]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/helpers/handshake.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Rename all getters to use get/get0 in name
[thirdparty/openssl.git] / test / helpers / handshake.c
CommitLineData
453dfd8d 1/*
4333b89f 2 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
453dfd8d 3 *
909f1a2e 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
453dfd8d 7 * https://www.openssl.org/source/license.html
453dfd8d
EK		 8 */
9
10#include <string.h>
11
12#include <openssl/bio.h>
a263f320 13#include <openssl/x509_vfy.h>
453dfd8d 14#include <openssl/ssl.h>
5b5eea4b 15#include <openssl/core_names.h>
453dfd8d 16
20f8bc72 17#include "../../ssl/ssl_local.h"
f7d1d2a4 18#include "internal/sockets.h"
0e97f1e1 19#include "internal/nelem.h"
20f8bc72
DDO		 20#include "handshake.h"
21#include "../testutil.h"
453dfd8d 22
09d62b33
MT		 23#if !defined(OPENSSL_NO_SCTP) && !defined(OPENSSL_NO_SOCK)
24#include <netinet/sctp.h>
25#endif
26
3cb7c5cf 27HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void)
ce2cdac2 28{
ff281ee8
P		 29 HANDSHAKE_RESULT *ret;
30
31 TEST_ptr(ret = OPENSSL_zalloc(sizeof(*ret)));
ce2cdac2
EK		 32 return ret;
33}
34
35void HANDSHAKE_RESULT_free(HANDSHAKE_RESULT *result)
36{
2f35e6a3
EK		 37 if (result == NULL)
38 return;
ce2cdac2
EK		 39 OPENSSL_free(result->client_npn_negotiated);
40 OPENSSL_free(result->server_npn_negotiated);
41 OPENSSL_free(result->client_alpn_negotiated);
42 OPENSSL_free(result->server_alpn_negotiated);
df0fed9a 43 OPENSSL_free(result->result_session_ticket_app_data);
f15b50c4 44 sk_X509_NAME_pop_free(result->server_ca_names, X509_NAME_free);
2e21539b 45 sk_X509_NAME_pop_free(result->client_ca_names, X509_NAME_free);
e1c7871d 46 OPENSSL_free(result->cipher);
ce2cdac2
EK		 47 OPENSSL_free(result);
48}
49
453dfd8d
EK		 50/*
51 * Since there appears to be no way to extract the sent/received alert
52 * from the SSL object directly, we use the info callback and stash
53 * the result in ex_data.
54 */
e0421bd8 55typedef struct handshake_ex_data_st {
453dfd8d 56 int alert_sent;
dd8e5a57 57 int num_fatal_alerts_sent;
453dfd8d 58 int alert_received;
5c753de6 59 int session_ticket_do_not_call;
d2b23cd2 60 ssl_servername_t servername;
453dfd8d
EK		 61} HANDSHAKE_EX_DATA;
62
ce2cdac2
EK		 63/* |ctx_data| itself is stack-allocated. */
64static void ctx_data_free_data(CTX_DATA *ctx_data)
65{
66 OPENSSL_free(ctx_data->npn_protocols);
67 ctx_data->npn_protocols = NULL;
68 OPENSSL_free(ctx_data->alpn_protocols);
69 ctx_data->alpn_protocols = NULL;
ea1ecd98
EK		 70 OPENSSL_free(ctx_data->srp_user);
71 ctx_data->srp_user = NULL;
72 OPENSSL_free(ctx_data->srp_password);
73 ctx_data->srp_password = NULL;
df0fed9a
TS		 74 OPENSSL_free(ctx_data->session_ticket_app_data);
75 ctx_data->session_ticket_app_data = NULL;
ce2cdac2
EK		 76}
77
453dfd8d
EK		 78static int ex_data_idx;
79
a8c82fa0 80static void info_cb(const SSL *s, int where, int ret)
453dfd8d
EK		 81{
82 if (where & SSL_CB_ALERT) {
83 HANDSHAKE_EX_DATA *ex_data =
84 (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx));
85 if (where & SSL_CB_WRITE) {
86 ex_data->alert_sent = ret;
dd8e5a57
EK		 87 if (strcmp(SSL_alert_type_string(ret), "F") == 0
88 || strcmp(SSL_alert_desc_string(ret), "CN") == 0)
89 ex_data->num_fatal_alerts_sent++;
453dfd8d
EK		 90 } else {
91 ex_data->alert_received = ret;
92 }
93 }
94}
95
ce2cdac2 96/* Select the appropriate server CTX.
d2b23cd2
EK		 97 * Returns SSL_TLSEXT_ERR_OK if a match was found.
98 * If |ignore| is 1, returns SSL_TLSEXT_ERR_NOACK on mismatch.
99 * Otherwise, returns SSL_TLSEXT_ERR_ALERT_FATAL on mismatch.
100 * An empty SNI extension also returns SSL_TSLEXT_ERR_NOACK.
101 */
102static int select_server_ctx(SSL *s, void *arg, int ignore)
81fc33c9
EK		 103{
104 const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
d2b23cd2
EK		 105 HANDSHAKE_EX_DATA *ex_data =
106 (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx));
107
108 if (servername == NULL) {
109 ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
110 return SSL_TLSEXT_ERR_NOACK;
111 }
112
113 if (strcmp(servername, "server2") == 0) {
81fc33c9
EK		 114 SSL_CTX *new_ctx = (SSL_CTX*)arg;
115 SSL_set_SSL_CTX(s, new_ctx);
116 /*
117 * Copy over all the SSL_CTX options - reasonable behavior
118 * allows testing of cases where the options between two
119 * contexts differ/conflict
120 */
121 SSL_clear_options(s, 0xFFFFFFFFL);
122 SSL_set_options(s, SSL_CTX_get_options(new_ctx));
d2b23cd2
EK		 123
124 ex_data->servername = SSL_TEST_SERVERNAME_SERVER2;
125 return SSL_TLSEXT_ERR_OK;
126 } else if (strcmp(servername, "server1") == 0) {
127 ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
128 return SSL_TLSEXT_ERR_OK;
129 } else if (ignore) {
130 ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
131 return SSL_TLSEXT_ERR_NOACK;
132 } else {
133 /* Don't set an explicit alert, to test library defaults. */
134 return SSL_TLSEXT_ERR_ALERT_FATAL;
81fc33c9 135 }
d2b23cd2
EK		 136}
137
a9c0d8be 138static int client_hello_select_server_ctx(SSL *s, void *arg, int ignore)
80de0c59
BK		 139{
140 const char *servername;
141 const unsigned char *p;
142 size_t len, remaining;
143 HANDSHAKE_EX_DATA *ex_data =
144 (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx));
145
146 /*
147 * The server_name extension was given too much extensibility when it
148 * was written, so parsing the normal case is a bit complex.
149 */
a9c0d8be
DB		 150 if (!SSL_client_hello_get0_ext(s, TLSEXT_TYPE_server_name, &p,
151 &remaining) ||
80de0c59
BK		 152 remaining <= 2)
153 return 0;
154 /* Extract the length of the supplied list of names. */
c4604e9b 155 len = (*(p++) << 8);
80de0c59
BK		 156 len += *(p++);
157 if (len + 2 != remaining)
158 return 0;
159 remaining = len;
160 /*
161 * The list in practice only has a single element, so we only consider
162 * the first one.
163 */
164 if (remaining == 0 || *p++ != TLSEXT_NAMETYPE_host_name)
165 return 0;
166 remaining--;
167 /* Now we can finally pull out the byte array with the actual hostname. */
168 if (remaining <= 2)
169 return 0;
c4604e9b 170 len = (*(p++) << 8);
80de0c59
BK		 171 len += *(p++);
172 if (len + 2 > remaining)
173 return 0;
174 remaining = len;
175 servername = (const char *)p;
176
177 if (len == strlen("server2") && strncmp(servername, "server2", len) == 0) {
178 SSL_CTX *new_ctx = arg;
179 SSL_set_SSL_CTX(s, new_ctx);
180 /*
181 * Copy over all the SSL_CTX options - reasonable behavior
182 * allows testing of cases where the options between two
183 * contexts differ/conflict
184 */
185 SSL_clear_options(s, 0xFFFFFFFFL);
186 SSL_set_options(s, SSL_CTX_get_options(new_ctx));
187
188 ex_data->servername = SSL_TEST_SERVERNAME_SERVER2;
189 return 1;
190 } else if (len == strlen("server1") &&
191 strncmp(servername, "server1", len) == 0) {
192 ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
193 return 1;
194 } else if (ignore) {
195 ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
196 return 1;
197 }
198 return 0;
199}
d2b23cd2
EK		 200/*
201 * (RFC 6066):
202 * If the server understood the ClientHello extension but
203 * does not recognize the server name, the server SHOULD take one of two
204 * actions: either abort the handshake by sending a fatal-level
205 * unrecognized_name(112) alert or continue the handshake.
206 *
207 * This behaviour is up to the application to configure; we test both
208 * configurations to ensure the state machine propagates the result
209 * correctly.
210 */
211static int servername_ignore_cb(SSL *s, int *ad, void *arg)
212{
213 return select_server_ctx(s, arg, 1);
214}
215
216static int servername_reject_cb(SSL *s, int *ad, void *arg)
217{
218 return select_server_ctx(s, arg, 0);
81fc33c9
EK		 219}
220
a9c0d8be 221static int client_hello_ignore_cb(SSL *s, int *al, void *arg)
80de0c59 222{
a9c0d8be 223 if (!client_hello_select_server_ctx(s, arg, 1)) {
80de0c59 224 *al = SSL_AD_UNRECOGNIZED_NAME;
f1b97da1 225 return SSL_CLIENT_HELLO_ERROR;
80de0c59 226 }
f1b97da1 227 return SSL_CLIENT_HELLO_SUCCESS;
80de0c59
BK		 228}
229
a9c0d8be 230static int client_hello_reject_cb(SSL *s, int *al, void *arg)
80de0c59 231{
a9c0d8be 232 if (!client_hello_select_server_ctx(s, arg, 0)) {
80de0c59 233 *al = SSL_AD_UNRECOGNIZED_NAME;
f1b97da1 234 return SSL_CLIENT_HELLO_ERROR;
80de0c59 235 }
f1b97da1 236 return SSL_CLIENT_HELLO_SUCCESS;
80de0c59
BK		 237}
238
a9c0d8be 239static int client_hello_nov12_cb(SSL *s, int *al, void *arg)
80de0c59
BK		 240{
241 int ret;
242 unsigned int v;
243 const unsigned char *p;
244
a9c0d8be 245 v = SSL_client_hello_get0_legacy_version(s);
80de0c59
BK		 246 if (v > TLS1_2_VERSION || v < SSL3_VERSION) {
247 *al = SSL_AD_PROTOCOL_VERSION;
f1b97da1 248 return SSL_CLIENT_HELLO_ERROR;
80de0c59 249 }
a9c0d8be 250 (void)SSL_client_hello_get0_session_id(s, &p);
80de0c59 251 if (p == NULL ||
a9c0d8be
DB		 252 SSL_client_hello_get0_random(s, &p) == 0 ||
253 SSL_client_hello_get0_ciphers(s, &p) == 0 ||
254 SSL_client_hello_get0_compression_methods(s, &p) == 0) {
80de0c59 255 *al = SSL_AD_INTERNAL_ERROR;
f1b97da1 256 return SSL_CLIENT_HELLO_ERROR;
80de0c59 257 }
a9c0d8be 258 ret = client_hello_select_server_ctx(s, arg, 0);
80de0c59 259 SSL_set_max_proto_version(s, TLS1_1_VERSION);
f1b97da1 260 if (!ret) {
80de0c59 261 *al = SSL_AD_UNRECOGNIZED_NAME;
f1b97da1
DB		 262 return SSL_CLIENT_HELLO_ERROR;
263 }
264 return SSL_CLIENT_HELLO_SUCCESS;
80de0c59
BK		 265}
266
767ccc3b
MC		 267static unsigned char dummy_ocsp_resp_good_val = 0xff;
268static unsigned char dummy_ocsp_resp_bad_val = 0xfe;
269
270static int server_ocsp_cb(SSL *s, void *arg)
271{
272 unsigned char *resp;
273
274 resp = OPENSSL_malloc(1);
275 if (resp == NULL)
276 return SSL_TLSEXT_ERR_ALERT_FATAL;
277 /*
278 * For the purposes of testing we just send back a dummy OCSP response
279 */
280 *resp = *(unsigned char *)arg;
281 if (!SSL_set_tlsext_status_ocsp_resp(s, resp, 1))
282 return SSL_TLSEXT_ERR_ALERT_FATAL;
283
284 return SSL_TLSEXT_ERR_OK;
285}
286
287static int client_ocsp_cb(SSL *s, void *arg)
288{
289 const unsigned char *resp;
290 int len;
291
292 len = SSL_get_tlsext_status_ocsp_resp(s, &resp);
293 if (len != 1 || *resp != dummy_ocsp_resp_good_val)
294 return 0;
295
296 return 1;
297}
298
a8c82fa0 299static int verify_reject_cb(X509_STORE_CTX *ctx, void *arg) {
a263f320
EK		 300 X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION);
301 return 0;
302}
303
0c3eb279
DDO		 304static int n_retries = 0;
305static int verify_retry_cb(X509_STORE_CTX *ctx, void *arg) {
306 if (--n_retries < 0)
307 return 1;
308 X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION);
309 return -1;
310}
311
a8c82fa0 312static int verify_accept_cb(X509_STORE_CTX *ctx, void *arg) {
a263f320
EK		 313 return 1;
314}
315
a76ce286
P		 316static int broken_session_ticket_cb(SSL *s, unsigned char *key_name,
317 unsigned char *iv, EVP_CIPHER_CTX *ctx,
318 EVP_MAC_CTX *hctx, int enc)
5c753de6
TS		 319{
320 return 0;
321}
322
ce2cdac2 323static int do_not_call_session_ticket_cb(SSL *s, unsigned char *key_name,
a8c82fa0
RL		 324 unsigned char *iv,
325 EVP_CIPHER_CTX *ctx,
a76ce286 326 EVP_MAC_CTX *hctx, int enc)
5c753de6
TS		 327{
328 HANDSHAKE_EX_DATA *ex_data =
329 (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx));
330 ex_data->session_ticket_do_not_call = 1;
331 return 0;
332}
333
ce2cdac2 334/* Parse the comma-separated list into TLS format. */
ff281ee8 335static int parse_protos(const char *protos, unsigned char **out, size_t *outlen)
ce2cdac2
EK		 336{
337 size_t len, i, prefix;
338
339 len = strlen(protos);
340
341 /* Should never have reuse. */
ff281ee8
P		 342 if (!TEST_ptr_null(*out)
343 /* Test values are small, so we omit length limit checks. */
344 || !TEST_ptr(*out = OPENSSL_malloc(len + 1)))
345 return 0;
ce2cdac2
EK		 346 *outlen = len + 1;
347
348 /*
349 * foo => '3', 'f', 'o', 'o'
350 * foo,bar => '3', 'f', 'o', 'o', '3', 'b', 'a', 'r'
351 */
352 memcpy(*out + 1, protos, len);
353
354 prefix = 0;
355 i = prefix + 1;
356 while (i <= len) {
357 if ((*out)[i] == ',') {
ff281ee8
P		 358 if (!TEST_int_gt(i - 1, prefix))
359 goto err;
3a63c0ed 360 (*out)[prefix] = (unsigned char)(i - 1 - prefix);
ce2cdac2
EK		 361 prefix = i;
362 }
363 i++;
364 }
ff281ee8
P		 365 if (!TEST_int_gt(len, prefix))
366 goto err;
3a63c0ed 367 (*out)[prefix] = (unsigned char)(len - prefix);
ff281ee8
P		 368 return 1;
369
370err:
371 OPENSSL_free(*out);
372 *out = NULL;
373 return 0;
ce2cdac2
EK		 374}
375
7b7cea6d 376#ifndef OPENSSL_NO_NEXTPROTONEG
ce2cdac2
EK		 377/*
378 * The client SHOULD select the first protocol advertised by the server that it
379 * also supports. In the event that the client doesn't support any of server's
380 * protocols, or the server doesn't advertise any, it SHOULD select the first
381 * protocol that it supports.
382 */
383static int client_npn_cb(SSL *s, unsigned char **out, unsigned char *outlen,
384 const unsigned char *in, unsigned int inlen,
385 void *arg)
386{
387 CTX_DATA *ctx_data = (CTX_DATA*)(arg);
388 int ret;
389
390 ret = SSL_select_next_proto(out, outlen, in, inlen,
391 ctx_data->npn_protocols,
392 ctx_data->npn_protocols_len);
393 /* Accept both OPENSSL_NPN_NEGOTIATED and OPENSSL_NPN_NO_OVERLAP. */
ff281ee8
P		 394 return TEST_true(ret == OPENSSL_NPN_NEGOTIATED || ret == OPENSSL_NPN_NO_OVERLAP)
395 ? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_ALERT_FATAL;
ce2cdac2
EK		 396}
397
398static int server_npn_cb(SSL *s, const unsigned char **data,
399 unsigned int *len, void *arg)
400{
401 CTX_DATA *ctx_data = (CTX_DATA*)(arg);
402 *data = ctx_data->npn_protocols;
403 *len = ctx_data->npn_protocols_len;
404 return SSL_TLSEXT_ERR_OK;
405}
7b7cea6d 406#endif
ce2cdac2
EK		 407
408/*
409 * The server SHOULD select the most highly preferred protocol that it supports
410 * and that is also advertised by the client. In the event that the server
411 * supports no protocols that the client advertises, then the server SHALL
412 * respond with a fatal "no_application_protocol" alert.
413 */
414static int server_alpn_cb(SSL *s, const unsigned char **out,
415 unsigned char *outlen, const unsigned char *in,
416 unsigned int inlen, void *arg)
417{
418 CTX_DATA *ctx_data = (CTX_DATA*)(arg);
419 int ret;
420
421 /* SSL_select_next_proto isn't const-correct... */
422 unsigned char *tmp_out;
423
424 /*
425 * The result points either to |in| or to |ctx_data->alpn_protocols|.
426 * The callback is allowed to point to |in| or to a long-lived buffer,
427 * so we can return directly without storing a copy.
428 */
429 ret = SSL_select_next_proto(&tmp_out, outlen,
430 ctx_data->alpn_protocols,
431 ctx_data->alpn_protocols_len, in, inlen);
432
433 *out = tmp_out;
434 /* Unlike NPN, we don't tolerate a mismatch. */
435 return ret == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK
8313a787 436 : SSL_TLSEXT_ERR_ALERT_FATAL;
ce2cdac2 437}
ce2cdac2 438
df0fed9a
TS		 439static int generate_session_ticket_cb(SSL *s, void *arg)
440{
441 CTX_DATA *server_ctx_data = arg;
442 SSL_SESSION *ss = SSL_get_session(s);
443 char *app_data = server_ctx_data->session_ticket_app_data;
444
445 if (ss == NULL || app_data == NULL)
446 return 0;
447
448 return SSL_SESSION_set1_ticket_appdata(ss, app_data, strlen(app_data));
449}
450
61fb5923
MC		 451static int decrypt_session_ticket_cb(SSL *s, SSL_SESSION *ss,
452 const unsigned char *keyname,
453 size_t keyname_len,
454 SSL_TICKET_STATUS status,
455 void *arg)
df0fed9a 456{
61fb5923
MC		 457 switch (status) {
458 case SSL_TICKET_EMPTY:
459 case SSL_TICKET_NO_DECRYPT:
460 return SSL_TICKET_RETURN_IGNORE_RENEW;
461 case SSL_TICKET_SUCCESS:
462 return SSL_TICKET_RETURN_USE;
463 case SSL_TICKET_SUCCESS_RENEW:
464 return SSL_TICKET_RETURN_USE_RENEW;
465 default:
466 break;
467 }
468 return SSL_TICKET_RETURN_ABORT;
df0fed9a
TS		 469}
470
a263f320
EK		 471/*
472 * Configure callbacks and other properties that can't be set directly
473 * in the server/client CONF.
474 */
ff281ee8
P		 475static int configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
476 SSL_CTX *client_ctx,
477 const SSL_TEST_CTX *test,
478 const SSL_TEST_EXTRA_CONF *extra,
479 CTX_DATA *server_ctx_data,
480 CTX_DATA *server2_ctx_data,
481 CTX_DATA *client_ctx_data)
a263f320 482{
590ed3d7
EK		 483 unsigned char *ticket_keys;
484 size_t ticket_key_len;
485
ff281ee8
P		 486 if (!TEST_int_eq(SSL_CTX_set_max_send_fragment(server_ctx,
487 test->max_fragment_size), 1))
488 goto err;
6dc99745 489 if (server2_ctx != NULL) {
ff281ee8
P		 490 if (!TEST_int_eq(SSL_CTX_set_max_send_fragment(server2_ctx,
491 test->max_fragment_size),
492 1))
493 goto err;
6dc99745 494 }
ff281ee8
P		 495 if (!TEST_int_eq(SSL_CTX_set_max_send_fragment(client_ctx,
496 test->max_fragment_size), 1))
497 goto err;
6dc99745 498
9f48bbac 499 switch (extra->client.verify_callback) {
a263f320 500 case SSL_TEST_VERIFY_ACCEPT_ALL:
ff281ee8 501 SSL_CTX_set_cert_verify_callback(client_ctx, &verify_accept_cb, NULL);
a263f320 502 break;
0c3eb279
DDO		 503 case SSL_TEST_VERIFY_RETRY_ONCE:
504 n_retries = 1;
505 SSL_CTX_set_cert_verify_callback(client_ctx, &verify_retry_cb, NULL);
506 break;
a263f320 507 case SSL_TEST_VERIFY_REJECT_ALL:
ff281ee8 508 SSL_CTX_set_cert_verify_callback(client_ctx, &verify_reject_cb, NULL);
a263f320 509 break;
f3b3d7f0 510 case SSL_TEST_VERIFY_NONE:
a263f320
EK		 511 break;
512 }
81fc33c9 513
cf72c757
F		 514 switch (extra->client.max_fragment_len_mode) {
515 case TLSEXT_max_fragment_length_512:
516 case TLSEXT_max_fragment_length_1024:
517 case TLSEXT_max_fragment_length_2048:
518 case TLSEXT_max_fragment_length_4096:
519 case TLSEXT_max_fragment_length_DISABLED:
88e09fe7
BK		 520 SSL_CTX_set_tlsext_max_fragment_length(
521 client_ctx, extra->client.max_fragment_len_mode);
cf72c757
F		 522 break;
523 }
524
80de0c59
BK		 525 /*
526 * Link the two contexts for SNI purposes.
a9c0d8be
DB		 527 * Also do ClientHello callbacks here, as setting both ClientHello and SNI
528 * is bad.
80de0c59 529 */
9f48bbac 530 switch (extra->server.servername_callback) {
d2b23cd2
EK		 531 case SSL_TEST_SERVERNAME_IGNORE_MISMATCH:
532 SSL_CTX_set_tlsext_servername_callback(server_ctx, servername_ignore_cb);
533 SSL_CTX_set_tlsext_servername_arg(server_ctx, server2_ctx);
534 break;
535 case SSL_TEST_SERVERNAME_REJECT_MISMATCH:
536 SSL_CTX_set_tlsext_servername_callback(server_ctx, servername_reject_cb);
537 SSL_CTX_set_tlsext_servername_arg(server_ctx, server2_ctx);
538 break;
f3b3d7f0 539 case SSL_TEST_SERVERNAME_CB_NONE:
d2b23cd2 540 break;
a9c0d8be
DB		 541 case SSL_TEST_SERVERNAME_CLIENT_HELLO_IGNORE_MISMATCH:
542 SSL_CTX_set_client_hello_cb(server_ctx, client_hello_ignore_cb, server2_ctx);
80de0c59 543 break;
a9c0d8be
DB		 544 case SSL_TEST_SERVERNAME_CLIENT_HELLO_REJECT_MISMATCH:
545 SSL_CTX_set_client_hello_cb(server_ctx, client_hello_reject_cb, server2_ctx);
80de0c59 546 break;
a9c0d8be
DB		 547 case SSL_TEST_SERVERNAME_CLIENT_HELLO_NO_V12:
548 SSL_CTX_set_client_hello_cb(server_ctx, client_hello_nov12_cb, server2_ctx);
d2b23cd2
EK		 549 }
550
767ccc3b
MC		 551 if (extra->server.cert_status != SSL_TEST_CERT_STATUS_NONE) {
552 SSL_CTX_set_tlsext_status_type(client_ctx, TLSEXT_STATUSTYPE_ocsp);
553 SSL_CTX_set_tlsext_status_cb(client_ctx, client_ocsp_cb);
554 SSL_CTX_set_tlsext_status_arg(client_ctx, NULL);
555 SSL_CTX_set_tlsext_status_cb(server_ctx, server_ocsp_cb);
556 SSL_CTX_set_tlsext_status_arg(server_ctx,
557 ((extra->server.cert_status == SSL_TEST_CERT_STATUS_GOOD_RESPONSE)
558 ? &dummy_ocsp_resp_good_val : &dummy_ocsp_resp_bad_val));
559 }
560
81fc33c9
EK		 561 /*
562 * The initial_ctx/session_ctx always handles the encrypt/decrypt of the
563 * session ticket. This ticket_key callback is assigned to the second
564 * session (assigned via SNI), and should never be invoked
565 */
d2b23cd2 566 if (server2_ctx != NULL)
a76ce286
P		 567 SSL_CTX_set_tlsext_ticket_key_evp_cb(server2_ctx,
568 do_not_call_session_ticket_cb);
81fc33c9 569
9f48bbac 570 if (extra->server.broken_session_ticket) {
a76ce286
P		 571 SSL_CTX_set_tlsext_ticket_key_evp_cb(server_ctx,
572 broken_session_ticket_cb);
5c753de6 573 }
620c6ad3 574#ifndef OPENSSL_NO_NEXTPROTONEG
9f48bbac 575 if (extra->server.npn_protocols != NULL) {
ff281ee8
P		 576 if (!TEST_true(parse_protos(extra->server.npn_protocols,
577 &server_ctx_data->npn_protocols,
578 &server_ctx_data->npn_protocols_len)))
579 goto err;
aff8c126
RS		 580 SSL_CTX_set_npn_advertised_cb(server_ctx, server_npn_cb,
581 server_ctx_data);
ce2cdac2 582 }
9f48bbac 583 if (extra->server2.npn_protocols != NULL) {
ff281ee8
P		 584 if (!TEST_true(parse_protos(extra->server2.npn_protocols,
585 &server2_ctx_data->npn_protocols,
586 &server2_ctx_data->npn_protocols_len))
587 || !TEST_ptr(server2_ctx))
588 goto err;
aff8c126
RS		 589 SSL_CTX_set_npn_advertised_cb(server2_ctx, server_npn_cb,
590 server2_ctx_data);
ce2cdac2 591 }
9f48bbac 592 if (extra->client.npn_protocols != NULL) {
ff281ee8
P		 593 if (!TEST_true(parse_protos(extra->client.npn_protocols,
594 &client_ctx_data->npn_protocols,
595 &client_ctx_data->npn_protocols_len)))
596 goto err;
ce2cdac2
EK		 597 SSL_CTX_set_next_proto_select_cb(client_ctx, client_npn_cb,
598 client_ctx_data);
599 }
7b7cea6d 600#endif
9f48bbac 601 if (extra->server.alpn_protocols != NULL) {
ff281ee8
P		 602 if (!TEST_true(parse_protos(extra->server.alpn_protocols,
603 &server_ctx_data->alpn_protocols,
604 &server_ctx_data->alpn_protocols_len)))
605 goto err;
ce2cdac2
EK		 606 SSL_CTX_set_alpn_select_cb(server_ctx, server_alpn_cb, server_ctx_data);
607 }
9f48bbac 608 if (extra->server2.alpn_protocols != NULL) {
ff281ee8
P		 609 if (!TEST_ptr(server2_ctx)
610 || !TEST_true(parse_protos(extra->server2.alpn_protocols,
611 &server2_ctx_data->alpn_protocols,
612 &server2_ctx_data->alpn_protocols_len
613 )))
614 goto err;
615 SSL_CTX_set_alpn_select_cb(server2_ctx, server_alpn_cb,
616 server2_ctx_data);
ce2cdac2 617 }
9f48bbac 618 if (extra->client.alpn_protocols != NULL) {
ce2cdac2 619 unsigned char *alpn_protos = NULL;
a61b6b62
DDO		 620 size_t alpn_protos_len = 0;
621
ff281ee8
P		 622 if (!TEST_true(parse_protos(extra->client.alpn_protocols,
623 &alpn_protos, &alpn_protos_len))
624 /* Reversed return value convention... */
625 || !TEST_int_eq(SSL_CTX_set_alpn_protos(client_ctx, alpn_protos,
626 alpn_protos_len), 0))
627 goto err;
ce2cdac2
EK		 628 OPENSSL_free(alpn_protos);
629 }
7b7cea6d 630
df0fed9a
TS		 631 if (extra->server.session_ticket_app_data != NULL) {
632 server_ctx_data->session_ticket_app_data =
633 OPENSSL_strdup(extra->server.session_ticket_app_data);
634 SSL_CTX_set_session_ticket_cb(server_ctx, generate_session_ticket_cb,
635 decrypt_session_ticket_cb, server_ctx_data);
636 }
637 if (extra->server2.session_ticket_app_data != NULL) {
638 if (!TEST_ptr(server2_ctx))
639 goto err;
640 server2_ctx_data->session_ticket_app_data =
641 OPENSSL_strdup(extra->server2.session_ticket_app_data);
642 SSL_CTX_set_session_ticket_cb(server2_ctx, NULL,
643 decrypt_session_ticket_cb, server2_ctx_data);
644 }
645
590ed3d7
EK		 646 /*
647 * Use fixed session ticket keys so that we can decrypt a ticket created with
648 * one CTX in another CTX. Don't address server2 for the moment.
649 */
650 ticket_key_len = SSL_CTX_set_tlsext_ticket_keys(server_ctx, NULL, 0);
ff281ee8
P		 651 if (!TEST_ptr(ticket_keys = OPENSSL_zalloc(ticket_key_len))
652 || !TEST_int_eq(SSL_CTX_set_tlsext_ticket_keys(server_ctx,
653 ticket_keys,
654 ticket_key_len), 1)) {
655 OPENSSL_free(ticket_keys);
656 goto err;
657 }
590ed3d7 658 OPENSSL_free(ticket_keys);
da085d27 659
be82f7b3
EK		 660 /* The default log list includes EC keys, so CT can't work without EC. */
661#if !defined(OPENSSL_NO_CT) && !defined(OPENSSL_NO_EC)
ff281ee8
P		 662 if (!TEST_true(SSL_CTX_set_default_ctlog_list_file(client_ctx)))
663 goto err;
da085d27
EK		 664 switch (extra->client.ct_validation) {
665 case SSL_TEST_CT_VALIDATION_PERMISSIVE:
ff281ee8
P		 666 if (!TEST_true(SSL_CTX_enable_ct(client_ctx,
667 SSL_CT_VALIDATION_PERMISSIVE)))
668 goto err;
da085d27
EK		 669 break;
670 case SSL_TEST_CT_VALIDATION_STRICT:
ff281ee8
P		 671 if (!TEST_true(SSL_CTX_enable_ct(client_ctx, SSL_CT_VALIDATION_STRICT)))
672 goto err;
da085d27
EK		 673 break;
674 case SSL_TEST_CT_VALIDATION_NONE:
675 break;
676 }
677#endif
ea1ecd98 678#ifndef OPENSSL_NO_SRP
76cb077f
MC		 679 if (!configure_handshake_ctx_for_srp(server_ctx, server2_ctx, client_ctx,
680 extra, server_ctx_data,
681 server2_ctx_data, client_ctx_data))
682 goto err;
ea1ecd98 683#endif /* !OPENSSL_NO_SRP */
ff281ee8
P		 684 return 1;
685err:
686 return 0;
5c753de6
TS		 687}
688
ce2cdac2 689/* Configure per-SSL callbacks and other properties. */
5c753de6 690static void configure_handshake_ssl(SSL *server, SSL *client,
9f48bbac 691 const SSL_TEST_EXTRA_CONF *extra)
5c753de6 692{
9f48bbac 693 if (extra->client.servername != SSL_TEST_SERVERNAME_NONE)
81fc33c9 694 SSL_set_tlsext_host_name(client,
9f48bbac 695 ssl_servername_name(extra->client.servername));
32097b33
MC		 696 if (extra->client.enable_pha)
697 SSL_set_post_handshake_auth(client, 1);
a263f320
EK		 698}
699
e0421bd8 700/* The status for each connection phase. */
453dfd8d
EK		 701typedef enum {
702 PEER_SUCCESS,
703 PEER_RETRY,
83964ca0 704 PEER_ERROR,
ff281ee8
P		 705 PEER_WAITING,
706 PEER_TEST_FAILURE
453dfd8d
EK		 707} peer_status_t;
708
e0421bd8
EK		 709/* An SSL object and associated read-write buffers. */
710typedef struct peer_st {
711 SSL *ssl;
712 /* Buffer lengths are int to match the SSL read/write API. */
713 unsigned char *write_buf;
714 int write_buf_len;
715 unsigned char *read_buf;
716 int read_buf_len;
717 int bytes_to_write;
718 int bytes_to_read;
719 peer_status_t status;
720} PEER;
721
ff281ee8 722static int create_peer(PEER *peer, SSL_CTX *ctx)
e0421bd8
EK		 723{
724 static const int peer_buffer_size = 64 * 1024;
ff281ee8
P		 725 SSL *ssl = NULL;
726 unsigned char *read_buf = NULL, *write_buf = NULL;
727
728 if (!TEST_ptr(ssl = SSL_new(ctx))
729 || !TEST_ptr(write_buf = OPENSSL_zalloc(peer_buffer_size))
730 || !TEST_ptr(read_buf = OPENSSL_zalloc(peer_buffer_size)))
731 goto err;
e0421bd8 732
ff281ee8
P		 733 peer->ssl = ssl;
734 peer->write_buf = write_buf;
735 peer->read_buf = read_buf;
e0421bd8 736 peer->write_buf_len = peer->read_buf_len = peer_buffer_size;
ff281ee8
P		 737 return 1;
738err:
739 SSL_free(ssl);
740 OPENSSL_free(write_buf);
741 OPENSSL_free(read_buf);
742 return 0;
e0421bd8
EK		 743}
744
745static void peer_free_data(PEER *peer)
746{
747 SSL_free(peer->ssl);
748 OPENSSL_free(peer->write_buf);
749 OPENSSL_free(peer->read_buf);
750}
751
752/*
753 * Note that we could do the handshake transparently under an SSL_write,
754 * but separating the steps is more helpful for debugging test failures.
755 */
756static void do_handshake_step(PEER *peer)
757{
ff281ee8
P		 758 if (!TEST_int_eq(peer->status, PEER_RETRY)) {
759 peer->status = PEER_TEST_FAILURE;
e0421bd8 760 } else {
ff281ee8
P		 761 int ret = SSL_do_handshake(peer->ssl);
762
763 if (ret == 1) {
764 peer->status = PEER_SUCCESS;
765 } else if (ret == 0) {
e0421bd8 766 peer->status = PEER_ERROR;
ff281ee8
P		 767 } else {
768 int error = SSL_get_error(peer->ssl, ret);
0c3eb279 769
ff281ee8 770 /* Memory bios should never block with SSL_ERROR_WANT_WRITE. */
0c3eb279
DDO		 771 if (error != SSL_ERROR_WANT_READ
772 && error != SSL_ERROR_WANT_RETRY_VERIFY)
ff281ee8
P		 773 peer->status = PEER_ERROR;
774 }
e0421bd8
EK		 775 }
776}
777
778/*-
779 * Send/receive some application data. The read-write sequence is
780 * Peer A: (R) W - first read will yield no data
781 * Peer B: R W
782 * ...
783 * Peer A: R W
784 * Peer B: R W
785 * Peer A: R
786 */
787static void do_app_data_step(PEER *peer)
788{
789 int ret = 1, write_bytes;
790
ff281ee8
P		 791 if (!TEST_int_eq(peer->status, PEER_RETRY)) {
792 peer->status = PEER_TEST_FAILURE;
793 return;
794 }
e0421bd8
EK		 795
796 /* We read everything available... */
797 while (ret > 0 && peer->bytes_to_read) {
798 ret = SSL_read(peer->ssl, peer->read_buf, peer->read_buf_len);
799 if (ret > 0) {
ff281ee8
P		 800 if (!TEST_int_le(ret, peer->bytes_to_read)) {
801 peer->status = PEER_TEST_FAILURE;
802 return;
803 }
e0421bd8
EK		 804 peer->bytes_to_read -= ret;
805 } else if (ret == 0) {
806 peer->status = PEER_ERROR;
807 return;
808 } else {
809 int error = SSL_get_error(peer->ssl, ret);
810 if (error != SSL_ERROR_WANT_READ) {
811 peer->status = PEER_ERROR;
812 return;
813 } /* Else continue with write. */
814 }
815 }
816
817 /* ... but we only write one write-buffer-full of data. */
818 write_bytes = peer->bytes_to_write < peer->write_buf_len ? peer->bytes_to_write :
819 peer->write_buf_len;
820 if (write_bytes) {
821 ret = SSL_write(peer->ssl, peer->write_buf, write_bytes);
822 if (ret > 0) {
823 /* SSL_write will only succeed with a complete write. */
ff281ee8
P		 824 if (!TEST_int_eq(ret, write_bytes)) {
825 peer->status = PEER_TEST_FAILURE;
826 return;
827 }
e0421bd8
EK		 828 peer->bytes_to_write -= ret;
829 } else {
830 /*
831 * We should perhaps check for SSL_ERROR_WANT_READ/WRITE here
832 * but this doesn't yet occur with current app data sizes.
833 */
834 peer->status = PEER_ERROR;
835 return;
836 }
837 }
838
839 /*
840 * We could simply finish when there was nothing to read, and we have
841 * nothing left to write. But keeping track of the expected number of bytes
842 * to read gives us somewhat better guarantees that all data sent is in fact
843 * received.
844 */
12a765a5 845 if (peer->bytes_to_write == 0 && peer->bytes_to_read == 0) {
e0421bd8
EK		 846 peer->status = PEER_SUCCESS;
847 }
848}
849
fe7dd553 850static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer)
e42c4544
MC		 851{
852 int ret;
853 char buf;
854
84344efa
TS		 855 if (peer->status == PEER_SUCCESS) {
856 /*
857 * We are a client that succeeded this step previously, but the server
858 * wanted to retry. Probably there is a no_renegotiation warning alert
859 * waiting for us. Attempt to continue the handshake.
860 */
861 peer->status = PEER_RETRY;
862 do_handshake_step(peer);
863 return;
864 }
c2500f65 865
ff281ee8
P		 866 if (!TEST_int_eq(peer->status, PEER_RETRY)
867 || !TEST_true(test_ctx->handshake_mode
868 == SSL_TEST_HANDSHAKE_RENEG_SERVER
869 || test_ctx->handshake_mode
870 == SSL_TEST_HANDSHAKE_RENEG_CLIENT
871 || test_ctx->handshake_mode
872 == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER
873 || test_ctx->handshake_mode
9d75dce3
TS		 874 == SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT
875 || test_ctx->handshake_mode
876 == SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH)) {
ff281ee8
P		 877 peer->status = PEER_TEST_FAILURE;
878 return;
879 }
9b92f161
MC		 880
881 /* Reset the count of the amount of app data we need to read/write */
882 peer->bytes_to_write = peer->bytes_to_read = test_ctx->app_data_size;
fe7dd553
MC		 883
884 /* Check if we are the peer that is going to initiate */
885 if ((test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER
886 && SSL_is_server(peer->ssl))
887 || (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT
888 && !SSL_is_server(peer->ssl))) {
e42c4544 889 /*
fe7dd553
MC		 890 * If we already asked for a renegotiation then fall through to the
891 * SSL_read() below.
e42c4544 892 */
fe7dd553
MC		 893 if (!SSL_renegotiate_pending(peer->ssl)) {
894 /*
895 * If we are the client we will always attempt to resume the
44e69951 896 * session. The server may or may not resume dependent on the
fe7dd553
MC		 897 * setting of SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
898 */
cc22cd54 899 if (SSL_is_server(peer->ssl)) {
fe7dd553 900 ret = SSL_renegotiate(peer->ssl);
cc22cd54 901 } else {
cd4afec6
TM		 902 int full_reneg = 0;
903
904 if (test_ctx->extra.client.no_extms_on_reneg) {
905 SSL_set_options(peer->ssl, SSL_OP_NO_EXTENDED_MASTER_SECRET);
906 full_reneg = 1;
907 }
cc22cd54
MC		 908 if (test_ctx->extra.client.reneg_ciphers != NULL) {
909 if (!SSL_set_cipher_list(peer->ssl,
910 test_ctx->extra.client.reneg_ciphers)) {
911 peer->status = PEER_ERROR;
912 return;
913 }
cd4afec6
TM		 914 full_reneg = 1;
915 }
916 if (full_reneg)
cc22cd54 917 ret = SSL_renegotiate(peer->ssl);
cd4afec6 918 else
cc22cd54 919 ret = SSL_renegotiate_abbreviated(peer->ssl);
cc22cd54 920 }
fe7dd553
MC		 921 if (!ret) {
922 peer->status = PEER_ERROR;
923 return;
924 }
925 do_handshake_step(peer);
926 /*
927 * If status is PEER_RETRY it means we're waiting on the peer to
928 * continue the handshake. As far as setting up the renegotiation is
929 * concerned that is a success. The next step will continue the
930 * handshake to its conclusion.
931 *
932 * If status is PEER_SUCCESS then we are the server and we have
933 * successfully sent the HelloRequest. We need to continue to wait
934 * until the handshake arrives from the client.
935 */
936 if (peer->status == PEER_RETRY)
937 peer->status = PEER_SUCCESS;
938 else if (peer->status == PEER_SUCCESS)
939 peer->status = PEER_RETRY;
940 return;
941 }
9b92f161
MC		 942 } else if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER
943 || test_ctx->handshake_mode
944 == SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT) {
945 if (SSL_is_server(peer->ssl)
946 != (test_ctx->handshake_mode
947 == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER)) {
948 peer->status = PEER_SUCCESS;
949 return;
950 }
951
952 ret = SSL_key_update(peer->ssl, test_ctx->key_update_type);
953 if (!ret) {
954 peer->status = PEER_ERROR;
955 return;
956 }
957 do_handshake_step(peer);
958 /*
959 * This is a one step handshake. We shouldn't get anything other than
960 * PEER_SUCCESS
961 */
962 if (peer->status != PEER_SUCCESS)
963 peer->status = PEER_ERROR;
964 return;
9d75dce3
TS		 965 } else if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH) {
966 if (SSL_is_server(peer->ssl)) {
967 /* Make the server believe it's received the extension */
968 if (test_ctx->extra.server.force_pha)
969 peer->ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED;
970 ret = SSL_verify_client_post_handshake(peer->ssl);
971 if (!ret) {
972 peer->status = PEER_ERROR;
973 return;
974 }
975 }
976 do_handshake_step(peer);
977 /*
978 * This is a one step handshake. We shouldn't get anything other than
979 * PEER_SUCCESS
980 */
981 if (peer->status != PEER_SUCCESS)
982 peer->status = PEER_ERROR;
983 return;
e42c4544
MC		 984 }
985
986 /*
987 * The SSL object is still expecting app data, even though it's going to
988 * get a handshake message. We try to read, and it should fail - after which
989 * we should be in a handshake
990 */
991 ret = SSL_read(peer->ssl, &buf, sizeof(buf));
992 if (ret >= 0) {
fe7dd553
MC		 993 /*
994 * We're not actually expecting data - we're expecting a reneg to
995 * start
996 */
e42c4544
MC		 997 peer->status = PEER_ERROR;
998 return;
999 } else {
1000 int error = SSL_get_error(peer->ssl, ret);
fe7dd553 1001 if (error != SSL_ERROR_WANT_READ) {
e42c4544
MC		 1002 peer->status = PEER_ERROR;
1003 return;
1004 }
9b92f161 1005 /* If we're not in init yet then we're not done with setup yet */
fe7dd553
MC		 1006 if (!SSL_in_init(peer->ssl))
1007 return;
e42c4544
MC		 1008 }
1009
1010 peer->status = PEER_SUCCESS;
1011}
1012
1013
590ed3d7
EK		 1014/*
1015 * RFC 5246 says:
1016 *
1017 * Note that as of TLS 1.1,
1018 * failure to properly close a connection no longer requires that a
1019 * session not be resumed. This is a change from TLS 1.0 to conform
1020 * with widespread implementation practice.
1021 *
1022 * However,
1023 * (a) OpenSSL requires that a connection be shutdown for all protocol versions.
1024 * (b) We test lower versions, too.
1025 * So we just implement shutdown. We do a full bidirectional shutdown so that we
1026 * can compare sent and received close_notify alerts and get some test coverage
1027 * for SSL_shutdown as a bonus.
1028 */
e0421bd8 1029static void do_shutdown_step(PEER *peer)
453dfd8d
EK		 1030{
1031 int ret;
1032
ff281ee8
P		 1033 if (!TEST_int_eq(peer->status, PEER_RETRY)) {
1034 peer->status = PEER_TEST_FAILURE;
1035 return;
1036 }
e0421bd8 1037 ret = SSL_shutdown(peer->ssl);
453dfd8d
EK		 1038
1039 if (ret == 1) {
e0421bd8
EK		 1040 peer->status = PEER_SUCCESS;
1041 } else if (ret < 0) { /* On 0, we retry. */
1042 int error = SSL_get_error(peer->ssl, ret);
83964ca0
MC		 1043
1044 if (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE)
e0421bd8
EK		 1045 peer->status = PEER_ERROR;
1046 }
1047}
1048
1049typedef enum {
1050 HANDSHAKE,
e42c4544
MC		 1051 RENEG_APPLICATION_DATA,
1052 RENEG_SETUP,
1053 RENEG_HANDSHAKE,
e0421bd8
EK		 1054 APPLICATION_DATA,
1055 SHUTDOWN,
1056 CONNECTION_DONE
1057} connect_phase_t;
1058
9d75dce3
TS		 1059
1060static int renegotiate_op(const SSL_TEST_CTX *test_ctx)
1061{
1062 switch (test_ctx->handshake_mode) {
1063 case SSL_TEST_HANDSHAKE_RENEG_SERVER:
1064 case SSL_TEST_HANDSHAKE_RENEG_CLIENT:
1065 return 1;
1066 default:
1067 return 0;
1068 }
1069}
1070static int post_handshake_op(const SSL_TEST_CTX *test_ctx)
1071{
1072 switch (test_ctx->handshake_mode) {
1073 case SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT:
1074 case SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER:
1075 case SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH:
1076 return 1;
1077 default:
1078 return 0;
1079 }
1080}
1081
e42c4544
MC		 1082static connect_phase_t next_phase(const SSL_TEST_CTX *test_ctx,
1083 connect_phase_t phase)
e0421bd8
EK		 1084{
1085 switch (phase) {
1086 case HANDSHAKE:
9d75dce3 1087 if (renegotiate_op(test_ctx) || post_handshake_op(test_ctx))
e42c4544
MC		 1088 return RENEG_APPLICATION_DATA;
1089 return APPLICATION_DATA;
1090 case RENEG_APPLICATION_DATA:
1091 return RENEG_SETUP;
1092 case RENEG_SETUP:
9d75dce3 1093 if (post_handshake_op(test_ctx))
9b92f161 1094 return APPLICATION_DATA;
e42c4544
MC		 1095 return RENEG_HANDSHAKE;
1096 case RENEG_HANDSHAKE:
e0421bd8
EK		 1097 return APPLICATION_DATA;
1098 case APPLICATION_DATA:
1099 return SHUTDOWN;
1100 case SHUTDOWN:
1101 return CONNECTION_DONE;
f3b3d7f0 1102 case CONNECTION_DONE:
ff281ee8 1103 TEST_error("Trying to progress after connection done");
f3b3d7f0 1104 break;
e0421bd8 1105 }
f3b3d7f0 1106 return -1;
e0421bd8
EK		 1107}
1108
fe7dd553
MC		 1109static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer,
1110 connect_phase_t phase)
e0421bd8
EK		 1111{
1112 switch (phase) {
1113 case HANDSHAKE:
1114 do_handshake_step(peer);
1115 break;
e42c4544
MC		 1116 case RENEG_APPLICATION_DATA:
1117 do_app_data_step(peer);
1118 break;
1119 case RENEG_SETUP:
fe7dd553 1120 do_reneg_setup_step(test_ctx, peer);
e42c4544
MC		 1121 break;
1122 case RENEG_HANDSHAKE:
1123 do_handshake_step(peer);
1124 break;
e0421bd8
EK		 1125 case APPLICATION_DATA:
1126 do_app_data_step(peer);
1127 break;
1128 case SHUTDOWN:
1129 do_shutdown_step(peer);
1130 break;
f3b3d7f0 1131 case CONNECTION_DONE:
ff281ee8 1132 TEST_error("Action after connection done");
f3b3d7f0 1133 break;
453dfd8d
EK		 1134 }
1135}
1136
1137typedef enum {
1138 /* Both parties succeeded. */
1139 HANDSHAKE_SUCCESS,
1140 /* Client errored. */
1141 CLIENT_ERROR,
1142 /* Server errored. */
1143 SERVER_ERROR,
1144 /* Peers are in inconsistent state. */
1145 INTERNAL_ERROR,
1146 /* One or both peers not done. */
1147 HANDSHAKE_RETRY
1148} handshake_status_t;
1149
1150/*
1151 * Determine the handshake outcome.
1152 * last_status: the status of the peer to have acted last.
1153 * previous_status: the status of the peer that didn't act last.
1154 * client_spoke_last: 1 if the client went last.
1155 */
1156static handshake_status_t handshake_status(peer_status_t last_status,
1157 peer_status_t previous_status,
1158 int client_spoke_last)
1159{
1160 switch (last_status) {
ff281ee8
P		 1161 case PEER_TEST_FAILURE:
1162 return INTERNAL_ERROR;
1163
561f6f1e
MC		 1164 case PEER_WAITING:
1165 /* Shouldn't ever happen */
1166 return INTERNAL_ERROR;
1167
453dfd8d
EK		 1168 case PEER_SUCCESS:
1169 switch (previous_status) {
ff281ee8
P		 1170 case PEER_TEST_FAILURE:
1171 return INTERNAL_ERROR;
453dfd8d
EK		 1172 case PEER_SUCCESS:
1173 /* Both succeeded. */
1174 return HANDSHAKE_SUCCESS;
561f6f1e 1175 case PEER_WAITING:
453dfd8d
EK		 1176 case PEER_RETRY:
1177 /* Let the first peer finish. */
1178 return HANDSHAKE_RETRY;
1179 case PEER_ERROR:
1180 /*
1181 * Second peer succeeded despite the fact that the first peer
1182 * already errored. This shouldn't happen.
1183 */
1184 return INTERNAL_ERROR;
1185 }
4d921bfb 1186 break;
453dfd8d
EK		 1187
1188 case PEER_RETRY:
83964ca0
MC		 1189 return HANDSHAKE_RETRY;
1190
453dfd8d
EK		 1191 case PEER_ERROR:
1192 switch (previous_status) {
ff281ee8
P		 1193 case PEER_TEST_FAILURE:
1194 return INTERNAL_ERROR;
83964ca0
MC		 1195 case PEER_WAITING:
1196 /* The client failed immediately before sending the ClientHello */
1197 return client_spoke_last ? CLIENT_ERROR : INTERNAL_ERROR;
453dfd8d
EK		 1198 case PEER_SUCCESS:
1199 /*
1200 * First peer succeeded but second peer errored.
1201 * TODO(emilia): we should be able to continue here (with some
1202 * application data?) to ensure the first peer receives the
1203 * alert / close_notify.
e0421bd8 1204 * (No tests currently exercise this branch.)
453dfd8d
EK		 1205 */
1206 return client_spoke_last ? CLIENT_ERROR : SERVER_ERROR;
1207 case PEER_RETRY:
1208 /* We errored; let the peer finish. */
1209 return HANDSHAKE_RETRY;
1210 case PEER_ERROR:
1211 /* Both peers errored. Return the one that errored first. */
1212 return client_spoke_last ? SERVER_ERROR : CLIENT_ERROR;
1213 }
1214 }
1215 /* Control should never reach here. */
1216 return INTERNAL_ERROR;
1217}
1218
ce2cdac2
EK		 1219/* Convert unsigned char buf's that shouldn't contain any NUL-bytes to char. */
1220static char *dup_str(const unsigned char *in, size_t len)
1221{
ff281ee8 1222 char *ret = NULL;
ce2cdac2 1223
28b86f31 1224 if (len == 0)
ce2cdac2
EK		 1225 return NULL;
1226
1227 /* Assert that the string does not contain NUL-bytes. */
ff281ee8
P		 1228 if (TEST_size_t_eq(OPENSSL_strnlen((const char*)(in), len), len))
1229 TEST_ptr(ret = OPENSSL_strndup((const char*)(in), len));
ce2cdac2
EK		 1230 return ret;
1231}
1232
7f5f35af
DSH		 1233static int pkey_type(EVP_PKEY *pkey)
1234{
5b5eea4b
SL		 1235 if (EVP_PKEY_is_a(pkey, "EC")) {
1236 char name[80];
1237 size_t name_len;
1238
0c8e98e6 1239 if (!EVP_PKEY_get_group_name(pkey, name, sizeof(name), &name_len))
5b5eea4b
SL		 1240 return NID_undef;
1241 return OBJ_txt2nid(name);
7f5f35af 1242 }
ed576acd 1243 return EVP_PKEY_get_id(pkey);
7f5f35af
DSH		 1244}
1245
1246static int peer_pkey_type(SSL *s)
1247{
8c2bfd25 1248 X509 *x = SSL_get0_peer_certificate(s);
7f5f35af 1249
8c2bfd25
TS		 1250 if (x != NULL)
1251 return pkey_type(X509_get0_pubkey(x));
7f5f35af
DSH		 1252 return NID_undef;
1253}
1254
83964ca0
MC		 1255#if !defined(OPENSSL_NO_SCTP) && !defined(OPENSSL_NO_SOCK)
1256static int set_sock_as_sctp(int sock)
1257{
09d62b33
MT		 1258 struct sctp_assocparams assocparams;
1259 struct sctp_rtoinfo rto_info;
1260 BIO *tmpbio;
1261
1262 /*
1263 * To allow tests to fail fast (within a second or so), reduce the
1264 * retransmission timeouts and the number of retransmissions.
1265 */
1266 memset(&rto_info, 0, sizeof(struct sctp_rtoinfo));
1267 rto_info.srto_initial = 100;
1268 rto_info.srto_max = 200;
1269 rto_info.srto_min = 50;
1270 (void)setsockopt(sock, IPPROTO_SCTP, SCTP_RTOINFO,
1271 (const void *)&rto_info, sizeof(struct sctp_rtoinfo));
1272 memset(&assocparams, 0, sizeof(struct sctp_assocparams));
1273 assocparams.sasoc_asocmaxrxt = 2;
1274 (void)setsockopt(sock, IPPROTO_SCTP, SCTP_ASSOCINFO,
1275 (const void *)&assocparams,
1276 sizeof(struct sctp_assocparams));
1277
83964ca0
MC		 1278 /*
1279 * For SCTP we have to set various options on the socket prior to
1280 * connecting. This is done automatically by BIO_new_dgram_sctp().
1281 * We don't actually need the created BIO though so we free it again
1282 * immediately.
1283 */
09d62b33 1284 tmpbio = BIO_new_dgram_sctp(sock, BIO_NOCLOSE);
83964ca0
MC		 1285
1286 if (tmpbio == NULL)
1287 return 0;
1288 BIO_free(tmpbio);
1289
1290 return 1;
1291}
1292
1293static int create_sctp_socks(int *ssock, int *csock)
1294{
1295 BIO_ADDRINFO *res = NULL;
1296 const BIO_ADDRINFO *ai = NULL;
1297 int lsock = INVALID_SOCKET, asock = INVALID_SOCKET;
1298 int consock = INVALID_SOCKET;
1299 int ret = 0;
1300 int family = 0;
1301
9e1d5e8d 1302 if (BIO_sock_init() != 1)
83964ca0
MC		 1303 return 0;
1304
1305 /*
1306 * Port is 4463. It could be anything. It will fail if it's already being
1307 * used for some other SCTP service. It seems unlikely though so we don't
1308 * worry about it here.
1309 */
1310 if (!BIO_lookup_ex(NULL, "4463", BIO_LOOKUP_SERVER, family, SOCK_STREAM,
1311 IPPROTO_SCTP, &res))
1312 return 0;
1313
1314 for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) {
1315 family = BIO_ADDRINFO_family(ai);
1316 lsock = BIO_socket(family, SOCK_STREAM, IPPROTO_SCTP, 0);
1317 if (lsock == INVALID_SOCKET) {
1318 /* Maybe the kernel doesn't support the socket family, even if
1319 * BIO_lookup() added it in the returned result...
1320 */
1321 continue;
1322 }
1323
1324 if (!set_sock_as_sctp(lsock)
1325 || !BIO_listen(lsock, BIO_ADDRINFO_address(ai),
1326 BIO_SOCK_REUSEADDR)) {
1327 BIO_closesocket(lsock);
1328 lsock = INVALID_SOCKET;
1329 continue;
1330 }
1331
1332 /* Success, don't try any more addresses */
1333 break;
1334 }
1335
1336 if (lsock == INVALID_SOCKET)
1337 goto err;
1338
1339 BIO_ADDRINFO_free(res);
1340 res = NULL;
1341
1342 if (!BIO_lookup_ex(NULL, "4463", BIO_LOOKUP_CLIENT, family, SOCK_STREAM,
1343 IPPROTO_SCTP, &res))
1344 goto err;
1345
1346 consock = BIO_socket(family, SOCK_STREAM, IPPROTO_SCTP, 0);
1347 if (consock == INVALID_SOCKET)
1348 goto err;
1349
1350 if (!set_sock_as_sctp(consock)
1351 || !BIO_connect(consock, BIO_ADDRINFO_address(res), 0)
1352 || !BIO_socket_nbio(consock, 1))
1353 goto err;
1354
1355 asock = BIO_accept_ex(lsock, NULL, BIO_SOCK_NONBLOCK);
1356 if (asock == INVALID_SOCKET)
1357 goto err;
1358
1359 *csock = consock;
1360 *ssock = asock;
1361 consock = asock = INVALID_SOCKET;
1362 ret = 1;
1363
1364 err:
1365 BIO_ADDRINFO_free(res);
1366 if (consock != INVALID_SOCKET)
1367 BIO_closesocket(consock);
1368 if (lsock != INVALID_SOCKET)
1369 BIO_closesocket(lsock);
1370 if (asock != INVALID_SOCKET)
1371 BIO_closesocket(asock);
1372 return ret;
1373}
1374#endif
1375
6dc99745
EK		 1376/*
1377 * Note that |extra| points to the correct client/server configuration
1378 * within |test_ctx|. When configuring the handshake, general mode settings
1379 * are taken from |test_ctx|, and client/server-specific settings should be
1380 * taken from |extra|.
1381 *
1382 * The configuration code should never reach into |test_ctx->extra| or
1383 * |test_ctx->resume_extra| directly.
1384 *
1385 * (We could refactor test mode settings into a substructure. This would result
1386 * in cleaner argument passing but would complicate the test configuration
1387 * parsing.)
1388 */
590ed3d7
EK		 1389static HANDSHAKE_RESULT *do_handshake_internal(
1390 SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx,
6dc99745 1391 const SSL_TEST_CTX *test_ctx, const SSL_TEST_EXTRA_CONF *extra,
6cc0b3c2
MC		 1392 SSL_SESSION *session_in, SSL_SESSION *serv_sess_in,
1393 SSL_SESSION **session_out, SSL_SESSION **serv_sess_out)
453dfd8d 1394{
e0421bd8 1395 PEER server, client;
83964ca0 1396 BIO *client_to_server = NULL, *server_to_client = NULL;
453dfd8d 1397 HANDSHAKE_EX_DATA server_ex_data, client_ex_data;
ce2cdac2
EK		 1398 CTX_DATA client_ctx_data, server_ctx_data, server2_ctx_data;
1399 HANDSHAKE_RESULT *ret = HANDSHAKE_RESULT_new();
36ff232c 1400 int client_turn = 1, client_turn_count = 0, client_wait_count = 0;
e0421bd8 1401 connect_phase_t phase = HANDSHAKE;
453dfd8d 1402 handshake_status_t status = HANDSHAKE_RETRY;
48593cb1 1403 const unsigned char* tick = NULL;
ce2cdac2 1404 size_t tick_len = 0;
a84e5c9a
TS		 1405 const unsigned char* sess_id = NULL;
1406 unsigned int sess_id_len = 0;
5c753de6 1407 SSL_SESSION* sess = NULL;
ce2cdac2
EK		 1408 const unsigned char *proto = NULL;
1409 /* API dictates unsigned int rather than size_t. */
1410 unsigned int proto_len = 0;
b93ad05d 1411 EVP_PKEY *tmp_key;
f15b50c4 1412 const STACK_OF(X509_NAME) *names;
83964ca0 1413 time_t start;
e1c7871d 1414 const char* cipher;
453dfd8d 1415
ff281ee8
P		 1416 if (ret == NULL)
1417 return NULL;
1418
ce2cdac2
EK		 1419 memset(&server_ctx_data, 0, sizeof(server_ctx_data));
1420 memset(&server2_ctx_data, 0, sizeof(server2_ctx_data));
1421 memset(&client_ctx_data, 0, sizeof(client_ctx_data));
e0421bd8
EK		 1422 memset(&server, 0, sizeof(server));
1423 memset(&client, 0, sizeof(client));
20e237c0
P		 1424 memset(&server_ex_data, 0, sizeof(server_ex_data));
1425 memset(&client_ex_data, 0, sizeof(client_ex_data));
ce2cdac2 1426
ff281ee8
P		 1427 if (!configure_handshake_ctx(server_ctx, server2_ctx, client_ctx,
1428 test_ctx, extra, &server_ctx_data,
1429 &server2_ctx_data, &client_ctx_data)) {
1430 TEST_note("configure_handshake_ctx");
1431 return NULL;
1432 }
a263f320 1433
09d62b33
MT		 1434#if !defined(OPENSSL_NO_SCTP) && !defined(OPENSSL_NO_SOCK)
1435 if (test_ctx->enable_client_sctp_label_bug)
1436 SSL_CTX_set_mode(client_ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG);
1437 if (test_ctx->enable_server_sctp_label_bug)
1438 SSL_CTX_set_mode(server_ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG);
1439#endif
1440
e0421bd8 1441 /* Setup SSL and buffers; additional configuration happens below. */
ff281ee8
P		 1442 if (!create_peer(&server, server_ctx)) {
1443 TEST_note("creating server context");
1444 goto err;
1445 }
1446 if (!create_peer(&client, client_ctx)) {
1447 TEST_note("creating client context");
1448 goto err;
1449 }
453dfd8d 1450
6dc99745
EK		 1451 server.bytes_to_write = client.bytes_to_read = test_ctx->app_data_size;
1452 client.bytes_to_write = server.bytes_to_read = test_ctx->app_data_size;
e0421bd8
EK		 1453
1454 configure_handshake_ssl(server.ssl, client.ssl, extra);
590ed3d7 1455 if (session_in != NULL) {
6cc0b3c2 1456 SSL_SESSION_get_id(serv_sess_in, &sess_id_len);
590ed3d7 1457 /* In case we're testing resumption without tickets. */
6cc0b3c2
MC		 1458 if ((sess_id_len > 0
1459 && !TEST_true(SSL_CTX_add_session(server_ctx,
1460 serv_sess_in)))
ff281ee8
P		 1461 || !TEST_true(SSL_set_session(client.ssl, session_in)))
1462 goto err;
6cc0b3c2 1463 sess_id_len = 0;
590ed3d7 1464 }
5c753de6 1465
ce2cdac2 1466 ret->result = SSL_TEST_INTERNAL_ERROR;
453dfd8d 1467
83964ca0
MC		 1468 if (test_ctx->use_sctp) {
1469#if !defined(OPENSSL_NO_SCTP) && !defined(OPENSSL_NO_SOCK)
1470 int csock, ssock;
1471
1472 if (create_sctp_socks(&ssock, &csock)) {
1473 client_to_server = BIO_new_dgram_sctp(csock, BIO_CLOSE);
1474 server_to_client = BIO_new_dgram_sctp(ssock, BIO_CLOSE);
1475 }
1476#endif
1477 } else {
1478 client_to_server = BIO_new(BIO_s_mem());
1479 server_to_client = BIO_new(BIO_s_mem());
1480 }
453dfd8d 1481
ff281ee8
P		 1482 if (!TEST_ptr(client_to_server)
1483 || !TEST_ptr(server_to_client))
1484 goto err;
453dfd8d
EK		 1485
1486 /* Non-blocking bio. */
1487 BIO_set_nbio(client_to_server, 1);
1488 BIO_set_nbio(server_to_client, 1);
1489
e0421bd8
EK		 1490 SSL_set_connect_state(client.ssl);
1491 SSL_set_accept_state(server.ssl);
453dfd8d
EK		 1492
1493 /* The bios are now owned by the SSL object. */
83964ca0
MC		 1494 if (test_ctx->use_sctp) {
1495 SSL_set_bio(client.ssl, client_to_server, client_to_server);
1496 SSL_set_bio(server.ssl, server_to_client, server_to_client);
1497 } else {
1498 SSL_set_bio(client.ssl, server_to_client, client_to_server);
ff281ee8
P		 1499 if (!TEST_int_gt(BIO_up_ref(server_to_client), 0)
1500 || !TEST_int_gt(BIO_up_ref(client_to_server), 0))
1501 goto err;
83964ca0
MC		 1502 SSL_set_bio(server.ssl, client_to_server, server_to_client);
1503 }
453dfd8d
EK		 1504
1505 ex_data_idx = SSL_get_ex_new_index(0, "ex data", NULL, NULL, NULL);
ff281ee8
P		 1506 if (!TEST_int_ge(ex_data_idx, 0)
1507 || !TEST_int_eq(SSL_set_ex_data(server.ssl, ex_data_idx, &server_ex_data), 1)
1508 || !TEST_int_eq(SSL_set_ex_data(client.ssl, ex_data_idx, &client_ex_data), 1))
1509 goto err;
e0421bd8
EK		 1510
1511 SSL_set_info_callback(server.ssl, &info_cb);
1512 SSL_set_info_callback(client.ssl, &info_cb);
453dfd8d 1513
83964ca0
MC		 1514 client.status = PEER_RETRY;
1515 server.status = PEER_WAITING;
1516
1517 start = time(NULL);
453dfd8d
EK		 1518
1519 /*
1520 * Half-duplex handshake loop.
1521 * Client and server speak to each other synchronously in the same process.
1522 * We use non-blocking BIOs, so whenever one peer blocks for read, it
1523 * returns PEER_RETRY to indicate that it's the other peer's turn to write.
1524 * The handshake succeeds once both peers have succeeded. If one peer
1525 * errors out, we also let the other peer retry (and presumably fail).
1526 */
1527 for(;;) {
1528 if (client_turn) {
fe7dd553 1529 do_connect_step(test_ctx, &client, phase);
e0421bd8 1530 status = handshake_status(client.status, server.status,
453dfd8d 1531 1 /* client went last */);
83964ca0
MC		 1532 if (server.status == PEER_WAITING)
1533 server.status = PEER_RETRY;
453dfd8d 1534 } else {
fe7dd553 1535 do_connect_step(test_ctx, &server, phase);
e0421bd8 1536 status = handshake_status(server.status, client.status,
453dfd8d
EK		 1537 0 /* server went last */);
1538 }
1539
1540 switch (status) {
1541 case HANDSHAKE_SUCCESS:
ceb6d746 1542 client_turn_count = 0;
e42c4544 1543 phase = next_phase(test_ctx, phase);
e0421bd8 1544 if (phase == CONNECTION_DONE) {
590ed3d7
EK		 1545 ret->result = SSL_TEST_SUCCESS;
1546 goto err;
1547 } else {
e0421bd8
EK		 1548 client.status = server.status = PEER_RETRY;
1549 /*
1550 * For now, client starts each phase. Since each phase is
1551 * started separately, we can later control this more
1552 * precisely, for example, to test client-initiated and
1553 * server-initiated shutdown.
1554 */
590ed3d7
EK		 1555 client_turn = 1;
1556 break;
1557 }
453dfd8d 1558 case CLIENT_ERROR:
ce2cdac2 1559 ret->result = SSL_TEST_CLIENT_FAIL;
453dfd8d
EK		 1560 goto err;
1561 case SERVER_ERROR:
ce2cdac2 1562 ret->result = SSL_TEST_SERVER_FAIL;
453dfd8d
EK		 1563 goto err;
1564 case INTERNAL_ERROR:
ce2cdac2 1565 ret->result = SSL_TEST_INTERNAL_ERROR;
453dfd8d
EK		 1566 goto err;
1567 case HANDSHAKE_RETRY:
83964ca0
MC		 1568 if (test_ctx->use_sctp) {
1569 if (time(NULL) - start > 3) {
1570 /*
1571 * We've waited for too long. Give up.
1572 */
1573 ret->result = SSL_TEST_INTERNAL_ERROR;
1574 goto err;
1575 }
ceb6d746 1576 /*
83964ca0
MC		 1577 * With "real" sockets we only swap to processing the peer
1578 * if they are expecting to retry. Otherwise we just retry the
1579 * same endpoint again.
ceb6d746 1580 */
83964ca0
MC		 1581 if ((client_turn && server.status == PEER_RETRY)
1582 || (!client_turn && client.status == PEER_RETRY))
1583 client_turn ^= 1;
1584 } else {
1585 if (client_turn_count++ >= 2000) {
1586 /*
1587 * At this point, there's been so many PEER_RETRY in a row
1588 * that it's likely both sides are stuck waiting for a read.
1589 * It's time to give up.
1590 */
1591 ret->result = SSL_TEST_INTERNAL_ERROR;
1592 goto err;
1593 }
36ff232c
MC		 1594 if (client_turn && server.status == PEER_SUCCESS) {
1595 /*
1596 * The server may finish before the client because the
1597 * client spends some turns processing NewSessionTickets.
1598 */
1599 if (client_wait_count++ >= 2) {
1600 ret->result = SSL_TEST_INTERNAL_ERROR;
1601 goto err;
1602 }
1603 } else {
1604 /* Continue. */
1605 client_turn ^= 1;
1606 }
83964ca0 1607 }
453dfd8d
EK		 1608 break;
1609 }
1610 }
1611 err:
ce2cdac2 1612 ret->server_alert_sent = server_ex_data.alert_sent;
dd8e5a57 1613 ret->server_num_fatal_alerts_sent = server_ex_data.num_fatal_alerts_sent;
ce2cdac2
EK		 1614 ret->server_alert_received = client_ex_data.alert_received;
1615 ret->client_alert_sent = client_ex_data.alert_sent;
dd8e5a57 1616 ret->client_num_fatal_alerts_sent = client_ex_data.num_fatal_alerts_sent;
ce2cdac2 1617 ret->client_alert_received = server_ex_data.alert_received;
e0421bd8
EK		 1618 ret->server_protocol = SSL_version(server.ssl);
1619 ret->client_protocol = SSL_version(client.ssl);
ce2cdac2 1620 ret->servername = server_ex_data.servername;
a84e5c9a 1621 if ((sess = SSL_get0_session(client.ssl)) != NULL) {
ce2cdac2 1622 SSL_SESSION_get0_ticket(sess, &tick, &tick_len);
a84e5c9a
TS		 1623 sess_id = SSL_SESSION_get_id(sess, &sess_id_len);
1624 }
ce2cdac2
EK		 1625 if (tick == NULL || tick_len == 0)
1626 ret->session_ticket = SSL_TEST_SESSION_TICKET_NO;
5c753de6 1627 else
ce2cdac2 1628 ret->session_ticket = SSL_TEST_SESSION_TICKET_YES;
439db0c9
MC		 1629 ret->compression = (SSL_get_current_compression(client.ssl) == NULL)
1630 ? SSL_TEST_COMPRESSION_NO
1631 : SSL_TEST_COMPRESSION_YES;
a84e5c9a
TS		 1632 if (sess_id == NULL || sess_id_len == 0)
1633 ret->session_id = SSL_TEST_SESSION_ID_NO;
1634 else
1635 ret->session_id = SSL_TEST_SESSION_ID_YES;
ce2cdac2
EK		 1636 ret->session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call;
1637
0c3eb279
DDO		 1638 if (extra->client.verify_callback == SSL_TEST_VERIFY_RETRY_ONCE
1639 && n_retries != -1)
1640 ret->result = SSL_TEST_SERVER_FAIL;
1641
620c6ad3 1642#ifndef OPENSSL_NO_NEXTPROTONEG
e0421bd8 1643 SSL_get0_next_proto_negotiated(client.ssl, &proto, &proto_len);
ce2cdac2
EK		 1644 ret->client_npn_negotiated = dup_str(proto, proto_len);
1645
e0421bd8 1646 SSL_get0_next_proto_negotiated(server.ssl, &proto, &proto_len);
ce2cdac2 1647 ret->server_npn_negotiated = dup_str(proto, proto_len);
7b7cea6d 1648#endif
ce2cdac2 1649
e0421bd8 1650 SSL_get0_alpn_selected(client.ssl, &proto, &proto_len);
ce2cdac2
EK		 1651 ret->client_alpn_negotiated = dup_str(proto, proto_len);
1652
e0421bd8 1653 SSL_get0_alpn_selected(server.ssl, &proto, &proto_len);
ce2cdac2 1654 ret->server_alpn_negotiated = dup_str(proto, proto_len);
453dfd8d 1655
df0fed9a
TS		 1656 if ((sess = SSL_get0_session(server.ssl)) != NULL) {
1657 SSL_SESSION_get0_ticket_appdata(sess, (void**)&tick, &tick_len);
1658 ret->result_session_ticket_app_data = OPENSSL_strndup((const char*)tick, tick_len);
1659 }
1660
e0421bd8
EK		 1661 ret->client_resumed = SSL_session_reused(client.ssl);
1662 ret->server_resumed = SSL_session_reused(server.ssl);
590ed3d7 1663
e1c7871d
TS		 1664 cipher = SSL_CIPHER_get_name(SSL_get_current_cipher(client.ssl));
1665 ret->cipher = dup_str((const unsigned char*)cipher, strlen(cipher));
1666
590ed3d7 1667 if (session_out != NULL)
e0421bd8 1668 *session_out = SSL_get1_session(client.ssl);
6cc0b3c2
MC		 1669 if (serv_sess_out != NULL) {
1670 SSL_SESSION *tmp = SSL_get_session(server.ssl);
1671
1672 /*
1673 * We create a fresh copy that is not in the server session ctx linked
1674 * list.
1675 */
1676 if (tmp != NULL)
1677 *serv_sess_out = SSL_SESSION_dup(tmp);
1678 }
590ed3d7 1679
a51c9f63 1680 if (SSL_get_peer_tmp_key(client.ssl, &tmp_key)) {
7f5f35af 1681 ret->tmp_key_type = pkey_type(tmp_key);
b93ad05d 1682 EVP_PKEY_free(tmp_key);
b93ad05d
DSH		 1683 }
1684
ee5b6a42
DSH		 1685 SSL_get_peer_signature_nid(client.ssl, &ret->server_sign_hash);
1686 SSL_get_peer_signature_nid(server.ssl, &ret->client_sign_hash);
1687
54b7f2a5
DSH		 1688 SSL_get_peer_signature_type_nid(client.ssl, &ret->server_sign_type);
1689 SSL_get_peer_signature_type_nid(server.ssl, &ret->client_sign_type);
1690
f15b50c4 1691 names = SSL_get0_peer_CA_list(client.ssl);
2e21539b
DSH		 1692 if (names == NULL)
1693 ret->client_ca_names = NULL;
1694 else
1695 ret->client_ca_names = SSL_dup_CA_list(names);
1696
f15b50c4
DSH		 1697 names = SSL_get0_peer_CA_list(server.ssl);
1698 if (names == NULL)
1699 ret->server_ca_names = NULL;
1700 else
1701 ret->server_ca_names = SSL_dup_CA_list(names);
1702
7f5f35af
DSH		 1703 ret->server_cert_type = peer_pkey_type(client.ssl);
1704 ret->client_cert_type = peer_pkey_type(server.ssl);
1705
ce2cdac2
EK		 1706 ctx_data_free_data(&server_ctx_data);
1707 ctx_data_free_data(&server2_ctx_data);
1708 ctx_data_free_data(&client_ctx_data);
590ed3d7 1709
e0421bd8
EK		 1710 peer_free_data(&server);
1711 peer_free_data(&client);
453dfd8d
EK		 1712 return ret;
1713}
590ed3d7
EK		 1714
1715HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
1716 SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx,
11279b13 1717 SSL_CTX *resume_client_ctx,
590ed3d7
EK		 1718 const SSL_TEST_CTX *test_ctx)
1719{
1720 HANDSHAKE_RESULT *result;
6cc0b3c2 1721 SSL_SESSION *session = NULL, *serv_sess = NULL;
590ed3d7
EK		 1722
1723 result = do_handshake_internal(server_ctx, server2_ctx, client_ctx,
6dc99745 1724 test_ctx, &test_ctx->extra,
6cc0b3c2 1725 NULL, NULL, &session, &serv_sess);
ff281ee8
P		 1726 if (result == NULL
1727 || test_ctx->handshake_mode != SSL_TEST_HANDSHAKE_RESUME
1728 || result->result == SSL_TEST_INTERNAL_ERROR)
590ed3d7
EK		 1729 goto end;
1730
590ed3d7
EK		 1731 if (result->result != SSL_TEST_SUCCESS) {
1732 result->result = SSL_TEST_FIRST_HANDSHAKE_FAILED;
e0421bd8 1733 goto end;
590ed3d7
EK		 1734 }
1735
1736 HANDSHAKE_RESULT_free(result);
1737 /* We don't support SNI on second handshake yet, so server2_ctx is NULL. */
11279b13 1738 result = do_handshake_internal(resume_server_ctx, NULL, resume_client_ctx,
6dc99745 1739 test_ctx, &test_ctx->resume_extra,
6cc0b3c2 1740 session, serv_sess, NULL, NULL);
590ed3d7
EK		 1741 end:
1742 SSL_SESSION_free(session);
6cc0b3c2 1743 SSL_SESSION_free(serv_sess);
590ed3d7
EK		 1744 return result;
1745}
A mirror of the official openssl repository