]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/sslapitest.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix logic around when to send an HRR based on cookies
[thirdparty/openssl.git] / test / sslapitest.c
CommitLineData
2cb4b5f6 1/*
ad887416 2 * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
2cb4b5f6
MC		 3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
ba881d3b
MC		 10#include <string.h>
11
2cb4b5f6
MC		 12#include <openssl/opensslconf.h>
13#include <openssl/bio.h>
14#include <openssl/crypto.h>
15#include <openssl/ssl.h>
ba881d3b 16#include <openssl/ocsp.h>
2cb4b5f6
MC		 17
18#include "ssltestlib.h"
c887104f 19#include "testutil.h"
176db6dc 20#include "internal/nelem.h"
ca0413ae 21#include "../ssl/ssl_locl.h"
2cb4b5f6
MC		 22
23static char *cert = NULL;
24static char *privkey = NULL;
25
6acdd3e5
CB		 26#define LOG_BUFFER_SIZE 1024
27static char server_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
710756a9 28static size_t server_log_buffer_index = 0;
6acdd3e5 29static char client_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
710756a9 30static size_t client_log_buffer_index = 0;
6acdd3e5
CB		 31static int error_writing_log = 0;
32
8f8c11d8 33#ifndef OPENSSL_NO_OCSP
ba881d3b
MC		 34static const unsigned char orespder[] = "Dummy OCSP Response";
35static int ocsp_server_called = 0;
36static int ocsp_client_called = 0;
37
38static int cdummyarg = 1;
39static X509 *ocspcert = NULL;
8f8c11d8 40#endif
ba881d3b 41
84d5549e 42#define NUM_EXTRA_CERTS 40
cf72c757 43#define CLIENT_VERSION_LEN 2
84d5549e 44
f1a5939f
CB		 45/*
46 * This structure is used to validate that the correct number of log messages
47 * of various types are emitted when emitting secret logs.
48 */
49struct sslapitest_log_counts {
50 unsigned int rsa_key_exchange_count;
51 unsigned int master_secret_count;
52 unsigned int client_handshake_secret_count;
53 unsigned int server_handshake_secret_count;
54 unsigned int client_application_secret_count;
55 unsigned int server_application_secret_count;
56};
57
16afd71c
MC		 58
59static unsigned char serverinfov1[] = {
60 0xff, 0xff, /* Dummy extension type */
61 0x00, 0x01, /* Extension length is 1 byte */
62 0xff /* Dummy extension data */
63};
64
65static unsigned char serverinfov2[] = {
66 0x00, 0x00, 0x00,
67 (unsigned char)(SSL_EXT_CLIENT_HELLO & 0xff), /* Dummy context - 4 bytes */
68 0xff, 0xff, /* Dummy extension type */
69 0x00, 0x01, /* Extension length is 1 byte */
70 0xff /* Dummy extension data */
71};
72
710756a9
RS		 73static void client_keylog_callback(const SSL *ssl, const char *line)
74{
6acdd3e5
CB		 75 int line_length = strlen(line);
76
77 /* If the log doesn't fit, error out. */
710756a9
RS		 78 if (client_log_buffer_index + line_length > sizeof(client_log_buffer) - 1) {
79 TEST_info("Client log too full");
6acdd3e5
CB		 80 error_writing_log = 1;
81 return;
82 }
83
84 strcat(client_log_buffer, line);
85 client_log_buffer_index += line_length;
710756a9 86 client_log_buffer[client_log_buffer_index++] = '\n';
6acdd3e5
CB		 87}
88
710756a9
RS		 89static void server_keylog_callback(const SSL *ssl, const char *line)
90{
6acdd3e5
CB		 91 int line_length = strlen(line);
92
93 /* If the log doesn't fit, error out. */
710756a9 94 if (server_log_buffer_index + line_length > sizeof(server_log_buffer) - 1) {
bdcacd93 95 TEST_info("Server log too full");
6acdd3e5
CB		 96 error_writing_log = 1;
97 return;
98 }
99
100 strcat(server_log_buffer, line);
101 server_log_buffer_index += line_length;
710756a9 102 server_log_buffer[server_log_buffer_index++] = '\n';
6acdd3e5
CB		 103}
104
105static int compare_hex_encoded_buffer(const char *hex_encoded,
106 size_t hex_length,
107 const uint8_t *raw,
710756a9
RS		 108 size_t raw_length)
109{
110 size_t i, j;
111 char hexed[3];
6acdd3e5 112
710756a9 113 if (!TEST_size_t_eq(raw_length * 2, hex_length))
6acdd3e5 114 return 1;
6acdd3e5 115
710756a9 116 for (i = j = 0; i < raw_length && j + 1 < hex_length; i++, j += 2) {
6acdd3e5 117 sprintf(hexed, "%02x", raw[i]);
710756a9
RS		 118 if (!TEST_int_eq(hexed[0], hex_encoded[j])
119 || !TEST_int_eq(hexed[1], hex_encoded[j + 1]))
6acdd3e5 120 return 1;
6acdd3e5
CB		 121 }
122
123 return 0;
124}
125
126static int test_keylog_output(char *buffer, const SSL *ssl,
f1a5939f 127 const SSL_SESSION *session,
710756a9
RS		 128 struct sslapitest_log_counts *expected)
129{
6acdd3e5
CB		 130 char *token = NULL;
131 unsigned char actual_client_random[SSL3_RANDOM_SIZE] = {0};
132 size_t client_random_size = SSL3_RANDOM_SIZE;
133 unsigned char actual_master_key[SSL_MAX_MASTER_KEY_LENGTH] = {0};
134 size_t master_key_size = SSL_MAX_MASTER_KEY_LENGTH;
f1a5939f
CB		 135 unsigned int rsa_key_exchange_count = 0;
136 unsigned int master_secret_count = 0;
137 unsigned int client_handshake_secret_count = 0;
138 unsigned int server_handshake_secret_count = 0;
139 unsigned int client_application_secret_count = 0;
140 unsigned int server_application_secret_count = 0;
6acdd3e5 141
710756a9
RS		 142 for (token = strtok(buffer, " \n"); token != NULL;
143 token = strtok(NULL, " \n")) {
6acdd3e5 144 if (strcmp(token, "RSA") == 0) {
f1a5939f
CB		 145 /*
146 * Premaster secret. Tokens should be: 16 ASCII bytes of
6acdd3e5
CB		 147 * hex-encoded encrypted secret, then the hex-encoded pre-master
148 * secret.
149 */
710756a9 150 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 151 return 0;
710756a9 152 if (!TEST_size_t_eq(strlen(token), 16))
f1a5939f 153 return 0;
710756a9 154 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 155 return 0;
f1a5939f
CB		 156 /*
157 * We can't sensibly check the log because the premaster secret is
158 * transient, and OpenSSL doesn't keep hold of it once the master
159 * secret is generated.
160 */
161 rsa_key_exchange_count++;
6acdd3e5 162 } else if (strcmp(token, "CLIENT_RANDOM") == 0) {
f1a5939f
CB		 163 /*
164 * Master secret. Tokens should be: 64 ASCII bytes of hex-encoded
6acdd3e5
CB		 165 * client random, then the hex-encoded master secret.
166 */
167 client_random_size = SSL_get_client_random(ssl,
168 actual_client_random,
169 SSL3_RANDOM_SIZE);
710756a9 170 if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE))
f1a5939f 171 return 0;
6acdd3e5 172
710756a9 173 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 174 return 0;
710756a9 175 if (!TEST_size_t_eq(strlen(token), 64))
f1a5939f 176 return 0;
710756a9
RS		 177 if (!TEST_false(compare_hex_encoded_buffer(token, 64,
178 actual_client_random,
179 client_random_size)))
f1a5939f 180 return 0;
6acdd3e5 181
710756a9 182 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 183 return 0;
6acdd3e5
CB		 184 master_key_size = SSL_SESSION_get_master_key(session,
185 actual_master_key,
186 master_key_size);
710756a9 187 if (!TEST_size_t_ne(master_key_size, 0))
f1a5939f 188 return 0;
710756a9
RS		 189 if (!TEST_false(compare_hex_encoded_buffer(token, strlen(token),
190 actual_master_key,
191 master_key_size)))
f1a5939f 192 return 0;
f1a5939f 193 master_secret_count++;
710756a9
RS		 194 } else if (strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0
195 || strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0
196 || strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0
197 || strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0) {
f1a5939f
CB		 198 /*
199 * TLSv1.3 secret. Tokens should be: 64 ASCII bytes of hex-encoded
200 * client random, and then the hex-encoded secret. In this case,
201 * we treat all of these secrets identically and then just
202 * distinguish between them when counting what we saw.
203 */
204 if (strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0)
205 client_handshake_secret_count++;
206 else if (strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0)
207 server_handshake_secret_count++;
208 else if (strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0)
209 client_application_secret_count++;
210 else if (strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0)
211 server_application_secret_count++;
212
213 client_random_size = SSL_get_client_random(ssl,
214 actual_client_random,
215 SSL3_RANDOM_SIZE);
710756a9 216 if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE))
f1a5939f 217 return 0;
f1a5939f 218
710756a9 219 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 220 return 0;
710756a9 221 if (!TEST_size_t_eq(strlen(token), 64))
f1a5939f 222 return 0;
710756a9
RS		 223 if (!TEST_false(compare_hex_encoded_buffer(token, 64,
224 actual_client_random,
225 client_random_size)))
f1a5939f 226 return 0;
6acdd3e5 227
710756a9 228 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 229 return 0;
f1a5939f
CB		 230
231 /*
232 * TODO(TLS1.3): test that application traffic secrets are what
233 * we expect */
6acdd3e5 234 } else {
710756a9 235 TEST_info("Unexpected token %s\n", token);
f1a5939f 236 return 0;
6acdd3e5 237 }
6acdd3e5
CB		 238 }
239
710756a9
RS		 240 /* Got what we expected? */
241 if (!TEST_size_t_eq(rsa_key_exchange_count,
242 expected->rsa_key_exchange_count)
243 || !TEST_size_t_eq(master_secret_count,
244 expected->master_secret_count)
245 || !TEST_size_t_eq(client_handshake_secret_count,
246 expected->client_handshake_secret_count)
247 || !TEST_size_t_eq(server_handshake_secret_count,
248 expected->server_handshake_secret_count)
249 || !TEST_size_t_eq(client_application_secret_count,
250 expected->client_application_secret_count)
251 || !TEST_size_t_eq(server_application_secret_count,
252 expected->server_application_secret_count))
253 return 0;
254 return 1;
6acdd3e5
CB		 255}
256
710756a9
RS		 257static int test_keylog(void)
258{
6acdd3e5
CB		 259 SSL_CTX *cctx = NULL, *sctx = NULL;
260 SSL *clientssl = NULL, *serverssl = NULL;
261 int testresult = 0;
f1a5939f 262 struct sslapitest_log_counts expected = {0};
6acdd3e5
CB		 263
264 /* Clean up logging space */
710756a9
RS		 265 memset(client_log_buffer, 0, sizeof(client_log_buffer));
266 memset(server_log_buffer, 0, sizeof(server_log_buffer));
6acdd3e5
CB		 267 client_log_buffer_index = 0;
268 server_log_buffer_index = 0;
269 error_writing_log = 0;
270
710756a9
RS		 271 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
272 TLS_client_method(),
273 &sctx, &cctx, cert, privkey)))
6acdd3e5 274 return 0;
6acdd3e5
CB		 275
276 /* We cannot log the master secret for TLSv1.3, so we should forbid it. */
277 SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
278 SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
279
f0deb4d3 280 /* We also want to ensure that we use RSA-based key exchange. */
710756a9 281 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "RSA")))
f0deb4d3 282 goto end;
f0deb4d3 283
cf10df81
RS		 284 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL)
285 || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL))
6acdd3e5 286 goto end;
6acdd3e5 287 SSL_CTX_set_keylog_callback(cctx, client_keylog_callback);
cf10df81
RS		 288 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx)
289 == client_keylog_callback))
6acdd3e5 290 goto end;
710756a9 291 SSL_CTX_set_keylog_callback(sctx, server_keylog_callback);
cf10df81
RS		 292 if (!TEST_true(SSL_CTX_get_keylog_callback(sctx)
293 == server_keylog_callback))
6acdd3e5 294 goto end;
6acdd3e5 295
710756a9
RS		 296 /* Now do a handshake and check that the logs have been written to. */
297 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
298 &clientssl, NULL, NULL))
299 || !TEST_true(create_ssl_connection(serverssl, clientssl,
300 SSL_ERROR_NONE))
301 || !TEST_false(error_writing_log)
302 || !TEST_int_gt(client_log_buffer_index, 0)
303 || !TEST_int_gt(server_log_buffer_index, 0))
6acdd3e5 304 goto end;
6acdd3e5 305
f1a5939f
CB		 306 /*
307 * Now we want to test that our output data was vaguely sensible. We
6acdd3e5 308 * do that by using strtok and confirming that we have more or less the
f1a5939f
CB		 309 * data we expect. For both client and server, we expect to see one master
310 * secret. The client should also see a RSA key exchange.
6acdd3e5 311 */
f1a5939f
CB		 312 expected.rsa_key_exchange_count = 1;
313 expected.master_secret_count = 1;
710756a9
RS		 314 if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
315 SSL_get_session(clientssl), &expected)))
6acdd3e5 316 goto end;
f1a5939f
CB		 317
318 expected.rsa_key_exchange_count = 0;
710756a9
RS		 319 if (!TEST_true(test_keylog_output(server_log_buffer, serverssl,
320 SSL_get_session(serverssl), &expected)))
6acdd3e5 321 goto end;
6acdd3e5
CB		 322
323 testresult = 1;
324
325end:
326 SSL_free(serverssl);
327 SSL_free(clientssl);
328 SSL_CTX_free(sctx);
329 SSL_CTX_free(cctx);
330
331 return testresult;
332}
333
334#ifndef OPENSSL_NO_TLS1_3
710756a9
RS		 335static int test_keylog_no_master_key(void)
336{
6acdd3e5
CB		 337 SSL_CTX *cctx = NULL, *sctx = NULL;
338 SSL *clientssl = NULL, *serverssl = NULL;
339 int testresult = 0;
f1a5939f 340 struct sslapitest_log_counts expected = {0};
6acdd3e5
CB		 341
342 /* Clean up logging space */
710756a9
RS		 343 memset(client_log_buffer, 0, sizeof(client_log_buffer));
344 memset(server_log_buffer, 0, sizeof(server_log_buffer));
6acdd3e5
CB		 345 client_log_buffer_index = 0;
346 server_log_buffer_index = 0;
347 error_writing_log = 0;
348
710756a9
RS		 349 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
350 TLS_client_method(), &sctx,
351 &cctx, cert, privkey)))
6acdd3e5 352 return 0;
6acdd3e5 353
cf10df81
RS		 354 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL)
355 || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL))
6acdd3e5 356 goto end;
6acdd3e5
CB		 357
358 SSL_CTX_set_keylog_callback(cctx, client_keylog_callback);
cf10df81
RS		 359 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx)
360 == client_keylog_callback))
6acdd3e5 361 goto end;
6acdd3e5 362
710756a9 363 SSL_CTX_set_keylog_callback(sctx, server_keylog_callback);
cf10df81
RS		 364 if (!TEST_true(SSL_CTX_get_keylog_callback(sctx)
365 == server_keylog_callback))
6acdd3e5 366 goto end;
6acdd3e5 367
710756a9
RS		 368 /* Now do a handshake and check that the logs have been written to. */
369 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
370 &clientssl, NULL, NULL))
371 || !TEST_true(create_ssl_connection(serverssl, clientssl,
372 SSL_ERROR_NONE))
373 || !TEST_false(error_writing_log))
6acdd3e5 374 goto end;
6acdd3e5 375
f1a5939f
CB		 376 /*
377 * Now we want to test that our output data was vaguely sensible. For this
69687aa8 378 * test, we expect no CLIENT_RANDOM entry because it doesn't make sense for
f1a5939f 379 * TLSv1.3, but we do expect both client and server to emit keys.
6acdd3e5 380 */
f1a5939f
CB		 381 expected.client_handshake_secret_count = 1;
382 expected.server_handshake_secret_count = 1;
383 expected.client_application_secret_count = 1;
384 expected.server_application_secret_count = 1;
710756a9
RS		 385 if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
386 SSL_get_session(clientssl), &expected))
387 || !TEST_true(test_keylog_output(server_log_buffer, serverssl,
388 SSL_get_session(serverssl),
389 &expected)))
6acdd3e5 390 goto end;
6acdd3e5
CB		 391
392 testresult = 1;
393
394end:
395 SSL_free(serverssl);
396 SSL_free(clientssl);
397 SSL_CTX_free(sctx);
398 SSL_CTX_free(cctx);
399
400 return testresult;
401}
402#endif
403
e9ee6536 404#ifndef OPENSSL_NO_TLS1_2
a9c0d8be 405static int full_client_hello_callback(SSL *s, int *al, void *arg)
2afaee51
BK		 406{
407 int *ctr = arg;
408 const unsigned char *p;
8ea404fb 409 int *exts;
2afaee51
BK		 410 /* We only configure two ciphers, but the SCSV is added automatically. */
411#ifdef OPENSSL_NO_EC
412 const unsigned char expected_ciphers[] = {0x00, 0x9d, 0x00, 0xff};
413#else
414 const unsigned char expected_ciphers[] = {0x00, 0x9d, 0xc0,
415 0x2c, 0x00, 0xff};
416#endif
8ea404fb
BK		 417 const int expected_extensions[] = {
418#ifndef OPENSSL_NO_EC
419 11, 10,
420#endif
10ed1b72 421 35, 22, 23, 13};
2afaee51
BK		 422 size_t len;
423
424 /* Make sure we can defer processing and get called back. */
425 if ((*ctr)++ == 0)
f1b97da1 426 return SSL_CLIENT_HELLO_RETRY;
2afaee51 427
a9c0d8be 428 len = SSL_client_hello_get0_ciphers(s, &p);
710756a9 429 if (!TEST_mem_eq(p, len, expected_ciphers, sizeof(expected_ciphers))
a9c0d8be
DB		 430 || !TEST_size_t_eq(
431 SSL_client_hello_get0_compression_methods(s, &p), 1)
710756a9 432 || !TEST_int_eq(*p, 0))
f1b97da1 433 return SSL_CLIENT_HELLO_ERROR;
a9c0d8be 434 if (!SSL_client_hello_get1_extensions_present(s, &exts, &len))
f1b97da1 435 return SSL_CLIENT_HELLO_ERROR;
8ea404fb
BK		 436 if (len != OSSL_NELEM(expected_extensions) ||
437 memcmp(exts, expected_extensions, len * sizeof(*exts)) != 0) {
a9c0d8be 438 printf("ClientHello callback expected extensions mismatch\n");
8ea404fb 439 OPENSSL_free(exts);
f1b97da1 440 return SSL_CLIENT_HELLO_ERROR;
8ea404fb
BK		 441 }
442 OPENSSL_free(exts);
f1b97da1 443 return SSL_CLIENT_HELLO_SUCCESS;
2afaee51
BK		 444}
445
a9c0d8be 446static int test_client_hello_cb(void)
710756a9 447{
2afaee51
BK		 448 SSL_CTX *cctx = NULL, *sctx = NULL;
449 SSL *clientssl = NULL, *serverssl = NULL;
450 int testctr = 0, testresult = 0;
451
710756a9
RS		 452 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
453 TLS_client_method(), &sctx,
454 &cctx, cert, privkey)))
2afaee51 455 goto end;
a9c0d8be 456 SSL_CTX_set_client_hello_cb(sctx, full_client_hello_callback, &testctr);
710756a9 457
2afaee51
BK		 458 /* The gimpy cipher list we configure can't do TLS 1.3. */
459 SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
2afaee51 460
710756a9
RS		 461 if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
462 "AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384"))
463 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
464 &clientssl, NULL, NULL))
465 || !TEST_false(create_ssl_connection(serverssl, clientssl,
a9c0d8be 466 SSL_ERROR_WANT_CLIENT_HELLO_CB))
710756a9
RS		 467 /*
468 * Passing a -1 literal is a hack since
469 * the real value was lost.
470 * */
a9c0d8be
DB		 471 || !TEST_int_eq(SSL_get_error(serverssl, -1),
472 SSL_ERROR_WANT_CLIENT_HELLO_CB)
710756a9
RS		 473 || !TEST_true(create_ssl_connection(serverssl, clientssl,
474 SSL_ERROR_NONE)))
2afaee51 475 goto end;
2afaee51
BK		 476
477 testresult = 1;
478
479end:
480 SSL_free(serverssl);
481 SSL_free(clientssl);
482 SSL_CTX_free(sctx);
483 SSL_CTX_free(cctx);
484
485 return testresult;
486}
e9ee6536 487#endif
2afaee51 488
84d5549e 489static int execute_test_large_message(const SSL_METHOD *smeth,
7856332e 490 const SSL_METHOD *cmeth, int read_ahead)
84d5549e
MC		 491{
492 SSL_CTX *cctx = NULL, *sctx = NULL;
493 SSL *clientssl = NULL, *serverssl = NULL;
494 int testresult = 0;
495 int i;
710756a9 496 BIO *certbio = NULL;
84d5549e
MC		 497 X509 *chaincert = NULL;
498 int certlen;
499
710756a9 500 if (!TEST_ptr(certbio = BIO_new_file(cert, "r")))
84d5549e 501 goto end;
84d5549e 502 chaincert = PEM_read_bio_X509(certbio, NULL, NULL, NULL);
fa454945
MC		 503 BIO_free(certbio);
504 certbio = NULL;
710756a9 505 if (!TEST_ptr(chaincert))
fa454945 506 goto end;
84d5549e 507
710756a9
RS		 508 if (!TEST_true(create_ssl_ctx_pair(smeth, cmeth, &sctx,
509 &cctx, cert, privkey)))
84d5549e 510 goto end;
84d5549e 511
710756a9 512 if (read_ahead) {
7856332e
MC		 513 /*
514 * Test that read_ahead works correctly when dealing with large
515 * records
516 */
517 SSL_CTX_set_read_ahead(cctx, 1);
518 }
519
84d5549e
MC		 520 /*
521 * We assume the supplied certificate is big enough so that if we add
522 * NUM_EXTRA_CERTS it will make the overall message large enough. The
523 * default buffer size is requested to be 16k, but due to the way BUF_MEM
710756a9
RS		 524 * works, it ends up allocating a little over 21k (16 * 4/3). So, in this
525 * test we need to have a message larger than that.
84d5549e
MC		 526 */
527 certlen = i2d_X509(chaincert, NULL);
710756a9
RS		 528 OPENSSL_assert(certlen * NUM_EXTRA_CERTS >
529 (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3);
84d5549e 530 for (i = 0; i < NUM_EXTRA_CERTS; i++) {
710756a9 531 if (!X509_up_ref(chaincert))
84d5549e 532 goto end;
84d5549e 533 if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) {
84d5549e
MC		 534 X509_free(chaincert);
535 goto end;
536 }
537 }
538
710756a9
RS		 539 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
540 NULL, NULL))
541 || !TEST_true(create_ssl_connection(serverssl, clientssl,
542 SSL_ERROR_NONE)))
84d5549e 543 goto end;
84d5549e 544
4bf08600
MC		 545 /*
546 * Calling SSL_clear() first is not required but this tests that SSL_clear()
547 * doesn't leak (when using enable-crypto-mdebug).
548 */
710756a9 549 if (!TEST_true(SSL_clear(serverssl)))
4bf08600 550 goto end;
84d5549e 551
4bf08600 552 testresult = 1;
84d5549e
MC		 553 end:
554 X509_free(chaincert);
555 SSL_free(serverssl);
556 SSL_free(clientssl);
557 SSL_CTX_free(sctx);
558 SSL_CTX_free(cctx);
559
560 return testresult;
561}
562
563static int test_large_message_tls(void)
564{
7856332e
MC		 565 return execute_test_large_message(TLS_server_method(), TLS_client_method(),
566 0);
567}
568
569static int test_large_message_tls_read_ahead(void)
570{
571 return execute_test_large_message(TLS_server_method(), TLS_client_method(),
572 1);
84d5549e
MC		 573}
574
55386bef 575#ifndef OPENSSL_NO_DTLS
84d5549e
MC		 576static int test_large_message_dtls(void)
577{
7856332e
MC		 578 /*
579 * read_ahead is not relevant to DTLS because DTLS always acts as if
580 * read_ahead is set.
581 */
84d5549e 582 return execute_test_large_message(DTLS_server_method(),
7856332e 583 DTLS_client_method(), 0);
84d5549e 584}
55386bef 585#endif
84d5549e 586
8f8c11d8 587#ifndef OPENSSL_NO_OCSP
ba881d3b
MC		 588static int ocsp_server_cb(SSL *s, void *arg)
589{
590 int *argi = (int *)arg;
710756a9 591 unsigned char *copy = NULL;
ba881d3b
MC		 592 STACK_OF(OCSP_RESPID) *ids = NULL;
593 OCSP_RESPID *id = NULL;
594
595 if (*argi == 2) {
596 /* In this test we are expecting exactly 1 OCSP_RESPID */
597 SSL_get_tlsext_status_ids(s, &ids);
598 if (ids == NULL || sk_OCSP_RESPID_num(ids) != 1)
599 return SSL_TLSEXT_ERR_ALERT_FATAL;
600
601 id = sk_OCSP_RESPID_value(ids, 0);
602 if (id == NULL || !OCSP_RESPID_match(id, ocspcert))
603 return SSL_TLSEXT_ERR_ALERT_FATAL;
604 } else if (*argi != 1) {
605 return SSL_TLSEXT_ERR_ALERT_FATAL;
606 }
607
710756a9 608 if (!TEST_ptr(copy = OPENSSL_memdup(orespder, sizeof(orespder))))
ba881d3b
MC		 609 return SSL_TLSEXT_ERR_ALERT_FATAL;
610
710756a9 611 SSL_set_tlsext_status_ocsp_resp(s, copy, sizeof(orespder));
ba881d3b 612 ocsp_server_called = 1;
ba881d3b
MC		 613 return SSL_TLSEXT_ERR_OK;
614}
615
616static int ocsp_client_cb(SSL *s, void *arg)
617{
618 int *argi = (int *)arg;
619 const unsigned char *respderin;
620 size_t len;
621
622 if (*argi != 1 && *argi != 2)
623 return 0;
624
625 len = SSL_get_tlsext_status_ocsp_resp(s, &respderin);
710756a9 626 if (!TEST_mem_eq(orespder, len, respderin, len))
ba881d3b
MC		 627 return 0;
628
629 ocsp_client_called = 1;
ba881d3b
MC		 630 return 1;
631}
632
2cb4b5f6
MC		 633static int test_tlsext_status_type(void)
634{
ba881d3b
MC		 635 SSL_CTX *cctx = NULL, *sctx = NULL;
636 SSL *clientssl = NULL, *serverssl = NULL;
2cb4b5f6 637 int testresult = 0;
ba881d3b
MC		 638 STACK_OF(OCSP_RESPID) *ids = NULL;
639 OCSP_RESPID *id = NULL;
640 BIO *certbio = NULL;
2cb4b5f6 641
ba881d3b 642 if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx,
710756a9 643 &cctx, cert, privkey))
ba881d3b 644 return 0;
2cb4b5f6 645
710756a9 646 if (SSL_CTX_get_tlsext_status_type(cctx) != -1)
2cb4b5f6 647 goto end;
2cb4b5f6 648
ba881d3b 649 /* First just do various checks getting and setting tlsext_status_type */
2cb4b5f6 650
ba881d3b 651 clientssl = SSL_new(cctx);
710756a9
RS		 652 if (!TEST_int_eq(SSL_get_tlsext_status_type(clientssl), -1)
653 || !TEST_true(SSL_set_tlsext_status_type(clientssl,
654 TLSEXT_STATUSTYPE_ocsp))
655 || !TEST_int_eq(SSL_get_tlsext_status_type(clientssl),
656 TLSEXT_STATUSTYPE_ocsp))
2cb4b5f6 657 goto end;
2cb4b5f6 658
ba881d3b
MC		 659 SSL_free(clientssl);
660 clientssl = NULL;
2cb4b5f6 661
710756a9
RS		 662 if (!SSL_CTX_set_tlsext_status_type(cctx, TLSEXT_STATUSTYPE_ocsp)
663 || SSL_CTX_get_tlsext_status_type(cctx) != TLSEXT_STATUSTYPE_ocsp)
2cb4b5f6 664 goto end;
2cb4b5f6 665
ba881d3b 666 clientssl = SSL_new(cctx);
710756a9 667 if (SSL_get_tlsext_status_type(clientssl) != TLSEXT_STATUSTYPE_ocsp)
2cb4b5f6 668 goto end;
ba881d3b
MC		 669 SSL_free(clientssl);
670 clientssl = NULL;
671
672 /*
673 * Now actually do a handshake and check OCSP information is exchanged and
674 * the callbacks get called
675 */
ba881d3b
MC		 676 SSL_CTX_set_tlsext_status_cb(cctx, ocsp_client_cb);
677 SSL_CTX_set_tlsext_status_arg(cctx, &cdummyarg);
678 SSL_CTX_set_tlsext_status_cb(sctx, ocsp_server_cb);
679 SSL_CTX_set_tlsext_status_arg(sctx, &cdummyarg);
710756a9
RS		 680 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
681 &clientssl, NULL, NULL))
682 || !TEST_true(create_ssl_connection(serverssl, clientssl,
683 SSL_ERROR_NONE))
684 || !TEST_true(ocsp_client_called)
685 || !TEST_true(ocsp_server_called))
ba881d3b 686 goto end;
ba881d3b
MC		 687 SSL_free(serverssl);
688 SSL_free(clientssl);
689 serverssl = NULL;
690 clientssl = NULL;
691
692 /* Try again but this time force the server side callback to fail */
693 ocsp_client_called = 0;
694 ocsp_server_called = 0;
695 cdummyarg = 0;
710756a9
RS		 696 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
697 &clientssl, NULL, NULL))
698 /* This should fail because the callback will fail */
699 || !TEST_false(create_ssl_connection(serverssl, clientssl,
700 SSL_ERROR_NONE))
701 || !TEST_false(ocsp_client_called)
702 || !TEST_false(ocsp_server_called))
ba881d3b 703 goto end;
ba881d3b
MC		 704 SSL_free(serverssl);
705 SSL_free(clientssl);
706 serverssl = NULL;
707 clientssl = NULL;
708
709 /*
710 * This time we'll get the client to send an OCSP_RESPID that it will
711 * accept.
712 */
713 ocsp_client_called = 0;
714 ocsp_server_called = 0;
715 cdummyarg = 2;
710756a9
RS		 716 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
717 &clientssl, NULL, NULL)))
ba881d3b 718 goto end;
ba881d3b
MC		 719
720 /*
721 * We'll just use any old cert for this test - it doesn't have to be an OCSP
69687aa8 722 * specific one. We'll use the server cert.
ba881d3b 723 */
710756a9
RS		 724 if (!TEST_ptr(certbio = BIO_new_file(cert, "r"))
725 || !TEST_ptr(id = OCSP_RESPID_new())
726 || !TEST_ptr(ids = sk_OCSP_RESPID_new_null())
727 || !TEST_ptr(ocspcert = PEM_read_bio_X509(certbio,
728 NULL, NULL, NULL))
729 || !TEST_true(OCSP_RESPID_set_by_key(id, ocspcert))
730 || !TEST_true(sk_OCSP_RESPID_push(ids, id)))
ba881d3b 731 goto end;
ba881d3b
MC		 732 id = NULL;
733 SSL_set_tlsext_status_ids(clientssl, ids);
734 /* Control has been transferred */
735 ids = NULL;
736
737 BIO_free(certbio);
738 certbio = NULL;
739
710756a9
RS		 740 if (!TEST_true(create_ssl_connection(serverssl, clientssl,
741 SSL_ERROR_NONE))
742 || !TEST_true(ocsp_client_called)
743 || !TEST_true(ocsp_server_called))
ba881d3b 744 goto end;
ba881d3b 745
2cb4b5f6
MC		 746 testresult = 1;
747
748 end:
ba881d3b
MC		 749 SSL_free(serverssl);
750 SSL_free(clientssl);
751 SSL_CTX_free(sctx);
752 SSL_CTX_free(cctx);
753 sk_OCSP_RESPID_pop_free(ids, OCSP_RESPID_free);
754 OCSP_RESPID_free(id);
755 BIO_free(certbio);
756 X509_free(ocspcert);
757 ocspcert = NULL;
2cb4b5f6
MC		 758
759 return testresult;
760}
8f8c11d8 761#endif
2cb4b5f6 762
bf208d95 763#if !defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)
0afca811 764static int new_called, remove_called, get_called;
eaa776da 765
eaa776da
MC		 766static int new_session_cb(SSL *ssl, SSL_SESSION *sess)
767{
768 new_called++;
c0537ebd
MC		 769 /*
770 * sess has been up-refed for us, but we don't actually need it so free it
771 * immediately.
772 */
773 SSL_SESSION_free(sess);
eaa776da
MC		 774 return 1;
775}
776
777static void remove_session_cb(SSL_CTX *ctx, SSL_SESSION *sess)
778{
779 remove_called++;
780}
781
7a301f08
MC		 782static SSL_SESSION *get_sess_val = NULL;
783
784static SSL_SESSION *get_session_cb(SSL *ssl, const unsigned char *id, int len,
785 int *copy)
786{
0afca811 787 get_called++;
7a301f08
MC		 788 *copy = 1;
789 return get_sess_val;
790}
791
7a301f08
MC		 792static int execute_test_session(int maxprot, int use_int_cache,
793 int use_ext_cache)
2cb4b5f6
MC		 794{
795 SSL_CTX *sctx = NULL, *cctx = NULL;
796 SSL *serverssl1 = NULL, *clientssl1 = NULL;
797 SSL *serverssl2 = NULL, *clientssl2 = NULL;
bf208d95 798# ifndef OPENSSL_NO_TLS1_1
eaa776da 799 SSL *serverssl3 = NULL, *clientssl3 = NULL;
bf208d95 800# endif
2cb4b5f6
MC		 801 SSL_SESSION *sess1 = NULL, *sess2 = NULL;
802 int testresult = 0;
803
7e885b7b
P		 804 new_called = remove_called = 0;
805
710756a9
RS		 806 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
807 TLS_client_method(), &sctx,
808 &cctx, cert, privkey)))
2cb4b5f6 809 return 0;
2cb4b5f6 810
7a301f08
MC		 811 /*
812 * Only allow the max protocol version so we can force a connection failure
813 * later
814 */
815 SSL_CTX_set_min_proto_version(cctx, maxprot);
816 SSL_CTX_set_max_proto_version(cctx, maxprot);
eaa776da
MC		 817
818 /* Set up session cache */
7e885b7b 819 if (use_ext_cache) {
eaa776da
MC		 820 SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
821 SSL_CTX_sess_set_remove_cb(cctx, remove_session_cb);
822 }
7e885b7b 823 if (use_int_cache) {
eaa776da
MC		 824 /* Also covers instance where both are set */
825 SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT);
826 } else {
827 SSL_CTX_set_session_cache_mode(cctx,
828 SSL_SESS_CACHE_CLIENT
829 | SSL_SESS_CACHE_NO_INTERNAL_STORE);
830 }
2cb4b5f6 831
710756a9
RS		 832 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
833 NULL, NULL))
834 || !TEST_true(create_ssl_connection(serverssl1, clientssl1,
835 SSL_ERROR_NONE))
836 || !TEST_ptr(sess1 = SSL_get1_session(clientssl1)))
2cb4b5f6 837 goto end;
2cb4b5f6 838
710756a9 839 /* Should fail because it should already be in the cache */
7e885b7b 840 if (use_int_cache && !TEST_false(SSL_CTX_add_session(cctx, sess1)))
eaa776da 841 goto end;
7a301f08
MC		 842 if (use_ext_cache
843 && (!TEST_int_eq(new_called, 1) || !TEST_int_eq(remove_called, 0)))
b4982125 844 goto end;
b4982125 845
c0537ebd
MC		 846 new_called = remove_called = 0;
847 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
848 &clientssl2, NULL, NULL))
849 || !TEST_true(SSL_set_session(clientssl2, sess1))
850 || !TEST_true(create_ssl_connection(serverssl2, clientssl2,
851 SSL_ERROR_NONE))
852 || !TEST_true(SSL_session_reused(clientssl2)))
853 goto end;
854
7a301f08
MC		 855 if (maxprot == TLS1_3_VERSION) {
856 /*
857 * In TLSv1.3 we should have created a new session even though we have
858 * resumed. The original session should also have been removed.
859 */
860 if (use_ext_cache
861 && (!TEST_int_eq(new_called, 1)
862 || !TEST_int_eq(remove_called, 1)))
863 goto end;
864 } else {
865 /*
866 * In TLSv1.2 we expect to have resumed so no sessions added or
867 * removed.
868 */
869 if (use_ext_cache
870 && (!TEST_int_eq(new_called, 0)
871 || !TEST_int_eq(remove_called, 0)))
872 goto end;
873 }
c0537ebd
MC		 874
875 SSL_SESSION_free(sess1);
876 if (!TEST_ptr(sess1 = SSL_get1_session(clientssl2)))
877 goto end;
878 shutdown_ssl_connection(serverssl2, clientssl2);
879 serverssl2 = clientssl2 = NULL;
c0537ebd
MC		 880
881 new_called = remove_called = 0;
710756a9
RS		 882 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
883 &clientssl2, NULL, NULL))
884 || !TEST_true(create_ssl_connection(serverssl2, clientssl2,
885 SSL_ERROR_NONE)))
2cb4b5f6 886 goto end;
2cb4b5f6 887
710756a9 888 if (!TEST_ptr(sess2 = SSL_get1_session(clientssl2)))
2cb4b5f6 889 goto end;
2cb4b5f6 890
7a301f08
MC		 891 if (use_ext_cache
892 && (!TEST_int_eq(new_called, 1) || !TEST_int_eq(remove_called, 0)))
eaa776da 893 goto end;
eaa776da 894
c0537ebd 895 new_called = remove_called = 0;
2cb4b5f6 896 /*
710756a9
RS		 897 * This should clear sess2 from the cache because it is a "bad" session.
898 * See SSL_set_session() documentation.
2cb4b5f6 899 */
710756a9 900 if (!TEST_true(SSL_set_session(clientssl2, sess1)))
2cb4b5f6 901 goto end;
7a301f08
MC		 902 if (use_ext_cache
903 && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1)))
eaa776da 904 goto end;
710756a9 905 if (!TEST_ptr_eq(SSL_get_session(clientssl2), sess1))
2cb4b5f6 906 goto end;
2cb4b5f6 907
7e885b7b 908 if (use_int_cache) {
710756a9
RS		 909 /* Should succeeded because it should not already be in the cache */
910 if (!TEST_true(SSL_CTX_add_session(cctx, sess2))
911 || !TEST_true(SSL_CTX_remove_session(cctx, sess2)))
eaa776da 912 goto end;
eaa776da
MC		 913 }
914
c0537ebd 915 new_called = remove_called = 0;
eaa776da 916 /* This shouldn't be in the cache so should fail */
710756a9 917 if (!TEST_false(SSL_CTX_remove_session(cctx, sess2)))
2cb4b5f6 918 goto end;
2cb4b5f6 919
7a301f08
MC		 920 if (use_ext_cache
921 && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1)))
2cb4b5f6 922 goto end;
2cb4b5f6 923
bf208d95 924# if !defined(OPENSSL_NO_TLS1_1)
c0537ebd 925 new_called = remove_called = 0;
eaa776da
MC		 926 /* Force a connection failure */
927 SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION);
710756a9
RS		 928 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl3,
929 &clientssl3, NULL, NULL))
930 || !TEST_true(SSL_set_session(clientssl3, sess1))
c0537ebd 931 /* This should fail because of the mismatched protocol versions */
710756a9
RS		 932 || !TEST_false(create_ssl_connection(serverssl3, clientssl3,
933 SSL_ERROR_NONE)))
eaa776da 934 goto end;
b4982125 935
eaa776da 936 /* We should have automatically removed the session from the cache */
7a301f08
MC		 937 if (use_ext_cache
938 && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1)))
2cb4b5f6 939 goto end;
2cb4b5f6 940
710756a9 941 /* Should succeed because it should not already be in the cache */
7e885b7b 942 if (use_int_cache && !TEST_true(SSL_CTX_add_session(cctx, sess2)))
eaa776da 943 goto end;
bf208d95 944# endif
eaa776da 945
7a301f08
MC		 946 /* Now do some tests for server side caching */
947 if (use_ext_cache) {
948 SSL_CTX_sess_set_new_cb(cctx, NULL);
949 SSL_CTX_sess_set_remove_cb(cctx, NULL);
950 SSL_CTX_sess_set_new_cb(sctx, new_session_cb);
951 SSL_CTX_sess_set_remove_cb(sctx, remove_session_cb);
952 SSL_CTX_sess_set_get_cb(sctx, get_session_cb);
953 get_sess_val = NULL;
954 }
955
956 SSL_CTX_set_session_cache_mode(cctx, 0);
957 /* Internal caching is the default on the server side */
958 if (!use_int_cache)
959 SSL_CTX_set_session_cache_mode(sctx,
960 SSL_SESS_CACHE_SERVER
961 | SSL_SESS_CACHE_NO_INTERNAL_STORE);
962
963 SSL_free(serverssl1);
964 SSL_free(clientssl1);
965 serverssl1 = clientssl1 = NULL;
966 SSL_free(serverssl2);
967 SSL_free(clientssl2);
968 serverssl2 = clientssl2 = NULL;
969 SSL_SESSION_free(sess1);
970 sess1 = NULL;
971 SSL_SESSION_free(sess2);
972 sess2 = NULL;
973
974 SSL_CTX_set_max_proto_version(sctx, maxprot);
975 SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET);
0afca811 976 new_called = remove_called = get_called = 0;
7a301f08
MC		 977 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
978 NULL, NULL))
979 || !TEST_true(create_ssl_connection(serverssl1, clientssl1,
980 SSL_ERROR_NONE))
981 || !TEST_ptr(sess1 = SSL_get1_session(clientssl1))
982 || !TEST_ptr(sess2 = SSL_get1_session(serverssl1)))
983 goto end;
984
985 /* Should fail because it should already be in the cache */
986 if (use_int_cache && !TEST_false(SSL_CTX_add_session(sctx, sess2)))
987 goto end;
988
989 if (use_ext_cache) {
990 SSL_SESSION *tmp = sess2;
991
0afca811
KY		 992 if (!TEST_int_eq(new_called, 1)
993 || !TEST_int_eq(remove_called, 0)
994 || !TEST_int_eq(get_called, 0))
7a301f08
MC		 995 goto end;
996 /*
997 * Delete the session from the internal cache to force a lookup from
998 * the external cache. We take a copy first because
999 * SSL_CTX_remove_session() also marks the session as non-resumable.
1000 */
3cb6a4d6
BK		 1001 if (use_int_cache) {
1002 if (!TEST_ptr(tmp = SSL_SESSION_dup(sess2))
1003 || !TEST_true(SSL_CTX_remove_session(sctx, sess2)))
1004 goto end;
1005 SSL_SESSION_free(sess2);
1006 }
7a301f08
MC		 1007 sess2 = tmp;
1008 }
1009
0afca811 1010 new_called = remove_called = get_called = 0;
7a301f08
MC		 1011 get_sess_val = sess2;
1012 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
1013 &clientssl2, NULL, NULL))
1014 || !TEST_true(SSL_set_session(clientssl2, sess1))
1015 || !TEST_true(create_ssl_connection(serverssl2, clientssl2,
1016 SSL_ERROR_NONE))
1017 || !TEST_true(SSL_session_reused(clientssl2)))
1018 goto end;
1019
0afca811
KY		 1020 if (use_ext_cache) {
1021 if (!TEST_int_eq(new_called, 0)
1022 || !TEST_int_eq(remove_called, 0))
1023 goto end;
1024
1025 if (maxprot == TLS1_3_VERSION) {
1026 if (!TEST_int_eq(get_called, 0))
1027 goto end;
1028 } else {
1029 if (!TEST_int_eq(get_called, 1))
1030 goto end;
1031 }
1032 }
7a301f08 1033
2cb4b5f6 1034 testresult = 1;
eaa776da 1035
2cb4b5f6
MC		 1036 end:
1037 SSL_free(serverssl1);
1038 SSL_free(clientssl1);
1039 SSL_free(serverssl2);
1040 SSL_free(clientssl2);
bf208d95 1041# ifndef OPENSSL_NO_TLS1_1
eaa776da
MC		 1042 SSL_free(serverssl3);
1043 SSL_free(clientssl3);
bf208d95 1044# endif
2cb4b5f6
MC		 1045 SSL_SESSION_free(sess1);
1046 SSL_SESSION_free(sess2);
1047 SSL_CTX_free(sctx);
1048 SSL_CTX_free(cctx);
1049
1050 return testresult;
1051}
bf208d95 1052#endif /* !defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) */
2cb4b5f6 1053
7fb4c820
MC		 1054static int test_session_with_only_int_cache(void)
1055{
7a301f08
MC		 1056#ifndef OPENSSL_NO_TLS1_3
1057 if (!execute_test_session(TLS1_3_VERSION, 1, 0))
1058 return 0;
1059#endif
1060
1061#ifndef OPENSSL_NO_TLS1_2
1062 return execute_test_session(TLS1_2_VERSION, 1, 0);
1063#else
1064 return 1;
1065#endif
eaa776da
MC		 1066}
1067
7fb4c820
MC		 1068static int test_session_with_only_ext_cache(void)
1069{
7a301f08
MC		 1070#ifndef OPENSSL_NO_TLS1_3
1071 if (!execute_test_session(TLS1_3_VERSION, 0, 1))
1072 return 0;
1073#endif
1074
1075#ifndef OPENSSL_NO_TLS1_2
1076 return execute_test_session(TLS1_2_VERSION, 0, 1);
1077#else
1078 return 1;
1079#endif
eaa776da
MC		 1080}
1081
7fb4c820
MC		 1082static int test_session_with_both_cache(void)
1083{
7a301f08
MC		 1084#ifndef OPENSSL_NO_TLS1_3
1085 if (!execute_test_session(TLS1_3_VERSION, 1, 1))
1086 return 0;
1087#endif
1088
1089#ifndef OPENSSL_NO_TLS1_2
1090 return execute_test_session(TLS1_2_VERSION, 1, 1);
1091#else
1092 return 1;
1093#endif
eaa776da
MC		 1094}
1095
7fb4c820
MC		 1096#define USE_NULL 0
1097#define USE_BIO_1 1
1098#define USE_BIO_2 2
1099
1100#define TOTAL_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3)
1101
1102static void setupbio(BIO **res, BIO *bio1, BIO *bio2, int type)
1103{
1104 switch (type) {
1105 case USE_NULL:
1106 *res = NULL;
1107 break;
1108 case USE_BIO_1:
1109 *res = bio1;
1110 break;
1111 case USE_BIO_2:
1112 *res = bio2;
1113 break;
1114 }
1115}
1116
1117static int test_ssl_set_bio(int idx)
1118{
710756a9 1119 SSL_CTX *ctx;
7fb4c820
MC		 1120 BIO *bio1 = NULL;
1121 BIO *bio2 = NULL;
0fae8150 1122 BIO *irbio = NULL, *iwbio = NULL, *nrbio = NULL, *nwbio = NULL;
7fb4c820
MC		 1123 SSL *ssl = NULL;
1124 int initrbio, initwbio, newrbio, newwbio;
1125 int testresult = 0;
1126
7fb4c820
MC		 1127 initrbio = idx % 3;
1128 idx /= 3;
1129 initwbio = idx % 3;
1130 idx /= 3;
1131 newrbio = idx % 3;
1132 idx /= 3;
1133 newwbio = idx;
710756a9
RS		 1134 if (!TEST_int_le(newwbio, 2))
1135 return 0;
1136
1137 if (!TEST_ptr(ctx = SSL_CTX_new(TLS_method()))
1138 || !TEST_ptr(ssl = SSL_new(ctx)))
1139 goto end;
7fb4c820 1140
710756a9
RS		 1141 if (initrbio == USE_BIO_1
1142 || initwbio == USE_BIO_1
1143 || newrbio == USE_BIO_1
7fb4c820 1144 || newwbio == USE_BIO_1) {
710756a9 1145 if (!TEST_ptr(bio1 = BIO_new(BIO_s_mem())))
7fb4c820 1146 goto end;
7fb4c820
MC		 1147 }
1148
710756a9
RS		 1149 if (initrbio == USE_BIO_2
1150 || initwbio == USE_BIO_2
1151 || newrbio == USE_BIO_2
7fb4c820 1152 || newwbio == USE_BIO_2) {
710756a9 1153 if (!TEST_ptr(bio2 = BIO_new(BIO_s_mem())))
7fb4c820 1154 goto end;
7fb4c820
MC		 1155 }
1156
1157 setupbio(&irbio, bio1, bio2, initrbio);
1158 setupbio(&iwbio, bio1, bio2, initwbio);
1159
1160 /*
1161 * We want to maintain our own refs to these BIO, so do an up ref for each
69687aa8 1162 * BIO that will have ownership transferred in the SSL_set_bio() call
7fb4c820
MC		 1163 */
1164 if (irbio != NULL)
1165 BIO_up_ref(irbio);
1166 if (iwbio != NULL && iwbio != irbio)
1167 BIO_up_ref(iwbio);
1168
1169 SSL_set_bio(ssl, irbio, iwbio);
1170
1171 setupbio(&nrbio, bio1, bio2, newrbio);
1172 setupbio(&nwbio, bio1, bio2, newwbio);
1173
1174 /*
1175 * We will (maybe) transfer ownership again so do more up refs.
1176 * SSL_set_bio() has some really complicated ownership rules where BIOs have
1177 * already been set!
1178 */
710756a9
RS		 1179 if (nrbio != NULL
1180 && nrbio != irbio
1181 && (nwbio != iwbio || nrbio != nwbio))
7fb4c820 1182 BIO_up_ref(nrbio);
710756a9
RS		 1183 if (nwbio != NULL
1184 && nwbio != nrbio
1185 && (nwbio != iwbio || (nwbio == iwbio && irbio == iwbio)))
7fb4c820
MC		 1186 BIO_up_ref(nwbio);
1187
1188 SSL_set_bio(ssl, nrbio, nwbio);
1189
1190 testresult = 1;
1191
1192 end:
1193 SSL_free(ssl);
1194 BIO_free(bio1);
1195 BIO_free(bio2);
710756a9 1196
7fb4c820
MC		 1197 /*
1198 * This test is checking that the ref counting for SSL_set_bio is correct.
1199 * If we get here and we did too many frees then we will fail in the above
1200 * functions. If we haven't done enough then this will only be detected in
1201 * a crypto-mdebug build
1202 */
1203 SSL_CTX_free(ctx);
7fb4c820
MC		 1204 return testresult;
1205}
1206
7e885b7b 1207typedef enum { NO_BIO_CHANGE, CHANGE_RBIO, CHANGE_WBIO } bio_change_t;
9a716987 1208
7e885b7b 1209static int execute_test_ssl_bio(int pop_ssl, bio_change_t change_bio)
9a716987
MC		 1210{
1211 BIO *sslbio = NULL, *membio1 = NULL, *membio2 = NULL;
710756a9 1212 SSL_CTX *ctx;
9a716987
MC		 1213 SSL *ssl = NULL;
1214 int testresult = 0;
1215
710756a9
RS		 1216 if (!TEST_ptr(ctx = SSL_CTX_new(TLS_method()))
1217 || !TEST_ptr(ssl = SSL_new(ctx))
1218 || !TEST_ptr(sslbio = BIO_new(BIO_f_ssl()))
1219 || !TEST_ptr(membio1 = BIO_new(BIO_s_mem())))
9a716987 1220 goto end;
9a716987
MC		 1221
1222 BIO_set_ssl(sslbio, ssl, BIO_CLOSE);
1223
1224 /*
1225 * If anything goes wrong here then we could leak memory, so this will
1226 * be caught in a crypto-mdebug build
1227 */
1228 BIO_push(sslbio, membio1);
1229
69687aa8 1230 /* Verify changing the rbio/wbio directly does not cause leaks */
7e885b7b 1231 if (change_bio != NO_BIO_CHANGE) {
710756a9 1232 if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem())))
9a716987 1233 goto end;
7e885b7b 1234 if (change_bio == CHANGE_RBIO)
65e2d672 1235 SSL_set0_rbio(ssl, membio2);
9a716987 1236 else
65e2d672 1237 SSL_set0_wbio(ssl, membio2);
9a716987
MC		 1238 }
1239 ssl = NULL;
1240
7e885b7b 1241 if (pop_ssl)
9a716987
MC		 1242 BIO_pop(sslbio);
1243 else
1244 BIO_pop(membio1);
1245
1246 testresult = 1;
1247 end:
1248 BIO_free(membio1);
1249 BIO_free(sslbio);
1250 SSL_free(ssl);
1251 SSL_CTX_free(ctx);
1252
1253 return testresult;
1254}
1255
1256static int test_ssl_bio_pop_next_bio(void)
1257{
7e885b7b 1258 return execute_test_ssl_bio(0, NO_BIO_CHANGE);
9a716987
MC		 1259}
1260
1261static int test_ssl_bio_pop_ssl_bio(void)
1262{
7e885b7b 1263 return execute_test_ssl_bio(1, NO_BIO_CHANGE);
9a716987
MC		 1264}
1265
1266static int test_ssl_bio_change_rbio(void)
1267{
7e885b7b 1268 return execute_test_ssl_bio(0, CHANGE_RBIO);
9a716987
MC		 1269}
1270
1271static int test_ssl_bio_change_wbio(void)
1272{
7e885b7b 1273 return execute_test_ssl_bio(0, CHANGE_WBIO);
9a716987
MC		 1274}
1275
f1b25aae
MC		 1276typedef struct {
1277 /* The list of sig algs */
1278 const int *list;
1279 /* The length of the list */
1280 size_t listlen;
1281 /* A sigalgs list in string format */
1282 const char *liststr;
1283 /* Whether setting the list should succeed */
1284 int valid;
1285 /* Whether creating a connection with the list should succeed */
1286 int connsuccess;
1287} sigalgs_list;
1288
1289static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA};
5eeb6c6e 1290#ifndef OPENSSL_NO_EC
f1b25aae
MC		 1291static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC};
1292static const int validlist3[] = {NID_sha512, EVP_PKEY_EC};
5eeb6c6e 1293#endif
f1b25aae
MC		 1294static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA};
1295static const int invalidlist2[] = {NID_sha256, NID_undef};
1296static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256};
1297static const int invalidlist4[] = {NID_sha256};
1298static const sigalgs_list testsigalgs[] = {
1299 {validlist1, OSSL_NELEM(validlist1), NULL, 1, 1},
5eeb6c6e 1300#ifndef OPENSSL_NO_EC
f1b25aae
MC		 1301 {validlist2, OSSL_NELEM(validlist2), NULL, 1, 1},
1302 {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0},
5eeb6c6e 1303#endif
f1b25aae 1304 {NULL, 0, "RSA+SHA256", 1, 1},
5eeb6c6e 1305#ifndef OPENSSL_NO_EC
f1b25aae
MC		 1306 {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
1307 {NULL, 0, "ECDSA+SHA512", 1, 0},
5eeb6c6e 1308#endif
f1b25aae
MC		 1309 {invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0},
1310 {invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0},
1311 {invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0},
1312 {invalidlist4, OSSL_NELEM(invalidlist4), NULL, 0, 0},
1313 {NULL, 0, "RSA", 0, 0},
1314 {NULL, 0, "SHA256", 0, 0},
1315 {NULL, 0, "RSA+SHA256:SHA256", 0, 0},
710756a9
RS		 1316 {NULL, 0, "Invalid", 0, 0}
1317};
f1b25aae
MC		 1318
1319static int test_set_sigalgs(int idx)
1320{
1321 SSL_CTX *cctx = NULL, *sctx = NULL;
1322 SSL *clientssl = NULL, *serverssl = NULL;
1323 int testresult = 0;
1324 const sigalgs_list *curr;
1325 int testctx;
1326
1327 /* Should never happen */
710756a9 1328 if (!TEST_size_t_le((size_t)idx, OSSL_NELEM(testsigalgs) * 2))
f1b25aae
MC		 1329 return 0;
1330
1331 testctx = ((size_t)idx < OSSL_NELEM(testsigalgs));
1332 curr = testctx ? &testsigalgs[idx]
1333 : &testsigalgs[idx - OSSL_NELEM(testsigalgs)];
1334
710756a9
RS		 1335 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1336 TLS_client_method(), &sctx,
1337 &cctx, cert, privkey)))
f1b25aae 1338 return 0;
f1b25aae 1339
d2e491f2
MC		 1340 /*
1341 * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test it
1342 * for TLSv1.2 for now until we add a new API.
1343 */
1344 SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
1345
f1b25aae
MC		 1346 if (testctx) {
1347 int ret;
710756a9 1348
f1b25aae
MC		 1349 if (curr->list != NULL)
1350 ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen);
1351 else
1352 ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr);
1353
1354 if (!ret) {
1355 if (curr->valid)
710756a9 1356 TEST_info("Failure setting sigalgs in SSL_CTX (%d)\n", idx);
f1b25aae
MC		 1357 else
1358 testresult = 1;
1359 goto end;
1360 }
1361 if (!curr->valid) {
710756a9 1362 TEST_info("Not-failed setting sigalgs in SSL_CTX (%d)\n", idx);
f1b25aae
MC		 1363 goto end;
1364 }
1365 }
1366
710756a9
RS		 1367 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1368 &clientssl, NULL, NULL)))
f1b25aae 1369 goto end;
f1b25aae
MC		 1370
1371 if (!testctx) {
1372 int ret;
1373
1374 if (curr->list != NULL)
1375 ret = SSL_set1_sigalgs(clientssl, curr->list, curr->listlen);
1376 else
1377 ret = SSL_set1_sigalgs_list(clientssl, curr->liststr);
1378 if (!ret) {
1379 if (curr->valid)
710756a9 1380 TEST_info("Failure setting sigalgs in SSL (%d)\n", idx);
f1b25aae
MC		 1381 else
1382 testresult = 1;
1383 goto end;
1384 }
710756a9 1385 if (!curr->valid)
f1b25aae 1386 goto end;
f1b25aae
MC		 1387 }
1388
710756a9
RS		 1389 if (!TEST_int_eq(create_ssl_connection(serverssl, clientssl,
1390 SSL_ERROR_NONE),
1391 curr->connsuccess))
f1b25aae 1392 goto end;
f1b25aae
MC		 1393
1394 testresult = 1;
1395
1396 end:
1397 SSL_free(serverssl);
1398 SSL_free(clientssl);
1399 SSL_CTX_free(sctx);
1400 SSL_CTX_free(cctx);
1401
1402 return testresult;
1403}
1404
fff202e5
MC		 1405#ifndef OPENSSL_NO_TLS1_3
1406
57dee9bb
MC		 1407static SSL_SESSION *clientpsk = NULL;
1408static SSL_SESSION *serverpsk = NULL;
02a3ed5a
MC		 1409static const char *pskid = "Identity";
1410static const char *srvid;
1411
1412static int use_session_cb_cnt = 0;
1413static int find_session_cb_cnt = 0;
1414
1415static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id,
1416 size_t *idlen, SSL_SESSION **sess)
1417{
1418 switch (++use_session_cb_cnt) {
1419 case 1:
1420 /* The first call should always have a NULL md */
1421 if (md != NULL)
1422 return 0;
1423 break;
1424
1425 case 2:
1426 /* The second call should always have an md */
1427 if (md == NULL)
1428 return 0;
1429 break;
1430
1431 default:
1432 /* We should only be called a maximum of twice */
1433 return 0;
1434 }
1435
57dee9bb
MC		 1436 if (clientpsk != NULL)
1437 SSL_SESSION_up_ref(clientpsk);
02a3ed5a 1438
57dee9bb 1439 *sess = clientpsk;
02a3ed5a
MC		 1440 *id = (const unsigned char *)pskid;
1441 *idlen = strlen(pskid);
1442
1443 return 1;
1444}
1445
1446static int find_session_cb(SSL *ssl, const unsigned char *identity,
1447 size_t identity_len, SSL_SESSION **sess)
1448{
1449 find_session_cb_cnt++;
1450
1451 /* We should only ever be called a maximum of twice per connection */
1452 if (find_session_cb_cnt > 2)
1453 return 0;
1454
57dee9bb 1455 if (serverpsk == NULL)
02a3ed5a
MC		 1456 return 0;
1457
1458 /* Identity should match that set by the client */
1459 if (strlen(srvid) != identity_len
1460 || strncmp(srvid, (const char *)identity, identity_len) != 0) {
1461 /* No PSK found, continue but without a PSK */
1462 *sess = NULL;
1463 return 1;
1464 }
1465
57dee9bb
MC		 1466 SSL_SESSION_up_ref(serverpsk);
1467 *sess = serverpsk;
02a3ed5a
MC		 1468
1469 return 1;
1470}
1471
5f982038
MC		 1472#define MSG1 "Hello"
1473#define MSG2 "World."
1474#define MSG3 "This"
1475#define MSG4 "is"
1476#define MSG5 "a"
90049cea
MC		 1477#define MSG6 "test"
1478#define MSG7 "message."
5f982038 1479
02a3ed5a
MC		 1480#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02")
1481
5f982038
MC		 1482/*
1483 * Helper method to setup objects for early data test. Caller frees objects on
1484 * error.
1485 */
1486static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl,
3cb47b4e 1487 SSL **serverssl, SSL_SESSION **sess, int idx)
5f982038 1488{
710756a9
RS		 1489 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1490 TLS_client_method(), sctx,
1491 cctx, cert, privkey)))
5f982038 1492 return 0;
5f982038 1493
02a3ed5a
MC		 1494 if (idx == 1) {
1495 /* When idx == 1 we repeat the tests with read_ahead set */
3cb47b4e
MC		 1496 SSL_CTX_set_read_ahead(*cctx, 1);
1497 SSL_CTX_set_read_ahead(*sctx, 1);
02a3ed5a
MC		 1498 } else if (idx == 2) {
1499 /* When idx == 2 we are doing early_data with a PSK. Set up callbacks */
1500 SSL_CTX_set_psk_use_session_callback(*cctx, use_session_cb);
1501 SSL_CTX_set_psk_find_session_callback(*sctx, find_session_cb);
1502 use_session_cb_cnt = 0;
1503 find_session_cb_cnt = 0;
1504 srvid = pskid;
3cb47b4e
MC		 1505 }
1506
710756a9 1507 if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl, clientssl,
02a3ed5a
MC		 1508 NULL, NULL)))
1509 return 0;
1510
141e4709
MC		 1511 /*
1512 * For one of the run throughs (doesn't matter which one), we'll try sending
1513 * some SNI data in the initial ClientHello. This will be ignored (because
1514 * there is no SNI cb set up by the server), so it should not impact
1515 * early_data.
1516 */
1517 if (idx == 1
1518 && !TEST_true(SSL_set_tlsext_host_name(*clientssl, "localhost")))
1519 return 0;
1520
02a3ed5a
MC		 1521 if (idx == 2) {
1522 /* Create the PSK */
1523 const SSL_CIPHER *cipher = NULL;
1524 const unsigned char key[] = {
1525 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
1526 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
1527 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
1528 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
1529 0x2c, 0x2d, 0x2e, 0x2f
1530 };
1531
1532 cipher = SSL_CIPHER_find(*clientssl, TLS13_AES_256_GCM_SHA384_BYTES);
57dee9bb
MC		 1533 clientpsk = SSL_SESSION_new();
1534 if (!TEST_ptr(clientpsk)
02a3ed5a 1535 || !TEST_ptr(cipher)
57dee9bb 1536 || !TEST_true(SSL_SESSION_set1_master_key(clientpsk, key,
02a3ed5a 1537 sizeof(key)))
57dee9bb 1538 || !TEST_true(SSL_SESSION_set_cipher(clientpsk, cipher))
02a3ed5a 1539 || !TEST_true(
57dee9bb 1540 SSL_SESSION_set_protocol_version(clientpsk,
02a3ed5a
MC		 1541 TLS1_3_VERSION))
1542 /*
1543 * We just choose an arbitrary value for max_early_data which
1544 * should be big enough for testing purposes.
1545 */
57dee9bb
MC		 1546 || !TEST_true(SSL_SESSION_set_max_early_data(clientpsk,
1547 0x100))
1548 || !TEST_true(SSL_SESSION_up_ref(clientpsk))) {
1549 SSL_SESSION_free(clientpsk);
1550 clientpsk = NULL;
02a3ed5a
MC		 1551 return 0;
1552 }
57dee9bb 1553 serverpsk = clientpsk;
02a3ed5a
MC		 1554
1555 if (sess != NULL)
57dee9bb 1556 *sess = clientpsk;
02a3ed5a
MC		 1557 return 1;
1558 }
1559
1560 if (sess == NULL)
1561 return 1;
1562
1563 if (!TEST_true(create_ssl_connection(*serverssl, *clientssl,
1564 SSL_ERROR_NONE)))
5f982038 1565 return 0;
5f982038
MC		 1566
1567 *sess = SSL_get1_session(*clientssl);
5f982038
MC		 1568 SSL_shutdown(*clientssl);
1569 SSL_shutdown(*serverssl);
5f982038
MC		 1570 SSL_free(*serverssl);
1571 SSL_free(*clientssl);
1572 *serverssl = *clientssl = NULL;
1573
710756a9
RS		 1574 if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl,
1575 clientssl, NULL, NULL))
1576 || !TEST_true(SSL_set_session(*clientssl, *sess)))
5f982038 1577 return 0;
5f982038
MC		 1578
1579 return 1;
1580}
1581
3cb47b4e 1582static int test_early_data_read_write(int idx)
5f982038
MC		 1583{
1584 SSL_CTX *cctx = NULL, *sctx = NULL;
1585 SSL *clientssl = NULL, *serverssl = NULL;
1586 int testresult = 0;
1587 SSL_SESSION *sess = NULL;
9b5c865d
MC		 1588 unsigned char buf[20], data[1024];
1589 size_t readbytes, written, eoedlen, rawread, rawwritten;
1590 BIO *rbio;
5f982038 1591
710756a9
RS		 1592 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
1593 &serverssl, &sess, idx)))
5f982038
MC		 1594 goto end;
1595
1596 /* Write and read some early data */
710756a9
RS		 1597 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1598 &written))
1599 || !TEST_size_t_eq(written, strlen(MSG1))
1600 || !TEST_int_eq(SSL_read_early_data(serverssl, buf,
1601 sizeof(buf), &readbytes),
1602 SSL_READ_EARLY_DATA_SUCCESS)
1603 || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
1604 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1605 SSL_EARLY_DATA_ACCEPTED))
5f982038 1606 goto end;
5f982038
MC		 1607
1608 /*
09f28874 1609 * Server should be able to write data, and client should be able to
5f982038
MC		 1610 * read it.
1611 */
710756a9
RS		 1612 if (!TEST_true(SSL_write_early_data(serverssl, MSG2, strlen(MSG2),
1613 &written))
1614 || !TEST_size_t_eq(written, strlen(MSG2))
1615 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1616 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 1617 goto end;
5f982038
MC		 1618
1619 /* Even after reading normal data, client should be able write early data */
710756a9
RS		 1620 if (!TEST_true(SSL_write_early_data(clientssl, MSG3, strlen(MSG3),
1621 &written))
1622 || !TEST_size_t_eq(written, strlen(MSG3)))
5f982038 1623 goto end;
5f982038 1624
09f28874 1625 /* Server should still be able read early data after writing data */
710756a9
RS		 1626 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1627 &readbytes),
1628 SSL_READ_EARLY_DATA_SUCCESS)
1629 || !TEST_mem_eq(buf, readbytes, MSG3, strlen(MSG3)))
5f982038 1630 goto end;
5f982038 1631
09f28874 1632 /* Write more data from server and read it from client */
710756a9
RS		 1633 if (!TEST_true(SSL_write_early_data(serverssl, MSG4, strlen(MSG4),
1634 &written))
1635 || !TEST_size_t_eq(written, strlen(MSG4))
1636 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1637 || !TEST_mem_eq(buf, readbytes, MSG4, strlen(MSG4)))
5f982038 1638 goto end;
5f982038
MC		 1639
1640 /*
1641 * If client writes normal data it should mean writing early data is no
1642 * longer possible.
1643 */
710756a9
RS		 1644 if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written))
1645 || !TEST_size_t_eq(written, strlen(MSG5))
1646 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1647 SSL_EARLY_DATA_ACCEPTED))
5f982038 1648 goto end;
5f982038 1649
9b5c865d
MC		 1650 /*
1651 * At this point the client has written EndOfEarlyData, ClientFinished and
1652 * normal (fully protected) data. We are going to cause a delay between the
1653 * arrival of EndOfEarlyData and ClientFinished. We read out all the data
1654 * in the read BIO, and then just put back the EndOfEarlyData message.
1655 */
1656 rbio = SSL_get_rbio(serverssl);
710756a9
RS		 1657 if (!TEST_true(BIO_read_ex(rbio, data, sizeof(data), &rawread))
1658 || !TEST_size_t_lt(rawread, sizeof(data))
1659 || !TEST_size_t_gt(rawread, SSL3_RT_HEADER_LENGTH))
9b5c865d 1660 goto end;
710756a9 1661
9b5c865d
MC		 1662 /* Record length is in the 4th and 5th bytes of the record header */
1663 eoedlen = SSL3_RT_HEADER_LENGTH + (data[3] << 8 | data[4]);
710756a9
RS		 1664 if (!TEST_true(BIO_write_ex(rbio, data, eoedlen, &rawwritten))
1665 || !TEST_size_t_eq(rawwritten, eoedlen))
9b5c865d 1666 goto end;
9b5c865d 1667
5f982038 1668 /* Server should be told that there is no more early data */
710756a9
RS		 1669 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1670 &readbytes),
1671 SSL_READ_EARLY_DATA_FINISH)
1672 || !TEST_size_t_eq(readbytes, 0))
5f982038 1673 goto end;
5f982038 1674
9b5c865d
MC		 1675 /*
1676 * Server has not finished init yet, so should still be able to write early
1677 * data.
1678 */
710756a9
RS		 1679 if (!TEST_true(SSL_write_early_data(serverssl, MSG6, strlen(MSG6),
1680 &written))
1681 || !TEST_size_t_eq(written, strlen(MSG6)))
9b5c865d 1682 goto end;
9b5c865d 1683
f8a303fa 1684 /* Push the ClientFinished and the normal data back into the server rbio */
710756a9
RS		 1685 if (!TEST_true(BIO_write_ex(rbio, data + eoedlen, rawread - eoedlen,
1686 &rawwritten))
1687 || !TEST_size_t_eq(rawwritten, rawread - eoedlen))
f8a303fa 1688 goto end;
f8a303fa 1689
5f982038 1690 /* Server should be able to read normal data */
710756a9
RS		 1691 if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1692 || !TEST_size_t_eq(readbytes, strlen(MSG5)))
5f982038 1693 goto end;
5f982038 1694
09f28874 1695 /* Client and server should not be able to write/read early data now */
710756a9
RS		 1696 if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6),
1697 &written)))
5f982038 1698 goto end;
5f982038 1699 ERR_clear_error();
710756a9
RS		 1700 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1701 &readbytes),
1702 SSL_READ_EARLY_DATA_ERROR))
5f982038 1703 goto end;
5f982038
MC		 1704 ERR_clear_error();
1705
9b5c865d 1706 /* Client should be able to read the data sent by the server */
710756a9
RS		 1707 if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1708 || !TEST_mem_eq(buf, readbytes, MSG6, strlen(MSG6)))
9b5c865d 1709 goto end;
710756a9 1710
f8a303fa
MC		 1711 /*
1712 * Make sure we process the NewSessionTicket. This arrives post-handshake.
1713 * We attempt a read which we do not expect to return any data.
1714 */
710756a9 1715 if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)))
f8a303fa 1716 goto end;
5f982038 1717
90049cea 1718 /* Server should be able to write normal data */
710756a9
RS		 1719 if (!TEST_true(SSL_write_ex(serverssl, MSG7, strlen(MSG7), &written))
1720 || !TEST_size_t_eq(written, strlen(MSG7))
1721 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1722 || !TEST_mem_eq(buf, readbytes, MSG7, strlen(MSG7)))
90049cea 1723 goto end;
90049cea 1724
02a3ed5a
MC		 1725 /* We keep the PSK session around if using PSK */
1726 if (idx != 2)
1727 SSL_SESSION_free(sess);
5f982038 1728 sess = SSL_get1_session(clientssl);
02a3ed5a
MC		 1729 use_session_cb_cnt = 0;
1730 find_session_cb_cnt = 0;
5f982038
MC		 1731
1732 SSL_shutdown(clientssl);
1733 SSL_shutdown(serverssl);
5f982038
MC		 1734 SSL_free(serverssl);
1735 SSL_free(clientssl);
1736 serverssl = clientssl = NULL;
710756a9
RS		 1737 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1738 &clientssl, NULL, NULL))
1739 || !TEST_true(SSL_set_session(clientssl, sess)))
5f982038 1740 goto end;
5f982038
MC		 1741
1742 /* Write and read some early data */
710756a9
RS		 1743 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1744 &written))
1745 || !TEST_size_t_eq(written, strlen(MSG1))
1746 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1747 &readbytes),
1748 SSL_READ_EARLY_DATA_SUCCESS)
1749 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)))
5f982038 1750 goto end;
5f982038 1751
710756a9
RS		 1752 if (!TEST_int_gt(SSL_connect(clientssl), 0)
1753 || !TEST_int_gt(SSL_accept(serverssl), 0))
5f982038 1754 goto end;
5f982038 1755
09f28874 1756 /* Client and server should not be able to write/read early data now */
710756a9
RS		 1757 if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6),
1758 &written)))
5f982038 1759 goto end;
5f982038 1760 ERR_clear_error();
710756a9
RS		 1761 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1762 &readbytes),
1763 SSL_READ_EARLY_DATA_ERROR))
5f982038 1764 goto end;
5f982038
MC		 1765 ERR_clear_error();
1766
1767 /* Client and server should be able to write/read normal data */
710756a9
RS		 1768 if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written))
1769 || !TEST_size_t_eq(written, strlen(MSG5))
1770 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1771 || !TEST_size_t_eq(readbytes, strlen(MSG5)))
5f982038 1772 goto end;
5f982038
MC		 1773
1774 testresult = 1;
1775
1776 end:
57dee9bb
MC		 1777 if (sess != clientpsk)
1778 SSL_SESSION_free(sess);
1779 SSL_SESSION_free(clientpsk);
1780 SSL_SESSION_free(serverpsk);
1781 clientpsk = serverpsk = NULL;
5f982038
MC		 1782 SSL_free(serverssl);
1783 SSL_free(clientssl);
1784 SSL_CTX_free(sctx);
1785 SSL_CTX_free(cctx);
5f982038
MC		 1786 return testresult;
1787}
1788
710756a9 1789/*
6b84e6bf
MC		 1790 * Helper function to test that a server attempting to read early data can
1791 * handle a connection from a client where the early data should be skipped.
710756a9 1792 */
6b84e6bf 1793static int early_data_skip_helper(int hrr, int idx)
5f982038
MC		 1794{
1795 SSL_CTX *cctx = NULL, *sctx = NULL;
1796 SSL *clientssl = NULL, *serverssl = NULL;
1797 int testresult = 0;
018fcbec 1798 SSL_SESSION *sess = NULL;
5f982038
MC		 1799 unsigned char buf[20];
1800 size_t readbytes, written;
1801
710756a9
RS		 1802 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
1803 &serverssl, &sess, idx)))
5f982038
MC		 1804 goto end;
1805
6b84e6bf
MC		 1806 if (hrr) {
1807 /* Force an HRR to occur */
1808 if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
1809 goto end;
02a3ed5a
MC		 1810 } else if (idx == 2) {
1811 /*
1812 * We force early_data rejection by ensuring the PSK identity is
1813 * unrecognised
1814 */
1815 srvid = "Dummy Identity";
6b84e6bf
MC		 1816 } else {
1817 /*
1818 * Deliberately corrupt the creation time. We take 20 seconds off the
1819 * time. It could be any value as long as it is not within tolerance.
1820 * This should mean the ticket is rejected.
1821 */
5d99881e 1822 if (!TEST_true(SSL_SESSION_set_time(sess, (long)(time(NULL) - 20))))
6b84e6bf
MC		 1823 goto end;
1824 }
5f982038
MC		 1825
1826 /* Write some early data */
710756a9
RS		 1827 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1828 &written))
1829 || !TEST_size_t_eq(written, strlen(MSG1)))
5f982038 1830 goto end;
5f982038
MC		 1831
1832 /* Server should reject the early data and skip over it */
710756a9
RS		 1833 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1834 &readbytes),
1835 SSL_READ_EARLY_DATA_FINISH)
1836 || !TEST_size_t_eq(readbytes, 0)
1837 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1838 SSL_EARLY_DATA_REJECTED))
5f982038 1839 goto end;
5f982038 1840
6b84e6bf
MC		 1841 if (hrr) {
1842 /*
1843 * Finish off the handshake. We perform the same writes and reads as
1844 * further down but we expect them to fail due to the incomplete
1845 * handshake.
1846 */
1847 if (!TEST_false(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
1848 || !TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf),
1849 &readbytes)))
1850 goto end;
1851 }
1852
710756a9
RS		 1853 /* Should be able to send normal data despite rejection of early data */
1854 if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
1855 || !TEST_size_t_eq(written, strlen(MSG2))
1856 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1857 SSL_EARLY_DATA_REJECTED)
1858 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1859 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 1860 goto end;
5f982038
MC		 1861
1862 testresult = 1;
1863
1864 end:
57dee9bb
MC		 1865 if (sess != clientpsk)
1866 SSL_SESSION_free(clientpsk);
1867 SSL_SESSION_free(serverpsk);
1868 clientpsk = serverpsk = NULL;
5f982038
MC		 1869 SSL_SESSION_free(sess);
1870 SSL_free(serverssl);
1871 SSL_free(clientssl);
1872 SSL_CTX_free(sctx);
1873 SSL_CTX_free(cctx);
5f982038
MC		 1874 return testresult;
1875}
1876
6b84e6bf
MC		 1877/*
1878 * Test that a server attempting to read early data can handle a connection
1879 * from a client where the early data is not acceptable.
1880 */
1881static int test_early_data_skip(int idx)
1882{
1883 return early_data_skip_helper(0, idx);
1884}
1885
1886/*
1887 * Test that a server attempting to read early data can handle a connection
1888 * from a client where an HRR occurs.
1889 */
1890static int test_early_data_skip_hrr(int idx)
1891{
1892 return early_data_skip_helper(1, idx);
1893}
1894
710756a9
RS		 1895/*
1896 * Test that a server attempting to read early data can handle a connection
1897 * from a client that doesn't send any.
1898 */
3cb47b4e 1899static int test_early_data_not_sent(int idx)
5f982038
MC		 1900{
1901 SSL_CTX *cctx = NULL, *sctx = NULL;
1902 SSL *clientssl = NULL, *serverssl = NULL;
1903 int testresult = 0;
018fcbec 1904 SSL_SESSION *sess = NULL;
5f982038
MC		 1905 unsigned char buf[20];
1906 size_t readbytes, written;
1907
710756a9
RS		 1908 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
1909 &serverssl, &sess, idx)))
5f982038
MC		 1910 goto end;
1911
1912 /* Write some data - should block due to handshake with server */
1913 SSL_set_connect_state(clientssl);
710756a9 1914 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)))
5f982038 1915 goto end;
5f982038
MC		 1916
1917 /* Server should detect that early data has not been sent */
710756a9
RS		 1918 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1919 &readbytes),
1920 SSL_READ_EARLY_DATA_FINISH)
1921 || !TEST_size_t_eq(readbytes, 0)
1922 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1923 SSL_EARLY_DATA_NOT_SENT)
1924 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1925 SSL_EARLY_DATA_NOT_SENT))
5f982038 1926 goto end;
5f982038
MC		 1927
1928 /* Continue writing the message we started earlier */
710756a9
RS		 1929 if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
1930 || !TEST_size_t_eq(written, strlen(MSG1))
1931 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1932 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
1933 || !SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written)
1934 || !TEST_size_t_eq(written, strlen(MSG2)))
5f982038 1935 goto end;
5f982038 1936
3cb47b4e
MC		 1937 /*
1938 * Should block due to the NewSessionTicket arrival unless we're using
1939 * read_ahead
1940 */
02a3ed5a 1941 if (idx != 1) {
710756a9 1942 if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)))
3cb47b4e 1943 goto end;
5f982038
MC		 1944 }
1945
710756a9
RS		 1946 if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1947 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 1948 goto end;
5f982038
MC		 1949
1950 testresult = 1;
1951
1952 end:
57dee9bb 1953 /* If using PSK then clientpsk and sess are the same */
5f982038 1954 SSL_SESSION_free(sess);
57dee9bb
MC		 1955 SSL_SESSION_free(serverpsk);
1956 clientpsk = serverpsk = NULL;
5f982038
MC		 1957 SSL_free(serverssl);
1958 SSL_free(clientssl);
1959 SSL_CTX_free(sctx);
1960 SSL_CTX_free(cctx);
5f982038
MC		 1961 return testresult;
1962}
1963
976e5323
MC		 1964static int hostname_cb(SSL *s, int *al, void *arg)
1965{
1966 const char *hostname = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
1967
281bf233 1968 if (hostname != NULL && strcmp(hostname, "goodhost") == 0)
976e5323
MC		 1969 return SSL_TLSEXT_ERR_OK;
1970
1971 return SSL_TLSEXT_ERR_NOACK;
1972}
1973
1974static const char *servalpn;
1975
c7558d5b
PY		 1976static int alpn_select_cb(SSL *ssl, const unsigned char **out,
1977 unsigned char *outlen, const unsigned char *in,
1978 unsigned int inlen, void *arg)
976e5323 1979{
c7558d5b 1980 unsigned int protlen = 0;
976e5323
MC		 1981 const unsigned char *prot;
1982
c7558d5b
PY		 1983 for (prot = in; prot < in + inlen; prot += protlen) {
1984 protlen = *prot++;
5d99881e 1985 if (in + inlen < prot + protlen)
976e5323
MC		 1986 return SSL_TLSEXT_ERR_NOACK;
1987
1988 if (protlen == strlen(servalpn)
0bd42fde 1989 && memcmp(prot, servalpn, protlen) == 0) {
976e5323
MC		 1990 *out = prot;
1991 *outlen = protlen;
1992 return SSL_TLSEXT_ERR_OK;
1993 }
1994 }
1995
1996 return SSL_TLSEXT_ERR_NOACK;
1997}
1998
57dee9bb 1999/* Test that a PSK can be used to send early_data */
976e5323
MC		 2000static int test_early_data_psk(int idx)
2001{
2002 SSL_CTX *cctx = NULL, *sctx = NULL;
2003 SSL *clientssl = NULL, *serverssl = NULL;
2004 int testresult = 0;
2005 SSL_SESSION *sess = NULL;
57dee9bb
MC		 2006 unsigned char alpnlist[] = {
2007 0x08, 'g', 'o', 'o', 'd', 'a', 'l', 'p', 'n', 0x07, 'b', 'a', 'd', 'a',
2008 'l', 'p', 'n'
2009 };
2010#define GOODALPNLEN 9
2011#define BADALPNLEN 8
2012#define GOODALPN (alpnlist)
2013#define BADALPN (alpnlist + GOODALPNLEN)
2014 int err = 0;
976e5323
MC		 2015 unsigned char buf[20];
2016 size_t readbytes, written;
57dee9bb 2017 int readearlyres = SSL_READ_EARLY_DATA_SUCCESS, connectres = 1;
976e5323
MC		 2018 int edstatus = SSL_EARLY_DATA_ACCEPTED;
2019
2020 /* We always set this up with a final parameter of "2" for PSK */
2021 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
2022 &serverssl, &sess, 2)))
2023 goto end;
2024
976e5323
MC		 2025 servalpn = "goodalpn";
2026
57dee9bb
MC		 2027 /*
2028 * Note: There is no test for inconsistent SNI with late client detection.
2029 * This is because servers do not acknowledge SNI even if they are using
2030 * it in a resumption handshake - so it is not actually possible for a
2031 * client to detect a problem.
2032 */
976e5323
MC		 2033 switch (idx) {
2034 case 0:
57dee9bb 2035 /* Set inconsistent SNI (early client detection) */
976e5323
MC		 2036 err = SSL_R_INCONSISTENT_EARLY_DATA_SNI;
2037 if (!TEST_true(SSL_SESSION_set1_hostname(sess, "goodhost"))
2038 || !TEST_true(SSL_set_tlsext_host_name(clientssl, "badhost")))
2039 goto end;
2040 break;
2041
2042 case 1:
57dee9bb 2043 /* Set inconsistent ALPN (early client detection) */
976e5323
MC		 2044 err = SSL_R_INCONSISTENT_EARLY_DATA_ALPN;
2045 /* SSL_set_alpn_protos returns 0 for success and 1 for failure */
57dee9bb
MC		 2046 if (!TEST_true(SSL_SESSION_set1_alpn_selected(sess, GOODALPN,
2047 GOODALPNLEN))
2048 || !TEST_false(SSL_set_alpn_protos(clientssl, BADALPN,
2049 BADALPNLEN)))
976e5323
MC		 2050 goto end;
2051 break;
2052
2053 case 2:
2054 /*
2055 * Set invalid protocol version. Technically this affects PSKs without
2056 * early_data too, but we test it here because it is similar to the
2057 * SNI/ALPN consistency tests.
2058 */
2059 err = SSL_R_BAD_PSK;
2060 if (!TEST_true(SSL_SESSION_set_protocol_version(sess, TLS1_2_VERSION)))
2061 goto end;
2062 break;
2063
2064 case 3:
2065 /*
2066 * Set inconsistent SNI (server detected). In this case the connection
2067 * will succeed but reject early_data.
2068 */
281bf233
MC		 2069 SSL_SESSION_free(serverpsk);
2070 serverpsk = SSL_SESSION_dup(clientpsk);
2071 if (!TEST_ptr(serverpsk)
2072 || !TEST_true(SSL_SESSION_set1_hostname(serverpsk, "badhost")))
2073 goto end;
976e5323
MC		 2074 edstatus = SSL_EARLY_DATA_REJECTED;
2075 readearlyres = SSL_READ_EARLY_DATA_FINISH;
2076 /* Fall through */
2077 case 4:
2078 /* Set consistent SNI */
976e5323
MC		 2079 if (!TEST_true(SSL_SESSION_set1_hostname(sess, "goodhost"))
2080 || !TEST_true(SSL_set_tlsext_host_name(clientssl, "goodhost"))
2081 || !TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx,
2082 hostname_cb)))
2083 goto end;
2084 break;
2085
2086 case 5:
2087 /*
2088 * Set inconsistent ALPN (server detected). In this case the connection
2089 * will succeed but reject early_data.
2090 */
2091 servalpn = "badalpn";
2092 edstatus = SSL_EARLY_DATA_REJECTED;
2093 readearlyres = SSL_READ_EARLY_DATA_FINISH;
2094 /* Fall through */
2095 case 6:
976e5323 2096 /*
57dee9bb 2097 * Set consistent ALPN.
976e5323
MC		 2098 * SSL_set_alpn_protos returns 0 for success and 1 for failure. It
2099 * accepts a list of protos (each one length prefixed).
2100 * SSL_set1_alpn_selected accepts a single protocol (not length
2101 * prefixed)
2102 */
57dee9bb
MC		 2103 if (!TEST_true(SSL_SESSION_set1_alpn_selected(sess, GOODALPN + 1,
2104 GOODALPNLEN - 1))
2105 || !TEST_false(SSL_set_alpn_protos(clientssl, GOODALPN,
2106 GOODALPNLEN)))
976e5323
MC		 2107 goto end;
2108
2109 SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb, NULL);
2110 break;
2111
57dee9bb
MC		 2112 case 7:
2113 /* Set inconsistent ALPN (late client detection) */
2114 SSL_SESSION_free(serverpsk);
2115 serverpsk = SSL_SESSION_dup(clientpsk);
2116 if (!TEST_ptr(serverpsk)
2117 || !TEST_true(SSL_SESSION_set1_alpn_selected(clientpsk,
2118 BADALPN + 1,
2119 BADALPNLEN - 1))
2120 || !TEST_true(SSL_SESSION_set1_alpn_selected(serverpsk,
2121 GOODALPN + 1,
2122 GOODALPNLEN - 1))
2123 || !TEST_false(SSL_set_alpn_protos(clientssl, alpnlist,
2124 sizeof(alpnlist))))
2125 goto end;
2126 SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb, NULL);
2127 edstatus = SSL_EARLY_DATA_ACCEPTED;
2128 readearlyres = SSL_READ_EARLY_DATA_SUCCESS;
2129 /* SSL_connect() call should fail */
2130 connectres = -1;
2131 break;
2132
976e5323
MC		 2133 default:
2134 TEST_error("Bad test index");
2135 goto end;
2136 }
2137
2138 SSL_set_connect_state(clientssl);
2139 if (err != 0) {
2140 if (!TEST_false(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
2141 &written))
2142 || !TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_SSL)
2143 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), err))
2144 goto end;
2145 } else {
2146 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
57dee9bb
MC		 2147 &written)))
2148 goto end;
2149
2150 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
2151 &readbytes), readearlyres)
976e5323
MC		 2152 || (readearlyres == SSL_READ_EARLY_DATA_SUCCESS
2153 && !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)))
57dee9bb
MC		 2154 || !TEST_int_eq(SSL_get_early_data_status(serverssl), edstatus)
2155 || !TEST_int_eq(SSL_connect(clientssl), connectres))
976e5323
MC		 2156 goto end;
2157 }
2158
2159 testresult = 1;
2160
2161 end:
57dee9bb
MC		 2162 SSL_SESSION_free(clientpsk);
2163 SSL_SESSION_free(serverpsk);
2164 clientpsk = serverpsk = NULL;
976e5323
MC		 2165 SSL_free(serverssl);
2166 SSL_free(clientssl);
2167 SSL_CTX_free(sctx);
2168 SSL_CTX_free(cctx);
2169 return testresult;
2170}
2171
710756a9
RS		 2172/*
2173 * Test that a server that doesn't try to read early data can handle a
2174 * client sending some.
2175 */
3cb47b4e 2176static int test_early_data_not_expected(int idx)
5f982038
MC		 2177{
2178 SSL_CTX *cctx = NULL, *sctx = NULL;
2179 SSL *clientssl = NULL, *serverssl = NULL;
2180 int testresult = 0;
018fcbec 2181 SSL_SESSION *sess = NULL;
5f982038
MC		 2182 unsigned char buf[20];
2183 size_t readbytes, written;
2184
710756a9
RS		 2185 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
2186 &serverssl, &sess, idx)))
5f982038
MC		 2187 goto end;
2188
2189 /* Write some early data */
710756a9
RS		 2190 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
2191 &written)))
5f982038 2192 goto end;
5f982038
MC		 2193
2194 /*
2195 * Server should skip over early data and then block waiting for client to
2196 * continue handshake
2197 */
710756a9
RS		 2198 if (!TEST_int_le(SSL_accept(serverssl), 0)
2199 || !TEST_int_gt(SSL_connect(clientssl), 0)
2200 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
2201 SSL_EARLY_DATA_REJECTED)
2202 || !TEST_int_gt(SSL_accept(serverssl), 0)
2203 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
2204 SSL_EARLY_DATA_REJECTED))
5f982038 2205 goto end;
5f982038
MC		 2206
2207 /* Send some normal data from client to server */
710756a9
RS		 2208 if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
2209 || !TEST_size_t_eq(written, strlen(MSG2)))
5f982038 2210 goto end;
5f982038 2211
710756a9
RS		 2212 if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
2213 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 2214 goto end;
5f982038
MC		 2215
2216 testresult = 1;
2217
2218 end:
57dee9bb 2219 /* If using PSK then clientpsk and sess are the same */
5f982038 2220 SSL_SESSION_free(sess);
57dee9bb
MC		 2221 SSL_SESSION_free(serverpsk);
2222 clientpsk = serverpsk = NULL;
5f982038
MC		 2223 SSL_free(serverssl);
2224 SSL_free(clientssl);
2225 SSL_CTX_free(sctx);
2226 SSL_CTX_free(cctx);
5f982038
MC		 2227 return testresult;
2228}
2229
2230
2231# ifndef OPENSSL_NO_TLS1_2
710756a9
RS		 2232/*
2233 * Test that a server attempting to read early data can handle a connection
2234 * from a TLSv1.2 client.
2235 */
3cb47b4e 2236static int test_early_data_tls1_2(int idx)
5f982038
MC		 2237{
2238 SSL_CTX *cctx = NULL, *sctx = NULL;
2239 SSL *clientssl = NULL, *serverssl = NULL;
2240 int testresult = 0;
2241 unsigned char buf[20];
2242 size_t readbytes, written;
2243
02a3ed5a
MC		 2244 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
2245 &serverssl, NULL, idx)))
5f982038 2246 goto end;
5f982038
MC		 2247
2248 /* Write some data - should block due to handshake with server */
2249 SSL_set_max_proto_version(clientssl, TLS1_2_VERSION);
2250 SSL_set_connect_state(clientssl);
710756a9 2251 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)))
5f982038 2252 goto end;
5f982038
MC		 2253
2254 /*
2255 * Server should do TLSv1.2 handshake. First it will block waiting for more
f533fbd4
MC		 2256 * messages from client after ServerDone. Then SSL_read_early_data should
2257 * finish and detect that early data has not been sent
5f982038 2258 */
710756a9
RS		 2259 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
2260 &readbytes),
2261 SSL_READ_EARLY_DATA_ERROR))
5f982038 2262 goto end;
5f982038
MC		 2263
2264 /*
2265 * Continue writing the message we started earlier. Will still block waiting
2266 * for the CCS/Finished from server
2267 */
710756a9
RS		 2268 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
2269 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
2270 &readbytes),
2271 SSL_READ_EARLY_DATA_FINISH)
2272 || !TEST_size_t_eq(readbytes, 0)
2273 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
2274 SSL_EARLY_DATA_NOT_SENT))
5f982038 2275 goto end;
5f982038
MC		 2276
2277 /* Continue writing the message we started earlier */
710756a9
RS		 2278 if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
2279 || !TEST_size_t_eq(written, strlen(MSG1))
2280 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
2281 SSL_EARLY_DATA_NOT_SENT)
2282 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
2283 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
2284 || !TEST_true(SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written))
2285 || !TEST_size_t_eq(written, strlen(MSG2))
2286 || !SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)
2287 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 2288 goto end;
5f982038
MC		 2289
2290 testresult = 1;
2291
2292 end:
57dee9bb
MC		 2293 /* If using PSK then clientpsk and sess are the same */
2294 SSL_SESSION_free(clientpsk);
2295 SSL_SESSION_free(serverpsk);
2296 clientpsk = serverpsk = NULL;
5f982038
MC		 2297 SSL_free(serverssl);
2298 SSL_free(clientssl);
2299 SSL_CTX_free(sctx);
2300 SSL_CTX_free(cctx);
2301
2302 return testresult;
2303}
ca0413ae
MC		 2304# endif /* OPENSSL_NO_TLS1_2 */
2305
2306static int test_ciphersuite_change(void)
2307{
2308 SSL_CTX *cctx = NULL, *sctx = NULL;
2309 SSL *clientssl = NULL, *serverssl = NULL;
2310 SSL_SESSION *clntsess = NULL;
2311 int testresult = 0;
2312 const SSL_CIPHER *aes_128_gcm_sha256 = NULL;
2313
2314 /* Create a session based on SHA-256 */
2315 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
2316 TLS_client_method(), &sctx,
2317 &cctx, cert, privkey))
2318 || !TEST_true(SSL_CTX_set_cipher_list(cctx,
2319 "TLS13-AES-128-GCM-SHA256"))
2320 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
2321 &clientssl, NULL, NULL))
2322 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2323 SSL_ERROR_NONE)))
2324 goto end;
2325
2326 clntsess = SSL_get1_session(clientssl);
2327 /* Save for later */
2328 aes_128_gcm_sha256 = SSL_SESSION_get0_cipher(clntsess);
2329 SSL_shutdown(clientssl);
2330 SSL_shutdown(serverssl);
2331 SSL_free(serverssl);
2332 SSL_free(clientssl);
2333 serverssl = clientssl = NULL;
2334
2335 /* Check we can resume a session with a different SHA-256 ciphersuite */
2336 if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
2337 "TLS13-CHACHA20-POLY1305-SHA256"))
2338 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2339 NULL, NULL))
2340 || !TEST_true(SSL_set_session(clientssl, clntsess))
2341 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2342 SSL_ERROR_NONE))
2343 || !TEST_true(SSL_session_reused(clientssl)))
2344 goto end;
2345
2346 SSL_SESSION_free(clntsess);
2347 clntsess = SSL_get1_session(clientssl);
2348 SSL_shutdown(clientssl);
2349 SSL_shutdown(serverssl);
2350 SSL_free(serverssl);
2351 SSL_free(clientssl);
2352 serverssl = clientssl = NULL;
2353
2354 /*
2355 * Check attempting to resume a SHA-256 session with no SHA-256 ciphersuites
0de6d66d 2356 * succeeds but does not resume.
ca0413ae
MC		 2357 */
2358 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "TLS13-AES-256-GCM-SHA384"))
2359 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2360 NULL, NULL))
2361 || !TEST_true(SSL_set_session(clientssl, clntsess))
0de6d66d 2362 || !TEST_true(create_ssl_connection(serverssl, clientssl,
ca0413ae 2363 SSL_ERROR_SSL))
0de6d66d 2364 || !TEST_false(SSL_session_reused(clientssl)))
ca0413ae
MC		 2365 goto end;
2366
2367 SSL_SESSION_free(clntsess);
2368 clntsess = NULL;
2369 SSL_shutdown(clientssl);
2370 SSL_shutdown(serverssl);
2371 SSL_free(serverssl);
2372 SSL_free(clientssl);
2373 serverssl = clientssl = NULL;
2374
2375 /* Create a session based on SHA384 */
2376 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "TLS13-AES-256-GCM-SHA384"))
2377 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
2378 &clientssl, NULL, NULL))
2379 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2380 SSL_ERROR_NONE)))
2381 goto end;
2382
2383 clntsess = SSL_get1_session(clientssl);
2384 SSL_shutdown(clientssl);
2385 SSL_shutdown(serverssl);
2386 SSL_free(serverssl);
2387 SSL_free(clientssl);
2388 serverssl = clientssl = NULL;
2389
2390 if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
2391 "TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384"))
0de6d66d
MC		 2392 || !TEST_true(SSL_CTX_set_cipher_list(sctx,
2393 "TLS13-AES-256-GCM-SHA384"))
ca0413ae
MC		 2394 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2395 NULL, NULL))
2396 || !TEST_true(SSL_set_session(clientssl, clntsess))
3b0e88d3
MC		 2397 /*
2398 * We use SSL_ERROR_WANT_READ below so that we can pause the
2399 * connection after the initial ClientHello has been sent to
2400 * enable us to make some session changes.
2401 */
ca0413ae
MC		 2402 || !TEST_false(create_ssl_connection(serverssl, clientssl,
2403 SSL_ERROR_WANT_READ)))
2404 goto end;
2405
2406 /* Trick the client into thinking this session is for a different digest */
2407 clntsess->cipher = aes_128_gcm_sha256;
2408 clntsess->cipher_id = clntsess->cipher->id;
2409
2410 /*
3b0e88d3
MC		 2411 * Continue the previously started connection. Server has selected a SHA-384
2412 * ciphersuite, but client thinks the session is for SHA-256, so it should
2413 * bail out.
ca0413ae
MC		 2414 */
2415 if (!TEST_false(create_ssl_connection(serverssl, clientssl,
2416 SSL_ERROR_SSL))
2417 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()),
2418 SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED))
2419 goto end;
2420
2421 testresult = 1;
2422
2423 end:
2424 SSL_SESSION_free(clntsess);
2425 SSL_free(serverssl);
2426 SSL_free(clientssl);
2427 SSL_CTX_free(sctx);
2428 SSL_CTX_free(cctx);
2429
2430 return testresult;
2431}
2432
ca8c71ba
MC		 2433static int test_tls13_psk(void)
2434{
2435 SSL_CTX *sctx = NULL, *cctx = NULL;
2436 SSL *serverssl = NULL, *clientssl = NULL;
2437 const SSL_CIPHER *cipher = NULL;
2438 const unsigned char key[] = {
2439 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2440 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
de2f409e
MC		 2441 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
2442 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f
ca8c71ba
MC		 2443 };
2444 int testresult = 0;
2445
2446 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
2447 TLS_client_method(), &sctx,
2448 &cctx, cert, privkey)))
2449 goto end;
2450
2451 SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb);
2452 SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb);
2453 srvid = pskid;
02a3ed5a
MC		 2454 use_session_cb_cnt = 0;
2455 find_session_cb_cnt = 0;
ca8c71ba
MC		 2456
2457 /* Check we can create a connection if callback decides not to send a PSK */
2458 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2459 NULL, NULL))
2460 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2461 SSL_ERROR_NONE))
2462 || !TEST_false(SSL_session_reused(clientssl))
2463 || !TEST_false(SSL_session_reused(serverssl))
2464 || !TEST_true(use_session_cb_cnt == 1)
2465 || !TEST_true(find_session_cb_cnt == 0))
2466 goto end;
2467
2468 shutdown_ssl_connection(serverssl, clientssl);
2469 serverssl = clientssl = NULL;
2470 use_session_cb_cnt = 0;
2471
2472 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2473 NULL, NULL)))
2474 goto end;
2475
2476 /* Create the PSK */
2477 cipher = SSL_CIPHER_find(clientssl, TLS13_AES_256_GCM_SHA384_BYTES);
57dee9bb
MC		 2478 clientpsk = SSL_SESSION_new();
2479 if (!TEST_ptr(clientpsk)
ca8c71ba 2480 || !TEST_ptr(cipher)
57dee9bb
MC		 2481 || !TEST_true(SSL_SESSION_set1_master_key(clientpsk, key,
2482 sizeof(key)))
2483 || !TEST_true(SSL_SESSION_set_cipher(clientpsk, cipher))
2484 || !TEST_true(SSL_SESSION_set_protocol_version(clientpsk,
2485 TLS1_3_VERSION))
2486 || !TEST_true(SSL_SESSION_up_ref(clientpsk)))
ca8c71ba 2487 goto end;
57dee9bb 2488 serverpsk = clientpsk;
ca8c71ba
MC		 2489
2490 /* Check we can create a connection and the PSK is used */
2491 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
2492 || !TEST_true(SSL_session_reused(clientssl))
2493 || !TEST_true(SSL_session_reused(serverssl))
2494 || !TEST_true(use_session_cb_cnt == 1)
2495 || !TEST_true(find_session_cb_cnt == 1))
2496 goto end;
2497
2498 shutdown_ssl_connection(serverssl, clientssl);
2499 serverssl = clientssl = NULL;
2500 use_session_cb_cnt = find_session_cb_cnt = 0;
2501
2502 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2503 NULL, NULL)))
2504 goto end;
2505
2506 /* Force an HRR */
2507 if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
2508 goto end;
2509
2510 /*
2511 * Check we can create a connection, the PSK is used and the callbacks are
2512 * called twice.
2513 */
2514 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
2515 || !TEST_true(SSL_session_reused(clientssl))
2516 || !TEST_true(SSL_session_reused(serverssl))
2517 || !TEST_true(use_session_cb_cnt == 2)
2518 || !TEST_true(find_session_cb_cnt == 2))
2519 goto end;
2520
2521 shutdown_ssl_connection(serverssl, clientssl);
2522 serverssl = clientssl = NULL;
2523 use_session_cb_cnt = find_session_cb_cnt = 0;
2524
2525 /*
2526 * Check that if the server rejects the PSK we can still connect, but with
2527 * a full handshake
2528 */
2529 srvid = "Dummy Identity";
2530 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2531 NULL, NULL))
2532 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2533 SSL_ERROR_NONE))
2534 || !TEST_false(SSL_session_reused(clientssl))
2535 || !TEST_false(SSL_session_reused(serverssl))
2536 || !TEST_true(use_session_cb_cnt == 1)
2537 || !TEST_true(find_session_cb_cnt == 1))
2538 goto end;
2539
2540 shutdown_ssl_connection(serverssl, clientssl);
2541 serverssl = clientssl = NULL;
2542 testresult = 1;
2543
2544 end:
57dee9bb
MC		 2545 SSL_SESSION_free(clientpsk);
2546 SSL_SESSION_free(serverpsk);
2547 clientpsk = serverpsk = NULL;
ca8c71ba
MC		 2548 SSL_free(serverssl);
2549 SSL_free(clientssl);
2550 SSL_CTX_free(sctx);
2551 SSL_CTX_free(cctx);
2552 return testresult;
2553}
2554
ca0413ae 2555#endif /* OPENSSL_NO_TLS1_3 */
5f982038 2556
a37008d9
MC		 2557static int clntaddoldcb = 0;
2558static int clntparseoldcb = 0;
2559static int srvaddoldcb = 0;
2560static int srvparseoldcb = 0;
2561static int clntaddnewcb = 0;
2562static int clntparsenewcb = 0;
2563static int srvaddnewcb = 0;
2564static int srvparsenewcb = 0;
bb01ef3f 2565static int snicb = 0;
a37008d9
MC		 2566
2567#define TEST_EXT_TYPE1 0xff00
2568
2569static int old_add_cb(SSL *s, unsigned int ext_type, const unsigned char **out,
2570 size_t *outlen, int *al, void *add_arg)
2571{
2572 int *server = (int *)add_arg;
2573 unsigned char *data;
2574
2575 if (SSL_is_server(s))
2576 srvaddoldcb++;
2577 else
2578 clntaddoldcb++;
2579
710756a9
RS		 2580 if (*server != SSL_is_server(s)
2581 || (data = OPENSSL_malloc(sizeof(*data))) == NULL)
a37008d9
MC		 2582 return -1;
2583
2584 *data = 1;
2585 *out = data;
2586 *outlen = sizeof(char);
a37008d9
MC		 2587 return 1;
2588}
2589
2590static void old_free_cb(SSL *s, unsigned int ext_type, const unsigned char *out,
2591 void *add_arg)
2592{
2593 OPENSSL_free((unsigned char *)out);
2594}
2595
2596static int old_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in,
2597 size_t inlen, int *al, void *parse_arg)
2598{
2599 int *server = (int *)parse_arg;
2600
2601 if (SSL_is_server(s))
2602 srvparseoldcb++;
2603 else
2604 clntparseoldcb++;
2605
710756a9
RS		 2606 if (*server != SSL_is_server(s)
2607 || inlen != sizeof(char)
2608 || *in != 1)
a37008d9
MC		 2609 return -1;
2610
2611 return 1;
2612}
2613
2614static int new_add_cb(SSL *s, unsigned int ext_type, unsigned int context,
2615 const unsigned char **out, size_t *outlen, X509 *x,
2616 size_t chainidx, int *al, void *add_arg)
2617{
2618 int *server = (int *)add_arg;
2619 unsigned char *data;
2620
2621 if (SSL_is_server(s))
2622 srvaddnewcb++;
2623 else
2624 clntaddnewcb++;
2625
710756a9
RS		 2626 if (*server != SSL_is_server(s)
2627 || (data = OPENSSL_malloc(sizeof(*data))) == NULL)
a37008d9
MC		 2628 return -1;
2629
2630 *data = 1;
2631 *out = data;
710756a9 2632 *outlen = sizeof(*data);
a37008d9
MC		 2633 return 1;
2634}
2635
2636static void new_free_cb(SSL *s, unsigned int ext_type, unsigned int context,
2637 const unsigned char *out, void *add_arg)
2638{
2639 OPENSSL_free((unsigned char *)out);
2640}
2641
2642static int new_parse_cb(SSL *s, unsigned int ext_type, unsigned int context,
2643 const unsigned char *in, size_t inlen, X509 *x,
2644 size_t chainidx, int *al, void *parse_arg)
2645{
2646 int *server = (int *)parse_arg;
2647
2648 if (SSL_is_server(s))
2649 srvparsenewcb++;
2650 else
2651 clntparsenewcb++;
2652
710756a9
RS		 2653 if (*server != SSL_is_server(s)
2654 || inlen != sizeof(char) || *in != 1)
a37008d9
MC		 2655 return -1;
2656
2657 return 1;
2658}
bb01ef3f
MC		 2659
2660static int sni_cb(SSL *s, int *al, void *arg)
2661{
2662 SSL_CTX *ctx = (SSL_CTX *)arg;
2663
2664 if (SSL_set_SSL_CTX(s, ctx) == NULL) {
2665 *al = SSL_AD_INTERNAL_ERROR;
2666 return SSL_TLSEXT_ERR_ALERT_FATAL;
2667 }
2668 snicb++;
2669 return SSL_TLSEXT_ERR_OK;
2670}
2671
a37008d9
MC		 2672/*
2673 * Custom call back tests.
2674 * Test 0: Old style callbacks in TLSv1.2
2675 * Test 1: New style callbacks in TLSv1.2
bb01ef3f
MC		 2676 * Test 2: New style callbacks in TLSv1.2 with SNI
2677 * Test 3: New style callbacks in TLSv1.3. Extensions in CH and EE
2678 * Test 4: New style callbacks in TLSv1.3. Extensions in CH, SH, EE, Cert + NST
a37008d9 2679 */
710756a9
RS		 2680static int test_custom_exts(int tst)
2681{
bb01ef3f 2682 SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
a37008d9
MC		 2683 SSL *clientssl = NULL, *serverssl = NULL;
2684 int testresult = 0;
2685 static int server = 1;
2686 static int client = 0;
2687 SSL_SESSION *sess = NULL;
2688 unsigned int context;
2689
2690 /* Reset callback counters */
2691 clntaddoldcb = clntparseoldcb = srvaddoldcb = srvparseoldcb = 0;
2692 clntaddnewcb = clntparsenewcb = srvaddnewcb = srvparsenewcb = 0;
bb01ef3f 2693 snicb = 0;
a37008d9 2694
710756a9
RS		 2695 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
2696 TLS_client_method(), &sctx,
2697 &cctx, cert, privkey)))
2698 goto end;
a37008d9 2699
bb01ef3f
MC		 2700 if (tst == 2
2701 && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL, &sctx2,
2702 NULL, cert, privkey)))
2703 goto end;
2704
2705
2706 if (tst < 3) {
a37008d9
MC		 2707 SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
2708 SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
bb01ef3f
MC		 2709 if (sctx2 != NULL)
2710 SSL_CTX_set_options(sctx2, SSL_OP_NO_TLSv1_3);
a37008d9
MC		 2711 }
2712
bb01ef3f 2713 if (tst == 4) {
710756a9
RS		 2714 context = SSL_EXT_CLIENT_HELLO
2715 | SSL_EXT_TLS1_2_SERVER_HELLO
a37008d9
MC		 2716 | SSL_EXT_TLS1_3_SERVER_HELLO
2717 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
2718 | SSL_EXT_TLS1_3_CERTIFICATE
2719 | SSL_EXT_TLS1_3_NEW_SESSION_TICKET;
2720 } else {
710756a9
RS		 2721 context = SSL_EXT_CLIENT_HELLO
2722 | SSL_EXT_TLS1_2_SERVER_HELLO
a37008d9
MC		 2723 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS;
2724 }
2725
2726 /* Create a client side custom extension */
2727 if (tst == 0) {
710756a9
RS		 2728 if (!TEST_true(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1,
2729 old_add_cb, old_free_cb,
2730 &client, old_parse_cb,
2731 &client)))
2732 goto end;
a37008d9 2733 } else {
710756a9
RS		 2734 if (!TEST_true(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1, context,
2735 new_add_cb, new_free_cb,
2736 &client, new_parse_cb, &client)))
2737 goto end;
a37008d9
MC		 2738 }
2739
2740 /* Should not be able to add duplicates */
710756a9
RS		 2741 if (!TEST_false(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1,
2742 old_add_cb, old_free_cb,
2743 &client, old_parse_cb,
2744 &client))
2745 || !TEST_false(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1,
2746 context, new_add_cb,
2747 new_free_cb, &client,
2748 new_parse_cb, &client)))
2749 goto end;
a37008d9
MC		 2750
2751 /* Create a server side custom extension */
2752 if (tst == 0) {
710756a9
RS		 2753 if (!TEST_true(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1,
2754 old_add_cb, old_free_cb,
2755 &server, old_parse_cb,
2756 &server)))
2757 goto end;
a37008d9 2758 } else {
710756a9
RS		 2759 if (!TEST_true(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1, context,
2760 new_add_cb, new_free_cb,
2761 &server, new_parse_cb, &server)))
2762 goto end;
bb01ef3f
MC		 2763 if (sctx2 != NULL
2764 && !TEST_true(SSL_CTX_add_custom_ext(sctx2, TEST_EXT_TYPE1,
2765 context, new_add_cb,
2766 new_free_cb, &server,
2767 new_parse_cb, &server)))
2768 goto end;
a37008d9
MC		 2769 }
2770
2771 /* Should not be able to add duplicates */
710756a9
RS		 2772 if (!TEST_false(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1,
2773 old_add_cb, old_free_cb,
2774 &server, old_parse_cb,
2775 &server))
2776 || !TEST_false(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1,
2777 context, new_add_cb,
2778 new_free_cb, &server,
2779 new_parse_cb, &server)))
a37008d9 2780 goto end;
a37008d9 2781
bb01ef3f
MC		 2782 if (tst == 2) {
2783 /* Set up SNI */
2784 if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb))
2785 || !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2)))
2786 goto end;
2787 }
2788
710756a9
RS		 2789 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
2790 &clientssl, NULL, NULL))
2791 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2792 SSL_ERROR_NONE)))
a37008d9 2793 goto end;
a37008d9
MC		 2794
2795 if (tst == 0) {
710756a9
RS		 2796 if (clntaddoldcb != 1
2797 || clntparseoldcb != 1
2798 || srvaddoldcb != 1
2799 || srvparseoldcb != 1)
a37008d9 2800 goto end;
bb01ef3f 2801 } else if (tst == 1 || tst == 2 || tst == 3) {
710756a9
RS		 2802 if (clntaddnewcb != 1
2803 || clntparsenewcb != 1
2804 || srvaddnewcb != 1
bb01ef3f
MC		 2805 || srvparsenewcb != 1
2806 || (tst != 2 && snicb != 0)
2807 || (tst == 2 && snicb != 1))
a37008d9 2808 goto end;
a37008d9 2809 } else {
710756a9
RS		 2810 if (clntaddnewcb != 1
2811 || clntparsenewcb != 4
2812 || srvaddnewcb != 4
2813 || srvparsenewcb != 1)
a37008d9 2814 goto end;
a37008d9
MC		 2815 }
2816
2817 sess = SSL_get1_session(clientssl);
a37008d9
MC		 2818 SSL_shutdown(clientssl);
2819 SSL_shutdown(serverssl);
a37008d9
MC		 2820 SSL_free(serverssl);
2821 SSL_free(clientssl);
2822 serverssl = clientssl = NULL;
2823
bb01ef3f
MC		 2824 if (tst == 3) {
2825 /* We don't bother with the resumption aspects for this test */
2826 testresult = 1;
2827 goto end;
2828 }
2829
710756a9
RS		 2830 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2831 NULL, NULL))
2832 || !TEST_true(SSL_set_session(clientssl, sess))
2833 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2834 SSL_ERROR_NONE)))
a37008d9 2835 goto end;
a37008d9
MC		 2836
2837 /*
2838 * For a resumed session we expect to add the ClientHello extension. For the
2839 * old style callbacks we ignore it on the server side because they set
2840 * SSL_EXT_IGNORE_ON_RESUMPTION. The new style callbacks do not ignore
2841 * them.
2842 */
2843 if (tst == 0) {
710756a9
RS		 2844 if (clntaddoldcb != 2
2845 || clntparseoldcb != 1
2846 || srvaddoldcb != 1
2847 || srvparseoldcb != 1)
a37008d9 2848 goto end;
bb01ef3f 2849 } else if (tst == 1 || tst == 2 || tst == 3) {
710756a9
RS		 2850 if (clntaddnewcb != 2
2851 || clntparsenewcb != 2
2852 || srvaddnewcb != 2
2853 || srvparsenewcb != 2)
a37008d9 2854 goto end;
a37008d9
MC		 2855 } else {
2856 /* No Certificate message extensions in the resumption handshake */
710756a9
RS		 2857 if (clntaddnewcb != 2
2858 || clntparsenewcb != 7
2859 || srvaddnewcb != 7
2860 || srvparsenewcb != 2)
a37008d9 2861 goto end;
a37008d9
MC		 2862 }
2863
2864 testresult = 1;
2865
2866end:
2867 SSL_SESSION_free(sess);
2868 SSL_free(serverssl);
2869 SSL_free(clientssl);
bb01ef3f 2870 SSL_CTX_free(sctx2);
a37008d9
MC		 2871 SSL_CTX_free(sctx);
2872 SSL_CTX_free(cctx);
a37008d9
MC		 2873 return testresult;
2874}
2875
16afd71c
MC		 2876/*
2877 * Test loading of serverinfo data in various formats. test_sslmessages actually
2878 * tests to make sure the extensions appear in the handshake
2879 */
2880static int test_serverinfo(int tst)
2881{
2882 unsigned int version;
2883 unsigned char *sibuf;
2884 size_t sibuflen;
2885 int ret, expected, testresult = 0;
2886 SSL_CTX *ctx;
2887
2888 ctx = SSL_CTX_new(TLS_method());
2889 if (!TEST_ptr(ctx))
2890 goto end;
2891
2892 if ((tst & 0x01) == 0x01)
2893 version = SSL_SERVERINFOV2;
2894 else
2895 version = SSL_SERVERINFOV1;
2896
2897 if ((tst & 0x02) == 0x02) {
2898 sibuf = serverinfov2;
2899 sibuflen = sizeof(serverinfov2);
2900 expected = (version == SSL_SERVERINFOV2);
2901 } else {
2902 sibuf = serverinfov1;
2903 sibuflen = sizeof(serverinfov1);
2904 expected = (version == SSL_SERVERINFOV1);
2905 }
2906
2907 if ((tst & 0x04) == 0x04) {
2908 ret = SSL_CTX_use_serverinfo_ex(ctx, version, sibuf, sibuflen);
2909 } else {
2910 ret = SSL_CTX_use_serverinfo(ctx, sibuf, sibuflen);
2911
2912 /*
2913 * The version variable is irrelevant in this case - it's what is in the
2914 * buffer that matters
2915 */
2916 if ((tst & 0x02) == 0x02)
2917 expected = 0;
2918 else
2919 expected = 1;
2920 }
2921
2922 if (!TEST_true(ret == expected))
2923 goto end;
2924
2925 testresult = 1;
2926
2927 end:
2928 SSL_CTX_free(ctx);
2929
2930 return testresult;
2931}
2932
2197d1df
MC		 2933/*
2934 * Test that SSL_export_keying_material() produces expected results. There are
2935 * no test vectors so all we do is test that both sides of the communication
2936 * produce the same results for different protocol versions.
2937 */
2938static int test_export_key_mat(int tst)
2939{
a599574b 2940 int testresult = 0;
2197d1df
MC		 2941 SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
2942 SSL *clientssl = NULL, *serverssl = NULL;
2943 const char label[] = "test label";
2944 const unsigned char context[] = "context";
2945 const unsigned char *emptycontext = NULL;
2946 unsigned char ckeymat1[80], ckeymat2[80], ckeymat3[80];
2947 unsigned char skeymat1[80], skeymat2[80], skeymat3[80];
a599574b
MC		 2948 const int protocols[] = {
2949 TLS1_VERSION,
2950 TLS1_1_VERSION,
2951 TLS1_2_VERSION,
2952 TLS1_3_VERSION
2953 };
2197d1df
MC		 2954
2955#ifdef OPENSSL_NO_TLS1
2956 if (tst == 0)
2957 return 1;
2958#endif
2959#ifdef OPENSSL_NO_TLS1_1
2960 if (tst == 1)
2961 return 1;
2962#endif
2963#ifdef OPENSSL_NO_TLS1_2
2964 if (tst == 2)
2965 return 1;
2966#endif
2967#ifdef OPENSSL_NO_TLS1_3
2968 if (tst == 3)
2969 return 1;
2970#endif
2971 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
2972 TLS_client_method(), &sctx,
2973 &cctx, cert, privkey)))
2974 goto end;
2975
a599574b
MC		 2976 OPENSSL_assert(tst >= 0 && (size_t)tst < OSSL_NELEM(protocols));
2977 SSL_CTX_set_max_proto_version(cctx, protocols[tst]);
2978 SSL_CTX_set_min_proto_version(cctx, protocols[tst]);
2197d1df
MC		 2979
2980 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
2981 NULL))
2982 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2983 SSL_ERROR_NONE)))
2984 goto end;
2985
2986 if (!TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat1,
2987 sizeof(ckeymat1), label,
2988 sizeof(label) - 1, context,
2989 sizeof(context) - 1, 1), 1)
2990 || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat2,
2991 sizeof(ckeymat2), label,
2992 sizeof(label) - 1,
2993 emptycontext,
2994 0, 1), 1)
2995 || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat3,
2996 sizeof(ckeymat3), label,
2997 sizeof(label) - 1,
2998 NULL, 0, 0), 1)
2999 || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat1,
3000 sizeof(skeymat1), label,
3001 sizeof(label) - 1,
3002 context,
3003 sizeof(context) -1, 1),
3004 1)
3005 || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat2,
3006 sizeof(skeymat2), label,
3007 sizeof(label) - 1,
3008 emptycontext,
3009 0, 1), 1)
3010 || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat3,
3011 sizeof(skeymat3), label,
3012 sizeof(label) - 1,
3013 NULL, 0, 0), 1)
3014 /*
3015 * Check that both sides created the same key material with the
3016 * same context.
3017 */
3018 || !TEST_mem_eq(ckeymat1, sizeof(ckeymat1), skeymat1,
3019 sizeof(skeymat1))
3020 /*
3021 * Check that both sides created the same key material with an
3022 * empty context.
3023 */
3024 || !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), skeymat2,
3025 sizeof(skeymat2))
3026 /*
3027 * Check that both sides created the same key material without a
3028 * context.
3029 */
3030 || !TEST_mem_eq(ckeymat3, sizeof(ckeymat3), skeymat3,
3031 sizeof(skeymat3))
3032 /* Different contexts should produce different results */
3033 || !TEST_mem_ne(ckeymat1, sizeof(ckeymat1), ckeymat2,
3034 sizeof(ckeymat2)))
3035 goto end;
3036
3037 /*
3038 * Check that an empty context and no context produce different results in
3039 * protocols less than TLSv1.3. In TLSv1.3 they should be the same.
3040 */
3041 if ((tst != 3 && !TEST_mem_ne(ckeymat2, sizeof(ckeymat2), ckeymat3,
3042 sizeof(ckeymat3)))
3043 || (tst ==3 && !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), ckeymat3,
3044 sizeof(ckeymat3))))
3045 goto end;
3046
3047 testresult = 1;
3048
3049 end:
3050 SSL_free(serverssl);
3051 SSL_free(clientssl);
3052 SSL_CTX_free(sctx2);
3053 SSL_CTX_free(sctx);
3054 SSL_CTX_free(cctx);
3055
3056 return testresult;
3057}
3058
e11b6aa4
MC		 3059static int test_ssl_clear(int idx)
3060{
3061 SSL_CTX *cctx = NULL, *sctx = NULL;
3062 SSL *clientssl = NULL, *serverssl = NULL;
3063 int testresult = 0;
3064
3065#ifdef OPENSSL_NO_TLS1_2
3066 if (idx == 1)
3067 return 1;
3068#endif
3069
3070 /* Create an initial connection */
3071 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
3072 TLS_client_method(), &sctx,
3073 &cctx, cert, privkey))
3074 || (idx == 1
3075 && !TEST_true(SSL_CTX_set_max_proto_version(cctx,
3076 TLS1_2_VERSION)))
3077 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
3078 &clientssl, NULL, NULL))
3079 || !TEST_true(create_ssl_connection(serverssl, clientssl,
3080 SSL_ERROR_NONE)))
3081 goto end;
3082
3083 SSL_shutdown(clientssl);
3084 SSL_shutdown(serverssl);
3085 SSL_free(serverssl);
3086 serverssl = NULL;
3087
3088 /* Clear clientssl - we're going to reuse the object */
3089 if (!TEST_true(SSL_clear(clientssl)))
3090 goto end;
3091
3092 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
3093 NULL, NULL))
3094 || !TEST_true(create_ssl_connection(serverssl, clientssl,
3095 SSL_ERROR_NONE))
3096 || !TEST_true(SSL_session_reused(clientssl)))
3097 goto end;
3098
3099 SSL_shutdown(clientssl);
3100 SSL_shutdown(serverssl);
3101
3102 testresult = 1;
3103
3104 end:
3105 SSL_free(serverssl);
3106 SSL_free(clientssl);
3107 SSL_CTX_free(sctx);
3108 SSL_CTX_free(cctx);
3109
3110 return testresult;
3111}
3112
cf72c757
F		 3113/* Parse CH and retrieve any MFL extension value if present */
3114static int get_MFL_from_client_hello(BIO *bio, int *mfl_codemfl_code)
3115{
3116 long len;
3117 unsigned char *data;
3118 PACKET pkt = {0}, pkt2 = {0}, pkt3 = {0};
3119 unsigned int MFL_code = 0, type = 0;
3120
3121 if (!TEST_uint_gt( len = BIO_get_mem_data( bio, (char **) &data ), 0 ) )
3122 goto end;
3123
3124 if (!TEST_true( PACKET_buf_init( &pkt, data, len ) )
3125 /* Skip the record header */
3126 || !PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH)
3127 /* Skip the handshake message header */
3128 || !TEST_true(PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH))
3129 /* Skip client version and random */
3130 || !TEST_true(PACKET_forward(&pkt, CLIENT_VERSION_LEN
3131 + SSL3_RANDOM_SIZE))
3132 /* Skip session id */
3133 || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2))
3134 /* Skip ciphers */
3135 || !TEST_true(PACKET_get_length_prefixed_2(&pkt, &pkt2))
3136 /* Skip compression */
3137 || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2))
3138 /* Extensions len */
3139 || !TEST_true(PACKET_as_length_prefixed_2(&pkt, &pkt2)))
3140 goto end;
3141
3142 /* Loop through all extensions */
3143 while (PACKET_remaining(&pkt2)) {
3144 if (!TEST_true(PACKET_get_net_2(&pkt2, &type))
3145 || !TEST_true(PACKET_get_length_prefixed_2(&pkt2, &pkt3)))
3146 goto end;
3147
3148 if (type == TLSEXT_TYPE_max_fragment_length) {
3149 if (!TEST_uint_ne(PACKET_remaining(&pkt3), 0)
3150 || !TEST_true(PACKET_get_1(&pkt3, &MFL_code)))
3151 goto end;
3152
3153 *mfl_codemfl_code = MFL_code;
3154 return 1;
3155 }
3156 }
3157
3158 end:
3159 return 0;
3160}
3161
3162/* Maximum-Fragment-Length TLS extension mode to test */
3163static const unsigned char max_fragment_len_test[] = {
3164 TLSEXT_max_fragment_length_512,
3165 TLSEXT_max_fragment_length_1024,
3166 TLSEXT_max_fragment_length_2048,
3167 TLSEXT_max_fragment_length_4096
3168};
3169
3170static int test_max_fragment_len_ext(int idx_tst)
3171{
3172 SSL_CTX *ctx;
3173 SSL *con = NULL;
3174 int testresult = 0, MFL_mode = 0;
3175 BIO *rbio, *wbio;
3176
3177 ctx = SSL_CTX_new(TLS_method());
3178 if (!TEST_ptr(ctx))
3179 goto end;
3180
3181 if (!TEST_true(SSL_CTX_set_tlsext_max_fragment_length(
3182 ctx, max_fragment_len_test[idx_tst])))
3183 goto end;
3184
3185 con = SSL_new(ctx);
3186 if (!TEST_ptr(con))
3187 goto end;
3188
3189 rbio = BIO_new(BIO_s_mem());
3190 wbio = BIO_new(BIO_s_mem());
3191 if (!TEST_ptr(rbio)|| !TEST_ptr(wbio)) {
3192 BIO_free(rbio);
3193 BIO_free(wbio);
3194 goto end;
3195 }
3196
3197 SSL_set_bio(con, rbio, wbio);
3198 SSL_set_connect_state(con);
3199
3200 if (!TEST_int_le(SSL_connect(con), 0)) {
3201 /* This shouldn't succeed because we don't have a server! */
3202 goto end;
3203 }
3204
3205 if (!TEST_true(get_MFL_from_client_hello(wbio, &MFL_mode)))
3206 /* no MFL in client hello */
3207 goto end;
3208 if (!TEST_true(max_fragment_len_test[idx_tst] == MFL_mode))
3209 goto end;
3210
3211 testresult = 1;
3212
3213end:
3214 SSL_free(con);
3215 SSL_CTX_free(ctx);
3216
3217 return testresult;
3218}
3219
ad887416 3220int setup_tests(void)
2cb4b5f6 3221{
ad887416
P		 3222 if (!TEST_ptr(cert = test_get_argument(0))
3223 || !TEST_ptr(privkey = test_get_argument(1)))
710756a9 3224 return 0;
2cb4b5f6 3225
84d5549e 3226 ADD_TEST(test_large_message_tls);
7856332e 3227 ADD_TEST(test_large_message_tls_read_ahead);
55386bef 3228#ifndef OPENSSL_NO_DTLS
84d5549e 3229 ADD_TEST(test_large_message_dtls);
55386bef 3230#endif
8f8c11d8 3231#ifndef OPENSSL_NO_OCSP
c887104f 3232 ADD_TEST(test_tlsext_status_type);
8f8c11d8 3233#endif
eaa776da
MC		 3234 ADD_TEST(test_session_with_only_int_cache);
3235 ADD_TEST(test_session_with_only_ext_cache);
3236 ADD_TEST(test_session_with_both_cache);
7fb4c820 3237 ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS);
9a716987
MC		 3238 ADD_TEST(test_ssl_bio_pop_next_bio);
3239 ADD_TEST(test_ssl_bio_pop_ssl_bio);
3240 ADD_TEST(test_ssl_bio_change_rbio);
3241 ADD_TEST(test_ssl_bio_change_wbio);
f1b25aae 3242 ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2);
6acdd3e5
CB		 3243 ADD_TEST(test_keylog);
3244#ifndef OPENSSL_NO_TLS1_3
3245 ADD_TEST(test_keylog_no_master_key);
3246#endif
e9ee6536 3247#ifndef OPENSSL_NO_TLS1_2
a9c0d8be 3248 ADD_TEST(test_client_hello_cb);
5f982038
MC		 3249#endif
3250#ifndef OPENSSL_NO_TLS1_3
02a3ed5a
MC		 3251 ADD_ALL_TESTS(test_early_data_read_write, 3);
3252 ADD_ALL_TESTS(test_early_data_skip, 3);
3253 ADD_ALL_TESTS(test_early_data_skip_hrr, 3);
3254 ADD_ALL_TESTS(test_early_data_not_sent, 3);
57dee9bb 3255 ADD_ALL_TESTS(test_early_data_psk, 8);
02a3ed5a 3256 ADD_ALL_TESTS(test_early_data_not_expected, 3);
5f982038 3257# ifndef OPENSSL_NO_TLS1_2
02a3ed5a 3258 ADD_ALL_TESTS(test_early_data_tls1_2, 3);
5f982038 3259# endif
e9ee6536 3260#endif
a273157a 3261#ifndef OPENSSL_NO_TLS1_3
ca0413ae 3262 ADD_TEST(test_ciphersuite_change);
ca8c71ba 3263 ADD_TEST(test_tls13_psk);
bb01ef3f 3264 ADD_ALL_TESTS(test_custom_exts, 5);
a273157a 3265#else
bb01ef3f 3266 ADD_ALL_TESTS(test_custom_exts, 3);
a273157a 3267#endif
16afd71c 3268 ADD_ALL_TESTS(test_serverinfo, 8);
2197d1df 3269 ADD_ALL_TESTS(test_export_key_mat, 4);
e11b6aa4 3270 ADD_ALL_TESTS(test_ssl_clear, 2);
cf72c757 3271 ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test));
ad887416
P		 3272 return 1;
3273}
2cb4b5f6 3274
ad887416
P		 3275void cleanup_tests(void)
3276{
fa454945 3277 bio_s_mempacket_test_free();
2cb4b5f6 3278}
A mirror of the official openssl repository