static int use_session_cb_cnt = 0;
static int find_session_cb_cnt = 0;
-static SSL_SESSION *create_a_psk(SSL *ssl);
+static SSL_SESSION *create_a_psk(SSL *ssl, size_t mdsize);
#endif
static char *certsdir = NULL;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
goto end;
- clientpsk = serverpsk = create_a_psk(clientssl);
+ clientpsk = serverpsk = create_a_psk(clientssl, SHA384_DIGEST_LENGTH);
if (!TEST_ptr(clientpsk))
goto end;
SSL_SESSION_up_ref(clientpsk);
#define TLS13_AES_128_CCM_8_SHA256_BYTES ((const unsigned char *)"\x13\05")
-static SSL_SESSION *create_a_psk(SSL *ssl)
+static SSL_SESSION *create_a_psk(SSL *ssl, size_t mdsize)
{
const SSL_CIPHER *cipher = NULL;
const unsigned char key[] = {
0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
- 0x2c, 0x2d, 0x2e, 0x2f
+ 0x2c, 0x2d, 0x2e, 0x2f /* SHA384_DIGEST_LENGTH bytes */
};
SSL_SESSION *sess = NULL;
- cipher = SSL_CIPHER_find(ssl, TLS13_AES_256_GCM_SHA384_BYTES);
+ if (mdsize == SHA384_DIGEST_LENGTH) {
+ cipher = SSL_CIPHER_find(ssl, TLS13_AES_256_GCM_SHA384_BYTES);
+ } else if (mdsize == SHA256_DIGEST_LENGTH) {
+ /*
+ * Any ciphersuite using SHA256 will do - it will be compatible with
+ * the actual ciphersuite selected as long as it too is based on SHA256
+ */
+ cipher = SSL_CIPHER_find(ssl, TLS13_AES_128_GCM_SHA256_BYTES);
+ } else {
+ /* Should not happen */
+ return NULL;
+ }
sess = SSL_SESSION_new();
if (!TEST_ptr(sess)
|| !TEST_ptr(cipher)
- || !TEST_true(SSL_SESSION_set1_master_key(sess, key,
- sizeof(key)))
+ || !TEST_true(SSL_SESSION_set1_master_key(sess, key, mdsize))
|| !TEST_true(SSL_SESSION_set_cipher(sess, cipher))
|| !TEST_true(
SSL_SESSION_set_protocol_version(sess,
* error.
*/
static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl,
- SSL **serverssl, SSL_SESSION **sess, int idx)
+ SSL **serverssl, SSL_SESSION **sess, int idx,
+ size_t mdsize)
{
int artificial = (artificial_ticket_time > 0);
return 0;
if (idx == 2) {
- clientpsk = create_a_psk(*clientssl);
+ clientpsk = create_a_psk(*clientssl, mdsize);
if (!TEST_ptr(clientpsk)
/*
* We just choose an arbitrary value for max_early_data which
if (idx != 2)
artificial_ticket_time = 2;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, idx))) {
+ &serverssl, &sess, idx,
+ SHA384_DIGEST_LENGTH))) {
artificial_ticket_time = 0;
goto end;
}
}
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, idx)))
+ &serverssl, &sess, idx,
+ SHA384_DIGEST_LENGTH)))
goto end;
/*
return ret;
}
+static const char *ciphersuites[] = {
+ "TLS_AES_128_CCM_8_SHA256",
+ "TLS_AES_128_GCM_SHA256",
+ "TLS_AES_256_GCM_SHA384",
+ "TLS_AES_128_CCM_SHA256",
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+ "TLS_CHACHA20_POLY1305_SHA256"
+#endif
+};
+
/*
* Helper function to test that a server attempting to read early data can
* handle a connection from a client where the early data should be skipped.
* testtype: 2 == HRR, invalid early_data sent after HRR
* testtype: 3 == recv_max_early_data set to 0
*/
-static int early_data_skip_helper(int testtype, int idx)
+static int early_data_skip_helper(int testtype, int cipher, int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
unsigned char buf[20];
size_t readbytes, written;
+ if (is_fips && cipher == 4)
+ return 1;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION, 0,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (cipher == 0) {
+ SSL_CTX_set_security_level(sctx, 0);
+ SSL_CTX_set_security_level(cctx, 0);
+ }
+
+ if (!TEST_true(SSL_CTX_set_ciphersuites(sctx, ciphersuites[cipher]))
+ || !TEST_true(SSL_CTX_set_ciphersuites(cctx, ciphersuites[cipher])))
+ goto end;
+
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, idx)))
+ &serverssl, &sess, idx,
+ cipher == 2 ? SHA384_DIGEST_LENGTH
+ : SHA256_DIGEST_LENGTH)))
goto end;
if (testtype == 1 || testtype == 2) {
goto end;
}
+ ERR_clear_error();
/*
* Should be able to send normal data despite rejection of early data. The
* early_data should be skipped.
|| !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
goto end;
+ /*
+ * Failure to decrypt early data records should not leave spurious errors
+ * on the error stack
+ */
+ if (!TEST_long_eq(ERR_peek_error(), 0))
+ goto end;
+
testresult = 1;
end:
*/
static int test_early_data_skip(int idx)
{
- return early_data_skip_helper(0, idx);
+ return early_data_skip_helper(0,
+ idx % OSSL_NELEM(ciphersuites),
+ idx / OSSL_NELEM(ciphersuites));
}
/*
*/
static int test_early_data_skip_hrr(int idx)
{
- return early_data_skip_helper(1, idx);
+ return early_data_skip_helper(1,
+ idx % OSSL_NELEM(ciphersuites),
+ idx / OSSL_NELEM(ciphersuites));
}
/*
*/
static int test_early_data_skip_hrr_fail(int idx)
{
- return early_data_skip_helper(2, idx);
+ return early_data_skip_helper(2,
+ idx % OSSL_NELEM(ciphersuites),
+ idx / OSSL_NELEM(ciphersuites));
}
/*
*/
static int test_early_data_skip_abort(int idx)
{
- return early_data_skip_helper(3, idx);
+ return early_data_skip_helper(3,
+ idx % OSSL_NELEM(ciphersuites),
+ idx / OSSL_NELEM(ciphersuites));
}
/*
size_t readbytes, written;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, idx)))
+ &serverssl, &sess, idx,
+ SHA384_DIGEST_LENGTH)))
goto end;
/* Write some data - should block due to handshake with server */
/* We always set this up with a final parameter of "2" for PSK */
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, 2)))
+ &serverssl, &sess, 2,
+ SHA384_DIGEST_LENGTH)))
goto end;
servalpn = "goodalpn";
/* We always set this up with a final parameter of "2" for PSK */
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, 2)))
+ &serverssl, &sess, 2,
+ SHA384_DIGEST_LENGTH)))
goto end;
if (idx == 4) {
size_t readbytes, written;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, idx)))
+ &serverssl, &sess, idx,
+ SHA384_DIGEST_LENGTH)))
goto end;
/* Write some early data */
size_t readbytes, written;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, NULL, idx)))
+ &serverssl, NULL, idx,
+ SHA384_DIGEST_LENGTH)))
goto end;
/* Write some data - should block due to handshake with server */
size_t readbytes, written;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, &serverssl,
- &sess, idx)))
+ &sess, idx, SHA384_DIGEST_LENGTH)))
goto end;
/* Here writing 0 length early data is enough. */
/* early_data tests */
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, 0)))
+ &serverssl, &sess, 0,
+ SHA384_DIGEST_LENGTH)))
goto end;
/* We don't actually need this reference */
ADD_TEST(test_ccs_change_cipher);
#endif
#ifndef OSSL_NO_USABLE_TLS1_3
- ADD_ALL_TESTS(test_early_data_read_write, 3);
+ ADD_ALL_TESTS(test_early_data_read_write, 6);
/*
* We don't do replay tests for external PSK. Replay protection isn't used
* in that scenario.
*/
ADD_ALL_TESTS(test_early_data_replay, 2);
- ADD_ALL_TESTS(test_early_data_skip, 3);
- ADD_ALL_TESTS(test_early_data_skip_hrr, 3);
- ADD_ALL_TESTS(test_early_data_skip_hrr_fail, 3);
- ADD_ALL_TESTS(test_early_data_skip_abort, 3);
+ ADD_ALL_TESTS(test_early_data_skip, OSSL_NELEM(ciphersuites) * 3);
+ ADD_ALL_TESTS(test_early_data_skip_hrr, OSSL_NELEM(ciphersuites) * 3);
+ ADD_ALL_TESTS(test_early_data_skip_hrr_fail, OSSL_NELEM(ciphersuites) * 3);
+ ADD_ALL_TESTS(test_early_data_skip_abort, OSSL_NELEM(ciphersuites) * 3);
ADD_ALL_TESTS(test_early_data_not_sent, 3);
ADD_ALL_TESTS(test_early_data_psk, 8);
ADD_ALL_TESTS(test_early_data_psk_with_all_ciphers, 5);