb(SSL *s, int *ad, void *arg)
3946{
3947 int ret = SSL3_AL_FATAL;
3948 char *username;
3949 SRP_user_pwd *user = NULL;
3950
3951 username = SSL_get_srp_username(s);
3952 if (username == NULL) {
3953 *ad = SSL_AD_INTERNAL_ERROR;
3954 goto err;
3955 }
3956
3957 user = SRP_VBASE_get1_by_user(vbase, username);
3958 if (user == NULL) {
3959 *ad = SSL_AD_INTERNAL_ERROR;
3960 goto err;
3961 }
3962
3963 if (SSL_set_srp_server_param(s, user->N, user->g, user->s, user->v,
3964 user->info) <= 0) {
3965 *ad = SSL_AD_INTERNAL_ERROR;
3966 goto err;
3967 }
3968
3969 ret = 0;
3970
3971 err:
3972 SRP_user_pwd_free(user);
3973 return ret;
3974}
3975
3976static int create_new_vfile(char *userid, char *password, const char *filename)
3977{
3978 char *gNid = NULL;
3979 OPENSSL_STRING *row = OPENSSL_zalloc(sizeof(row) * (DB_NUMBER + 1));
3980 TXT_DB *db = NULL;
3981 int ret = 0;
3982 BIO *out = NULL, *dummy = BIO_new_mem_buf("", 0);
3983 size_t i;
3984
3985 if (!TEST_ptr(dummy) || !TEST_ptr(row))
3986 goto end;
3987
3988 gNid = SRP_create_verifier(userid, password, &row[DB_srpsalt],
3989 &row[DB_srpverifier], NULL, NULL);
3990 if (!TEST_ptr(gNid))
3991 goto end;
3992
3993 /*
3994 * The only way to create an empty TXT_DB is to provide a BIO with no data
3995 * in it!
3996 */
3997 db = TXT_DB_read(dummy, DB_NUMBER);
3998 if (!TEST_ptr(db))
3999 goto end;
4000
4001 out = BIO_new_file(filename, "w");
4002 if (!TEST_ptr(out))
4003 goto end;
4004
4005 row[DB_srpid] = OPENSSL_strdup(userid);
4006 row[DB_srptype] = OPENSSL_strdup("V");
4007 row[DB_srpgN] = OPENSSL_strdup(gNid);
4008
4009 if (!TEST_ptr(row[DB_srpid])
4010 || !TEST_ptr(row[DB_srptype])
4011 || !TEST_ptr(row[DB_srpgN])
4012 || !TEST_true(TXT_DB_insert(db, row)))
4013 goto end;
4014
4015 row = NULL;
4016
4017 if (!TXT_DB_write(out, db))
4018 goto end;
4019
4020 ret = 1;
4021 end:
4022 if (row != NULL) {
4023 for (i = 0; i < DB_NUMBER; i++)
4024 OPENSSL_free(row[i]);
4025 }
4026 OPENSSL_free(row);
4027 BIO_free(dummy);
4028 BIO_free(out);
4029 TXT_DB_free(db);
4030
4031 return ret;
4032}
4033
4034static int create_new_vbase(char *userid, char *password)
4035{
4036 BIGNUM *verifier = NULL, *salt = NULL;
4037 const SRP_gN *lgN = NULL;
4038 SRP_user_pwd *user_pwd = NULL;
4039 int ret = 0;
4040
4041 lgN = SRP_get_default_gN(NULL);
4042 if (!TEST_ptr(lgN))
4043 goto end;
4044
4045 if (!TEST_true(SRP_create_verifier_BN(userid, password, &salt, &verifier,
4046 lgN->N, lgN->g)))
4047 goto end;
4048
4049 user_pwd = OPENSSL_zalloc(sizeof(*user_pwd));
4050 if (!TEST_ptr(user_pwd))
4051 goto end;
4052
4053 user_pwd->N = lgN->N;
4054 user_pwd->g = lgN->g;
4055 user_pwd->id = OPENSSL_strdup(userid);
4056 if (!TEST_ptr(user_pwd->id))
4057 goto end;
4058
4059 user_pwd->v = verifier;
4060 user_pwd->s = salt;
4061 verifier = salt = NULL;
4062
4063 if (sk_SRP_user_pwd_insert(vbase->users_pwd, user_pwd, 0) == 0)
4064 goto end;
4065 user_pwd = NULL;
4066
4067 ret = 1;
4068end:
4069 SRP_user_pwd_free(user_pwd);
4070 BN_free(salt);
4071 BN_free(verifier);
4072
4073 return ret;
4074}
4075
4076/*
4077 * SRP tests
4078 *
4079 * Test 0: Simple successful SRP connection, new vbase
4080 * Test 1: Connection failure due to bad password, new vbase
4081 * Test 2: Simple successful SRP connection, vbase loaded from existing file
4082 * Test 3: Connection failure due to bad password, vbase loaded from existing
4083 * file
4084 * Test 4: Simple successful SRP connection, vbase loaded from new file
4085 * Test 5: Connection failure due to bad password, vbase loaded from new file
4086 */
4087static int test_srp(int tst)
4088{
4089 char *userid = "test", *password = "password", *tstsrpfile;
4090 SSL_CTX *cctx = NULL, *sctx = NULL;
4091 SSL *clientssl = NULL, *serverssl = NULL;
4092 int ret, testresult = 0;
4093
4094 vbase = SRP_VBASE_new(NULL);
4095 if (!TEST_ptr(vbase))
4096 goto end;
4097
4098 if (tst == 0 || tst == 1) {
4099 if (!TEST_true(create_new_vbase(userid, password)))
4100 goto end;
4101 } else {
4102 if (tst == 4 || tst == 5) {
4103 if (!TEST_true(create_new_vfile(userid, password, tmpfilename)))
4104 goto end;
4105 tstsrpfile = tmpfilename;
4106 } else {
4107 tstsrpfile = srpvfile;
4108 }
4109 if (!TEST_int_eq(SRP_VBASE_init(vbase, tstsrpfile), SRP_NO_ERROR))
4110 goto end;
4111 }
4112
4113 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
4114 TLS1_VERSION, TLS_MAX_VERSION,
4115 &sctx, &cctx, cert, privkey)))
4116 goto end;
4117
4118 if (!TEST_int_gt(SSL_CTX_set_srp_username_callback(sctx, ssl_srp_cb), 0)
4119 || !TEST_true(SSL_CTX_set_cipher_list(cctx, "SRP-AES-128-CBC-SHA"))
4120 || !TEST_true(SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION))
4121 || !TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION))
4122 || !TEST_int_gt(SSL_CTX_set_srp_username(cctx, userid), 0))
4123 goto end;
4124
4125 if (tst % 2 == 1) {
4126 if (!TEST_int_gt(SSL_CTX_set_srp_password(cctx, "badpass"), 0))
4127 goto end;
4128 } else {
4129 if (!TEST_int_gt(SSL_CTX_set_srp_password(cctx, password), 0))
4130 goto end;
4131 }
4132
4133 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
4134 NULL, NULL)))
4135 goto end;
4136
4137 ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE);
4138 if (ret) {
4139 if (!TEST_true(tst % 2 == 0))
4140 goto end;
4141 } else {
4142 if (!TEST_true(tst % 2 == 1))
4143 goto end;
4144 }
4145
4146 testresult = 1;
4147
4148 end:
4149 SRP_VBASE_free(vbase);
4150 vbase = NULL;
4151 SSL_free(serverssl);
4152 SSL_free(clientssl);
4153 SSL_CTX_free(sctx);
4154 SSL_CTX_free(cctx);
4155
4156 return testresult;
4157}
4158#endif
4159
5718fe45
MC		 4160static int info_cb_failed = 0;
4161static int info_cb_offset = 0;
4162static int info_cb_this_state = -1;
4163
4164static struct info_cb_states_st {
4165 int where;
4166 const char *statestr;
4167} info_cb_states[][60] = {
4168 {
4169 /* TLSv1.2 server followed by resumption */
4170 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
4171 {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
4172 {SSL_CB_LOOP, "TWSC"}, {SSL_CB_LOOP, "TWSKE"}, {SSL_CB_LOOP, "TWSD"},
4173 {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWSD"}, {SSL_CB_LOOP, "TRCKE"},
4174 {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWST"},
4175 {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
4176 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
4177 {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
4178 {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"},
4179 {SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
4180 {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TRCCS"},
4181 {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
4182 {SSL_CB_EXIT, NULL}, {0, NULL},
4183 }, {
4184 /* TLSv1.2 client followed by resumption */
4185 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
4186 {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"},
4187 {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRSC"}, {SSL_CB_LOOP, "TRSKE"},
4188 {SSL_CB_LOOP, "TRSD"}, {SSL_CB_LOOP, "TWCKE"}, {SSL_CB_LOOP, "TWCCS"},
4189 {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"},
4190 {SSL_CB_LOOP, "TRST"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"},
4191 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL},
4192 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
4193 {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"},
4194 {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"},
4195 {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
4196 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL},
4197 }, {
4198 /* TLSv1.3 server followed by resumption */
4199 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
4200 {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
4201 {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWSC"},
4202 {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"},
4203 {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"},
4204 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
4205 {SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL},
4206 {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL},
4207 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
4208 {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
4209 {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"},
4210 {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"},
4211 {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
4212 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TWST"},
4213 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL},
4214 }, {
4215 /* TLSv1.3 client followed by resumption */
4216 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
4217 {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"},
4218 {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRSC"},
4219 {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"},
4220 {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
4221 {SSL_CB_EXIT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
4222 {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
4223 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
4224 {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
4225 {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL},
4226 {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"},
4227 {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
4228 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
4229 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "SSLOK "},
4230 {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
4231 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL},
4232 }, {
4233 /* TLSv1.3 server, early_data */
4234 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
4235 {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
4236 {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"},
4237 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
4238 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"},
4239 {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TWEOED"}, {SSL_CB_LOOP, "TRFIN"},
4240 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
4241 {SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL},
4242 {SSL_CB_EXIT, NULL}, {0, NULL},
4243 }, {
4244 /* TLSv1.3 client, early_data */
4245 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
4246 {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TWCCS"},
4247 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
4248 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"},
4249 {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"},
4250 {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TPEDE"}, {SSL_CB_LOOP, "TWEOED"},
4251 {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
4252 {SSL_CB_EXIT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
4253 {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
4254 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL},
4255 }, {
4256 {0, NULL},
4257 }
4258};
4259
4260static void sslapi_info_callback(const SSL *s, int where, int ret)
4261{
4262 struct info_cb_states_st *state = info_cb_states[info_cb_offset];
4263
4264 /* We do not ever expect a connection to fail in this test */
4265 if (!TEST_false(ret == 0)) {
4266 info_cb_failed = 1;
4267 return;
4268 }
4269
4270 /*
4271 * Do some sanity checks. We never expect these things to happen in this
4272 * test
4273 */
4274 if (!TEST_false((SSL_is_server(s) && (where & SSL_ST_CONNECT) != 0))
4275 || !TEST_false(!SSL_is_server(s) && (where & SSL_ST_ACCEPT) != 0)
4276 || !TEST_int_ne(state[++info_cb_this_state].where, 0)) {
4277 info_cb_failed = 1;
4278 return;
4279 }
4280
4281 /* Now check we're in the right state */
4282 if (!TEST_true((where & state[info_cb_this_state].where) != 0)) {
4283 info_cb_failed = 1;
4284 return;
4285 }
4286 if ((where & SSL_CB_LOOP) != 0
4287 && !TEST_int_eq(strcmp(SSL_state_string(s),
4288 state[info_cb_this_state].statestr), 0)) {
4289 info_cb_failed = 1;
4290 return;
4291 }
033c181b
MC		 4292
4293 /* Check that, if we've got SSL_CB_HANDSHAKE_DONE we are not in init */
4294 if ((where & SSL_CB_HANDSHAKE_DONE) && SSL_in_init((SSL *)s) != 0) {
4295 info_cb_failed = 1;
4296 return;
4297 }
5718fe45
MC		 4298}
4299
4300/*
4301 * Test the info callback gets called when we expect it to.
4302 *
4303 * Test 0: TLSv1.2, server
4304 * Test 1: TLSv1.2, client
4305 * Test 2: TLSv1.3, server
4306 * Test 3: TLSv1.3, client
4307 * Test 4: TLSv1.3, server, early_data
4308 * Test 5: TLSv1.3, client, early_data
4309 */
4310static int test_info_callback(int tst)
4311{
4312 SSL_CTX *cctx = NULL, *sctx = NULL;
4313 SSL *clientssl = NULL, *serverssl = NULL;
4314 SSL_SESSION *clntsess = NULL;
4315 int testresult = 0;
4316 int tlsvers;
4317
4318 if (tst < 2) {
4319#ifndef OPENSSL_NO_TLS1_2
4320 tlsvers = TLS1_2_VERSION;
4321#else
4322 return 1;
4323#endif
4324 } else {
4325#ifndef OPENSSL_NO_TLS1_3
4326 tlsvers = TLS1_3_VERSION;
4327#else
4328 return 1;
4329#endif
4330 }
4331
4332 /* Reset globals */
4333 info_cb_failed = 0;
4334 info_cb_this_state = -1;
4335 info_cb_offset = tst;
4336
6e07834c 4337#ifndef OPENSSL_NO_TLS1_3
5718fe45
MC		 4338 if (tst >= 4) {
4339 SSL_SESSION *sess = NULL;
4340 size_t written, readbytes;
4341 unsigned char buf[80];
4342
4343 /* early_data tests */
4344 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
4345 &serverssl, &sess, 0)))
4346 goto end;
4347
4348 /* We don't actually need this reference */
4349 SSL_SESSION_free(sess);
4350
4351 SSL_set_info_callback((tst % 2) == 0 ? serverssl : clientssl,
4352 sslapi_info_callback);
4353
4354 /* Write and read some early data and then complete the connection */
4355 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
4356 &written))
4357 || !TEST_size_t_eq(written, strlen(MSG1))
4358 || !TEST_int_eq(SSL_read_early_data(serverssl, buf,
4359 sizeof(buf), &readbytes),
4360 SSL_READ_EARLY_DATA_SUCCESS)
4361 || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
4362 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
4363 SSL_EARLY_DATA_ACCEPTED)
4364 || !TEST_true(create_ssl_connection(serverssl, clientssl,
4365 SSL_ERROR_NONE))
4366 || !TEST_false(info_cb_failed))
4367 goto end;
4368
4369 testresult = 1;
4370 goto end;
4371 }
6e07834c 4372#endif
5718fe45
MC		 4373
4374 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
4375 TLS_client_method(),
4376 tlsvers, tlsvers, &sctx, &cctx, cert,
4377 privkey)))
4378 goto end;
4379
4380 /*
4381 * For even numbered tests we check the server callbacks. For odd numbers we
4382 * check the client.
4383 */
4384 SSL_CTX_set_info_callback((tst % 2) == 0 ? sctx : cctx,
4385 sslapi_info_callback);
4386
4387 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
4388 &clientssl, NULL, NULL))
4389 || !TEST_true(create_ssl_connection(serverssl, clientssl,
4390 SSL_ERROR_NONE))
4391 || !TEST_false(info_cb_failed))
4392 goto end;
4393
4394
4395
4396 clntsess = SSL_get1_session(clientssl);
4397 SSL_shutdown(clientssl);
4398 SSL_shutdown(serverssl);
4399 SSL_free(serverssl);
4400 SSL_free(clientssl);
4401 serverssl = clientssl = NULL;
4402
4403 /* Now do a resumption */
4404 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
4405 NULL))
4406 || !TEST_true(SSL_set_session(clientssl, clntsess))
4407 || !TEST_true(create_ssl_connection(serverssl, clientssl,
4408 SSL_ERROR_NONE))
4409 || !TEST_true(SSL_session_reused(clientssl))
4410 || !TEST_false(info_cb_failed))
4411 goto end;
4412
4413 testresult = 1;
4414
4415 end:
4416 SSL_free(serverssl);
4417 SSL_free(clientssl);
4418 SSL_SESSION_free(clntsess);
4419 SSL_CTX_free(sctx);
4420 SSL_CTX_free(cctx);
4421 return testresult;
4422}
4423
4a432af8
MC		 4424static int test_ssl_pending(int tst)
4425{
4426 SSL_CTX *cctx = NULL, *sctx = NULL;
4427 SSL *clientssl = NULL, *serverssl = NULL;
4428 int testresult = 0;
4429 char msg[] = "A test message";
4430 char buf[5];
4431 size_t written, readbytes;
4432
4433 if (tst == 0) {
4434 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
4435 TLS_client_method(),
4436 TLS1_VERSION, TLS_MAX_VERSION,
4437 &sctx, &cctx, cert, privkey)))
4438 goto end;
4439 } else {
4440#ifndef OPENSSL_NO_DTLS
4441 if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
4442 DTLS_client_method(),
4443 DTLS1_VERSION, DTLS_MAX_VERSION,
4444 &sctx, &cctx, cert, privkey)))
4445 goto end;
4446#else
4447 return 1;
4448#endif
4449 }
4450
4451 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
4452 NULL, NULL))
4453 || !TEST_true(create_ssl_connection(serverssl, clientssl,
4454 SSL_ERROR_NONE)))
4455 goto end;
4456
e8251092
MC		 4457 if (!TEST_int_eq(SSL_pending(clientssl), 0)
4458 || !TEST_false(SSL_has_pending(clientssl))
4459 || !TEST_int_eq(SSL_pending(serverssl), 0)
4460 || !TEST_false(SSL_has_pending(serverssl))
4461 || !TEST_true(SSL_write_ex(serverssl, msg, sizeof(msg), &written))
4a432af8
MC		 4462 || !TEST_size_t_eq(written, sizeof(msg))
4463 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
4464 || !TEST_size_t_eq(readbytes, sizeof(buf))
e8251092
MC		 4465 || !TEST_int_eq(SSL_pending(clientssl), (int)(written - readbytes))
4466 || !TEST_true(SSL_has_pending(clientssl)))
4a432af8
MC		 4467 goto end;
4468
4469 testresult = 1;
4470
4471 end:
4472 SSL_free(serverssl);
4473 SSL_free(clientssl);
4474 SSL_CTX_free(sctx);
4475 SSL_CTX_free(cctx);
4476
4477 return testresult;
4478}
4479
e401389a
MC		 4480static struct {
4481 unsigned int maxprot;
4482 const char *clntciphers;
4483 const char *clnttls13ciphers;
4484 const char *srvrciphers;
4485 const char *srvrtls13ciphers;
4486 const char *shared;
4487} shared_ciphers_data[] = {
60155b9a
MC		 4488/*
4489 * We can't establish a connection (even in TLSv1.1) with these ciphersuites if
4490 * TLSv1.3 is enabled but TLSv1.2 is disabled.
4491 */
4492#if defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)
e401389a
MC		 4493 {
4494 TLS1_2_VERSION,
4495 "AES128-SHA:AES256-SHA",
4496 NULL,
4497 "AES256-SHA:DHE-RSA-AES128-SHA",
4498 NULL,
4499 "AES256-SHA"
4500 },
4501 {
4502 TLS1_2_VERSION,
4503 "AES128-SHA:DHE-RSA-AES128-SHA:AES256-SHA",
4504 NULL,
4505 "AES128-SHA:DHE-RSA-AES256-SHA:AES256-SHA",
4506 NULL,
4507 "AES128-SHA:AES256-SHA"
4508 },
4509 {
4510 TLS1_2_VERSION,
4511 "AES128-SHA:AES256-SHA",
4512 NULL,
4513 "AES128-SHA:DHE-RSA-AES128-SHA",
4514 NULL,
4515 "AES128-SHA"
4516 },
60155b9a
MC		 4517#endif
4518/*
4519 * This test combines TLSv1.3 and TLSv1.2 ciphersuites so they must both be
4520 * enabled.
4521 */
4522#if !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_2) \
4523 && !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
e401389a
MC		 4524 {
4525 TLS1_3_VERSION,
4526 "AES128-SHA:AES256-SHA",
4527 NULL,
4528 "AES256-SHA:AES128-SHA256",
4529 NULL,
4530 "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:"
4531 "TLS_AES_128_GCM_SHA256:AES256-SHA"
4532 },
60155b9a
MC		 4533#endif
4534#ifndef OPENSSL_NO_TLS1_3
e401389a
MC		 4535 {
4536 TLS1_3_VERSION,
4537 "AES128-SHA",
4538 "TLS_AES_256_GCM_SHA384",
4539 "AES256-SHA",
4540 "TLS_AES_256_GCM_SHA384",
4541 "TLS_AES_256_GCM_SHA384"
4542 },
4543#endif
4544};
4545
4546static int test_ssl_get_shared_ciphers(int tst)
4547{
4548 SSL_CTX *cctx = NULL, *sctx = NULL;
4549 SSL *clientssl = NULL, *serverssl = NULL;
4550 int testresult = 0;
4551 char buf[1024];
4552
4553 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
4554 TLS_client_method(),
4555 TLS1_VERSION,
4556 shared_ciphers_data[tst].maxprot,
4557 &sctx, &cctx, cert, privkey)))
4558 goto end;
4559
4560 if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
4561 shared_ciphers_data[tst].clntciphers))
4562 || (shared_ciphers_data[tst].clnttls13ciphers != NULL
4563 && !TEST_true(SSL_CTX_set_ciphersuites(cctx,
4564 shared_ciphers_data[tst].clnttls13ciphers)))
4565 || !TEST_true(SSL_CTX_set_cipher_list(sctx,
4566 shared_ciphers_data[tst].srvrciphers))
4567 || (shared_ciphers_data[tst].srvrtls13ciphers != NULL
4568 && !TEST_true(SSL_CTX_set_ciphersuites(sctx,
4569 shared_ciphers_data[tst].srvrtls13ciphers))))
4570 goto end;
4571
4572
4573 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
4574 NULL, NULL))
4575 || !TEST_true(create_ssl_connection(serverssl, clientssl,
4576 SSL_ERROR_NONE)))
4577 goto end;
4578
4579 if (!TEST_ptr(SSL_get_shared_ciphers(serverssl, buf, sizeof(buf)))
4580 || !TEST_int_eq(strcmp(buf, shared_ciphers_data[tst].shared), 0)) {
4581 TEST_info("Shared ciphers are: %s\n", buf);
4582 goto end;
4583 }
4584
4585 testresult = 1;
4586
4587 end:
4588 SSL_free(serverssl);
4589 SSL_free(clientssl);
4590 SSL_CTX_free(sctx);
4591 SSL_CTX_free(cctx);
4592
4593 return testresult;
4594}
4595
ad887416 4596int setup_tests(void)
2cb4b5f6 4597{
ad887416 4598 if (!TEST_ptr(cert = test_get_argument(0))
76fd7a1d
MC		 4599 || !TEST_ptr(privkey = test_get_argument(1))
4600 || !TEST_ptr(srpvfile = test_get_argument(2))
4601 || !TEST_ptr(tmpfilename = test_get_argument(3)))
710756a9 4602 return 0;
2cb4b5f6 4603
f297e4ec
RS		 4604 if (getenv("OPENSSL_TEST_GETCOUNTS") != NULL) {
4605#ifdef OPENSSL_NO_CRYPTO_MDEBUG
4606 TEST_error("not supported in this build");
4607 return 0;
4608#else
4609 int i, mcount, rcount, fcount;
4610
4611 for (i = 0; i < 4; i++)
4612 test_export_key_mat(i);
4613 CRYPTO_get_alloc_counts(&mcount, &rcount, &fcount);
4614 test_printf_stdout("malloc %d realloc %d free %d\n",
4615 mcount, rcount, fcount);
4616 return 1;
4617#endif
4618 }
4619
84d5549e 4620 ADD_TEST(test_large_message_tls);
7856332e 4621 ADD_TEST(test_large_message_tls_read_ahead);
55386bef 4622#ifndef OPENSSL_NO_DTLS
84d5549e 4623 ADD_TEST(test_large_message_dtls);
55386bef 4624#endif
8f8c11d8 4625#ifndef OPENSSL_NO_OCSP
c887104f 4626 ADD_TEST(test_tlsext_status_type);
8f8c11d8 4627#endif
eaa776da
MC		 4628 ADD_TEST(test_session_with_only_int_cache);
4629 ADD_TEST(test_session_with_only_ext_cache);
4630 ADD_TEST(test_session_with_both_cache);
7fb4c820 4631 ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS);
9a716987
MC		 4632 ADD_TEST(test_ssl_bio_pop_next_bio);
4633 ADD_TEST(test_ssl_bio_pop_ssl_bio);
4634 ADD_TEST(test_ssl_bio_change_rbio);
4635 ADD_TEST(test_ssl_bio_change_wbio);
c423ecaa 4636#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
f1b25aae 4637 ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2);
6acdd3e5 4638 ADD_TEST(test_keylog);
c423ecaa 4639#endif
6acdd3e5
CB		 4640#ifndef OPENSSL_NO_TLS1_3
4641 ADD_TEST(test_keylog_no_master_key);
4642#endif
e9ee6536 4643#ifndef OPENSSL_NO_TLS1_2
a9c0d8be 4644 ADD_TEST(test_client_hello_cb);
5f982038
MC		 4645#endif
4646#ifndef OPENSSL_NO_TLS1_3
02a3ed5a 4647 ADD_ALL_TESTS(test_early_data_read_write, 3);
78fb5374
MC		 4648 /*
4649 * We don't do replay tests for external PSK. Replay protection isn't used
4650 * in that scenario.
4651 */
4652 ADD_ALL_TESTS(test_early_data_replay, 2);
02a3ed5a
MC		 4653 ADD_ALL_TESTS(test_early_data_skip, 3);
4654 ADD_ALL_TESTS(test_early_data_skip_hrr, 3);
4655 ADD_ALL_TESTS(test_early_data_not_sent, 3);
57dee9bb 4656 ADD_ALL_TESTS(test_early_data_psk, 8);
02a3ed5a 4657 ADD_ALL_TESTS(test_early_data_not_expected, 3);
5f982038 4658# ifndef OPENSSL_NO_TLS1_2
02a3ed5a 4659 ADD_ALL_TESTS(test_early_data_tls1_2, 3);
5f982038 4660# endif
e9ee6536 4661#endif
a273157a 4662#ifndef OPENSSL_NO_TLS1_3
034cb87b 4663 ADD_ALL_TESTS(test_set_ciphersuite, 10);
ca0413ae 4664 ADD_TEST(test_ciphersuite_change);
c2b290c3
MC		 4665#ifdef OPENSSL_NO_PSK
4666 ADD_ALL_TESTS(test_tls13_psk, 1);
4667#else
0d8da779 4668 ADD_ALL_TESTS(test_tls13_psk, 4);
c2b290c3 4669#endif /* OPENSSL_NO_PSK */
bb01ef3f 4670 ADD_ALL_TESTS(test_custom_exts, 5);
c7b8ff25 4671 ADD_TEST(test_stateless);
9d75dce3 4672 ADD_TEST(test_pha_key_update);
a273157a 4673#else
bb01ef3f 4674 ADD_ALL_TESTS(test_custom_exts, 3);
a273157a 4675#endif
16afd71c 4676 ADD_ALL_TESTS(test_serverinfo, 8);
2197d1df 4677 ADD_ALL_TESTS(test_export_key_mat, 4);
b38ede80
TT		 4678#ifndef OPENSSL_NO_TLS1_3
4679 ADD_ALL_TESTS(test_export_key_mat_early, 3);
4680#endif
e11b6aa4 4681 ADD_ALL_TESTS(test_ssl_clear, 2);
cf72c757 4682 ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test));
76fd7a1d
MC		 4683#if !defined(OPENSSL_NO_SRP) && !defined(OPENSSL_NO_TLS1_2)
4684 ADD_ALL_TESTS(test_srp, 6);
4685#endif
5718fe45 4686 ADD_ALL_TESTS(test_info_callback, 6);
4a432af8 4687 ADD_ALL_TESTS(test_ssl_pending, 2);
e401389a 4688 ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data));
ad887416
P		 4689 return 1;
4690}
2cb4b5f6 4691
ad887416
P		 4692void cleanup_tests(void)
4693{
fa454945 4694 bio_s_mempacket_test_free();
2cb4b5f6 4695}
A mirror of the official openssl repository