]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/sslapitest.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add some tests for the new TLSv1.3 PSK code
[thirdparty/openssl.git] / test / sslapitest.c
CommitLineData
2cb4b5f6
MC		 1/*
2 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
ba881d3b
MC		 10#include <string.h>
11
2cb4b5f6
MC		 12#include <openssl/opensslconf.h>
13#include <openssl/bio.h>
14#include <openssl/crypto.h>
15#include <openssl/ssl.h>
ba881d3b 16#include <openssl/ocsp.h>
2cb4b5f6
MC		 17
18#include "ssltestlib.h"
c887104f 19#include "testutil.h"
f1b25aae 20#include "e_os.h"
ca0413ae 21#include "../ssl/ssl_locl.h"
2cb4b5f6
MC		 22
23static char *cert = NULL;
24static char *privkey = NULL;
25
6acdd3e5
CB		 26#define LOG_BUFFER_SIZE 1024
27static char server_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
710756a9 28static size_t server_log_buffer_index = 0;
6acdd3e5 29static char client_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
710756a9 30static size_t client_log_buffer_index = 0;
6acdd3e5
CB		 31static int error_writing_log = 0;
32
8f8c11d8 33#ifndef OPENSSL_NO_OCSP
ba881d3b
MC		 34static const unsigned char orespder[] = "Dummy OCSP Response";
35static int ocsp_server_called = 0;
36static int ocsp_client_called = 0;
37
38static int cdummyarg = 1;
39static X509 *ocspcert = NULL;
8f8c11d8 40#endif
ba881d3b 41
84d5549e
MC		 42#define NUM_EXTRA_CERTS 40
43
f1a5939f
CB		 44/*
45 * This structure is used to validate that the correct number of log messages
46 * of various types are emitted when emitting secret logs.
47 */
48struct sslapitest_log_counts {
49 unsigned int rsa_key_exchange_count;
50 unsigned int master_secret_count;
51 unsigned int client_handshake_secret_count;
52 unsigned int server_handshake_secret_count;
53 unsigned int client_application_secret_count;
54 unsigned int server_application_secret_count;
55};
56
16afd71c
MC		 57
58static unsigned char serverinfov1[] = {
59 0xff, 0xff, /* Dummy extension type */
60 0x00, 0x01, /* Extension length is 1 byte */
61 0xff /* Dummy extension data */
62};
63
64static unsigned char serverinfov2[] = {
65 0x00, 0x00, 0x00,
66 (unsigned char)(SSL_EXT_CLIENT_HELLO & 0xff), /* Dummy context - 4 bytes */
67 0xff, 0xff, /* Dummy extension type */
68 0x00, 0x01, /* Extension length is 1 byte */
69 0xff /* Dummy extension data */
70};
71
710756a9
RS		 72static void client_keylog_callback(const SSL *ssl, const char *line)
73{
6acdd3e5
CB		 74 int line_length = strlen(line);
75
76 /* If the log doesn't fit, error out. */
710756a9
RS		 77 if (client_log_buffer_index + line_length > sizeof(client_log_buffer) - 1) {
78 TEST_info("Client log too full");
6acdd3e5
CB		 79 error_writing_log = 1;
80 return;
81 }
82
83 strcat(client_log_buffer, line);
84 client_log_buffer_index += line_length;
710756a9 85 client_log_buffer[client_log_buffer_index++] = '\n';
6acdd3e5
CB		 86}
87
710756a9
RS		 88static void server_keylog_callback(const SSL *ssl, const char *line)
89{
6acdd3e5
CB		 90 int line_length = strlen(line);
91
92 /* If the log doesn't fit, error out. */
710756a9
RS		 93 if (server_log_buffer_index + line_length > sizeof(server_log_buffer) - 1) {
94 TEST_info("Server og too full");
6acdd3e5
CB		 95 error_writing_log = 1;
96 return;
97 }
98
99 strcat(server_log_buffer, line);
100 server_log_buffer_index += line_length;
710756a9 101 server_log_buffer[server_log_buffer_index++] = '\n';
6acdd3e5
CB		 102}
103
104static int compare_hex_encoded_buffer(const char *hex_encoded,
105 size_t hex_length,
106 const uint8_t *raw,
710756a9
RS		 107 size_t raw_length)
108{
109 size_t i, j;
110 char hexed[3];
6acdd3e5 111
710756a9 112 if (!TEST_size_t_eq(raw_length * 2, hex_length))
6acdd3e5 113 return 1;
6acdd3e5 114
710756a9 115 for (i = j = 0; i < raw_length && j + 1 < hex_length; i++, j += 2) {
6acdd3e5 116 sprintf(hexed, "%02x", raw[i]);
710756a9
RS		 117 if (!TEST_int_eq(hexed[0], hex_encoded[j])
118 || !TEST_int_eq(hexed[1], hex_encoded[j + 1]))
6acdd3e5 119 return 1;
6acdd3e5
CB		 120 }
121
122 return 0;
123}
124
125static int test_keylog_output(char *buffer, const SSL *ssl,
f1a5939f 126 const SSL_SESSION *session,
710756a9
RS		 127 struct sslapitest_log_counts *expected)
128{
6acdd3e5
CB		 129 char *token = NULL;
130 unsigned char actual_client_random[SSL3_RANDOM_SIZE] = {0};
131 size_t client_random_size = SSL3_RANDOM_SIZE;
132 unsigned char actual_master_key[SSL_MAX_MASTER_KEY_LENGTH] = {0};
133 size_t master_key_size = SSL_MAX_MASTER_KEY_LENGTH;
f1a5939f
CB		 134 unsigned int rsa_key_exchange_count = 0;
135 unsigned int master_secret_count = 0;
136 unsigned int client_handshake_secret_count = 0;
137 unsigned int server_handshake_secret_count = 0;
138 unsigned int client_application_secret_count = 0;
139 unsigned int server_application_secret_count = 0;
6acdd3e5 140
710756a9
RS		 141 for (token = strtok(buffer, " \n"); token != NULL;
142 token = strtok(NULL, " \n")) {
6acdd3e5 143 if (strcmp(token, "RSA") == 0) {
f1a5939f
CB		 144 /*
145 * Premaster secret. Tokens should be: 16 ASCII bytes of
6acdd3e5
CB		 146 * hex-encoded encrypted secret, then the hex-encoded pre-master
147 * secret.
148 */
710756a9 149 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 150 return 0;
710756a9 151 if (!TEST_size_t_eq(strlen(token), 16))
f1a5939f 152 return 0;
710756a9 153 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 154 return 0;
f1a5939f
CB		 155 /*
156 * We can't sensibly check the log because the premaster secret is
157 * transient, and OpenSSL doesn't keep hold of it once the master
158 * secret is generated.
159 */
160 rsa_key_exchange_count++;
6acdd3e5 161 } else if (strcmp(token, "CLIENT_RANDOM") == 0) {
f1a5939f
CB		 162 /*
163 * Master secret. Tokens should be: 64 ASCII bytes of hex-encoded
6acdd3e5
CB		 164 * client random, then the hex-encoded master secret.
165 */
166 client_random_size = SSL_get_client_random(ssl,
167 actual_client_random,
168 SSL3_RANDOM_SIZE);
710756a9 169 if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE))
f1a5939f 170 return 0;
6acdd3e5 171
710756a9 172 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 173 return 0;
710756a9 174 if (!TEST_size_t_eq(strlen(token), 64))
f1a5939f 175 return 0;
710756a9
RS		 176 if (!TEST_false(compare_hex_encoded_buffer(token, 64,
177 actual_client_random,
178 client_random_size)))
f1a5939f 179 return 0;
6acdd3e5 180
710756a9 181 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 182 return 0;
6acdd3e5
CB		 183 master_key_size = SSL_SESSION_get_master_key(session,
184 actual_master_key,
185 master_key_size);
710756a9 186 if (!TEST_size_t_ne(master_key_size, 0))
f1a5939f 187 return 0;
710756a9
RS		 188 if (!TEST_false(compare_hex_encoded_buffer(token, strlen(token),
189 actual_master_key,
190 master_key_size)))
f1a5939f 191 return 0;
f1a5939f 192 master_secret_count++;
710756a9
RS		 193 } else if (strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0
194 || strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0
195 || strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0
196 || strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0) {
f1a5939f
CB		 197 /*
198 * TLSv1.3 secret. Tokens should be: 64 ASCII bytes of hex-encoded
199 * client random, and then the hex-encoded secret. In this case,
200 * we treat all of these secrets identically and then just
201 * distinguish between them when counting what we saw.
202 */
203 if (strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0)
204 client_handshake_secret_count++;
205 else if (strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0)
206 server_handshake_secret_count++;
207 else if (strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0)
208 client_application_secret_count++;
209 else if (strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0)
210 server_application_secret_count++;
211
212 client_random_size = SSL_get_client_random(ssl,
213 actual_client_random,
214 SSL3_RANDOM_SIZE);
710756a9 215 if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE))
f1a5939f 216 return 0;
f1a5939f 217
710756a9 218 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 219 return 0;
710756a9 220 if (!TEST_size_t_eq(strlen(token), 64))
f1a5939f 221 return 0;
710756a9
RS		 222 if (!TEST_false(compare_hex_encoded_buffer(token, 64,
223 actual_client_random,
224 client_random_size)))
f1a5939f 225 return 0;
6acdd3e5 226
710756a9 227 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 228 return 0;
f1a5939f
CB		 229
230 /*
231 * TODO(TLS1.3): test that application traffic secrets are what
232 * we expect */
6acdd3e5 233 } else {
710756a9 234 TEST_info("Unexpected token %s\n", token);
f1a5939f 235 return 0;
6acdd3e5 236 }
6acdd3e5
CB		 237 }
238
710756a9
RS		 239 /* Got what we expected? */
240 if (!TEST_size_t_eq(rsa_key_exchange_count,
241 expected->rsa_key_exchange_count)
242 || !TEST_size_t_eq(master_secret_count,
243 expected->master_secret_count)
244 || !TEST_size_t_eq(client_handshake_secret_count,
245 expected->client_handshake_secret_count)
246 || !TEST_size_t_eq(server_handshake_secret_count,
247 expected->server_handshake_secret_count)
248 || !TEST_size_t_eq(client_application_secret_count,
249 expected->client_application_secret_count)
250 || !TEST_size_t_eq(server_application_secret_count,
251 expected->server_application_secret_count))
252 return 0;
253 return 1;
6acdd3e5
CB		 254}
255
710756a9
RS		 256static int test_keylog(void)
257{
6acdd3e5
CB		 258 SSL_CTX *cctx = NULL, *sctx = NULL;
259 SSL *clientssl = NULL, *serverssl = NULL;
260 int testresult = 0;
f1a5939f 261 struct sslapitest_log_counts expected = {0};
6acdd3e5
CB		 262
263 /* Clean up logging space */
710756a9
RS		 264 memset(client_log_buffer, 0, sizeof(client_log_buffer));
265 memset(server_log_buffer, 0, sizeof(server_log_buffer));
6acdd3e5
CB		 266 client_log_buffer_index = 0;
267 server_log_buffer_index = 0;
268 error_writing_log = 0;
269
710756a9
RS		 270 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
271 TLS_client_method(),
272 &sctx, &cctx, cert, privkey)))
6acdd3e5 273 return 0;
6acdd3e5
CB		 274
275 /* We cannot log the master secret for TLSv1.3, so we should forbid it. */
276 SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
277 SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
278
f0deb4d3 279 /* We also want to ensure that we use RSA-based key exchange. */
710756a9 280 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "RSA")))
f0deb4d3 281 goto end;
f0deb4d3 282
cf10df81
RS		 283 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL)
284 || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL))
6acdd3e5 285 goto end;
6acdd3e5 286 SSL_CTX_set_keylog_callback(cctx, client_keylog_callback);
cf10df81
RS		 287 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx)
288 == client_keylog_callback))
6acdd3e5 289 goto end;
710756a9 290 SSL_CTX_set_keylog_callback(sctx, server_keylog_callback);
cf10df81
RS		 291 if (!TEST_true(SSL_CTX_get_keylog_callback(sctx)
292 == server_keylog_callback))
6acdd3e5 293 goto end;
6acdd3e5 294
710756a9
RS		 295 /* Now do a handshake and check that the logs have been written to. */
296 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
297 &clientssl, NULL, NULL))
298 || !TEST_true(create_ssl_connection(serverssl, clientssl,
299 SSL_ERROR_NONE))
300 || !TEST_false(error_writing_log)
301 || !TEST_int_gt(client_log_buffer_index, 0)
302 || !TEST_int_gt(server_log_buffer_index, 0))
6acdd3e5 303 goto end;
6acdd3e5 304
f1a5939f
CB		 305 /*
306 * Now we want to test that our output data was vaguely sensible. We
6acdd3e5 307 * do that by using strtok and confirming that we have more or less the
f1a5939f
CB		 308 * data we expect. For both client and server, we expect to see one master
309 * secret. The client should also see a RSA key exchange.
6acdd3e5 310 */
f1a5939f
CB		 311 expected.rsa_key_exchange_count = 1;
312 expected.master_secret_count = 1;
710756a9
RS		 313 if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
314 SSL_get_session(clientssl), &expected)))
6acdd3e5 315 goto end;
f1a5939f
CB		 316
317 expected.rsa_key_exchange_count = 0;
710756a9
RS		 318 if (!TEST_true(test_keylog_output(server_log_buffer, serverssl,
319 SSL_get_session(serverssl), &expected)))
6acdd3e5 320 goto end;
6acdd3e5
CB		 321
322 testresult = 1;
323
324end:
325 SSL_free(serverssl);
326 SSL_free(clientssl);
327 SSL_CTX_free(sctx);
328 SSL_CTX_free(cctx);
329
330 return testresult;
331}
332
333#ifndef OPENSSL_NO_TLS1_3
710756a9
RS		 334static int test_keylog_no_master_key(void)
335{
6acdd3e5
CB		 336 SSL_CTX *cctx = NULL, *sctx = NULL;
337 SSL *clientssl = NULL, *serverssl = NULL;
338 int testresult = 0;
f1a5939f 339 struct sslapitest_log_counts expected = {0};
6acdd3e5
CB		 340
341 /* Clean up logging space */
710756a9
RS		 342 memset(client_log_buffer, 0, sizeof(client_log_buffer));
343 memset(server_log_buffer, 0, sizeof(server_log_buffer));
6acdd3e5
CB		 344 client_log_buffer_index = 0;
345 server_log_buffer_index = 0;
346 error_writing_log = 0;
347
710756a9
RS		 348 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
349 TLS_client_method(), &sctx,
350 &cctx, cert, privkey)))
6acdd3e5 351 return 0;
6acdd3e5 352
cf10df81
RS		 353 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL)
354 || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL))
6acdd3e5 355 goto end;
6acdd3e5
CB		 356
357 SSL_CTX_set_keylog_callback(cctx, client_keylog_callback);
cf10df81
RS		 358 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx)
359 == client_keylog_callback))
6acdd3e5 360 goto end;
6acdd3e5 361
710756a9 362 SSL_CTX_set_keylog_callback(sctx, server_keylog_callback);
cf10df81
RS		 363 if (!TEST_true(SSL_CTX_get_keylog_callback(sctx)
364 == server_keylog_callback))
6acdd3e5 365 goto end;
6acdd3e5 366
710756a9
RS		 367 /* Now do a handshake and check that the logs have been written to. */
368 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
369 &clientssl, NULL, NULL))
370 || !TEST_true(create_ssl_connection(serverssl, clientssl,
371 SSL_ERROR_NONE))
372 || !TEST_false(error_writing_log))
6acdd3e5 373 goto end;
6acdd3e5 374
f1a5939f
CB		 375 /*
376 * Now we want to test that our output data was vaguely sensible. For this
69687aa8 377 * test, we expect no CLIENT_RANDOM entry because it doesn't make sense for
f1a5939f 378 * TLSv1.3, but we do expect both client and server to emit keys.
6acdd3e5 379 */
f1a5939f
CB		 380 expected.client_handshake_secret_count = 1;
381 expected.server_handshake_secret_count = 1;
382 expected.client_application_secret_count = 1;
383 expected.server_application_secret_count = 1;
710756a9
RS		 384 if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
385 SSL_get_session(clientssl), &expected))
386 || !TEST_true(test_keylog_output(server_log_buffer, serverssl,
387 SSL_get_session(serverssl),
388 &expected)))
6acdd3e5 389 goto end;
6acdd3e5
CB		 390
391 testresult = 1;
392
393end:
394 SSL_free(serverssl);
395 SSL_free(clientssl);
396 SSL_CTX_free(sctx);
397 SSL_CTX_free(cctx);
398
399 return testresult;
400}
401#endif
402
e9ee6536 403#ifndef OPENSSL_NO_TLS1_2
2afaee51
BK		 404static int full_early_callback(SSL *s, int *al, void *arg)
405{
406 int *ctr = arg;
407 const unsigned char *p;
8ea404fb 408 int *exts;
2afaee51
BK		 409 /* We only configure two ciphers, but the SCSV is added automatically. */
410#ifdef OPENSSL_NO_EC
411 const unsigned char expected_ciphers[] = {0x00, 0x9d, 0x00, 0xff};
412#else
413 const unsigned char expected_ciphers[] = {0x00, 0x9d, 0xc0,
414 0x2c, 0x00, 0xff};
415#endif
8ea404fb
BK		 416 const int expected_extensions[] = {
417#ifndef OPENSSL_NO_EC
418 11, 10,
419#endif
420 35, 13, 22, 23};
2afaee51
BK		 421 size_t len;
422
423 /* Make sure we can defer processing and get called back. */
424 if ((*ctr)++ == 0)
425 return -1;
426
427 len = SSL_early_get0_ciphers(s, &p);
710756a9
RS		 428 if (!TEST_mem_eq(p, len, expected_ciphers, sizeof(expected_ciphers))
429 || !TEST_size_t_eq(SSL_early_get0_compression_methods(s, &p), 1)
430 || !TEST_int_eq(*p, 0))
2afaee51 431 return 0;
8ea404fb
BK		 432 if (!SSL_early_get1_extensions_present(s, &exts, &len))
433 return 0;
434 if (len != OSSL_NELEM(expected_extensions) ||
435 memcmp(exts, expected_extensions, len * sizeof(*exts)) != 0) {
436 printf("Early callback expected ClientHello extensions mismatch\n");
437 OPENSSL_free(exts);
438 return 0;
439 }
440 OPENSSL_free(exts);
2afaee51
BK		 441 return 1;
442}
443
710756a9
RS		 444static int test_early_cb(void)
445{
2afaee51
BK		 446 SSL_CTX *cctx = NULL, *sctx = NULL;
447 SSL *clientssl = NULL, *serverssl = NULL;
448 int testctr = 0, testresult = 0;
449
710756a9
RS		 450 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
451 TLS_client_method(), &sctx,
452 &cctx, cert, privkey)))
2afaee51 453 goto end;
2afaee51 454 SSL_CTX_set_early_cb(sctx, full_early_callback, &testctr);
710756a9 455
2afaee51
BK		 456 /* The gimpy cipher list we configure can't do TLS 1.3. */
457 SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
2afaee51 458
710756a9
RS		 459 if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
460 "AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384"))
461 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
462 &clientssl, NULL, NULL))
463 || !TEST_false(create_ssl_connection(serverssl, clientssl,
464 SSL_ERROR_WANT_EARLY))
465 /*
466 * Passing a -1 literal is a hack since
467 * the real value was lost.
468 * */
469 || !TEST_int_eq(SSL_get_error(serverssl, -1), SSL_ERROR_WANT_EARLY)
470 || !TEST_true(create_ssl_connection(serverssl, clientssl,
471 SSL_ERROR_NONE)))
2afaee51 472 goto end;
2afaee51
BK		 473
474 testresult = 1;
475
476end:
477 SSL_free(serverssl);
478 SSL_free(clientssl);
479 SSL_CTX_free(sctx);
480 SSL_CTX_free(cctx);
481
482 return testresult;
483}
e9ee6536 484#endif
2afaee51 485
84d5549e 486static int execute_test_large_message(const SSL_METHOD *smeth,
7856332e 487 const SSL_METHOD *cmeth, int read_ahead)
84d5549e
MC		 488{
489 SSL_CTX *cctx = NULL, *sctx = NULL;
490 SSL *clientssl = NULL, *serverssl = NULL;
491 int testresult = 0;
492 int i;
710756a9 493 BIO *certbio = NULL;
84d5549e
MC		 494 X509 *chaincert = NULL;
495 int certlen;
496
710756a9 497 if (!TEST_ptr(certbio = BIO_new_file(cert, "r")))
84d5549e 498 goto end;
84d5549e 499 chaincert = PEM_read_bio_X509(certbio, NULL, NULL, NULL);
fa454945
MC		 500 BIO_free(certbio);
501 certbio = NULL;
710756a9 502 if (!TEST_ptr(chaincert))
fa454945 503 goto end;
84d5549e 504
710756a9
RS		 505 if (!TEST_true(create_ssl_ctx_pair(smeth, cmeth, &sctx,
506 &cctx, cert, privkey)))
84d5549e 507 goto end;
84d5549e 508
710756a9 509 if (read_ahead) {
7856332e
MC		 510 /*
511 * Test that read_ahead works correctly when dealing with large
512 * records
513 */
514 SSL_CTX_set_read_ahead(cctx, 1);
515 }
516
84d5549e
MC		 517 /*
518 * We assume the supplied certificate is big enough so that if we add
519 * NUM_EXTRA_CERTS it will make the overall message large enough. The
520 * default buffer size is requested to be 16k, but due to the way BUF_MEM
710756a9
RS		 521 * works, it ends up allocating a little over 21k (16 * 4/3). So, in this
522 * test we need to have a message larger than that.
84d5549e
MC		 523 */
524 certlen = i2d_X509(chaincert, NULL);
710756a9
RS		 525 OPENSSL_assert(certlen * NUM_EXTRA_CERTS >
526 (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3);
84d5549e 527 for (i = 0; i < NUM_EXTRA_CERTS; i++) {
710756a9 528 if (!X509_up_ref(chaincert))
84d5549e 529 goto end;
84d5549e 530 if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) {
84d5549e
MC		 531 X509_free(chaincert);
532 goto end;
533 }
534 }
535
710756a9
RS		 536 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
537 NULL, NULL))
538 || !TEST_true(create_ssl_connection(serverssl, clientssl,
539 SSL_ERROR_NONE)))
84d5549e 540 goto end;
84d5549e 541
4bf08600
MC		 542 /*
543 * Calling SSL_clear() first is not required but this tests that SSL_clear()
544 * doesn't leak (when using enable-crypto-mdebug).
545 */
710756a9 546 if (!TEST_true(SSL_clear(serverssl)))
4bf08600 547 goto end;
84d5549e 548
4bf08600 549 testresult = 1;
84d5549e
MC		 550 end:
551 X509_free(chaincert);
552 SSL_free(serverssl);
553 SSL_free(clientssl);
554 SSL_CTX_free(sctx);
555 SSL_CTX_free(cctx);
556
557 return testresult;
558}
559
560static int test_large_message_tls(void)
561{
7856332e
MC		 562 return execute_test_large_message(TLS_server_method(), TLS_client_method(),
563 0);
564}
565
566static int test_large_message_tls_read_ahead(void)
567{
568 return execute_test_large_message(TLS_server_method(), TLS_client_method(),
569 1);
84d5549e
MC		 570}
571
55386bef 572#ifndef OPENSSL_NO_DTLS
84d5549e
MC		 573static int test_large_message_dtls(void)
574{
7856332e
MC		 575 /*
576 * read_ahead is not relevant to DTLS because DTLS always acts as if
577 * read_ahead is set.
578 */
84d5549e 579 return execute_test_large_message(DTLS_server_method(),
7856332e 580 DTLS_client_method(), 0);
84d5549e 581}
55386bef 582#endif
84d5549e 583
8f8c11d8 584#ifndef OPENSSL_NO_OCSP
ba881d3b
MC		 585static int ocsp_server_cb(SSL *s, void *arg)
586{
587 int *argi = (int *)arg;
710756a9 588 unsigned char *copy = NULL;
ba881d3b
MC		 589 STACK_OF(OCSP_RESPID) *ids = NULL;
590 OCSP_RESPID *id = NULL;
591
592 if (*argi == 2) {
593 /* In this test we are expecting exactly 1 OCSP_RESPID */
594 SSL_get_tlsext_status_ids(s, &ids);
595 if (ids == NULL || sk_OCSP_RESPID_num(ids) != 1)
596 return SSL_TLSEXT_ERR_ALERT_FATAL;
597
598 id = sk_OCSP_RESPID_value(ids, 0);
599 if (id == NULL || !OCSP_RESPID_match(id, ocspcert))
600 return SSL_TLSEXT_ERR_ALERT_FATAL;
601 } else if (*argi != 1) {
602 return SSL_TLSEXT_ERR_ALERT_FATAL;
603 }
604
710756a9 605 if (!TEST_ptr(copy = OPENSSL_memdup(orespder, sizeof(orespder))))
ba881d3b
MC		 606 return SSL_TLSEXT_ERR_ALERT_FATAL;
607
710756a9 608 SSL_set_tlsext_status_ocsp_resp(s, copy, sizeof(orespder));
ba881d3b 609 ocsp_server_called = 1;
ba881d3b
MC		 610 return SSL_TLSEXT_ERR_OK;
611}
612
613static int ocsp_client_cb(SSL *s, void *arg)
614{
615 int *argi = (int *)arg;
616 const unsigned char *respderin;
617 size_t len;
618
619 if (*argi != 1 && *argi != 2)
620 return 0;
621
622 len = SSL_get_tlsext_status_ocsp_resp(s, &respderin);
710756a9 623 if (!TEST_mem_eq(orespder, len, respderin, len))
ba881d3b
MC		 624 return 0;
625
626 ocsp_client_called = 1;
ba881d3b
MC		 627 return 1;
628}
629
2cb4b5f6
MC		 630static int test_tlsext_status_type(void)
631{
ba881d3b
MC		 632 SSL_CTX *cctx = NULL, *sctx = NULL;
633 SSL *clientssl = NULL, *serverssl = NULL;
2cb4b5f6 634 int testresult = 0;
ba881d3b
MC		 635 STACK_OF(OCSP_RESPID) *ids = NULL;
636 OCSP_RESPID *id = NULL;
637 BIO *certbio = NULL;
2cb4b5f6 638
ba881d3b 639 if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx,
710756a9 640 &cctx, cert, privkey))
ba881d3b 641 return 0;
2cb4b5f6 642
710756a9 643 if (SSL_CTX_get_tlsext_status_type(cctx) != -1)
2cb4b5f6 644 goto end;
2cb4b5f6 645
ba881d3b 646 /* First just do various checks getting and setting tlsext_status_type */
2cb4b5f6 647
ba881d3b 648 clientssl = SSL_new(cctx);
710756a9
RS		 649 if (!TEST_int_eq(SSL_get_tlsext_status_type(clientssl), -1)
650 || !TEST_true(SSL_set_tlsext_status_type(clientssl,
651 TLSEXT_STATUSTYPE_ocsp))
652 || !TEST_int_eq(SSL_get_tlsext_status_type(clientssl),
653 TLSEXT_STATUSTYPE_ocsp))
2cb4b5f6 654 goto end;
2cb4b5f6 655
ba881d3b
MC		 656 SSL_free(clientssl);
657 clientssl = NULL;
2cb4b5f6 658
710756a9
RS		 659 if (!SSL_CTX_set_tlsext_status_type(cctx, TLSEXT_STATUSTYPE_ocsp)
660 || SSL_CTX_get_tlsext_status_type(cctx) != TLSEXT_STATUSTYPE_ocsp)
2cb4b5f6 661 goto end;
2cb4b5f6 662
ba881d3b 663 clientssl = SSL_new(cctx);
710756a9 664 if (SSL_get_tlsext_status_type(clientssl) != TLSEXT_STATUSTYPE_ocsp)
2cb4b5f6 665 goto end;
ba881d3b
MC		 666 SSL_free(clientssl);
667 clientssl = NULL;
668
669 /*
670 * Now actually do a handshake and check OCSP information is exchanged and
671 * the callbacks get called
672 */
ba881d3b
MC		 673 SSL_CTX_set_tlsext_status_cb(cctx, ocsp_client_cb);
674 SSL_CTX_set_tlsext_status_arg(cctx, &cdummyarg);
675 SSL_CTX_set_tlsext_status_cb(sctx, ocsp_server_cb);
676 SSL_CTX_set_tlsext_status_arg(sctx, &cdummyarg);
710756a9
RS		 677 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
678 &clientssl, NULL, NULL))
679 || !TEST_true(create_ssl_connection(serverssl, clientssl,
680 SSL_ERROR_NONE))
681 || !TEST_true(ocsp_client_called)
682 || !TEST_true(ocsp_server_called))
ba881d3b 683 goto end;
ba881d3b
MC		 684 SSL_free(serverssl);
685 SSL_free(clientssl);
686 serverssl = NULL;
687 clientssl = NULL;
688
689 /* Try again but this time force the server side callback to fail */
690 ocsp_client_called = 0;
691 ocsp_server_called = 0;
692 cdummyarg = 0;
710756a9
RS		 693 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
694 &clientssl, NULL, NULL))
695 /* This should fail because the callback will fail */
696 || !TEST_false(create_ssl_connection(serverssl, clientssl,
697 SSL_ERROR_NONE))
698 || !TEST_false(ocsp_client_called)
699 || !TEST_false(ocsp_server_called))
ba881d3b 700 goto end;
ba881d3b
MC		 701 SSL_free(serverssl);
702 SSL_free(clientssl);
703 serverssl = NULL;
704 clientssl = NULL;
705
706 /*
707 * This time we'll get the client to send an OCSP_RESPID that it will
708 * accept.
709 */
710 ocsp_client_called = 0;
711 ocsp_server_called = 0;
712 cdummyarg = 2;
710756a9
RS		 713 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
714 &clientssl, NULL, NULL)))
ba881d3b 715 goto end;
ba881d3b
MC		 716
717 /*
718 * We'll just use any old cert for this test - it doesn't have to be an OCSP
69687aa8 719 * specific one. We'll use the server cert.
ba881d3b 720 */
710756a9
RS		 721 if (!TEST_ptr(certbio = BIO_new_file(cert, "r"))
722 || !TEST_ptr(id = OCSP_RESPID_new())
723 || !TEST_ptr(ids = sk_OCSP_RESPID_new_null())
724 || !TEST_ptr(ocspcert = PEM_read_bio_X509(certbio,
725 NULL, NULL, NULL))
726 || !TEST_true(OCSP_RESPID_set_by_key(id, ocspcert))
727 || !TEST_true(sk_OCSP_RESPID_push(ids, id)))
ba881d3b 728 goto end;
ba881d3b
MC		 729 id = NULL;
730 SSL_set_tlsext_status_ids(clientssl, ids);
731 /* Control has been transferred */
732 ids = NULL;
733
734 BIO_free(certbio);
735 certbio = NULL;
736
710756a9
RS		 737 if (!TEST_true(create_ssl_connection(serverssl, clientssl,
738 SSL_ERROR_NONE))
739 || !TEST_true(ocsp_client_called)
740 || !TEST_true(ocsp_server_called))
ba881d3b 741 goto end;
ba881d3b 742
2cb4b5f6
MC		 743 testresult = 1;
744
745 end:
ba881d3b
MC		 746 SSL_free(serverssl);
747 SSL_free(clientssl);
748 SSL_CTX_free(sctx);
749 SSL_CTX_free(cctx);
750 sk_OCSP_RESPID_pop_free(ids, OCSP_RESPID_free);
751 OCSP_RESPID_free(id);
752 BIO_free(certbio);
753 X509_free(ocspcert);
754 ocspcert = NULL;
2cb4b5f6
MC		 755
756 return testresult;
757}
8f8c11d8 758#endif
2cb4b5f6 759
eaa776da
MC		 760typedef struct ssl_session_test_fixture {
761 const char *test_case_name;
762 int use_ext_cache;
763 int use_int_cache;
764} SSL_SESSION_TEST_FIXTURE;
765
766static int new_called = 0, remove_called = 0;
767
768static SSL_SESSION_TEST_FIXTURE
769ssl_session_set_up(const char *const test_case_name)
770{
771 SSL_SESSION_TEST_FIXTURE fixture;
772
773 fixture.test_case_name = test_case_name;
774 fixture.use_ext_cache = 1;
775 fixture.use_int_cache = 1;
776
777 new_called = remove_called = 0;
778
779 return fixture;
780}
781
782static void ssl_session_tear_down(SSL_SESSION_TEST_FIXTURE fixture)
783{
784}
785
786static int new_session_cb(SSL *ssl, SSL_SESSION *sess)
787{
788 new_called++;
eaa776da
MC		 789 return 1;
790}
791
792static void remove_session_cb(SSL_CTX *ctx, SSL_SESSION *sess)
793{
794 remove_called++;
795}
796
797static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
2cb4b5f6
MC		 798{
799 SSL_CTX *sctx = NULL, *cctx = NULL;
800 SSL *serverssl1 = NULL, *clientssl1 = NULL;
801 SSL *serverssl2 = NULL, *clientssl2 = NULL;
b4982125 802#ifndef OPENSSL_NO_TLS1_1
eaa776da 803 SSL *serverssl3 = NULL, *clientssl3 = NULL;
b4982125 804#endif
2cb4b5f6
MC		 805 SSL_SESSION *sess1 = NULL, *sess2 = NULL;
806 int testresult = 0;
807
710756a9
RS		 808 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
809 TLS_client_method(), &sctx,
810 &cctx, cert, privkey)))
2cb4b5f6 811 return 0;
2cb4b5f6 812
eaa776da
MC		 813#ifndef OPENSSL_NO_TLS1_2
814 /* Only allow TLS1.2 so we can force a connection failure later */
815 SSL_CTX_set_min_proto_version(cctx, TLS1_2_VERSION);
816#endif
817
818 /* Set up session cache */
819 if (fix.use_ext_cache) {
820 SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
821 SSL_CTX_sess_set_remove_cb(cctx, remove_session_cb);
822 }
823 if (fix.use_int_cache) {
824 /* Also covers instance where both are set */
825 SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT);
826 } else {
827 SSL_CTX_set_session_cache_mode(cctx,
828 SSL_SESS_CACHE_CLIENT
829 | SSL_SESS_CACHE_NO_INTERNAL_STORE);
830 }
2cb4b5f6 831
710756a9
RS		 832 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
833 NULL, NULL))
834 || !TEST_true(create_ssl_connection(serverssl1, clientssl1,
835 SSL_ERROR_NONE))
836 || !TEST_ptr(sess1 = SSL_get1_session(clientssl1)))
2cb4b5f6 837 goto end;
2cb4b5f6 838
710756a9
RS		 839 /* Should fail because it should already be in the cache */
840 if (fix.use_int_cache && !TEST_false(SSL_CTX_add_session(cctx, sess1)))
eaa776da 841 goto end;
710756a9 842 if (fix.use_ext_cache && (new_called != 1 || remove_called != 0))
b4982125 843 goto end;
b4982125 844
710756a9
RS		 845 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
846 &clientssl2, NULL, NULL))
847 || !TEST_true(create_ssl_connection(serverssl2, clientssl2,
848 SSL_ERROR_NONE)))
2cb4b5f6 849 goto end;
2cb4b5f6 850
710756a9 851 if (!TEST_ptr(sess2 = SSL_get1_session(clientssl2)))
2cb4b5f6 852 goto end;
2cb4b5f6 853
710756a9 854 if (fix.use_ext_cache && (new_called != 2 || remove_called != 0))
eaa776da 855 goto end;
eaa776da 856
2cb4b5f6 857 /*
710756a9
RS		 858 * This should clear sess2 from the cache because it is a "bad" session.
859 * See SSL_set_session() documentation.
2cb4b5f6 860 */
710756a9 861 if (!TEST_true(SSL_set_session(clientssl2, sess1)))
2cb4b5f6 862 goto end;
710756a9 863 if (fix.use_ext_cache && (new_called != 2 || remove_called != 1))
eaa776da 864 goto end;
710756a9 865 if (!TEST_ptr_eq(SSL_get_session(clientssl2), sess1))
2cb4b5f6 866 goto end;
2cb4b5f6 867
eaa776da 868 if (fix.use_int_cache) {
710756a9
RS		 869 /* Should succeeded because it should not already be in the cache */
870 if (!TEST_true(SSL_CTX_add_session(cctx, sess2))
871 || !TEST_true(SSL_CTX_remove_session(cctx, sess2)))
eaa776da 872 goto end;
eaa776da 873
710756a9
RS		 874 /*
875 * This is for the purposes of internal cache testing...ignore the
eaa776da 876 * counter for external cache
2cb4b5f6 877 */
eaa776da
MC		 878 if (fix.use_ext_cache)
879 remove_called--;
880 }
881
882 /* This shouldn't be in the cache so should fail */
710756a9 883 if (!TEST_false(SSL_CTX_remove_session(cctx, sess2)))
2cb4b5f6 884 goto end;
2cb4b5f6 885
710756a9 886 if (fix.use_ext_cache && (new_called != 2 || remove_called != 2))
2cb4b5f6 887 goto end;
2cb4b5f6 888
80f397e2 889#if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_2)
eaa776da
MC		 890 /* Force a connection failure */
891 SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION);
710756a9
RS		 892 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl3,
893 &clientssl3, NULL, NULL))
894 || !TEST_true(SSL_set_session(clientssl3, sess1))
895 /* This should fail because of the mismatched protocol versions */
896 || !TEST_false(create_ssl_connection(serverssl3, clientssl3,
897 SSL_ERROR_NONE)))
eaa776da 898 goto end;
b4982125 899
eaa776da 900 /* We should have automatically removed the session from the cache */
710756a9 901 if (fix.use_ext_cache && (new_called != 2 || remove_called != 3))
2cb4b5f6 902 goto end;
2cb4b5f6 903
710756a9
RS		 904 /* Should succeed because it should not already be in the cache */
905 if (fix.use_int_cache && !SSL_CTX_add_session(cctx, sess2))
eaa776da 906 goto end;
eaa776da
MC		 907#endif
908
2cb4b5f6 909 testresult = 1;
eaa776da 910
2cb4b5f6
MC		 911 end:
912 SSL_free(serverssl1);
913 SSL_free(clientssl1);
914 SSL_free(serverssl2);
915 SSL_free(clientssl2);
b4982125 916#ifndef OPENSSL_NO_TLS1_1
eaa776da
MC		 917 SSL_free(serverssl3);
918 SSL_free(clientssl3);
b4982125 919#endif
2cb4b5f6
MC		 920 SSL_SESSION_free(sess1);
921 SSL_SESSION_free(sess2);
710756a9 922
eaa776da
MC		 923 /*
924 * Check if we need to remove any sessions up-refed for the external cache
925 */
926 if (new_called >= 1)
927 SSL_SESSION_free(sess1);
928 if (new_called >= 2)
929 SSL_SESSION_free(sess2);
2cb4b5f6
MC		 930 SSL_CTX_free(sctx);
931 SSL_CTX_free(cctx);
932
933 return testresult;
934}
935
7fb4c820
MC		 936static int test_session_with_only_int_cache(void)
937{
eaa776da 938 SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
eaa776da 939 fixture.use_ext_cache = 0;
eaa776da
MC		 940 EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
941}
942
7fb4c820
MC		 943static int test_session_with_only_ext_cache(void)
944{
eaa776da 945 SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
eaa776da 946 fixture.use_int_cache = 0;
eaa776da
MC		 947 EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
948}
949
7fb4c820
MC		 950static int test_session_with_both_cache(void)
951{
eaa776da 952 SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
eaa776da
MC		 953 EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
954}
955
7fb4c820
MC		 956#define USE_NULL 0
957#define USE_BIO_1 1
958#define USE_BIO_2 2
959
960#define TOTAL_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3)
961
962static void setupbio(BIO **res, BIO *bio1, BIO *bio2, int type)
963{
964 switch (type) {
965 case USE_NULL:
966 *res = NULL;
967 break;
968 case USE_BIO_1:
969 *res = bio1;
970 break;
971 case USE_BIO_2:
972 *res = bio2;
973 break;
974 }
975}
976
977static int test_ssl_set_bio(int idx)
978{
710756a9 979 SSL_CTX *ctx;
7fb4c820
MC		 980 BIO *bio1 = NULL;
981 BIO *bio2 = NULL;
0fae8150 982 BIO *irbio = NULL, *iwbio = NULL, *nrbio = NULL, *nwbio = NULL;
7fb4c820
MC		 983 SSL *ssl = NULL;
984 int initrbio, initwbio, newrbio, newwbio;
985 int testresult = 0;
986
7fb4c820
MC		 987 initrbio = idx % 3;
988 idx /= 3;
989 initwbio = idx % 3;
990 idx /= 3;
991 newrbio = idx % 3;
992 idx /= 3;
993 newwbio = idx;
710756a9
RS		 994 if (!TEST_int_le(newwbio, 2))
995 return 0;
996
997 if (!TEST_ptr(ctx = SSL_CTX_new(TLS_method()))
998 || !TEST_ptr(ssl = SSL_new(ctx)))
999 goto end;
7fb4c820 1000
710756a9
RS		 1001 if (initrbio == USE_BIO_1
1002 || initwbio == USE_BIO_1
1003 || newrbio == USE_BIO_1
7fb4c820 1004 || newwbio == USE_BIO_1) {
710756a9 1005 if (!TEST_ptr(bio1 = BIO_new(BIO_s_mem())))
7fb4c820 1006 goto end;
7fb4c820
MC		 1007 }
1008
710756a9
RS		 1009 if (initrbio == USE_BIO_2
1010 || initwbio == USE_BIO_2
1011 || newrbio == USE_BIO_2
7fb4c820 1012 || newwbio == USE_BIO_2) {
710756a9 1013 if (!TEST_ptr(bio2 = BIO_new(BIO_s_mem())))
7fb4c820 1014 goto end;
7fb4c820
MC		 1015 }
1016
1017 setupbio(&irbio, bio1, bio2, initrbio);
1018 setupbio(&iwbio, bio1, bio2, initwbio);
1019
1020 /*
1021 * We want to maintain our own refs to these BIO, so do an up ref for each
69687aa8 1022 * BIO that will have ownership transferred in the SSL_set_bio() call
7fb4c820
MC		 1023 */
1024 if (irbio != NULL)
1025 BIO_up_ref(irbio);
1026 if (iwbio != NULL && iwbio != irbio)
1027 BIO_up_ref(iwbio);
1028
1029 SSL_set_bio(ssl, irbio, iwbio);
1030
1031 setupbio(&nrbio, bio1, bio2, newrbio);
1032 setupbio(&nwbio, bio1, bio2, newwbio);
1033
1034 /*
1035 * We will (maybe) transfer ownership again so do more up refs.
1036 * SSL_set_bio() has some really complicated ownership rules where BIOs have
1037 * already been set!
1038 */
710756a9
RS		 1039 if (nrbio != NULL
1040 && nrbio != irbio
1041 && (nwbio != iwbio || nrbio != nwbio))
7fb4c820 1042 BIO_up_ref(nrbio);
710756a9
RS		 1043 if (nwbio != NULL
1044 && nwbio != nrbio
1045 && (nwbio != iwbio || (nwbio == iwbio && irbio == iwbio)))
7fb4c820
MC		 1046 BIO_up_ref(nwbio);
1047
1048 SSL_set_bio(ssl, nrbio, nwbio);
1049
1050 testresult = 1;
1051
1052 end:
1053 SSL_free(ssl);
1054 BIO_free(bio1);
1055 BIO_free(bio2);
710756a9 1056
7fb4c820
MC		 1057 /*
1058 * This test is checking that the ref counting for SSL_set_bio is correct.
1059 * If we get here and we did too many frees then we will fail in the above
1060 * functions. If we haven't done enough then this will only be detected in
1061 * a crypto-mdebug build
1062 */
1063 SSL_CTX_free(ctx);
7fb4c820
MC		 1064 return testresult;
1065}
1066
9a716987
MC		 1067typedef struct ssl_bio_test_fixture {
1068 const char *test_case_name;
1069 int pop_ssl;
1070 enum { NO_BIO_CHANGE, CHANGE_RBIO, CHANGE_WBIO } change_bio;
1071} SSL_BIO_TEST_FIXTURE;
1072
1073static SSL_BIO_TEST_FIXTURE ssl_bio_set_up(const char *const test_case_name)
1074{
1075 SSL_BIO_TEST_FIXTURE fixture;
1076
1077 fixture.test_case_name = test_case_name;
1078 fixture.pop_ssl = 0;
bee5ee5f 1079 fixture.change_bio = NO_BIO_CHANGE;
9a716987
MC		 1080 return fixture;
1081}
1082
1083static void ssl_bio_tear_down(SSL_BIO_TEST_FIXTURE fixture)
1084{
1085}
1086
1087static int execute_test_ssl_bio(SSL_BIO_TEST_FIXTURE fix)
1088{
1089 BIO *sslbio = NULL, *membio1 = NULL, *membio2 = NULL;
710756a9 1090 SSL_CTX *ctx;
9a716987
MC		 1091 SSL *ssl = NULL;
1092 int testresult = 0;
1093
710756a9
RS		 1094 if (!TEST_ptr(ctx = SSL_CTX_new(TLS_method()))
1095 || !TEST_ptr(ssl = SSL_new(ctx))
1096 || !TEST_ptr(sslbio = BIO_new(BIO_f_ssl()))
1097 || !TEST_ptr(membio1 = BIO_new(BIO_s_mem())))
9a716987 1098 goto end;
9a716987
MC		 1099
1100 BIO_set_ssl(sslbio, ssl, BIO_CLOSE);
1101
1102 /*
1103 * If anything goes wrong here then we could leak memory, so this will
1104 * be caught in a crypto-mdebug build
1105 */
1106 BIO_push(sslbio, membio1);
1107
69687aa8 1108 /* Verify changing the rbio/wbio directly does not cause leaks */
9a716987 1109 if (fix.change_bio != NO_BIO_CHANGE) {
710756a9 1110 if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem())))
9a716987 1111 goto end;
9a716987 1112 if (fix.change_bio == CHANGE_RBIO)
65e2d672 1113 SSL_set0_rbio(ssl, membio2);
9a716987 1114 else
65e2d672 1115 SSL_set0_wbio(ssl, membio2);
9a716987
MC		 1116 }
1117 ssl = NULL;
1118
1119 if (fix.pop_ssl)
1120 BIO_pop(sslbio);
1121 else
1122 BIO_pop(membio1);
1123
1124 testresult = 1;
1125 end:
1126 BIO_free(membio1);
1127 BIO_free(sslbio);
1128 SSL_free(ssl);
1129 SSL_CTX_free(ctx);
1130
1131 return testresult;
1132}
1133
1134static int test_ssl_bio_pop_next_bio(void)
1135{
1136 SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
9a716987
MC		 1137 EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
1138}
1139
1140static int test_ssl_bio_pop_ssl_bio(void)
1141{
1142 SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
9a716987 1143 fixture.pop_ssl = 1;
9a716987
MC		 1144 EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
1145}
1146
1147static int test_ssl_bio_change_rbio(void)
1148{
1149 SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
9a716987 1150 fixture.change_bio = CHANGE_RBIO;
9a716987
MC		 1151 EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
1152}
1153
1154static int test_ssl_bio_change_wbio(void)
1155{
1156 SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
9a716987 1157 fixture.change_bio = CHANGE_WBIO;
9a716987
MC		 1158 EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
1159}
1160
f1b25aae
MC		 1161typedef struct {
1162 /* The list of sig algs */
1163 const int *list;
1164 /* The length of the list */
1165 size_t listlen;
1166 /* A sigalgs list in string format */
1167 const char *liststr;
1168 /* Whether setting the list should succeed */
1169 int valid;
1170 /* Whether creating a connection with the list should succeed */
1171 int connsuccess;
1172} sigalgs_list;
1173
1174static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA};
5eeb6c6e 1175#ifndef OPENSSL_NO_EC
f1b25aae
MC		 1176static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC};
1177static const int validlist3[] = {NID_sha512, EVP_PKEY_EC};
5eeb6c6e 1178#endif
f1b25aae
MC		 1179static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA};
1180static const int invalidlist2[] = {NID_sha256, NID_undef};
1181static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256};
1182static const int invalidlist4[] = {NID_sha256};
1183static const sigalgs_list testsigalgs[] = {
1184 {validlist1, OSSL_NELEM(validlist1), NULL, 1, 1},
5eeb6c6e 1185#ifndef OPENSSL_NO_EC
f1b25aae
MC		 1186 {validlist2, OSSL_NELEM(validlist2), NULL, 1, 1},
1187 {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0},
5eeb6c6e 1188#endif
f1b25aae 1189 {NULL, 0, "RSA+SHA256", 1, 1},
5eeb6c6e 1190#ifndef OPENSSL_NO_EC
f1b25aae
MC		 1191 {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
1192 {NULL, 0, "ECDSA+SHA512", 1, 0},
5eeb6c6e 1193#endif
f1b25aae
MC		 1194 {invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0},
1195 {invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0},
1196 {invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0},
1197 {invalidlist4, OSSL_NELEM(invalidlist4), NULL, 0, 0},
1198 {NULL, 0, "RSA", 0, 0},
1199 {NULL, 0, "SHA256", 0, 0},
1200 {NULL, 0, "RSA+SHA256:SHA256", 0, 0},
710756a9
RS		 1201 {NULL, 0, "Invalid", 0, 0}
1202};
f1b25aae
MC		 1203
1204static int test_set_sigalgs(int idx)
1205{
1206 SSL_CTX *cctx = NULL, *sctx = NULL;
1207 SSL *clientssl = NULL, *serverssl = NULL;
1208 int testresult = 0;
1209 const sigalgs_list *curr;
1210 int testctx;
1211
1212 /* Should never happen */
710756a9 1213 if (!TEST_size_t_le((size_t)idx, OSSL_NELEM(testsigalgs) * 2))
f1b25aae
MC		 1214 return 0;
1215
1216 testctx = ((size_t)idx < OSSL_NELEM(testsigalgs));
1217 curr = testctx ? &testsigalgs[idx]
1218 : &testsigalgs[idx - OSSL_NELEM(testsigalgs)];
1219
710756a9
RS		 1220 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1221 TLS_client_method(), &sctx,
1222 &cctx, cert, privkey)))
f1b25aae 1223 return 0;
f1b25aae 1224
d2e491f2
MC		 1225 /*
1226 * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test it
1227 * for TLSv1.2 for now until we add a new API.
1228 */
1229 SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
1230
f1b25aae
MC		 1231 if (testctx) {
1232 int ret;
710756a9 1233
f1b25aae
MC		 1234 if (curr->list != NULL)
1235 ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen);
1236 else
1237 ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr);
1238
1239 if (!ret) {
1240 if (curr->valid)
710756a9 1241 TEST_info("Failure setting sigalgs in SSL_CTX (%d)\n", idx);
f1b25aae
MC		 1242 else
1243 testresult = 1;
1244 goto end;
1245 }
1246 if (!curr->valid) {
710756a9 1247 TEST_info("Not-failed setting sigalgs in SSL_CTX (%d)\n", idx);
f1b25aae
MC		 1248 goto end;
1249 }
1250 }
1251
710756a9
RS		 1252 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1253 &clientssl, NULL, NULL)))
f1b25aae 1254 goto end;
f1b25aae
MC		 1255
1256 if (!testctx) {
1257 int ret;
1258
1259 if (curr->list != NULL)
1260 ret = SSL_set1_sigalgs(clientssl, curr->list, curr->listlen);
1261 else
1262 ret = SSL_set1_sigalgs_list(clientssl, curr->liststr);
1263 if (!ret) {
1264 if (curr->valid)
710756a9 1265 TEST_info("Failure setting sigalgs in SSL (%d)\n", idx);
f1b25aae
MC		 1266 else
1267 testresult = 1;
1268 goto end;
1269 }
710756a9 1270 if (!curr->valid)
f1b25aae 1271 goto end;
f1b25aae
MC		 1272 }
1273
710756a9
RS		 1274 if (!TEST_int_eq(create_ssl_connection(serverssl, clientssl,
1275 SSL_ERROR_NONE),
1276 curr->connsuccess))
f1b25aae 1277 goto end;
f1b25aae
MC		 1278
1279 testresult = 1;
1280
1281 end:
1282 SSL_free(serverssl);
1283 SSL_free(clientssl);
1284 SSL_CTX_free(sctx);
1285 SSL_CTX_free(cctx);
1286
1287 return testresult;
1288}
1289
5f982038
MC		 1290#ifndef OPENSSL_NO_TLS1_3
1291
1292#define MSG1 "Hello"
1293#define MSG2 "World."
1294#define MSG3 "This"
1295#define MSG4 "is"
1296#define MSG5 "a"
90049cea
MC		 1297#define MSG6 "test"
1298#define MSG7 "message."
5f982038
MC		 1299
1300/*
1301 * Helper method to setup objects for early data test. Caller frees objects on
1302 * error.
1303 */
1304static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl,
3cb47b4e 1305 SSL **serverssl, SSL_SESSION **sess, int idx)
5f982038 1306{
710756a9
RS		 1307 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1308 TLS_client_method(), sctx,
1309 cctx, cert, privkey)))
5f982038 1310 return 0;
5f982038 1311
3cb47b4e
MC		 1312 /* When idx == 1 we repeat the tests with read_ahead set */
1313 if (idx > 0) {
1314 SSL_CTX_set_read_ahead(*cctx, 1);
1315 SSL_CTX_set_read_ahead(*sctx, 1);
1316 }
1317
710756a9
RS		 1318 if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl, clientssl,
1319 NULL, NULL))
1320 || !TEST_true(create_ssl_connection(*serverssl, *clientssl,
1321 SSL_ERROR_NONE)))
5f982038 1322 return 0;
5f982038
MC		 1323
1324 *sess = SSL_get1_session(*clientssl);
5f982038
MC		 1325 SSL_shutdown(*clientssl);
1326 SSL_shutdown(*serverssl);
5f982038
MC		 1327 SSL_free(*serverssl);
1328 SSL_free(*clientssl);
1329 *serverssl = *clientssl = NULL;
1330
710756a9
RS		 1331 if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl,
1332 clientssl, NULL, NULL))
1333 || !TEST_true(SSL_set_session(*clientssl, *sess)))
5f982038 1334 return 0;
5f982038
MC		 1335
1336 return 1;
1337}
1338
3cb47b4e 1339static int test_early_data_read_write(int idx)
5f982038
MC		 1340{
1341 SSL_CTX *cctx = NULL, *sctx = NULL;
1342 SSL *clientssl = NULL, *serverssl = NULL;
1343 int testresult = 0;
1344 SSL_SESSION *sess = NULL;
9b5c865d
MC		 1345 unsigned char buf[20], data[1024];
1346 size_t readbytes, written, eoedlen, rawread, rawwritten;
1347 BIO *rbio;
5f982038 1348
710756a9
RS		 1349 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
1350 &serverssl, &sess, idx)))
5f982038
MC		 1351 goto end;
1352
1353 /* Write and read some early data */
710756a9
RS		 1354 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1355 &written))
1356 || !TEST_size_t_eq(written, strlen(MSG1))
1357 || !TEST_int_eq(SSL_read_early_data(serverssl, buf,
1358 sizeof(buf), &readbytes),
1359 SSL_READ_EARLY_DATA_SUCCESS)
1360 || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
1361 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1362 SSL_EARLY_DATA_ACCEPTED))
5f982038 1363 goto end;
5f982038
MC		 1364
1365 /*
09f28874 1366 * Server should be able to write data, and client should be able to
5f982038
MC		 1367 * read it.
1368 */
710756a9
RS		 1369 if (!TEST_true(SSL_write_early_data(serverssl, MSG2, strlen(MSG2),
1370 &written))
1371 || !TEST_size_t_eq(written, strlen(MSG2))
1372 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1373 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 1374 goto end;
5f982038
MC		 1375
1376 /* Even after reading normal data, client should be able write early data */
710756a9
RS		 1377 if (!TEST_true(SSL_write_early_data(clientssl, MSG3, strlen(MSG3),
1378 &written))
1379 || !TEST_size_t_eq(written, strlen(MSG3)))
5f982038 1380 goto end;
5f982038 1381
09f28874 1382 /* Server should still be able read early data after writing data */
710756a9
RS		 1383 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1384 &readbytes),
1385 SSL_READ_EARLY_DATA_SUCCESS)
1386 || !TEST_mem_eq(buf, readbytes, MSG3, strlen(MSG3)))
5f982038 1387 goto end;
5f982038 1388
09f28874 1389 /* Write more data from server and read it from client */
710756a9
RS		 1390 if (!TEST_true(SSL_write_early_data(serverssl, MSG4, strlen(MSG4),
1391 &written))
1392 || !TEST_size_t_eq(written, strlen(MSG4))
1393 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1394 || !TEST_mem_eq(buf, readbytes, MSG4, strlen(MSG4)))
5f982038 1395 goto end;
5f982038
MC		 1396
1397 /*
1398 * If client writes normal data it should mean writing early data is no
1399 * longer possible.
1400 */
710756a9
RS		 1401 if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written))
1402 || !TEST_size_t_eq(written, strlen(MSG5))
1403 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1404 SSL_EARLY_DATA_ACCEPTED))
5f982038 1405 goto end;
5f982038 1406
9b5c865d
MC		 1407 /*
1408 * At this point the client has written EndOfEarlyData, ClientFinished and
1409 * normal (fully protected) data. We are going to cause a delay between the
1410 * arrival of EndOfEarlyData and ClientFinished. We read out all the data
1411 * in the read BIO, and then just put back the EndOfEarlyData message.
1412 */
1413 rbio = SSL_get_rbio(serverssl);
710756a9
RS		 1414 if (!TEST_true(BIO_read_ex(rbio, data, sizeof(data), &rawread))
1415 || !TEST_size_t_lt(rawread, sizeof(data))
1416 || !TEST_size_t_gt(rawread, SSL3_RT_HEADER_LENGTH))
9b5c865d 1417 goto end;
710756a9 1418
9b5c865d
MC		 1419 /* Record length is in the 4th and 5th bytes of the record header */
1420 eoedlen = SSL3_RT_HEADER_LENGTH + (data[3] << 8 | data[4]);
710756a9
RS		 1421 if (!TEST_true(BIO_write_ex(rbio, data, eoedlen, &rawwritten))
1422 || !TEST_size_t_eq(rawwritten, eoedlen))
9b5c865d 1423 goto end;
9b5c865d 1424
5f982038 1425 /* Server should be told that there is no more early data */
710756a9
RS		 1426 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1427 &readbytes),
1428 SSL_READ_EARLY_DATA_FINISH)
1429 || !TEST_size_t_eq(readbytes, 0))
5f982038 1430 goto end;
5f982038 1431
9b5c865d
MC		 1432 /*
1433 * Server has not finished init yet, so should still be able to write early
1434 * data.
1435 */
710756a9
RS		 1436 if (!TEST_true(SSL_write_early_data(serverssl, MSG6, strlen(MSG6),
1437 &written))
1438 || !TEST_size_t_eq(written, strlen(MSG6)))
9b5c865d 1439 goto end;
9b5c865d 1440
f8a303fa 1441 /* Push the ClientFinished and the normal data back into the server rbio */
710756a9
RS		 1442 if (!TEST_true(BIO_write_ex(rbio, data + eoedlen, rawread - eoedlen,
1443 &rawwritten))
1444 || !TEST_size_t_eq(rawwritten, rawread - eoedlen))
f8a303fa 1445 goto end;
f8a303fa 1446
5f982038 1447 /* Server should be able to read normal data */
710756a9
RS		 1448 if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1449 || !TEST_size_t_eq(readbytes, strlen(MSG5)))
5f982038 1450 goto end;
5f982038 1451
09f28874 1452 /* Client and server should not be able to write/read early data now */
710756a9
RS		 1453 if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6),
1454 &written)))
5f982038 1455 goto end;
5f982038 1456 ERR_clear_error();
710756a9
RS		 1457 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1458 &readbytes),
1459 SSL_READ_EARLY_DATA_ERROR))
5f982038 1460 goto end;
5f982038
MC		 1461 ERR_clear_error();
1462
9b5c865d 1463 /* Client should be able to read the data sent by the server */
710756a9
RS		 1464 if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1465 || !TEST_mem_eq(buf, readbytes, MSG6, strlen(MSG6)))
9b5c865d 1466 goto end;
710756a9 1467
f8a303fa
MC		 1468 /*
1469 * Make sure we process the NewSessionTicket. This arrives post-handshake.
1470 * We attempt a read which we do not expect to return any data.
1471 */
710756a9 1472 if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)))
f8a303fa 1473 goto end;
5f982038 1474
90049cea 1475 /* Server should be able to write normal data */
710756a9
RS		 1476 if (!TEST_true(SSL_write_ex(serverssl, MSG7, strlen(MSG7), &written))
1477 || !TEST_size_t_eq(written, strlen(MSG7))
1478 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1479 || !TEST_mem_eq(buf, readbytes, MSG7, strlen(MSG7)))
90049cea 1480 goto end;
90049cea 1481
5f982038
MC		 1482 SSL_SESSION_free(sess);
1483 sess = SSL_get1_session(clientssl);
1484
1485 SSL_shutdown(clientssl);
1486 SSL_shutdown(serverssl);
5f982038
MC		 1487 SSL_free(serverssl);
1488 SSL_free(clientssl);
1489 serverssl = clientssl = NULL;
710756a9
RS		 1490 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1491 &clientssl, NULL, NULL))
1492 || !TEST_true(SSL_set_session(clientssl, sess)))
5f982038 1493 goto end;
5f982038
MC		 1494
1495 /* Write and read some early data */
710756a9
RS		 1496 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1497 &written))
1498 || !TEST_size_t_eq(written, strlen(MSG1))
1499 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1500 &readbytes),
1501 SSL_READ_EARLY_DATA_SUCCESS)
1502 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)))
5f982038 1503 goto end;
5f982038 1504
710756a9
RS		 1505 if (!TEST_int_gt(SSL_connect(clientssl), 0)
1506 || !TEST_int_gt(SSL_accept(serverssl), 0))
5f982038 1507 goto end;
5f982038 1508
09f28874 1509 /* Client and server should not be able to write/read early data now */
710756a9
RS		 1510 if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6),
1511 &written)))
5f982038 1512 goto end;
5f982038 1513 ERR_clear_error();
710756a9
RS		 1514 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1515 &readbytes),
1516 SSL_READ_EARLY_DATA_ERROR))
5f982038 1517 goto end;
5f982038
MC		 1518 ERR_clear_error();
1519
1520 /* Client and server should be able to write/read normal data */
710756a9
RS		 1521 if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written))
1522 || !TEST_size_t_eq(written, strlen(MSG5))
1523 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1524 || !TEST_size_t_eq(readbytes, strlen(MSG5)))
5f982038 1525 goto end;
5f982038
MC		 1526
1527 testresult = 1;
1528
1529 end:
5f982038
MC		 1530 SSL_SESSION_free(sess);
1531 SSL_free(serverssl);
1532 SSL_free(clientssl);
1533 SSL_CTX_free(sctx);
1534 SSL_CTX_free(cctx);
5f982038
MC		 1535 return testresult;
1536}
1537
710756a9
RS		 1538/*
1539 * Test that a server attempting to read early data can handle a connection
1540 * from a client where the early data is not acceptable.
1541 */
3cb47b4e 1542static int test_early_data_skip(int idx)
5f982038
MC		 1543{
1544 SSL_CTX *cctx = NULL, *sctx = NULL;
1545 SSL *clientssl = NULL, *serverssl = NULL;
1546 int testresult = 0;
018fcbec 1547 SSL_SESSION *sess = NULL;
5f982038
MC		 1548 unsigned char buf[20];
1549 size_t readbytes, written;
1550
710756a9
RS		 1551 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
1552 &serverssl, &sess, idx)))
5f982038
MC		 1553 goto end;
1554
1555 /*
1556 * Deliberately corrupt the creation time. We take 20 seconds off the time.
1557 * It could be any value as long as it is not within tolerance. This should
1558 * mean the ticket is rejected.
1559 */
710756a9 1560 if (!TEST_true(SSL_SESSION_set_time(sess, time(NULL) - 20)))
5f982038 1561 goto end;
5f982038
MC		 1562
1563 /* Write some early data */
710756a9
RS		 1564 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1565 &written))
1566 || !TEST_size_t_eq(written, strlen(MSG1)))
5f982038 1567 goto end;
5f982038
MC		 1568
1569 /* Server should reject the early data and skip over it */
710756a9
RS		 1570 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1571 &readbytes),
1572 SSL_READ_EARLY_DATA_FINISH)
1573 || !TEST_size_t_eq(readbytes, 0)
1574 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1575 SSL_EARLY_DATA_REJECTED))
5f982038 1576 goto end;
5f982038 1577
710756a9
RS		 1578 /* Should be able to send normal data despite rejection of early data */
1579 if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
1580 || !TEST_size_t_eq(written, strlen(MSG2))
1581 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1582 SSL_EARLY_DATA_REJECTED)
1583 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1584 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 1585 goto end;
5f982038
MC		 1586
1587 testresult = 1;
1588
1589 end:
5f982038
MC		 1590 SSL_SESSION_free(sess);
1591 SSL_free(serverssl);
1592 SSL_free(clientssl);
1593 SSL_CTX_free(sctx);
1594 SSL_CTX_free(cctx);
5f982038
MC		 1595 return testresult;
1596}
1597
710756a9
RS		 1598/*
1599 * Test that a server attempting to read early data can handle a connection
1600 * from a client that doesn't send any.
1601 */
3cb47b4e 1602static int test_early_data_not_sent(int idx)
5f982038
MC		 1603{
1604 SSL_CTX *cctx = NULL, *sctx = NULL;
1605 SSL *clientssl = NULL, *serverssl = NULL;
1606 int testresult = 0;
018fcbec 1607 SSL_SESSION *sess = NULL;
5f982038
MC		 1608 unsigned char buf[20];
1609 size_t readbytes, written;
1610
710756a9
RS		 1611 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
1612 &serverssl, &sess, idx)))
5f982038
MC		 1613 goto end;
1614
1615 /* Write some data - should block due to handshake with server */
1616 SSL_set_connect_state(clientssl);
710756a9 1617 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)))
5f982038 1618 goto end;
5f982038
MC		 1619
1620 /* Server should detect that early data has not been sent */
710756a9
RS		 1621 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1622 &readbytes),
1623 SSL_READ_EARLY_DATA_FINISH)
1624 || !TEST_size_t_eq(readbytes, 0)
1625 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1626 SSL_EARLY_DATA_NOT_SENT)
1627 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1628 SSL_EARLY_DATA_NOT_SENT))
5f982038 1629 goto end;
5f982038
MC		 1630
1631 /* Continue writing the message we started earlier */
710756a9
RS		 1632 if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
1633 || !TEST_size_t_eq(written, strlen(MSG1))
1634 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1635 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
1636 || !SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written)
1637 || !TEST_size_t_eq(written, strlen(MSG2)))
5f982038 1638 goto end;
5f982038 1639
3cb47b4e
MC		 1640 /*
1641 * Should block due to the NewSessionTicket arrival unless we're using
1642 * read_ahead
1643 */
1644 if (idx == 0) {
710756a9 1645 if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)))
3cb47b4e 1646 goto end;
5f982038
MC		 1647 }
1648
710756a9
RS		 1649 if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1650 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 1651 goto end;
5f982038
MC		 1652
1653 testresult = 1;
1654
1655 end:
5f982038
MC		 1656 SSL_SESSION_free(sess);
1657 SSL_free(serverssl);
1658 SSL_free(clientssl);
1659 SSL_CTX_free(sctx);
1660 SSL_CTX_free(cctx);
5f982038
MC		 1661 return testresult;
1662}
1663
710756a9
RS		 1664/*
1665 * Test that a server that doesn't try to read early data can handle a
1666 * client sending some.
1667 */
3cb47b4e 1668static int test_early_data_not_expected(int idx)
5f982038
MC		 1669{
1670 SSL_CTX *cctx = NULL, *sctx = NULL;
1671 SSL *clientssl = NULL, *serverssl = NULL;
1672 int testresult = 0;
018fcbec 1673 SSL_SESSION *sess = NULL;
5f982038
MC		 1674 unsigned char buf[20];
1675 size_t readbytes, written;
1676
5f982038 1677
710756a9
RS		 1678 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
1679 &serverssl, &sess, idx)))
5f982038
MC		 1680 goto end;
1681
1682 /* Write some early data */
710756a9
RS		 1683 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1684 &written)))
5f982038 1685 goto end;
5f982038
MC		 1686
1687 /*
1688 * Server should skip over early data and then block waiting for client to
1689 * continue handshake
1690 */
710756a9
RS		 1691 if (!TEST_int_le(SSL_accept(serverssl), 0)
1692 || !TEST_int_gt(SSL_connect(clientssl), 0)
1693 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1694 SSL_EARLY_DATA_REJECTED)
1695 || !TEST_int_gt(SSL_accept(serverssl), 0)
1696 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1697 SSL_EARLY_DATA_REJECTED))
5f982038 1698 goto end;
5f982038
MC		 1699
1700 /* Send some normal data from client to server */
710756a9
RS		 1701 if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
1702 || !TEST_size_t_eq(written, strlen(MSG2)))
5f982038 1703 goto end;
5f982038 1704
710756a9
RS		 1705 if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1706 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 1707 goto end;
5f982038
MC		 1708
1709 testresult = 1;
1710
1711 end:
5f982038
MC		 1712 SSL_SESSION_free(sess);
1713 SSL_free(serverssl);
1714 SSL_free(clientssl);
1715 SSL_CTX_free(sctx);
1716 SSL_CTX_free(cctx);
5f982038
MC		 1717 return testresult;
1718}
1719
1720
1721# ifndef OPENSSL_NO_TLS1_2
710756a9
RS		 1722/*
1723 * Test that a server attempting to read early data can handle a connection
1724 * from a TLSv1.2 client.
1725 */
3cb47b4e 1726static int test_early_data_tls1_2(int idx)
5f982038
MC		 1727{
1728 SSL_CTX *cctx = NULL, *sctx = NULL;
1729 SSL *clientssl = NULL, *serverssl = NULL;
1730 int testresult = 0;
1731 unsigned char buf[20];
1732 size_t readbytes, written;
1733
710756a9
RS		 1734 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1735 TLS_client_method(), &sctx,
1736 &cctx, cert, privkey)))
5f982038 1737 goto end;
5f982038 1738
3cb47b4e
MC		 1739 /* When idx == 1 we repeat the tests with read_ahead set */
1740 if (idx > 0) {
1741 SSL_CTX_set_read_ahead(cctx, 1);
1742 SSL_CTX_set_read_ahead(sctx, 1);
1743 }
1744
710756a9
RS		 1745 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1746 &clientssl, NULL, NULL)))
5f982038 1747 goto end;
5f982038
MC		 1748
1749 /* Write some data - should block due to handshake with server */
1750 SSL_set_max_proto_version(clientssl, TLS1_2_VERSION);
1751 SSL_set_connect_state(clientssl);
710756a9 1752 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)))
5f982038 1753 goto end;
5f982038
MC		 1754
1755 /*
1756 * Server should do TLSv1.2 handshake. First it will block waiting for more
f533fbd4
MC		 1757 * messages from client after ServerDone. Then SSL_read_early_data should
1758 * finish and detect that early data has not been sent
5f982038 1759 */
710756a9
RS		 1760 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1761 &readbytes),
1762 SSL_READ_EARLY_DATA_ERROR))
5f982038 1763 goto end;
5f982038
MC		 1764
1765 /*
1766 * Continue writing the message we started earlier. Will still block waiting
1767 * for the CCS/Finished from server
1768 */
710756a9
RS		 1769 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
1770 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1771 &readbytes),
1772 SSL_READ_EARLY_DATA_FINISH)
1773 || !TEST_size_t_eq(readbytes, 0)
1774 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1775 SSL_EARLY_DATA_NOT_SENT))
5f982038 1776 goto end;
5f982038
MC		 1777
1778 /* Continue writing the message we started earlier */
710756a9
RS		 1779 if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
1780 || !TEST_size_t_eq(written, strlen(MSG1))
1781 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1782 SSL_EARLY_DATA_NOT_SENT)
1783 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1784 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
1785 || !TEST_true(SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written))
1786 || !TEST_size_t_eq(written, strlen(MSG2))
1787 || !SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)
1788 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 1789 goto end;
5f982038
MC		 1790
1791 testresult = 1;
1792
1793 end:
5f982038
MC		 1794 SSL_free(serverssl);
1795 SSL_free(clientssl);
1796 SSL_CTX_free(sctx);
1797 SSL_CTX_free(cctx);
1798
1799 return testresult;
1800}
ca0413ae
MC		 1801# endif /* OPENSSL_NO_TLS1_2 */
1802
1803static int test_ciphersuite_change(void)
1804{
1805 SSL_CTX *cctx = NULL, *sctx = NULL;
1806 SSL *clientssl = NULL, *serverssl = NULL;
1807 SSL_SESSION *clntsess = NULL;
1808 int testresult = 0;
1809 const SSL_CIPHER *aes_128_gcm_sha256 = NULL;
1810
1811 /* Create a session based on SHA-256 */
1812 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1813 TLS_client_method(), &sctx,
1814 &cctx, cert, privkey))
1815 || !TEST_true(SSL_CTX_set_cipher_list(cctx,
1816 "TLS13-AES-128-GCM-SHA256"))
1817 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1818 &clientssl, NULL, NULL))
1819 || !TEST_true(create_ssl_connection(serverssl, clientssl,
1820 SSL_ERROR_NONE)))
1821 goto end;
1822
1823 clntsess = SSL_get1_session(clientssl);
1824 /* Save for later */
1825 aes_128_gcm_sha256 = SSL_SESSION_get0_cipher(clntsess);
1826 SSL_shutdown(clientssl);
1827 SSL_shutdown(serverssl);
1828 SSL_free(serverssl);
1829 SSL_free(clientssl);
1830 serverssl = clientssl = NULL;
1831
1832 /* Check we can resume a session with a different SHA-256 ciphersuite */
1833 if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
1834 "TLS13-CHACHA20-POLY1305-SHA256"))
1835 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
1836 NULL, NULL))
1837 || !TEST_true(SSL_set_session(clientssl, clntsess))
1838 || !TEST_true(create_ssl_connection(serverssl, clientssl,
1839 SSL_ERROR_NONE))
1840 || !TEST_true(SSL_session_reused(clientssl)))
1841 goto end;
1842
1843 SSL_SESSION_free(clntsess);
1844 clntsess = SSL_get1_session(clientssl);
1845 SSL_shutdown(clientssl);
1846 SSL_shutdown(serverssl);
1847 SSL_free(serverssl);
1848 SSL_free(clientssl);
1849 serverssl = clientssl = NULL;
1850
1851 /*
1852 * Check attempting to resume a SHA-256 session with no SHA-256 ciphersuites
0de6d66d 1853 * succeeds but does not resume.
ca0413ae
MC		 1854 */
1855 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "TLS13-AES-256-GCM-SHA384"))
1856 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
1857 NULL, NULL))
1858 || !TEST_true(SSL_set_session(clientssl, clntsess))
0de6d66d 1859 || !TEST_true(create_ssl_connection(serverssl, clientssl,
ca0413ae 1860 SSL_ERROR_SSL))
0de6d66d 1861 || !TEST_false(SSL_session_reused(clientssl)))
ca0413ae
MC		 1862 goto end;
1863
1864 SSL_SESSION_free(clntsess);
1865 clntsess = NULL;
1866 SSL_shutdown(clientssl);
1867 SSL_shutdown(serverssl);
1868 SSL_free(serverssl);
1869 SSL_free(clientssl);
1870 serverssl = clientssl = NULL;
1871
1872 /* Create a session based on SHA384 */
1873 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "TLS13-AES-256-GCM-SHA384"))
1874 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1875 &clientssl, NULL, NULL))
1876 || !TEST_true(create_ssl_connection(serverssl, clientssl,
1877 SSL_ERROR_NONE)))
1878 goto end;
1879
1880 clntsess = SSL_get1_session(clientssl);
1881 SSL_shutdown(clientssl);
1882 SSL_shutdown(serverssl);
1883 SSL_free(serverssl);
1884 SSL_free(clientssl);
1885 serverssl = clientssl = NULL;
1886
1887 if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
1888 "TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384"))
0de6d66d
MC		 1889 || !TEST_true(SSL_CTX_set_cipher_list(sctx,
1890 "TLS13-AES-256-GCM-SHA384"))
ca0413ae
MC		 1891 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
1892 NULL, NULL))
1893 || !TEST_true(SSL_set_session(clientssl, clntsess))
3b0e88d3
MC		 1894 /*
1895 * We use SSL_ERROR_WANT_READ below so that we can pause the
1896 * connection after the initial ClientHello has been sent to
1897 * enable us to make some session changes.
1898 */
ca0413ae
MC		 1899 || !TEST_false(create_ssl_connection(serverssl, clientssl,
1900 SSL_ERROR_WANT_READ)))
1901 goto end;
1902
1903 /* Trick the client into thinking this session is for a different digest */
1904 clntsess->cipher = aes_128_gcm_sha256;
1905 clntsess->cipher_id = clntsess->cipher->id;
1906
1907 /*
3b0e88d3
MC		 1908 * Continue the previously started connection. Server has selected a SHA-384
1909 * ciphersuite, but client thinks the session is for SHA-256, so it should
1910 * bail out.
ca0413ae
MC		 1911 */
1912 if (!TEST_false(create_ssl_connection(serverssl, clientssl,
1913 SSL_ERROR_SSL))
1914 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()),
1915 SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED))
1916 goto end;
1917
1918 testresult = 1;
1919
1920 end:
1921 SSL_SESSION_free(clntsess);
1922 SSL_free(serverssl);
1923 SSL_free(clientssl);
1924 SSL_CTX_free(sctx);
1925 SSL_CTX_free(cctx);
1926
1927 return testresult;
1928}
1929
ca8c71ba
MC		 1930
1931static SSL_SESSION *psk = NULL;
1932static const char *pskid = "Identity";
1933static const char *srvid;
1934
1935static int use_session_cb_cnt = 0;
1936static int find_session_cb_cnt = 0;
1937
1938static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id,
1939 size_t *idlen, SSL_SESSION **sess)
1940{
1941 use_session_cb_cnt++;
1942
1943 /* The first call should always have a NULL md */
1944 if (use_session_cb_cnt == 1 && md != NULL)
1945 return 0;
1946
1947 /* The second call should always have an md */
1948 if (use_session_cb_cnt == 2 && md == NULL)
1949 return 0;
1950
1951 /* We should only be called a maximum of twice */
1952 if (use_session_cb_cnt == 3)
1953 return 0;
1954
1955 if (psk != NULL)
1956 SSL_SESSION_up_ref(psk);
1957
1958 *sess = psk;
1959 *id = (const unsigned char *)pskid;
1960 *idlen = strlen(pskid);
1961
1962 return 1;
1963}
1964
1965static int find_session_cb(SSL *ssl, const unsigned char *identity,
1966 size_t identity_len, SSL_SESSION **sess)
1967{
1968 find_session_cb_cnt++;
1969
1970 /* We should only ever be called a maximum of twice per connection */
1971 if (find_session_cb_cnt > 2)
1972 return 0;
1973
1974 if (psk == NULL)
1975 return 0;
1976
1977 /* Identity should match that set by the client */
1978 if (strlen(srvid) != identity_len
1979 || strncmp(srvid, (const char *)identity, identity_len) != 0) {
1980 /* No PSK found, continue but without a PSK */
1981 *sess = NULL;
1982 return 1;
1983 }
1984
1985 SSL_SESSION_up_ref(psk);
1986 *sess = psk;
1987
1988 return 1;
1989}
1990
1991#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02")
1992
1993static int test_tls13_psk(void)
1994{
1995 SSL_CTX *sctx = NULL, *cctx = NULL;
1996 SSL *serverssl = NULL, *clientssl = NULL;
1997 const SSL_CIPHER *cipher = NULL;
1998 const unsigned char key[] = {
1999 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2000 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2001 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2002 };
2003 int testresult = 0;
2004
2005 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
2006 TLS_client_method(), &sctx,
2007 &cctx, cert, privkey)))
2008 goto end;
2009
2010 SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb);
2011 SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb);
2012 srvid = pskid;
2013
2014 /* Check we can create a connection if callback decides not to send a PSK */
2015 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2016 NULL, NULL))
2017 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2018 SSL_ERROR_NONE))
2019 || !TEST_false(SSL_session_reused(clientssl))
2020 || !TEST_false(SSL_session_reused(serverssl))
2021 || !TEST_true(use_session_cb_cnt == 1)
2022 || !TEST_true(find_session_cb_cnt == 0))
2023 goto end;
2024
2025 shutdown_ssl_connection(serverssl, clientssl);
2026 serverssl = clientssl = NULL;
2027 use_session_cb_cnt = 0;
2028
2029 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2030 NULL, NULL)))
2031 goto end;
2032
2033 /* Create the PSK */
2034 cipher = SSL_CIPHER_find(clientssl, TLS13_AES_256_GCM_SHA384_BYTES);
2035 psk = SSL_SESSION_new();
2036 if (!TEST_ptr(psk)
2037 || !TEST_ptr(cipher)
2038 || !TEST_true(SSL_SESSION_set1_master_key(psk, key, sizeof(key)))
2039 || !TEST_true(SSL_SESSION_set_cipher(psk, cipher))
2040 || !TEST_true(SSL_SESSION_set_protocol_version(psk,
2041 TLS1_3_VERSION)))
2042 goto end;
2043
2044 /* Check we can create a connection and the PSK is used */
2045 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
2046 || !TEST_true(SSL_session_reused(clientssl))
2047 || !TEST_true(SSL_session_reused(serverssl))
2048 || !TEST_true(use_session_cb_cnt == 1)
2049 || !TEST_true(find_session_cb_cnt == 1))
2050 goto end;
2051
2052 shutdown_ssl_connection(serverssl, clientssl);
2053 serverssl = clientssl = NULL;
2054 use_session_cb_cnt = find_session_cb_cnt = 0;
2055
2056 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2057 NULL, NULL)))
2058 goto end;
2059
2060 /* Force an HRR */
2061 if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
2062 goto end;
2063
2064 /*
2065 * Check we can create a connection, the PSK is used and the callbacks are
2066 * called twice.
2067 */
2068 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
2069 || !TEST_true(SSL_session_reused(clientssl))
2070 || !TEST_true(SSL_session_reused(serverssl))
2071 || !TEST_true(use_session_cb_cnt == 2)
2072 || !TEST_true(find_session_cb_cnt == 2))
2073 goto end;
2074
2075 shutdown_ssl_connection(serverssl, clientssl);
2076 serverssl = clientssl = NULL;
2077 use_session_cb_cnt = find_session_cb_cnt = 0;
2078
2079 /*
2080 * Check that if the server rejects the PSK we can still connect, but with
2081 * a full handshake
2082 */
2083 srvid = "Dummy Identity";
2084 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2085 NULL, NULL))
2086 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2087 SSL_ERROR_NONE))
2088 || !TEST_false(SSL_session_reused(clientssl))
2089 || !TEST_false(SSL_session_reused(serverssl))
2090 || !TEST_true(use_session_cb_cnt == 1)
2091 || !TEST_true(find_session_cb_cnt == 1))
2092 goto end;
2093
2094 shutdown_ssl_connection(serverssl, clientssl);
2095 serverssl = clientssl = NULL;
2096 testresult = 1;
2097
2098 end:
2099 SSL_SESSION_free(psk);
2100 SSL_free(serverssl);
2101 SSL_free(clientssl);
2102 SSL_CTX_free(sctx);
2103 SSL_CTX_free(cctx);
2104 return testresult;
2105}
2106
ca0413ae 2107#endif /* OPENSSL_NO_TLS1_3 */
5f982038 2108
a37008d9
MC		 2109static int clntaddoldcb = 0;
2110static int clntparseoldcb = 0;
2111static int srvaddoldcb = 0;
2112static int srvparseoldcb = 0;
2113static int clntaddnewcb = 0;
2114static int clntparsenewcb = 0;
2115static int srvaddnewcb = 0;
2116static int srvparsenewcb = 0;
bb01ef3f 2117static int snicb = 0;
a37008d9
MC		 2118
2119#define TEST_EXT_TYPE1 0xff00
2120
2121static int old_add_cb(SSL *s, unsigned int ext_type, const unsigned char **out,
2122 size_t *outlen, int *al, void *add_arg)
2123{
2124 int *server = (int *)add_arg;
2125 unsigned char *data;
2126
2127 if (SSL_is_server(s))
2128 srvaddoldcb++;
2129 else
2130 clntaddoldcb++;
2131
710756a9
RS		 2132 if (*server != SSL_is_server(s)
2133 || (data = OPENSSL_malloc(sizeof(*data))) == NULL)
a37008d9
MC		 2134 return -1;
2135
2136 *data = 1;
2137 *out = data;
2138 *outlen = sizeof(char);
a37008d9
MC		 2139 return 1;
2140}
2141
2142static void old_free_cb(SSL *s, unsigned int ext_type, const unsigned char *out,
2143 void *add_arg)
2144{
2145 OPENSSL_free((unsigned char *)out);
2146}
2147
2148static int old_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in,
2149 size_t inlen, int *al, void *parse_arg)
2150{
2151 int *server = (int *)parse_arg;
2152
2153 if (SSL_is_server(s))
2154 srvparseoldcb++;
2155 else
2156 clntparseoldcb++;
2157
710756a9
RS		 2158 if (*server != SSL_is_server(s)
2159 || inlen != sizeof(char)
2160 || *in != 1)
a37008d9
MC		 2161 return -1;
2162
2163 return 1;
2164}
2165
2166static int new_add_cb(SSL *s, unsigned int ext_type, unsigned int context,
2167 const unsigned char **out, size_t *outlen, X509 *x,
2168 size_t chainidx, int *al, void *add_arg)
2169{
2170 int *server = (int *)add_arg;
2171 unsigned char *data;
2172
2173 if (SSL_is_server(s))
2174 srvaddnewcb++;
2175 else
2176 clntaddnewcb++;
2177
710756a9
RS		 2178 if (*server != SSL_is_server(s)
2179 || (data = OPENSSL_malloc(sizeof(*data))) == NULL)
a37008d9
MC		 2180 return -1;
2181
2182 *data = 1;
2183 *out = data;
710756a9 2184 *outlen = sizeof(*data);
a37008d9
MC		 2185 return 1;
2186}
2187
2188static void new_free_cb(SSL *s, unsigned int ext_type, unsigned int context,
2189 const unsigned char *out, void *add_arg)
2190{
2191 OPENSSL_free((unsigned char *)out);
2192}
2193
2194static int new_parse_cb(SSL *s, unsigned int ext_type, unsigned int context,
2195 const unsigned char *in, size_t inlen, X509 *x,
2196 size_t chainidx, int *al, void *parse_arg)
2197{
2198 int *server = (int *)parse_arg;
2199
2200 if (SSL_is_server(s))
2201 srvparsenewcb++;
2202 else
2203 clntparsenewcb++;
2204
710756a9
RS		 2205 if (*server != SSL_is_server(s)
2206 || inlen != sizeof(char) || *in != 1)
a37008d9
MC		 2207 return -1;
2208
2209 return 1;
2210}
bb01ef3f
MC		 2211
2212static int sni_cb(SSL *s, int *al, void *arg)
2213{
2214 SSL_CTX *ctx = (SSL_CTX *)arg;
2215
2216 if (SSL_set_SSL_CTX(s, ctx) == NULL) {
2217 *al = SSL_AD_INTERNAL_ERROR;
2218 return SSL_TLSEXT_ERR_ALERT_FATAL;
2219 }
2220 snicb++;
2221 return SSL_TLSEXT_ERR_OK;
2222}
2223
a37008d9
MC		 2224/*
2225 * Custom call back tests.
2226 * Test 0: Old style callbacks in TLSv1.2
2227 * Test 1: New style callbacks in TLSv1.2
bb01ef3f
MC		 2228 * Test 2: New style callbacks in TLSv1.2 with SNI
2229 * Test 3: New style callbacks in TLSv1.3. Extensions in CH and EE
2230 * Test 4: New style callbacks in TLSv1.3. Extensions in CH, SH, EE, Cert + NST
a37008d9 2231 */
710756a9
RS		 2232static int test_custom_exts(int tst)
2233{
bb01ef3f 2234 SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
a37008d9
MC		 2235 SSL *clientssl = NULL, *serverssl = NULL;
2236 int testresult = 0;
2237 static int server = 1;
2238 static int client = 0;
2239 SSL_SESSION *sess = NULL;
2240 unsigned int context;
2241
2242 /* Reset callback counters */
2243 clntaddoldcb = clntparseoldcb = srvaddoldcb = srvparseoldcb = 0;
2244 clntaddnewcb = clntparsenewcb = srvaddnewcb = srvparsenewcb = 0;
bb01ef3f 2245 snicb = 0;
a37008d9 2246
710756a9
RS		 2247 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
2248 TLS_client_method(), &sctx,
2249 &cctx, cert, privkey)))
2250 goto end;
a37008d9 2251
bb01ef3f
MC		 2252 if (tst == 2
2253 && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL, &sctx2,
2254 NULL, cert, privkey)))
2255 goto end;
2256
2257
2258 if (tst < 3) {
a37008d9
MC		 2259 SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
2260 SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
bb01ef3f
MC		 2261 if (sctx2 != NULL)
2262 SSL_CTX_set_options(sctx2, SSL_OP_NO_TLSv1_3);
a37008d9
MC		 2263 }
2264
bb01ef3f 2265 if (tst == 4) {
710756a9
RS		 2266 context = SSL_EXT_CLIENT_HELLO
2267 | SSL_EXT_TLS1_2_SERVER_HELLO
a37008d9
MC		 2268 | SSL_EXT_TLS1_3_SERVER_HELLO
2269 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
2270 | SSL_EXT_TLS1_3_CERTIFICATE
2271 | SSL_EXT_TLS1_3_NEW_SESSION_TICKET;
2272 } else {
710756a9
RS		 2273 context = SSL_EXT_CLIENT_HELLO
2274 | SSL_EXT_TLS1_2_SERVER_HELLO
a37008d9
MC		 2275 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS;
2276 }
2277
2278 /* Create a client side custom extension */
2279 if (tst == 0) {
710756a9
RS		 2280 if (!TEST_true(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1,
2281 old_add_cb, old_free_cb,
2282 &client, old_parse_cb,
2283 &client)))
2284 goto end;
a37008d9 2285 } else {
710756a9
RS		 2286 if (!TEST_true(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1, context,
2287 new_add_cb, new_free_cb,
2288 &client, new_parse_cb, &client)))
2289 goto end;
a37008d9
MC		 2290 }
2291
2292 /* Should not be able to add duplicates */
710756a9
RS		 2293 if (!TEST_false(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1,
2294 old_add_cb, old_free_cb,
2295 &client, old_parse_cb,
2296 &client))
2297 || !TEST_false(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1,
2298 context, new_add_cb,
2299 new_free_cb, &client,
2300 new_parse_cb, &client)))
2301 goto end;
a37008d9
MC		 2302
2303 /* Create a server side custom extension */
2304 if (tst == 0) {
710756a9
RS		 2305 if (!TEST_true(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1,
2306 old_add_cb, old_free_cb,
2307 &server, old_parse_cb,
2308 &server)))
2309 goto end;
a37008d9 2310 } else {
710756a9
RS		 2311 if (!TEST_true(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1, context,
2312 new_add_cb, new_free_cb,
2313 &server, new_parse_cb, &server)))
2314 goto end;
bb01ef3f
MC		 2315 if (sctx2 != NULL
2316 && !TEST_true(SSL_CTX_add_custom_ext(sctx2, TEST_EXT_TYPE1,
2317 context, new_add_cb,
2318 new_free_cb, &server,
2319 new_parse_cb, &server)))
2320 goto end;
a37008d9
MC		 2321 }
2322
2323 /* Should not be able to add duplicates */
710756a9
RS		 2324 if (!TEST_false(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1,
2325 old_add_cb, old_free_cb,
2326 &server, old_parse_cb,
2327 &server))
2328 || !TEST_false(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1,
2329 context, new_add_cb,
2330 new_free_cb, &server,
2331 new_parse_cb, &server)))
a37008d9 2332 goto end;
a37008d9 2333
bb01ef3f
MC		 2334 if (tst == 2) {
2335 /* Set up SNI */
2336 if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb))
2337 || !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2)))
2338 goto end;
2339 }
2340
710756a9
RS		 2341 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
2342 &clientssl, NULL, NULL))
2343 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2344 SSL_ERROR_NONE)))
a37008d9 2345 goto end;
a37008d9
MC		 2346
2347 if (tst == 0) {
710756a9
RS		 2348 if (clntaddoldcb != 1
2349 || clntparseoldcb != 1
2350 || srvaddoldcb != 1
2351 || srvparseoldcb != 1)
a37008d9 2352 goto end;
bb01ef3f 2353 } else if (tst == 1 || tst == 2 || tst == 3) {
710756a9
RS		 2354 if (clntaddnewcb != 1
2355 || clntparsenewcb != 1
2356 || srvaddnewcb != 1
bb01ef3f
MC		 2357 || srvparsenewcb != 1
2358 || (tst != 2 && snicb != 0)
2359 || (tst == 2 && snicb != 1))
a37008d9 2360 goto end;
a37008d9 2361 } else {
710756a9
RS		 2362 if (clntaddnewcb != 1
2363 || clntparsenewcb != 4
2364 || srvaddnewcb != 4
2365 || srvparsenewcb != 1)
a37008d9 2366 goto end;
a37008d9
MC		 2367 }
2368
2369 sess = SSL_get1_session(clientssl);
a37008d9
MC		 2370 SSL_shutdown(clientssl);
2371 SSL_shutdown(serverssl);
a37008d9
MC		 2372 SSL_free(serverssl);
2373 SSL_free(clientssl);
2374 serverssl = clientssl = NULL;
2375
bb01ef3f
MC		 2376 if (tst == 3) {
2377 /* We don't bother with the resumption aspects for this test */
2378 testresult = 1;
2379 goto end;
2380 }
2381
710756a9
RS		 2382 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2383 NULL, NULL))
2384 || !TEST_true(SSL_set_session(clientssl, sess))
2385 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2386 SSL_ERROR_NONE)))
a37008d9 2387 goto end;
a37008d9
MC		 2388
2389 /*
2390 * For a resumed session we expect to add the ClientHello extension. For the
2391 * old style callbacks we ignore it on the server side because they set
2392 * SSL_EXT_IGNORE_ON_RESUMPTION. The new style callbacks do not ignore
2393 * them.
2394 */
2395 if (tst == 0) {
710756a9
RS		 2396 if (clntaddoldcb != 2
2397 || clntparseoldcb != 1
2398 || srvaddoldcb != 1
2399 || srvparseoldcb != 1)
a37008d9 2400 goto end;
bb01ef3f 2401 } else if (tst == 1 || tst == 2 || tst == 3) {
710756a9
RS		 2402 if (clntaddnewcb != 2
2403 || clntparsenewcb != 2
2404 || srvaddnewcb != 2
2405 || srvparsenewcb != 2)
a37008d9 2406 goto end;
a37008d9
MC		 2407 } else {
2408 /* No Certificate message extensions in the resumption handshake */
710756a9
RS		 2409 if (clntaddnewcb != 2
2410 || clntparsenewcb != 7
2411 || srvaddnewcb != 7
2412 || srvparsenewcb != 2)
a37008d9 2413 goto end;
a37008d9
MC		 2414 }
2415
2416 testresult = 1;
2417
2418end:
2419 SSL_SESSION_free(sess);
2420 SSL_free(serverssl);
2421 SSL_free(clientssl);
bb01ef3f 2422 SSL_CTX_free(sctx2);
a37008d9
MC		 2423 SSL_CTX_free(sctx);
2424 SSL_CTX_free(cctx);
a37008d9
MC		 2425 return testresult;
2426}
2427
16afd71c
MC		 2428/*
2429 * Test loading of serverinfo data in various formats. test_sslmessages actually
2430 * tests to make sure the extensions appear in the handshake
2431 */
2432static int test_serverinfo(int tst)
2433{
2434 unsigned int version;
2435 unsigned char *sibuf;
2436 size_t sibuflen;
2437 int ret, expected, testresult = 0;
2438 SSL_CTX *ctx;
2439
2440 ctx = SSL_CTX_new(TLS_method());
2441 if (!TEST_ptr(ctx))
2442 goto end;
2443
2444 if ((tst & 0x01) == 0x01)
2445 version = SSL_SERVERINFOV2;
2446 else
2447 version = SSL_SERVERINFOV1;
2448
2449 if ((tst & 0x02) == 0x02) {
2450 sibuf = serverinfov2;
2451 sibuflen = sizeof(serverinfov2);
2452 expected = (version == SSL_SERVERINFOV2);
2453 } else {
2454 sibuf = serverinfov1;
2455 sibuflen = sizeof(serverinfov1);
2456 expected = (version == SSL_SERVERINFOV1);
2457 }
2458
2459 if ((tst & 0x04) == 0x04) {
2460 ret = SSL_CTX_use_serverinfo_ex(ctx, version, sibuf, sibuflen);
2461 } else {
2462 ret = SSL_CTX_use_serverinfo(ctx, sibuf, sibuflen);
2463
2464 /*
2465 * The version variable is irrelevant in this case - it's what is in the
2466 * buffer that matters
2467 */
2468 if ((tst & 0x02) == 0x02)
2469 expected = 0;
2470 else
2471 expected = 1;
2472 }
2473
2474 if (!TEST_true(ret == expected))
2475 goto end;
2476
2477 testresult = 1;
2478
2479 end:
2480 SSL_CTX_free(ctx);
2481
2482 return testresult;
2483}
2484
e364c3b2 2485int test_main(int argc, char *argv[])
2cb4b5f6 2486{
c887104f 2487 int testresult = 1;
2cb4b5f6
MC		 2488
2489 if (argc != 3) {
710756a9
RS		 2490 TEST_error("Wrong argument count");
2491 return 0;
2cb4b5f6
MC		 2492 }
2493
2494 cert = argv[1];
2495 privkey = argv[2];
2496
84d5549e 2497 ADD_TEST(test_large_message_tls);
7856332e 2498 ADD_TEST(test_large_message_tls_read_ahead);
55386bef 2499#ifndef OPENSSL_NO_DTLS
84d5549e 2500 ADD_TEST(test_large_message_dtls);
55386bef 2501#endif
8f8c11d8 2502#ifndef OPENSSL_NO_OCSP
c887104f 2503 ADD_TEST(test_tlsext_status_type);
8f8c11d8 2504#endif
eaa776da
MC		 2505 ADD_TEST(test_session_with_only_int_cache);
2506 ADD_TEST(test_session_with_only_ext_cache);
2507 ADD_TEST(test_session_with_both_cache);
7fb4c820 2508 ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS);
9a716987
MC		 2509 ADD_TEST(test_ssl_bio_pop_next_bio);
2510 ADD_TEST(test_ssl_bio_pop_ssl_bio);
2511 ADD_TEST(test_ssl_bio_change_rbio);
2512 ADD_TEST(test_ssl_bio_change_wbio);
f1b25aae 2513 ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2);
6acdd3e5
CB		 2514 ADD_TEST(test_keylog);
2515#ifndef OPENSSL_NO_TLS1_3
2516 ADD_TEST(test_keylog_no_master_key);
2517#endif
e9ee6536 2518#ifndef OPENSSL_NO_TLS1_2
2afaee51 2519 ADD_TEST(test_early_cb);
5f982038
MC		 2520#endif
2521#ifndef OPENSSL_NO_TLS1_3
3cb47b4e
MC		 2522 ADD_ALL_TESTS(test_early_data_read_write, 2);
2523 ADD_ALL_TESTS(test_early_data_skip, 2);
2524 ADD_ALL_TESTS(test_early_data_not_sent, 2);
2525 ADD_ALL_TESTS(test_early_data_not_expected, 2);
5f982038 2526# ifndef OPENSSL_NO_TLS1_2
3cb47b4e 2527 ADD_ALL_TESTS(test_early_data_tls1_2, 2);
5f982038 2528# endif
e9ee6536 2529#endif
a273157a 2530#ifndef OPENSSL_NO_TLS1_3
ca0413ae 2531 ADD_TEST(test_ciphersuite_change);
ca8c71ba 2532 ADD_TEST(test_tls13_psk);
bb01ef3f 2533 ADD_ALL_TESTS(test_custom_exts, 5);
a273157a 2534#else
bb01ef3f 2535 ADD_ALL_TESTS(test_custom_exts, 3);
a273157a 2536#endif
16afd71c 2537 ADD_ALL_TESTS(test_serverinfo, 8);
2cb4b5f6 2538
c887104f 2539 testresult = run_tests(argv[0]);
2cb4b5f6 2540
fa454945
MC		 2541 bio_s_mempacket_test_free();
2542
c887104f 2543 return testresult;
2cb4b5f6 2544}
A mirror of the official openssl repository