2 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/opensslconf.h>
13 #include <openssl/bio.h>
14 #include <openssl/crypto.h>
15 #include <openssl/ssl.h>
16 #include <openssl/ocsp.h>
18 #include "ssltestlib.h"
21 #include "../ssl/ssl_locl.h"
23 static char *cert
= NULL
;
24 static char *privkey
= NULL
;
26 #define LOG_BUFFER_SIZE 1024
27 static char server_log_buffer
[LOG_BUFFER_SIZE
+ 1] = {0};
28 static size_t server_log_buffer_index
= 0;
29 static char client_log_buffer
[LOG_BUFFER_SIZE
+ 1] = {0};
30 static size_t client_log_buffer_index
= 0;
31 static int error_writing_log
= 0;
33 #ifndef OPENSSL_NO_OCSP
34 static const unsigned char orespder
[] = "Dummy OCSP Response";
35 static int ocsp_server_called
= 0;
36 static int ocsp_client_called
= 0;
38 static int cdummyarg
= 1;
39 static X509
*ocspcert
= NULL
;
42 #define NUM_EXTRA_CERTS 40
45 * This structure is used to validate that the correct number of log messages
46 * of various types are emitted when emitting secret logs.
48 struct sslapitest_log_counts
{
49 unsigned int rsa_key_exchange_count
;
50 unsigned int master_secret_count
;
51 unsigned int client_handshake_secret_count
;
52 unsigned int server_handshake_secret_count
;
53 unsigned int client_application_secret_count
;
54 unsigned int server_application_secret_count
;
58 static unsigned char serverinfov1
[] = {
59 0xff, 0xff, /* Dummy extension type */
60 0x00, 0x01, /* Extension length is 1 byte */
61 0xff /* Dummy extension data */
64 static unsigned char serverinfov2
[] = {
66 (unsigned char)(SSL_EXT_CLIENT_HELLO
& 0xff), /* Dummy context - 4 bytes */
67 0xff, 0xff, /* Dummy extension type */
68 0x00, 0x01, /* Extension length is 1 byte */
69 0xff /* Dummy extension data */
72 static void client_keylog_callback(const SSL
*ssl
, const char *line
)
74 int line_length
= strlen(line
);
76 /* If the log doesn't fit, error out. */
77 if (client_log_buffer_index
+ line_length
> sizeof(client_log_buffer
) - 1) {
78 TEST_info("Client log too full");
79 error_writing_log
= 1;
83 strcat(client_log_buffer
, line
);
84 client_log_buffer_index
+= line_length
;
85 client_log_buffer
[client_log_buffer_index
++] = '\n';
88 static void server_keylog_callback(const SSL
*ssl
, const char *line
)
90 int line_length
= strlen(line
);
92 /* If the log doesn't fit, error out. */
93 if (server_log_buffer_index
+ line_length
> sizeof(server_log_buffer
) - 1) {
94 TEST_info("Server og too full");
95 error_writing_log
= 1;
99 strcat(server_log_buffer
, line
);
100 server_log_buffer_index
+= line_length
;
101 server_log_buffer
[server_log_buffer_index
++] = '\n';
104 static int compare_hex_encoded_buffer(const char *hex_encoded
,
112 if (!TEST_size_t_eq(raw_length
* 2, hex_length
))
115 for (i
= j
= 0; i
< raw_length
&& j
+ 1 < hex_length
; i
++, j
+= 2) {
116 sprintf(hexed
, "%02x", raw
[i
]);
117 if (!TEST_int_eq(hexed
[0], hex_encoded
[j
])
118 || !TEST_int_eq(hexed
[1], hex_encoded
[j
+ 1]))
125 static int test_keylog_output(char *buffer
, const SSL
*ssl
,
126 const SSL_SESSION
*session
,
127 struct sslapitest_log_counts
*expected
)
130 unsigned char actual_client_random
[SSL3_RANDOM_SIZE
] = {0};
131 size_t client_random_size
= SSL3_RANDOM_SIZE
;
132 unsigned char actual_master_key
[SSL_MAX_MASTER_KEY_LENGTH
] = {0};
133 size_t master_key_size
= SSL_MAX_MASTER_KEY_LENGTH
;
134 unsigned int rsa_key_exchange_count
= 0;
135 unsigned int master_secret_count
= 0;
136 unsigned int client_handshake_secret_count
= 0;
137 unsigned int server_handshake_secret_count
= 0;
138 unsigned int client_application_secret_count
= 0;
139 unsigned int server_application_secret_count
= 0;
141 for (token
= strtok(buffer
, " \n"); token
!= NULL
;
142 token
= strtok(NULL
, " \n")) {
143 if (strcmp(token
, "RSA") == 0) {
145 * Premaster secret. Tokens should be: 16 ASCII bytes of
146 * hex-encoded encrypted secret, then the hex-encoded pre-master
149 if (!TEST_ptr(token
= strtok(NULL
, " \n")))
151 if (!TEST_size_t_eq(strlen(token
), 16))
153 if (!TEST_ptr(token
= strtok(NULL
, " \n")))
156 * We can't sensibly check the log because the premaster secret is
157 * transient, and OpenSSL doesn't keep hold of it once the master
158 * secret is generated.
160 rsa_key_exchange_count
++;
161 } else if (strcmp(token
, "CLIENT_RANDOM") == 0) {
163 * Master secret. Tokens should be: 64 ASCII bytes of hex-encoded
164 * client random, then the hex-encoded master secret.
166 client_random_size
= SSL_get_client_random(ssl
,
167 actual_client_random
,
169 if (!TEST_size_t_eq(client_random_size
, SSL3_RANDOM_SIZE
))
172 if (!TEST_ptr(token
= strtok(NULL
, " \n")))
174 if (!TEST_size_t_eq(strlen(token
), 64))
176 if (!TEST_false(compare_hex_encoded_buffer(token
, 64,
177 actual_client_random
,
178 client_random_size
)))
181 if (!TEST_ptr(token
= strtok(NULL
, " \n")))
183 master_key_size
= SSL_SESSION_get_master_key(session
,
186 if (!TEST_size_t_ne(master_key_size
, 0))
188 if (!TEST_false(compare_hex_encoded_buffer(token
, strlen(token
),
192 master_secret_count
++;
193 } else if (strcmp(token
, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0
194 || strcmp(token
, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0
195 || strcmp(token
, "CLIENT_TRAFFIC_SECRET_0") == 0
196 || strcmp(token
, "SERVER_TRAFFIC_SECRET_0") == 0) {
198 * TLSv1.3 secret. Tokens should be: 64 ASCII bytes of hex-encoded
199 * client random, and then the hex-encoded secret. In this case,
200 * we treat all of these secrets identically and then just
201 * distinguish between them when counting what we saw.
203 if (strcmp(token
, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0)
204 client_handshake_secret_count
++;
205 else if (strcmp(token
, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0)
206 server_handshake_secret_count
++;
207 else if (strcmp(token
, "CLIENT_TRAFFIC_SECRET_0") == 0)
208 client_application_secret_count
++;
209 else if (strcmp(token
, "SERVER_TRAFFIC_SECRET_0") == 0)
210 server_application_secret_count
++;
212 client_random_size
= SSL_get_client_random(ssl
,
213 actual_client_random
,
215 if (!TEST_size_t_eq(client_random_size
, SSL3_RANDOM_SIZE
))
218 if (!TEST_ptr(token
= strtok(NULL
, " \n")))
220 if (!TEST_size_t_eq(strlen(token
), 64))
222 if (!TEST_false(compare_hex_encoded_buffer(token
, 64,
223 actual_client_random
,
224 client_random_size
)))
227 if (!TEST_ptr(token
= strtok(NULL
, " \n")))
231 * TODO(TLS1.3): test that application traffic secrets are what
234 TEST_info("Unexpected token %s\n", token
);
239 /* Got what we expected? */
240 if (!TEST_size_t_eq(rsa_key_exchange_count
,
241 expected
->rsa_key_exchange_count
)
242 || !TEST_size_t_eq(master_secret_count
,
243 expected
->master_secret_count
)
244 || !TEST_size_t_eq(client_handshake_secret_count
,
245 expected
->client_handshake_secret_count
)
246 || !TEST_size_t_eq(server_handshake_secret_count
,
247 expected
->server_handshake_secret_count
)
248 || !TEST_size_t_eq(client_application_secret_count
,
249 expected
->client_application_secret_count
)
250 || !TEST_size_t_eq(server_application_secret_count
,
251 expected
->server_application_secret_count
))
256 static int test_keylog(void)
258 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
259 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
261 struct sslapitest_log_counts expected
= {0};
263 /* Clean up logging space */
264 memset(client_log_buffer
, 0, sizeof(client_log_buffer
));
265 memset(server_log_buffer
, 0, sizeof(server_log_buffer
));
266 client_log_buffer_index
= 0;
267 server_log_buffer_index
= 0;
268 error_writing_log
= 0;
270 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
272 &sctx
, &cctx
, cert
, privkey
)))
275 /* We cannot log the master secret for TLSv1.3, so we should forbid it. */
276 SSL_CTX_set_options(cctx
, SSL_OP_NO_TLSv1_3
);
277 SSL_CTX_set_options(sctx
, SSL_OP_NO_TLSv1_3
);
279 /* We also want to ensure that we use RSA-based key exchange. */
280 if (!TEST_true(SSL_CTX_set_cipher_list(cctx
, "RSA")))
283 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx
) == NULL
)
284 || !TEST_true(SSL_CTX_get_keylog_callback(sctx
) == NULL
))
286 SSL_CTX_set_keylog_callback(cctx
, client_keylog_callback
);
287 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx
)
288 == client_keylog_callback
))
290 SSL_CTX_set_keylog_callback(sctx
, server_keylog_callback
);
291 if (!TEST_true(SSL_CTX_get_keylog_callback(sctx
)
292 == server_keylog_callback
))
295 /* Now do a handshake and check that the logs have been written to. */
296 if (!TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl
,
297 &clientssl
, NULL
, NULL
))
298 || !TEST_true(create_ssl_connection(serverssl
, clientssl
,
300 || !TEST_false(error_writing_log
)
301 || !TEST_int_gt(client_log_buffer_index
, 0)
302 || !TEST_int_gt(server_log_buffer_index
, 0))
306 * Now we want to test that our output data was vaguely sensible. We
307 * do that by using strtok and confirming that we have more or less the
308 * data we expect. For both client and server, we expect to see one master
309 * secret. The client should also see a RSA key exchange.
311 expected
.rsa_key_exchange_count
= 1;
312 expected
.master_secret_count
= 1;
313 if (!TEST_true(test_keylog_output(client_log_buffer
, clientssl
,
314 SSL_get_session(clientssl
), &expected
)))
317 expected
.rsa_key_exchange_count
= 0;
318 if (!TEST_true(test_keylog_output(server_log_buffer
, serverssl
,
319 SSL_get_session(serverssl
), &expected
)))
333 #ifndef OPENSSL_NO_TLS1_3
334 static int test_keylog_no_master_key(void)
336 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
337 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
339 struct sslapitest_log_counts expected
= {0};
341 /* Clean up logging space */
342 memset(client_log_buffer
, 0, sizeof(client_log_buffer
));
343 memset(server_log_buffer
, 0, sizeof(server_log_buffer
));
344 client_log_buffer_index
= 0;
345 server_log_buffer_index
= 0;
346 error_writing_log
= 0;
348 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
349 TLS_client_method(), &sctx
,
350 &cctx
, cert
, privkey
)))
353 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx
) == NULL
)
354 || !TEST_true(SSL_CTX_get_keylog_callback(sctx
) == NULL
))
357 SSL_CTX_set_keylog_callback(cctx
, client_keylog_callback
);
358 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx
)
359 == client_keylog_callback
))
362 SSL_CTX_set_keylog_callback(sctx
, server_keylog_callback
);
363 if (!TEST_true(SSL_CTX_get_keylog_callback(sctx
)
364 == server_keylog_callback
))
367 /* Now do a handshake and check that the logs have been written to. */
368 if (!TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl
,
369 &clientssl
, NULL
, NULL
))
370 || !TEST_true(create_ssl_connection(serverssl
, clientssl
,
372 || !TEST_false(error_writing_log
))
376 * Now we want to test that our output data was vaguely sensible. For this
377 * test, we expect no CLIENT_RANDOM entry because it doesn't make sense for
378 * TLSv1.3, but we do expect both client and server to emit keys.
380 expected
.client_handshake_secret_count
= 1;
381 expected
.server_handshake_secret_count
= 1;
382 expected
.client_application_secret_count
= 1;
383 expected
.server_application_secret_count
= 1;
384 if (!TEST_true(test_keylog_output(client_log_buffer
, clientssl
,
385 SSL_get_session(clientssl
), &expected
))
386 || !TEST_true(test_keylog_output(server_log_buffer
, serverssl
,
387 SSL_get_session(serverssl
),
403 #ifndef OPENSSL_NO_TLS1_2
404 static int full_early_callback(SSL
*s
, int *al
, void *arg
)
407 const unsigned char *p
;
409 /* We only configure two ciphers, but the SCSV is added automatically. */
411 const unsigned char expected_ciphers
[] = {0x00, 0x9d, 0x00, 0xff};
413 const unsigned char expected_ciphers
[] = {0x00, 0x9d, 0xc0,
416 const int expected_extensions
[] = {
417 #ifndef OPENSSL_NO_EC
423 /* Make sure we can defer processing and get called back. */
427 len
= SSL_early_get0_ciphers(s
, &p
);
428 if (!TEST_mem_eq(p
, len
, expected_ciphers
, sizeof(expected_ciphers
))
429 || !TEST_size_t_eq(SSL_early_get0_compression_methods(s
, &p
), 1)
430 || !TEST_int_eq(*p
, 0))
432 if (!SSL_early_get1_extensions_present(s
, &exts
, &len
))
434 if (len
!= OSSL_NELEM(expected_extensions
) ||
435 memcmp(exts
, expected_extensions
, len
* sizeof(*exts
)) != 0) {
436 printf("Early callback expected ClientHello extensions mismatch\n");
444 static int test_early_cb(void)
446 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
447 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
448 int testctr
= 0, testresult
= 0;
450 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
451 TLS_client_method(), &sctx
,
452 &cctx
, cert
, privkey
)))
454 SSL_CTX_set_early_cb(sctx
, full_early_callback
, &testctr
);
456 /* The gimpy cipher list we configure can't do TLS 1.3. */
457 SSL_CTX_set_max_proto_version(cctx
, TLS1_2_VERSION
);
459 if (!TEST_true(SSL_CTX_set_cipher_list(cctx
,
460 "AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384"))
461 || !TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl
,
462 &clientssl
, NULL
, NULL
))
463 || !TEST_false(create_ssl_connection(serverssl
, clientssl
,
464 SSL_ERROR_WANT_EARLY
))
466 * Passing a -1 literal is a hack since
467 * the real value was lost.
469 || !TEST_int_eq(SSL_get_error(serverssl
, -1), SSL_ERROR_WANT_EARLY
)
470 || !TEST_true(create_ssl_connection(serverssl
, clientssl
,
486 static int execute_test_large_message(const SSL_METHOD
*smeth
,
487 const SSL_METHOD
*cmeth
, int read_ahead
)
489 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
490 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
494 X509
*chaincert
= NULL
;
497 if (!TEST_ptr(certbio
= BIO_new_file(cert
, "r")))
499 chaincert
= PEM_read_bio_X509(certbio
, NULL
, NULL
, NULL
);
502 if (!TEST_ptr(chaincert
))
505 if (!TEST_true(create_ssl_ctx_pair(smeth
, cmeth
, &sctx
,
506 &cctx
, cert
, privkey
)))
511 * Test that read_ahead works correctly when dealing with large
514 SSL_CTX_set_read_ahead(cctx
, 1);
518 * We assume the supplied certificate is big enough so that if we add
519 * NUM_EXTRA_CERTS it will make the overall message large enough. The
520 * default buffer size is requested to be 16k, but due to the way BUF_MEM
521 * works, it ends up allocating a little over 21k (16 * 4/3). So, in this
522 * test we need to have a message larger than that.
524 certlen
= i2d_X509(chaincert
, NULL
);
525 OPENSSL_assert(certlen
* NUM_EXTRA_CERTS
>
526 (SSL3_RT_MAX_PLAIN_LENGTH
* 4) / 3);
527 for (i
= 0; i
< NUM_EXTRA_CERTS
; i
++) {
528 if (!X509_up_ref(chaincert
))
530 if (!SSL_CTX_add_extra_chain_cert(sctx
, chaincert
)) {
531 X509_free(chaincert
);
536 if (!TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl
, &clientssl
,
538 || !TEST_true(create_ssl_connection(serverssl
, clientssl
,
543 * Calling SSL_clear() first is not required but this tests that SSL_clear()
544 * doesn't leak (when using enable-crypto-mdebug).
546 if (!TEST_true(SSL_clear(serverssl
)))
551 X509_free(chaincert
);
560 static int test_large_message_tls(void)
562 return execute_test_large_message(TLS_server_method(), TLS_client_method(),
566 static int test_large_message_tls_read_ahead(void)
568 return execute_test_large_message(TLS_server_method(), TLS_client_method(),
572 #ifndef OPENSSL_NO_DTLS
573 static int test_large_message_dtls(void)
576 * read_ahead is not relevant to DTLS because DTLS always acts as if
579 return execute_test_large_message(DTLS_server_method(),
580 DTLS_client_method(), 0);
584 #ifndef OPENSSL_NO_OCSP
585 static int ocsp_server_cb(SSL
*s
, void *arg
)
587 int *argi
= (int *)arg
;
588 unsigned char *copy
= NULL
;
589 STACK_OF(OCSP_RESPID
) *ids
= NULL
;
590 OCSP_RESPID
*id
= NULL
;
593 /* In this test we are expecting exactly 1 OCSP_RESPID */
594 SSL_get_tlsext_status_ids(s
, &ids
);
595 if (ids
== NULL
|| sk_OCSP_RESPID_num(ids
) != 1)
596 return SSL_TLSEXT_ERR_ALERT_FATAL
;
598 id
= sk_OCSP_RESPID_value(ids
, 0);
599 if (id
== NULL
|| !OCSP_RESPID_match(id
, ocspcert
))
600 return SSL_TLSEXT_ERR_ALERT_FATAL
;
601 } else if (*argi
!= 1) {
602 return SSL_TLSEXT_ERR_ALERT_FATAL
;
605 if (!TEST_ptr(copy
= OPENSSL_memdup(orespder
, sizeof(orespder
))))
606 return SSL_TLSEXT_ERR_ALERT_FATAL
;
608 SSL_set_tlsext_status_ocsp_resp(s
, copy
, sizeof(orespder
));
609 ocsp_server_called
= 1;
610 return SSL_TLSEXT_ERR_OK
;
613 static int ocsp_client_cb(SSL
*s
, void *arg
)
615 int *argi
= (int *)arg
;
616 const unsigned char *respderin
;
619 if (*argi
!= 1 && *argi
!= 2)
622 len
= SSL_get_tlsext_status_ocsp_resp(s
, &respderin
);
623 if (!TEST_mem_eq(orespder
, len
, respderin
, len
))
626 ocsp_client_called
= 1;
630 static int test_tlsext_status_type(void)
632 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
633 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
635 STACK_OF(OCSP_RESPID
) *ids
= NULL
;
636 OCSP_RESPID
*id
= NULL
;
639 if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx
,
640 &cctx
, cert
, privkey
))
643 if (SSL_CTX_get_tlsext_status_type(cctx
) != -1)
646 /* First just do various checks getting and setting tlsext_status_type */
648 clientssl
= SSL_new(cctx
);
649 if (!TEST_int_eq(SSL_get_tlsext_status_type(clientssl
), -1)
650 || !TEST_true(SSL_set_tlsext_status_type(clientssl
,
651 TLSEXT_STATUSTYPE_ocsp
))
652 || !TEST_int_eq(SSL_get_tlsext_status_type(clientssl
),
653 TLSEXT_STATUSTYPE_ocsp
))
659 if (!SSL_CTX_set_tlsext_status_type(cctx
, TLSEXT_STATUSTYPE_ocsp
)
660 || SSL_CTX_get_tlsext_status_type(cctx
) != TLSEXT_STATUSTYPE_ocsp
)
663 clientssl
= SSL_new(cctx
);
664 if (SSL_get_tlsext_status_type(clientssl
) != TLSEXT_STATUSTYPE_ocsp
)
670 * Now actually do a handshake and check OCSP information is exchanged and
671 * the callbacks get called
673 SSL_CTX_set_tlsext_status_cb(cctx
, ocsp_client_cb
);
674 SSL_CTX_set_tlsext_status_arg(cctx
, &cdummyarg
);
675 SSL_CTX_set_tlsext_status_cb(sctx
, ocsp_server_cb
);
676 SSL_CTX_set_tlsext_status_arg(sctx
, &cdummyarg
);
677 if (!TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl
,
678 &clientssl
, NULL
, NULL
))
679 || !TEST_true(create_ssl_connection(serverssl
, clientssl
,
681 || !TEST_true(ocsp_client_called
)
682 || !TEST_true(ocsp_server_called
))
689 /* Try again but this time force the server side callback to fail */
690 ocsp_client_called
= 0;
691 ocsp_server_called
= 0;
693 if (!TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl
,
694 &clientssl
, NULL
, NULL
))
695 /* This should fail because the callback will fail */
696 || !TEST_false(create_ssl_connection(serverssl
, clientssl
,
698 || !TEST_false(ocsp_client_called
)
699 || !TEST_false(ocsp_server_called
))
707 * This time we'll get the client to send an OCSP_RESPID that it will
710 ocsp_client_called
= 0;
711 ocsp_server_called
= 0;
713 if (!TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl
,
714 &clientssl
, NULL
, NULL
)))
718 * We'll just use any old cert for this test - it doesn't have to be an OCSP
719 * specific one. We'll use the server cert.
721 if (!TEST_ptr(certbio
= BIO_new_file(cert
, "r"))
722 || !TEST_ptr(id
= OCSP_RESPID_new())
723 || !TEST_ptr(ids
= sk_OCSP_RESPID_new_null())
724 || !TEST_ptr(ocspcert
= PEM_read_bio_X509(certbio
,
726 || !TEST_true(OCSP_RESPID_set_by_key(id
, ocspcert
))
727 || !TEST_true(sk_OCSP_RESPID_push(ids
, id
)))
730 SSL_set_tlsext_status_ids(clientssl
, ids
);
731 /* Control has been transferred */
737 if (!TEST_true(create_ssl_connection(serverssl
, clientssl
,
739 || !TEST_true(ocsp_client_called
)
740 || !TEST_true(ocsp_server_called
))
750 sk_OCSP_RESPID_pop_free(ids
, OCSP_RESPID_free
);
751 OCSP_RESPID_free(id
);
760 typedef struct ssl_session_test_fixture
{
761 const char *test_case_name
;
764 } SSL_SESSION_TEST_FIXTURE
;
766 static int new_called
= 0, remove_called
= 0;
768 static SSL_SESSION_TEST_FIXTURE
769 ssl_session_set_up(const char *const test_case_name
)
771 SSL_SESSION_TEST_FIXTURE fixture
;
773 fixture
.test_case_name
= test_case_name
;
774 fixture
.use_ext_cache
= 1;
775 fixture
.use_int_cache
= 1;
777 new_called
= remove_called
= 0;
782 static void ssl_session_tear_down(SSL_SESSION_TEST_FIXTURE fixture
)
786 static int new_session_cb(SSL
*ssl
, SSL_SESSION
*sess
)
792 static void remove_session_cb(SSL_CTX
*ctx
, SSL_SESSION
*sess
)
797 static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix
)
799 SSL_CTX
*sctx
= NULL
, *cctx
= NULL
;
800 SSL
*serverssl1
= NULL
, *clientssl1
= NULL
;
801 SSL
*serverssl2
= NULL
, *clientssl2
= NULL
;
802 #ifndef OPENSSL_NO_TLS1_1
803 SSL
*serverssl3
= NULL
, *clientssl3
= NULL
;
805 SSL_SESSION
*sess1
= NULL
, *sess2
= NULL
;
808 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
809 TLS_client_method(), &sctx
,
810 &cctx
, cert
, privkey
)))
813 #ifndef OPENSSL_NO_TLS1_2
814 /* Only allow TLS1.2 so we can force a connection failure later */
815 SSL_CTX_set_min_proto_version(cctx
, TLS1_2_VERSION
);
818 /* Set up session cache */
819 if (fix
.use_ext_cache
) {
820 SSL_CTX_sess_set_new_cb(cctx
, new_session_cb
);
821 SSL_CTX_sess_set_remove_cb(cctx
, remove_session_cb
);
823 if (fix
.use_int_cache
) {
824 /* Also covers instance where both are set */
825 SSL_CTX_set_session_cache_mode(cctx
, SSL_SESS_CACHE_CLIENT
);
827 SSL_CTX_set_session_cache_mode(cctx
,
828 SSL_SESS_CACHE_CLIENT
829 | SSL_SESS_CACHE_NO_INTERNAL_STORE
);
832 if (!TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl1
, &clientssl1
,
834 || !TEST_true(create_ssl_connection(serverssl1
, clientssl1
,
836 || !TEST_ptr(sess1
= SSL_get1_session(clientssl1
)))
839 /* Should fail because it should already be in the cache */
840 if (fix
.use_int_cache
&& !TEST_false(SSL_CTX_add_session(cctx
, sess1
)))
842 if (fix
.use_ext_cache
&& (new_called
!= 1 || remove_called
!= 0))
845 if (!TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl2
,
846 &clientssl2
, NULL
, NULL
))
847 || !TEST_true(create_ssl_connection(serverssl2
, clientssl2
,
851 if (!TEST_ptr(sess2
= SSL_get1_session(clientssl2
)))
854 if (fix
.use_ext_cache
&& (new_called
!= 2 || remove_called
!= 0))
858 * This should clear sess2 from the cache because it is a "bad" session.
859 * See SSL_set_session() documentation.
861 if (!TEST_true(SSL_set_session(clientssl2
, sess1
)))
863 if (fix
.use_ext_cache
&& (new_called
!= 2 || remove_called
!= 1))
865 if (!TEST_ptr_eq(SSL_get_session(clientssl2
), sess1
))
868 if (fix
.use_int_cache
) {
869 /* Should succeeded because it should not already be in the cache */
870 if (!TEST_true(SSL_CTX_add_session(cctx
, sess2
))
871 || !TEST_true(SSL_CTX_remove_session(cctx
, sess2
)))
875 * This is for the purposes of internal cache testing...ignore the
876 * counter for external cache
878 if (fix
.use_ext_cache
)
882 /* This shouldn't be in the cache so should fail */
883 if (!TEST_false(SSL_CTX_remove_session(cctx
, sess2
)))
886 if (fix
.use_ext_cache
&& (new_called
!= 2 || remove_called
!= 2))
889 #if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_2)
890 /* Force a connection failure */
891 SSL_CTX_set_max_proto_version(sctx
, TLS1_1_VERSION
);
892 if (!TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl3
,
893 &clientssl3
, NULL
, NULL
))
894 || !TEST_true(SSL_set_session(clientssl3
, sess1
))
895 /* This should fail because of the mismatched protocol versions */
896 || !TEST_false(create_ssl_connection(serverssl3
, clientssl3
,
900 /* We should have automatically removed the session from the cache */
901 if (fix
.use_ext_cache
&& (new_called
!= 2 || remove_called
!= 3))
904 /* Should succeed because it should not already be in the cache */
905 if (fix
.use_int_cache
&& !SSL_CTX_add_session(cctx
, sess2
))
912 SSL_free(serverssl1
);
913 SSL_free(clientssl1
);
914 SSL_free(serverssl2
);
915 SSL_free(clientssl2
);
916 #ifndef OPENSSL_NO_TLS1_1
917 SSL_free(serverssl3
);
918 SSL_free(clientssl3
);
920 SSL_SESSION_free(sess1
);
921 SSL_SESSION_free(sess2
);
924 * Check if we need to remove any sessions up-refed for the external cache
927 SSL_SESSION_free(sess1
);
929 SSL_SESSION_free(sess2
);
936 static int test_session_with_only_int_cache(void)
938 SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE
, ssl_session_set_up
);
939 fixture
.use_ext_cache
= 0;
940 EXECUTE_TEST(execute_test_session
, ssl_session_tear_down
);
943 static int test_session_with_only_ext_cache(void)
945 SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE
, ssl_session_set_up
);
946 fixture
.use_int_cache
= 0;
947 EXECUTE_TEST(execute_test_session
, ssl_session_tear_down
);
950 static int test_session_with_both_cache(void)
952 SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE
, ssl_session_set_up
);
953 EXECUTE_TEST(execute_test_session
, ssl_session_tear_down
);
960 #define TOTAL_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3)
962 static void setupbio(BIO
**res
, BIO
*bio1
, BIO
*bio2
, int type
)
977 static int test_ssl_set_bio(int idx
)
982 BIO
*irbio
= NULL
, *iwbio
= NULL
, *nrbio
= NULL
, *nwbio
= NULL
;
984 int initrbio
, initwbio
, newrbio
, newwbio
;
994 if (!TEST_int_le(newwbio
, 2))
997 if (!TEST_ptr(ctx
= SSL_CTX_new(TLS_method()))
998 || !TEST_ptr(ssl
= SSL_new(ctx
)))
1001 if (initrbio
== USE_BIO_1
1002 || initwbio
== USE_BIO_1
1003 || newrbio
== USE_BIO_1
1004 || newwbio
== USE_BIO_1
) {
1005 if (!TEST_ptr(bio1
= BIO_new(BIO_s_mem())))
1009 if (initrbio
== USE_BIO_2
1010 || initwbio
== USE_BIO_2
1011 || newrbio
== USE_BIO_2
1012 || newwbio
== USE_BIO_2
) {
1013 if (!TEST_ptr(bio2
= BIO_new(BIO_s_mem())))
1017 setupbio(&irbio
, bio1
, bio2
, initrbio
);
1018 setupbio(&iwbio
, bio1
, bio2
, initwbio
);
1021 * We want to maintain our own refs to these BIO, so do an up ref for each
1022 * BIO that will have ownership transferred in the SSL_set_bio() call
1026 if (iwbio
!= NULL
&& iwbio
!= irbio
)
1029 SSL_set_bio(ssl
, irbio
, iwbio
);
1031 setupbio(&nrbio
, bio1
, bio2
, newrbio
);
1032 setupbio(&nwbio
, bio1
, bio2
, newwbio
);
1035 * We will (maybe) transfer ownership again so do more up refs.
1036 * SSL_set_bio() has some really complicated ownership rules where BIOs have
1041 && (nwbio
!= iwbio
|| nrbio
!= nwbio
))
1045 && (nwbio
!= iwbio
|| (nwbio
== iwbio
&& irbio
== iwbio
)))
1048 SSL_set_bio(ssl
, nrbio
, nwbio
);
1058 * This test is checking that the ref counting for SSL_set_bio is correct.
1059 * If we get here and we did too many frees then we will fail in the above
1060 * functions. If we haven't done enough then this will only be detected in
1061 * a crypto-mdebug build
1067 typedef struct ssl_bio_test_fixture
{
1068 const char *test_case_name
;
1070 enum { NO_BIO_CHANGE
, CHANGE_RBIO
, CHANGE_WBIO
} change_bio
;
1071 } SSL_BIO_TEST_FIXTURE
;
1073 static SSL_BIO_TEST_FIXTURE
ssl_bio_set_up(const char *const test_case_name
)
1075 SSL_BIO_TEST_FIXTURE fixture
;
1077 fixture
.test_case_name
= test_case_name
;
1078 fixture
.pop_ssl
= 0;
1079 fixture
.change_bio
= NO_BIO_CHANGE
;
1083 static void ssl_bio_tear_down(SSL_BIO_TEST_FIXTURE fixture
)
1087 static int execute_test_ssl_bio(SSL_BIO_TEST_FIXTURE fix
)
1089 BIO
*sslbio
= NULL
, *membio1
= NULL
, *membio2
= NULL
;
1094 if (!TEST_ptr(ctx
= SSL_CTX_new(TLS_method()))
1095 || !TEST_ptr(ssl
= SSL_new(ctx
))
1096 || !TEST_ptr(sslbio
= BIO_new(BIO_f_ssl()))
1097 || !TEST_ptr(membio1
= BIO_new(BIO_s_mem())))
1100 BIO_set_ssl(sslbio
, ssl
, BIO_CLOSE
);
1103 * If anything goes wrong here then we could leak memory, so this will
1104 * be caught in a crypto-mdebug build
1106 BIO_push(sslbio
, membio1
);
1108 /* Verify changing the rbio/wbio directly does not cause leaks */
1109 if (fix
.change_bio
!= NO_BIO_CHANGE
) {
1110 if (!TEST_ptr(membio2
= BIO_new(BIO_s_mem())))
1112 if (fix
.change_bio
== CHANGE_RBIO
)
1113 SSL_set0_rbio(ssl
, membio2
);
1115 SSL_set0_wbio(ssl
, membio2
);
1134 static int test_ssl_bio_pop_next_bio(void)
1136 SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE
, ssl_bio_set_up
);
1137 EXECUTE_TEST(execute_test_ssl_bio
, ssl_bio_tear_down
);
1140 static int test_ssl_bio_pop_ssl_bio(void)
1142 SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE
, ssl_bio_set_up
);
1143 fixture
.pop_ssl
= 1;
1144 EXECUTE_TEST(execute_test_ssl_bio
, ssl_bio_tear_down
);
1147 static int test_ssl_bio_change_rbio(void)
1149 SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE
, ssl_bio_set_up
);
1150 fixture
.change_bio
= CHANGE_RBIO
;
1151 EXECUTE_TEST(execute_test_ssl_bio
, ssl_bio_tear_down
);
1154 static int test_ssl_bio_change_wbio(void)
1156 SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE
, ssl_bio_set_up
);
1157 fixture
.change_bio
= CHANGE_WBIO
;
1158 EXECUTE_TEST(execute_test_ssl_bio
, ssl_bio_tear_down
);
1162 /* The list of sig algs */
1164 /* The length of the list */
1166 /* A sigalgs list in string format */
1167 const char *liststr
;
1168 /* Whether setting the list should succeed */
1170 /* Whether creating a connection with the list should succeed */
1174 static const int validlist1
[] = {NID_sha256
, EVP_PKEY_RSA
};
1175 #ifndef OPENSSL_NO_EC
1176 static const int validlist2
[] = {NID_sha256
, EVP_PKEY_RSA
, NID_sha512
, EVP_PKEY_EC
};
1177 static const int validlist3
[] = {NID_sha512
, EVP_PKEY_EC
};
1179 static const int invalidlist1
[] = {NID_undef
, EVP_PKEY_RSA
};
1180 static const int invalidlist2
[] = {NID_sha256
, NID_undef
};
1181 static const int invalidlist3
[] = {NID_sha256
, EVP_PKEY_RSA
, NID_sha256
};
1182 static const int invalidlist4
[] = {NID_sha256
};
1183 static const sigalgs_list testsigalgs
[] = {
1184 {validlist1
, OSSL_NELEM(validlist1
), NULL
, 1, 1},
1185 #ifndef OPENSSL_NO_EC
1186 {validlist2
, OSSL_NELEM(validlist2
), NULL
, 1, 1},
1187 {validlist3
, OSSL_NELEM(validlist3
), NULL
, 1, 0},
1189 {NULL
, 0, "RSA+SHA256", 1, 1},
1190 #ifndef OPENSSL_NO_EC
1191 {NULL
, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
1192 {NULL
, 0, "ECDSA+SHA512", 1, 0},
1194 {invalidlist1
, OSSL_NELEM(invalidlist1
), NULL
, 0, 0},
1195 {invalidlist2
, OSSL_NELEM(invalidlist2
), NULL
, 0, 0},
1196 {invalidlist3
, OSSL_NELEM(invalidlist3
), NULL
, 0, 0},
1197 {invalidlist4
, OSSL_NELEM(invalidlist4
), NULL
, 0, 0},
1198 {NULL
, 0, "RSA", 0, 0},
1199 {NULL
, 0, "SHA256", 0, 0},
1200 {NULL
, 0, "RSA+SHA256:SHA256", 0, 0},
1201 {NULL
, 0, "Invalid", 0, 0}
1204 static int test_set_sigalgs(int idx
)
1206 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
1207 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
1209 const sigalgs_list
*curr
;
1212 /* Should never happen */
1213 if (!TEST_size_t_le((size_t)idx
, OSSL_NELEM(testsigalgs
) * 2))
1216 testctx
= ((size_t)idx
< OSSL_NELEM(testsigalgs
));
1217 curr
= testctx
? &testsigalgs
[idx
]
1218 : &testsigalgs
[idx
- OSSL_NELEM(testsigalgs
)];
1220 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1221 TLS_client_method(), &sctx
,
1222 &cctx
, cert
, privkey
)))
1226 * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test it
1227 * for TLSv1.2 for now until we add a new API.
1229 SSL_CTX_set_max_proto_version(cctx
, TLS1_2_VERSION
);
1234 if (curr
->list
!= NULL
)
1235 ret
= SSL_CTX_set1_sigalgs(cctx
, curr
->list
, curr
->listlen
);
1237 ret
= SSL_CTX_set1_sigalgs_list(cctx
, curr
->liststr
);
1241 TEST_info("Failure setting sigalgs in SSL_CTX (%d)\n", idx
);
1247 TEST_info("Not-failed setting sigalgs in SSL_CTX (%d)\n", idx
);
1252 if (!TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl
,
1253 &clientssl
, NULL
, NULL
)))
1259 if (curr
->list
!= NULL
)
1260 ret
= SSL_set1_sigalgs(clientssl
, curr
->list
, curr
->listlen
);
1262 ret
= SSL_set1_sigalgs_list(clientssl
, curr
->liststr
);
1265 TEST_info("Failure setting sigalgs in SSL (%d)\n", idx
);
1274 if (!TEST_int_eq(create_ssl_connection(serverssl
, clientssl
,
1282 SSL_free(serverssl
);
1283 SSL_free(clientssl
);
1290 #ifndef OPENSSL_NO_TLS1_3
1292 #define MSG1 "Hello"
1293 #define MSG2 "World."
1298 #define MSG7 "message."
1301 * Helper method to setup objects for early data test. Caller frees objects on
1304 static int setupearly_data_test(SSL_CTX
**cctx
, SSL_CTX
**sctx
, SSL
**clientssl
,
1305 SSL
**serverssl
, SSL_SESSION
**sess
, int idx
)
1307 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1308 TLS_client_method(), sctx
,
1309 cctx
, cert
, privkey
)))
1312 /* When idx == 1 we repeat the tests with read_ahead set */
1314 SSL_CTX_set_read_ahead(*cctx
, 1);
1315 SSL_CTX_set_read_ahead(*sctx
, 1);
1318 if (!TEST_true(create_ssl_objects(*sctx
, *cctx
, serverssl
, clientssl
,
1320 || !TEST_true(create_ssl_connection(*serverssl
, *clientssl
,
1324 *sess
= SSL_get1_session(*clientssl
);
1325 SSL_shutdown(*clientssl
);
1326 SSL_shutdown(*serverssl
);
1327 SSL_free(*serverssl
);
1328 SSL_free(*clientssl
);
1329 *serverssl
= *clientssl
= NULL
;
1331 if (!TEST_true(create_ssl_objects(*sctx
, *cctx
, serverssl
,
1332 clientssl
, NULL
, NULL
))
1333 || !TEST_true(SSL_set_session(*clientssl
, *sess
)))
1339 static int test_early_data_read_write(int idx
)
1341 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
1342 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
1344 SSL_SESSION
*sess
= NULL
;
1345 unsigned char buf
[20], data
[1024];
1346 size_t readbytes
, written
, eoedlen
, rawread
, rawwritten
;
1349 if (!TEST_true(setupearly_data_test(&cctx
, &sctx
, &clientssl
,
1350 &serverssl
, &sess
, idx
)))
1353 /* Write and read some early data */
1354 if (!TEST_true(SSL_write_early_data(clientssl
, MSG1
, strlen(MSG1
),
1356 || !TEST_size_t_eq(written
, strlen(MSG1
))
1357 || !TEST_int_eq(SSL_read_early_data(serverssl
, buf
,
1358 sizeof(buf
), &readbytes
),
1359 SSL_READ_EARLY_DATA_SUCCESS
)
1360 || !TEST_mem_eq(MSG1
, readbytes
, buf
, strlen(MSG1
))
1361 || !TEST_int_eq(SSL_get_early_data_status(serverssl
),
1362 SSL_EARLY_DATA_ACCEPTED
))
1366 * Server should be able to write data, and client should be able to
1369 if (!TEST_true(SSL_write_early_data(serverssl
, MSG2
, strlen(MSG2
),
1371 || !TEST_size_t_eq(written
, strlen(MSG2
))
1372 || !TEST_true(SSL_read_ex(clientssl
, buf
, sizeof(buf
), &readbytes
))
1373 || !TEST_mem_eq(buf
, readbytes
, MSG2
, strlen(MSG2
)))
1376 /* Even after reading normal data, client should be able write early data */
1377 if (!TEST_true(SSL_write_early_data(clientssl
, MSG3
, strlen(MSG3
),
1379 || !TEST_size_t_eq(written
, strlen(MSG3
)))
1382 /* Server should still be able read early data after writing data */
1383 if (!TEST_int_eq(SSL_read_early_data(serverssl
, buf
, sizeof(buf
),
1385 SSL_READ_EARLY_DATA_SUCCESS
)
1386 || !TEST_mem_eq(buf
, readbytes
, MSG3
, strlen(MSG3
)))
1389 /* Write more data from server and read it from client */
1390 if (!TEST_true(SSL_write_early_data(serverssl
, MSG4
, strlen(MSG4
),
1392 || !TEST_size_t_eq(written
, strlen(MSG4
))
1393 || !TEST_true(SSL_read_ex(clientssl
, buf
, sizeof(buf
), &readbytes
))
1394 || !TEST_mem_eq(buf
, readbytes
, MSG4
, strlen(MSG4
)))
1398 * If client writes normal data it should mean writing early data is no
1401 if (!TEST_true(SSL_write_ex(clientssl
, MSG5
, strlen(MSG5
), &written
))
1402 || !TEST_size_t_eq(written
, strlen(MSG5
))
1403 || !TEST_int_eq(SSL_get_early_data_status(clientssl
),
1404 SSL_EARLY_DATA_ACCEPTED
))
1408 * At this point the client has written EndOfEarlyData, ClientFinished and
1409 * normal (fully protected) data. We are going to cause a delay between the
1410 * arrival of EndOfEarlyData and ClientFinished. We read out all the data
1411 * in the read BIO, and then just put back the EndOfEarlyData message.
1413 rbio
= SSL_get_rbio(serverssl
);
1414 if (!TEST_true(BIO_read_ex(rbio
, data
, sizeof(data
), &rawread
))
1415 || !TEST_size_t_lt(rawread
, sizeof(data
))
1416 || !TEST_size_t_gt(rawread
, SSL3_RT_HEADER_LENGTH
))
1419 /* Record length is in the 4th and 5th bytes of the record header */
1420 eoedlen
= SSL3_RT_HEADER_LENGTH
+ (data
[3] << 8 | data
[4]);
1421 if (!TEST_true(BIO_write_ex(rbio
, data
, eoedlen
, &rawwritten
))
1422 || !TEST_size_t_eq(rawwritten
, eoedlen
))
1425 /* Server should be told that there is no more early data */
1426 if (!TEST_int_eq(SSL_read_early_data(serverssl
, buf
, sizeof(buf
),
1428 SSL_READ_EARLY_DATA_FINISH
)
1429 || !TEST_size_t_eq(readbytes
, 0))
1433 * Server has not finished init yet, so should still be able to write early
1436 if (!TEST_true(SSL_write_early_data(serverssl
, MSG6
, strlen(MSG6
),
1438 || !TEST_size_t_eq(written
, strlen(MSG6
)))
1441 /* Push the ClientFinished and the normal data back into the server rbio */
1442 if (!TEST_true(BIO_write_ex(rbio
, data
+ eoedlen
, rawread
- eoedlen
,
1444 || !TEST_size_t_eq(rawwritten
, rawread
- eoedlen
))
1447 /* Server should be able to read normal data */
1448 if (!TEST_true(SSL_read_ex(serverssl
, buf
, sizeof(buf
), &readbytes
))
1449 || !TEST_size_t_eq(readbytes
, strlen(MSG5
)))
1452 /* Client and server should not be able to write/read early data now */
1453 if (!TEST_false(SSL_write_early_data(clientssl
, MSG6
, strlen(MSG6
),
1457 if (!TEST_int_eq(SSL_read_early_data(serverssl
, buf
, sizeof(buf
),
1459 SSL_READ_EARLY_DATA_ERROR
))
1463 /* Client should be able to read the data sent by the server */
1464 if (!TEST_true(SSL_read_ex(clientssl
, buf
, sizeof(buf
), &readbytes
))
1465 || !TEST_mem_eq(buf
, readbytes
, MSG6
, strlen(MSG6
)))
1469 * Make sure we process the NewSessionTicket. This arrives post-handshake.
1470 * We attempt a read which we do not expect to return any data.
1472 if (!TEST_false(SSL_read_ex(clientssl
, buf
, sizeof(buf
), &readbytes
)))
1475 /* Server should be able to write normal data */
1476 if (!TEST_true(SSL_write_ex(serverssl
, MSG7
, strlen(MSG7
), &written
))
1477 || !TEST_size_t_eq(written
, strlen(MSG7
))
1478 || !TEST_true(SSL_read_ex(clientssl
, buf
, sizeof(buf
), &readbytes
))
1479 || !TEST_mem_eq(buf
, readbytes
, MSG7
, strlen(MSG7
)))
1482 SSL_SESSION_free(sess
);
1483 sess
= SSL_get1_session(clientssl
);
1485 SSL_shutdown(clientssl
);
1486 SSL_shutdown(serverssl
);
1487 SSL_free(serverssl
);
1488 SSL_free(clientssl
);
1489 serverssl
= clientssl
= NULL
;
1490 if (!TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl
,
1491 &clientssl
, NULL
, NULL
))
1492 || !TEST_true(SSL_set_session(clientssl
, sess
)))
1495 /* Write and read some early data */
1496 if (!TEST_true(SSL_write_early_data(clientssl
, MSG1
, strlen(MSG1
),
1498 || !TEST_size_t_eq(written
, strlen(MSG1
))
1499 || !TEST_int_eq(SSL_read_early_data(serverssl
, buf
, sizeof(buf
),
1501 SSL_READ_EARLY_DATA_SUCCESS
)
1502 || !TEST_mem_eq(buf
, readbytes
, MSG1
, strlen(MSG1
)))
1505 if (!TEST_int_gt(SSL_connect(clientssl
), 0)
1506 || !TEST_int_gt(SSL_accept(serverssl
), 0))
1509 /* Client and server should not be able to write/read early data now */
1510 if (!TEST_false(SSL_write_early_data(clientssl
, MSG6
, strlen(MSG6
),
1514 if (!TEST_int_eq(SSL_read_early_data(serverssl
, buf
, sizeof(buf
),
1516 SSL_READ_EARLY_DATA_ERROR
))
1520 /* Client and server should be able to write/read normal data */
1521 if (!TEST_true(SSL_write_ex(clientssl
, MSG5
, strlen(MSG5
), &written
))
1522 || !TEST_size_t_eq(written
, strlen(MSG5
))
1523 || !TEST_true(SSL_read_ex(serverssl
, buf
, sizeof(buf
), &readbytes
))
1524 || !TEST_size_t_eq(readbytes
, strlen(MSG5
)))
1530 SSL_SESSION_free(sess
);
1531 SSL_free(serverssl
);
1532 SSL_free(clientssl
);
1539 * Test that a server attempting to read early data can handle a connection
1540 * from a client where the early data is not acceptable.
1542 static int test_early_data_skip(int idx
)
1544 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
1545 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
1547 SSL_SESSION
*sess
= NULL
;
1548 unsigned char buf
[20];
1549 size_t readbytes
, written
;
1551 if (!TEST_true(setupearly_data_test(&cctx
, &sctx
, &clientssl
,
1552 &serverssl
, &sess
, idx
)))
1556 * Deliberately corrupt the creation time. We take 20 seconds off the time.
1557 * It could be any value as long as it is not within tolerance. This should
1558 * mean the ticket is rejected.
1560 if (!TEST_true(SSL_SESSION_set_time(sess
, time(NULL
) - 20)))
1563 /* Write some early data */
1564 if (!TEST_true(SSL_write_early_data(clientssl
, MSG1
, strlen(MSG1
),
1566 || !TEST_size_t_eq(written
, strlen(MSG1
)))
1569 /* Server should reject the early data and skip over it */
1570 if (!TEST_int_eq(SSL_read_early_data(serverssl
, buf
, sizeof(buf
),
1572 SSL_READ_EARLY_DATA_FINISH
)
1573 || !TEST_size_t_eq(readbytes
, 0)
1574 || !TEST_int_eq(SSL_get_early_data_status(serverssl
),
1575 SSL_EARLY_DATA_REJECTED
))
1578 /* Should be able to send normal data despite rejection of early data */
1579 if (!TEST_true(SSL_write_ex(clientssl
, MSG2
, strlen(MSG2
), &written
))
1580 || !TEST_size_t_eq(written
, strlen(MSG2
))
1581 || !TEST_int_eq(SSL_get_early_data_status(clientssl
),
1582 SSL_EARLY_DATA_REJECTED
)
1583 || !TEST_true(SSL_read_ex(serverssl
, buf
, sizeof(buf
), &readbytes
))
1584 || !TEST_mem_eq(buf
, readbytes
, MSG2
, strlen(MSG2
)))
1590 SSL_SESSION_free(sess
);
1591 SSL_free(serverssl
);
1592 SSL_free(clientssl
);
1599 * Test that a server attempting to read early data can handle a connection
1600 * from a client that doesn't send any.
1602 static int test_early_data_not_sent(int idx
)
1604 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
1605 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
1607 SSL_SESSION
*sess
= NULL
;
1608 unsigned char buf
[20];
1609 size_t readbytes
, written
;
1611 if (!TEST_true(setupearly_data_test(&cctx
, &sctx
, &clientssl
,
1612 &serverssl
, &sess
, idx
)))
1615 /* Write some data - should block due to handshake with server */
1616 SSL_set_connect_state(clientssl
);
1617 if (!TEST_false(SSL_write_ex(clientssl
, MSG1
, strlen(MSG1
), &written
)))
1620 /* Server should detect that early data has not been sent */
1621 if (!TEST_int_eq(SSL_read_early_data(serverssl
, buf
, sizeof(buf
),
1623 SSL_READ_EARLY_DATA_FINISH
)
1624 || !TEST_size_t_eq(readbytes
, 0)
1625 || !TEST_int_eq(SSL_get_early_data_status(serverssl
),
1626 SSL_EARLY_DATA_NOT_SENT
)
1627 || !TEST_int_eq(SSL_get_early_data_status(clientssl
),
1628 SSL_EARLY_DATA_NOT_SENT
))
1631 /* Continue writing the message we started earlier */
1632 if (!TEST_true(SSL_write_ex(clientssl
, MSG1
, strlen(MSG1
), &written
))
1633 || !TEST_size_t_eq(written
, strlen(MSG1
))
1634 || !TEST_true(SSL_read_ex(serverssl
, buf
, sizeof(buf
), &readbytes
))
1635 || !TEST_mem_eq(buf
, readbytes
, MSG1
, strlen(MSG1
))
1636 || !SSL_write_ex(serverssl
, MSG2
, strlen(MSG2
), &written
)
1637 || !TEST_size_t_eq(written
, strlen(MSG2
)))
1641 * Should block due to the NewSessionTicket arrival unless we're using
1645 if (!TEST_false(SSL_read_ex(clientssl
, buf
, sizeof(buf
), &readbytes
)))
1649 if (!TEST_true(SSL_read_ex(clientssl
, buf
, sizeof(buf
), &readbytes
))
1650 || !TEST_mem_eq(buf
, readbytes
, MSG2
, strlen(MSG2
)))
1656 SSL_SESSION_free(sess
);
1657 SSL_free(serverssl
);
1658 SSL_free(clientssl
);
1665 * Test that a server that doesn't try to read early data can handle a
1666 * client sending some.
1668 static int test_early_data_not_expected(int idx
)
1670 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
1671 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
1673 SSL_SESSION
*sess
= NULL
;
1674 unsigned char buf
[20];
1675 size_t readbytes
, written
;
1678 if (!TEST_true(setupearly_data_test(&cctx
, &sctx
, &clientssl
,
1679 &serverssl
, &sess
, idx
)))
1682 /* Write some early data */
1683 if (!TEST_true(SSL_write_early_data(clientssl
, MSG1
, strlen(MSG1
),
1688 * Server should skip over early data and then block waiting for client to
1689 * continue handshake
1691 if (!TEST_int_le(SSL_accept(serverssl
), 0)
1692 || !TEST_int_gt(SSL_connect(clientssl
), 0)
1693 || !TEST_int_eq(SSL_get_early_data_status(serverssl
),
1694 SSL_EARLY_DATA_REJECTED
)
1695 || !TEST_int_gt(SSL_accept(serverssl
), 0)
1696 || !TEST_int_eq(SSL_get_early_data_status(clientssl
),
1697 SSL_EARLY_DATA_REJECTED
))
1700 /* Send some normal data from client to server */
1701 if (!TEST_true(SSL_write_ex(clientssl
, MSG2
, strlen(MSG2
), &written
))
1702 || !TEST_size_t_eq(written
, strlen(MSG2
)))
1705 if (!TEST_true(SSL_read_ex(serverssl
, buf
, sizeof(buf
), &readbytes
))
1706 || !TEST_mem_eq(buf
, readbytes
, MSG2
, strlen(MSG2
)))
1712 SSL_SESSION_free(sess
);
1713 SSL_free(serverssl
);
1714 SSL_free(clientssl
);
1721 # ifndef OPENSSL_NO_TLS1_2
1723 * Test that a server attempting to read early data can handle a connection
1724 * from a TLSv1.2 client.
1726 static int test_early_data_tls1_2(int idx
)
1728 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
1729 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
1731 unsigned char buf
[20];
1732 size_t readbytes
, written
;
1734 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1735 TLS_client_method(), &sctx
,
1736 &cctx
, cert
, privkey
)))
1739 /* When idx == 1 we repeat the tests with read_ahead set */
1741 SSL_CTX_set_read_ahead(cctx
, 1);
1742 SSL_CTX_set_read_ahead(sctx
, 1);
1745 if (!TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl
,
1746 &clientssl
, NULL
, NULL
)))
1749 /* Write some data - should block due to handshake with server */
1750 SSL_set_max_proto_version(clientssl
, TLS1_2_VERSION
);
1751 SSL_set_connect_state(clientssl
);
1752 if (!TEST_false(SSL_write_ex(clientssl
, MSG1
, strlen(MSG1
), &written
)))
1756 * Server should do TLSv1.2 handshake. First it will block waiting for more
1757 * messages from client after ServerDone. Then SSL_read_early_data should
1758 * finish and detect that early data has not been sent
1760 if (!TEST_int_eq(SSL_read_early_data(serverssl
, buf
, sizeof(buf
),
1762 SSL_READ_EARLY_DATA_ERROR
))
1766 * Continue writing the message we started earlier. Will still block waiting
1767 * for the CCS/Finished from server
1769 if (!TEST_false(SSL_write_ex(clientssl
, MSG1
, strlen(MSG1
), &written
))
1770 || !TEST_int_eq(SSL_read_early_data(serverssl
, buf
, sizeof(buf
),
1772 SSL_READ_EARLY_DATA_FINISH
)
1773 || !TEST_size_t_eq(readbytes
, 0)
1774 || !TEST_int_eq(SSL_get_early_data_status(serverssl
),
1775 SSL_EARLY_DATA_NOT_SENT
))
1778 /* Continue writing the message we started earlier */
1779 if (!TEST_true(SSL_write_ex(clientssl
, MSG1
, strlen(MSG1
), &written
))
1780 || !TEST_size_t_eq(written
, strlen(MSG1
))
1781 || !TEST_int_eq(SSL_get_early_data_status(clientssl
),
1782 SSL_EARLY_DATA_NOT_SENT
)
1783 || !TEST_true(SSL_read_ex(serverssl
, buf
, sizeof(buf
), &readbytes
))
1784 || !TEST_mem_eq(buf
, readbytes
, MSG1
, strlen(MSG1
))
1785 || !TEST_true(SSL_write_ex(serverssl
, MSG2
, strlen(MSG2
), &written
))
1786 || !TEST_size_t_eq(written
, strlen(MSG2
))
1787 || !SSL_read_ex(clientssl
, buf
, sizeof(buf
), &readbytes
)
1788 || !TEST_mem_eq(buf
, readbytes
, MSG2
, strlen(MSG2
)))
1794 SSL_free(serverssl
);
1795 SSL_free(clientssl
);
1801 # endif /* OPENSSL_NO_TLS1_2 */
1803 static int test_ciphersuite_change(void)
1805 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
1806 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
1807 SSL_SESSION
*clntsess
= NULL
;
1809 const SSL_CIPHER
*aes_128_gcm_sha256
= NULL
;
1811 /* Create a session based on SHA-256 */
1812 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1813 TLS_client_method(), &sctx
,
1814 &cctx
, cert
, privkey
))
1815 || !TEST_true(SSL_CTX_set_cipher_list(cctx
,
1816 "TLS13-AES-128-GCM-SHA256"))
1817 || !TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl
,
1818 &clientssl
, NULL
, NULL
))
1819 || !TEST_true(create_ssl_connection(serverssl
, clientssl
,
1823 clntsess
= SSL_get1_session(clientssl
);
1824 /* Save for later */
1825 aes_128_gcm_sha256
= SSL_SESSION_get0_cipher(clntsess
);
1826 SSL_shutdown(clientssl
);
1827 SSL_shutdown(serverssl
);
1828 SSL_free(serverssl
);
1829 SSL_free(clientssl
);
1830 serverssl
= clientssl
= NULL
;
1832 /* Check we can resume a session with a different SHA-256 ciphersuite */
1833 if (!TEST_true(SSL_CTX_set_cipher_list(cctx
,
1834 "TLS13-CHACHA20-POLY1305-SHA256"))
1835 || !TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl
, &clientssl
,
1837 || !TEST_true(SSL_set_session(clientssl
, clntsess
))
1838 || !TEST_true(create_ssl_connection(serverssl
, clientssl
,
1840 || !TEST_true(SSL_session_reused(clientssl
)))
1843 SSL_SESSION_free(clntsess
);
1844 clntsess
= SSL_get1_session(clientssl
);
1845 SSL_shutdown(clientssl
);
1846 SSL_shutdown(serverssl
);
1847 SSL_free(serverssl
);
1848 SSL_free(clientssl
);
1849 serverssl
= clientssl
= NULL
;
1852 * Check attempting to resume a SHA-256 session with no SHA-256 ciphersuites
1853 * succeeds but does not resume.
1855 if (!TEST_true(SSL_CTX_set_cipher_list(cctx
, "TLS13-AES-256-GCM-SHA384"))
1856 || !TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl
, &clientssl
,
1858 || !TEST_true(SSL_set_session(clientssl
, clntsess
))
1859 || !TEST_true(create_ssl_connection(serverssl
, clientssl
,
1861 || !TEST_false(SSL_session_reused(clientssl
)))
1864 SSL_SESSION_free(clntsess
);
1866 SSL_shutdown(clientssl
);
1867 SSL_shutdown(serverssl
);
1868 SSL_free(serverssl
);
1869 SSL_free(clientssl
);
1870 serverssl
= clientssl
= NULL
;
1872 /* Create a session based on SHA384 */
1873 if (!TEST_true(SSL_CTX_set_cipher_list(cctx
, "TLS13-AES-256-GCM-SHA384"))
1874 || !TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl
,
1875 &clientssl
, NULL
, NULL
))
1876 || !TEST_true(create_ssl_connection(serverssl
, clientssl
,
1880 clntsess
= SSL_get1_session(clientssl
);
1881 SSL_shutdown(clientssl
);
1882 SSL_shutdown(serverssl
);
1883 SSL_free(serverssl
);
1884 SSL_free(clientssl
);
1885 serverssl
= clientssl
= NULL
;
1887 if (!TEST_true(SSL_CTX_set_cipher_list(cctx
,
1888 "TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384"))
1889 || !TEST_true(SSL_CTX_set_cipher_list(sctx
,
1890 "TLS13-AES-256-GCM-SHA384"))
1891 || !TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl
, &clientssl
,
1893 || !TEST_true(SSL_set_session(clientssl
, clntsess
))
1894 || !TEST_false(create_ssl_connection(serverssl
, clientssl
,
1895 SSL_ERROR_WANT_READ
)))
1898 /* Trick the client into thinking this session is for a different digest */
1899 clntsess
->cipher
= aes_128_gcm_sha256
;
1900 clntsess
->cipher_id
= clntsess
->cipher
->id
;
1903 * Server has selected a SHA-384 ciphersuite, but client thinks the session
1904 * is for SHA-256, so it should bail out.
1906 if (!TEST_false(create_ssl_connection(serverssl
, clientssl
,
1908 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()),
1909 SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED
))
1915 SSL_SESSION_free(clntsess
);
1916 SSL_free(serverssl
);
1917 SSL_free(clientssl
);
1924 #endif /* OPENSSL_NO_TLS1_3 */
1926 static int clntaddoldcb
= 0;
1927 static int clntparseoldcb
= 0;
1928 static int srvaddoldcb
= 0;
1929 static int srvparseoldcb
= 0;
1930 static int clntaddnewcb
= 0;
1931 static int clntparsenewcb
= 0;
1932 static int srvaddnewcb
= 0;
1933 static int srvparsenewcb
= 0;
1934 static int snicb
= 0;
1936 #define TEST_EXT_TYPE1 0xff00
1938 static int old_add_cb(SSL
*s
, unsigned int ext_type
, const unsigned char **out
,
1939 size_t *outlen
, int *al
, void *add_arg
)
1941 int *server
= (int *)add_arg
;
1942 unsigned char *data
;
1944 if (SSL_is_server(s
))
1949 if (*server
!= SSL_is_server(s
)
1950 || (data
= OPENSSL_malloc(sizeof(*data
))) == NULL
)
1955 *outlen
= sizeof(char);
1959 static void old_free_cb(SSL
*s
, unsigned int ext_type
, const unsigned char *out
,
1962 OPENSSL_free((unsigned char *)out
);
1965 static int old_parse_cb(SSL
*s
, unsigned int ext_type
, const unsigned char *in
,
1966 size_t inlen
, int *al
, void *parse_arg
)
1968 int *server
= (int *)parse_arg
;
1970 if (SSL_is_server(s
))
1975 if (*server
!= SSL_is_server(s
)
1976 || inlen
!= sizeof(char)
1983 static int new_add_cb(SSL
*s
, unsigned int ext_type
, unsigned int context
,
1984 const unsigned char **out
, size_t *outlen
, X509
*x
,
1985 size_t chainidx
, int *al
, void *add_arg
)
1987 int *server
= (int *)add_arg
;
1988 unsigned char *data
;
1990 if (SSL_is_server(s
))
1995 if (*server
!= SSL_is_server(s
)
1996 || (data
= OPENSSL_malloc(sizeof(*data
))) == NULL
)
2001 *outlen
= sizeof(*data
);
2005 static void new_free_cb(SSL
*s
, unsigned int ext_type
, unsigned int context
,
2006 const unsigned char *out
, void *add_arg
)
2008 OPENSSL_free((unsigned char *)out
);
2011 static int new_parse_cb(SSL
*s
, unsigned int ext_type
, unsigned int context
,
2012 const unsigned char *in
, size_t inlen
, X509
*x
,
2013 size_t chainidx
, int *al
, void *parse_arg
)
2015 int *server
= (int *)parse_arg
;
2017 if (SSL_is_server(s
))
2022 if (*server
!= SSL_is_server(s
)
2023 || inlen
!= sizeof(char) || *in
!= 1)
2029 static int sni_cb(SSL
*s
, int *al
, void *arg
)
2031 SSL_CTX
*ctx
= (SSL_CTX
*)arg
;
2033 if (SSL_set_SSL_CTX(s
, ctx
) == NULL
) {
2034 *al
= SSL_AD_INTERNAL_ERROR
;
2035 return SSL_TLSEXT_ERR_ALERT_FATAL
;
2038 return SSL_TLSEXT_ERR_OK
;
2042 * Custom call back tests.
2043 * Test 0: Old style callbacks in TLSv1.2
2044 * Test 1: New style callbacks in TLSv1.2
2045 * Test 2: New style callbacks in TLSv1.2 with SNI
2046 * Test 3: New style callbacks in TLSv1.3. Extensions in CH and EE
2047 * Test 4: New style callbacks in TLSv1.3. Extensions in CH, SH, EE, Cert + NST
2049 static int test_custom_exts(int tst
)
2051 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
, *sctx2
= NULL
;
2052 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
2054 static int server
= 1;
2055 static int client
= 0;
2056 SSL_SESSION
*sess
= NULL
;
2057 unsigned int context
;
2059 /* Reset callback counters */
2060 clntaddoldcb
= clntparseoldcb
= srvaddoldcb
= srvparseoldcb
= 0;
2061 clntaddnewcb
= clntparsenewcb
= srvaddnewcb
= srvparsenewcb
= 0;
2064 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
2065 TLS_client_method(), &sctx
,
2066 &cctx
, cert
, privkey
)))
2070 && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL
, &sctx2
,
2071 NULL
, cert
, privkey
)))
2076 SSL_CTX_set_options(cctx
, SSL_OP_NO_TLSv1_3
);
2077 SSL_CTX_set_options(sctx
, SSL_OP_NO_TLSv1_3
);
2079 SSL_CTX_set_options(sctx2
, SSL_OP_NO_TLSv1_3
);
2083 context
= SSL_EXT_CLIENT_HELLO
2084 | SSL_EXT_TLS1_2_SERVER_HELLO
2085 | SSL_EXT_TLS1_3_SERVER_HELLO
2086 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
2087 | SSL_EXT_TLS1_3_CERTIFICATE
2088 | SSL_EXT_TLS1_3_NEW_SESSION_TICKET
;
2090 context
= SSL_EXT_CLIENT_HELLO
2091 | SSL_EXT_TLS1_2_SERVER_HELLO
2092 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
;
2095 /* Create a client side custom extension */
2097 if (!TEST_true(SSL_CTX_add_client_custom_ext(cctx
, TEST_EXT_TYPE1
,
2098 old_add_cb
, old_free_cb
,
2099 &client
, old_parse_cb
,
2103 if (!TEST_true(SSL_CTX_add_custom_ext(cctx
, TEST_EXT_TYPE1
, context
,
2104 new_add_cb
, new_free_cb
,
2105 &client
, new_parse_cb
, &client
)))
2109 /* Should not be able to add duplicates */
2110 if (!TEST_false(SSL_CTX_add_client_custom_ext(cctx
, TEST_EXT_TYPE1
,
2111 old_add_cb
, old_free_cb
,
2112 &client
, old_parse_cb
,
2114 || !TEST_false(SSL_CTX_add_custom_ext(cctx
, TEST_EXT_TYPE1
,
2115 context
, new_add_cb
,
2116 new_free_cb
, &client
,
2117 new_parse_cb
, &client
)))
2120 /* Create a server side custom extension */
2122 if (!TEST_true(SSL_CTX_add_server_custom_ext(sctx
, TEST_EXT_TYPE1
,
2123 old_add_cb
, old_free_cb
,
2124 &server
, old_parse_cb
,
2128 if (!TEST_true(SSL_CTX_add_custom_ext(sctx
, TEST_EXT_TYPE1
, context
,
2129 new_add_cb
, new_free_cb
,
2130 &server
, new_parse_cb
, &server
)))
2133 && !TEST_true(SSL_CTX_add_custom_ext(sctx2
, TEST_EXT_TYPE1
,
2134 context
, new_add_cb
,
2135 new_free_cb
, &server
,
2136 new_parse_cb
, &server
)))
2140 /* Should not be able to add duplicates */
2141 if (!TEST_false(SSL_CTX_add_server_custom_ext(sctx
, TEST_EXT_TYPE1
,
2142 old_add_cb
, old_free_cb
,
2143 &server
, old_parse_cb
,
2145 || !TEST_false(SSL_CTX_add_custom_ext(sctx
, TEST_EXT_TYPE1
,
2146 context
, new_add_cb
,
2147 new_free_cb
, &server
,
2148 new_parse_cb
, &server
)))
2153 if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx
, sni_cb
))
2154 || !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx
, sctx2
)))
2158 if (!TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl
,
2159 &clientssl
, NULL
, NULL
))
2160 || !TEST_true(create_ssl_connection(serverssl
, clientssl
,
2165 if (clntaddoldcb
!= 1
2166 || clntparseoldcb
!= 1
2168 || srvparseoldcb
!= 1)
2170 } else if (tst
== 1 || tst
== 2 || tst
== 3) {
2171 if (clntaddnewcb
!= 1
2172 || clntparsenewcb
!= 1
2174 || srvparsenewcb
!= 1
2175 || (tst
!= 2 && snicb
!= 0)
2176 || (tst
== 2 && snicb
!= 1))
2179 if (clntaddnewcb
!= 1
2180 || clntparsenewcb
!= 4
2182 || srvparsenewcb
!= 1)
2186 sess
= SSL_get1_session(clientssl
);
2187 SSL_shutdown(clientssl
);
2188 SSL_shutdown(serverssl
);
2189 SSL_free(serverssl
);
2190 SSL_free(clientssl
);
2191 serverssl
= clientssl
= NULL
;
2194 /* We don't bother with the resumption aspects for this test */
2199 if (!TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl
, &clientssl
,
2201 || !TEST_true(SSL_set_session(clientssl
, sess
))
2202 || !TEST_true(create_ssl_connection(serverssl
, clientssl
,
2207 * For a resumed session we expect to add the ClientHello extension. For the
2208 * old style callbacks we ignore it on the server side because they set
2209 * SSL_EXT_IGNORE_ON_RESUMPTION. The new style callbacks do not ignore
2213 if (clntaddoldcb
!= 2
2214 || clntparseoldcb
!= 1
2216 || srvparseoldcb
!= 1)
2218 } else if (tst
== 1 || tst
== 2 || tst
== 3) {
2219 if (clntaddnewcb
!= 2
2220 || clntparsenewcb
!= 2
2222 || srvparsenewcb
!= 2)
2225 /* No Certificate message extensions in the resumption handshake */
2226 if (clntaddnewcb
!= 2
2227 || clntparsenewcb
!= 7
2229 || srvparsenewcb
!= 2)
2236 SSL_SESSION_free(sess
);
2237 SSL_free(serverssl
);
2238 SSL_free(clientssl
);
2239 SSL_CTX_free(sctx2
);
2246 * Test loading of serverinfo data in various formats. test_sslmessages actually
2247 * tests to make sure the extensions appear in the handshake
2249 static int test_serverinfo(int tst
)
2251 unsigned int version
;
2252 unsigned char *sibuf
;
2254 int ret
, expected
, testresult
= 0;
2257 ctx
= SSL_CTX_new(TLS_method());
2261 if ((tst
& 0x01) == 0x01)
2262 version
= SSL_SERVERINFOV2
;
2264 version
= SSL_SERVERINFOV1
;
2266 if ((tst
& 0x02) == 0x02) {
2267 sibuf
= serverinfov2
;
2268 sibuflen
= sizeof(serverinfov2
);
2269 expected
= (version
== SSL_SERVERINFOV2
);
2271 sibuf
= serverinfov1
;
2272 sibuflen
= sizeof(serverinfov1
);
2273 expected
= (version
== SSL_SERVERINFOV1
);
2276 if ((tst
& 0x04) == 0x04) {
2277 ret
= SSL_CTX_use_serverinfo_ex(ctx
, version
, sibuf
, sibuflen
);
2279 ret
= SSL_CTX_use_serverinfo(ctx
, sibuf
, sibuflen
);
2282 * The version variable is irrelevant in this case - it's what is in the
2283 * buffer that matters
2285 if ((tst
& 0x02) == 0x02)
2291 if (!TEST_true(ret
== expected
))
2302 int test_main(int argc
, char *argv
[])
2307 TEST_error("Wrong argument count");
2314 ADD_TEST(test_large_message_tls
);
2315 ADD_TEST(test_large_message_tls_read_ahead
);
2316 #ifndef OPENSSL_NO_DTLS
2317 ADD_TEST(test_large_message_dtls
);
2319 #ifndef OPENSSL_NO_OCSP
2320 ADD_TEST(test_tlsext_status_type
);
2322 ADD_TEST(test_session_with_only_int_cache
);
2323 ADD_TEST(test_session_with_only_ext_cache
);
2324 ADD_TEST(test_session_with_both_cache
);
2325 ADD_ALL_TESTS(test_ssl_set_bio
, TOTAL_SSL_SET_BIO_TESTS
);
2326 ADD_TEST(test_ssl_bio_pop_next_bio
);
2327 ADD_TEST(test_ssl_bio_pop_ssl_bio
);
2328 ADD_TEST(test_ssl_bio_change_rbio
);
2329 ADD_TEST(test_ssl_bio_change_wbio
);
2330 ADD_ALL_TESTS(test_set_sigalgs
, OSSL_NELEM(testsigalgs
) * 2);
2331 ADD_TEST(test_keylog
);
2332 #ifndef OPENSSL_NO_TLS1_3
2333 ADD_TEST(test_keylog_no_master_key
);
2335 #ifndef OPENSSL_NO_TLS1_2
2336 ADD_TEST(test_early_cb
);
2338 #ifndef OPENSSL_NO_TLS1_3
2339 ADD_ALL_TESTS(test_early_data_read_write
, 2);
2340 ADD_ALL_TESTS(test_early_data_skip
, 2);
2341 ADD_ALL_TESTS(test_early_data_not_sent
, 2);
2342 ADD_ALL_TESTS(test_early_data_not_expected
, 2);
2343 # ifndef OPENSSL_NO_TLS1_2
2344 ADD_ALL_TESTS(test_early_data_tls1_2
, 2);
2347 #ifndef OPENSSL_NO_TLS1_3
2348 ADD_TEST(test_ciphersuite_change
);
2349 ADD_ALL_TESTS(test_custom_exts
, 5);
2351 ADD_ALL_TESTS(test_custom_exts
, 3);
2353 ADD_ALL_TESTS(test_serverinfo
, 8);
2355 testresult
= run_tests(argv
[0]);
2357 bio_s_mempacket_test_free();