]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/sslapitest.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add SSL_SESSION_set_max_early_data()
[thirdparty/openssl.git] / test / sslapitest.c
CommitLineData
2cb4b5f6 1/*
ad887416 2 * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
2cb4b5f6
MC		 3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
ba881d3b
MC		 10#include <string.h>
11
2cb4b5f6
MC		 12#include <openssl/opensslconf.h>
13#include <openssl/bio.h>
14#include <openssl/crypto.h>
15#include <openssl/ssl.h>
ba881d3b 16#include <openssl/ocsp.h>
2cb4b5f6
MC		 17
18#include "ssltestlib.h"
c887104f 19#include "testutil.h"
176db6dc 20#include "internal/nelem.h"
ca0413ae 21#include "../ssl/ssl_locl.h"
2cb4b5f6
MC		 22
23static char *cert = NULL;
24static char *privkey = NULL;
25
6acdd3e5
CB		 26#define LOG_BUFFER_SIZE 1024
27static char server_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
710756a9 28static size_t server_log_buffer_index = 0;
6acdd3e5 29static char client_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
710756a9 30static size_t client_log_buffer_index = 0;
6acdd3e5
CB		 31static int error_writing_log = 0;
32
8f8c11d8 33#ifndef OPENSSL_NO_OCSP
ba881d3b
MC		 34static const unsigned char orespder[] = "Dummy OCSP Response";
35static int ocsp_server_called = 0;
36static int ocsp_client_called = 0;
37
38static int cdummyarg = 1;
39static X509 *ocspcert = NULL;
8f8c11d8 40#endif
ba881d3b 41
84d5549e
MC		 42#define NUM_EXTRA_CERTS 40
43
f1a5939f
CB		 44/*
45 * This structure is used to validate that the correct number of log messages
46 * of various types are emitted when emitting secret logs.
47 */
48struct sslapitest_log_counts {
49 unsigned int rsa_key_exchange_count;
50 unsigned int master_secret_count;
51 unsigned int client_handshake_secret_count;
52 unsigned int server_handshake_secret_count;
53 unsigned int client_application_secret_count;
54 unsigned int server_application_secret_count;
55};
56
16afd71c
MC		 57
58static unsigned char serverinfov1[] = {
59 0xff, 0xff, /* Dummy extension type */
60 0x00, 0x01, /* Extension length is 1 byte */
61 0xff /* Dummy extension data */
62};
63
64static unsigned char serverinfov2[] = {
65 0x00, 0x00, 0x00,
66 (unsigned char)(SSL_EXT_CLIENT_HELLO & 0xff), /* Dummy context - 4 bytes */
67 0xff, 0xff, /* Dummy extension type */
68 0x00, 0x01, /* Extension length is 1 byte */
69 0xff /* Dummy extension data */
70};
71
710756a9
RS		 72static void client_keylog_callback(const SSL *ssl, const char *line)
73{
6acdd3e5
CB		 74 int line_length = strlen(line);
75
76 /* If the log doesn't fit, error out. */
710756a9
RS		 77 if (client_log_buffer_index + line_length > sizeof(client_log_buffer) - 1) {
78 TEST_info("Client log too full");
6acdd3e5
CB		 79 error_writing_log = 1;
80 return;
81 }
82
83 strcat(client_log_buffer, line);
84 client_log_buffer_index += line_length;
710756a9 85 client_log_buffer[client_log_buffer_index++] = '\n';
6acdd3e5
CB		 86}
87
710756a9
RS		 88static void server_keylog_callback(const SSL *ssl, const char *line)
89{
6acdd3e5
CB		 90 int line_length = strlen(line);
91
92 /* If the log doesn't fit, error out. */
710756a9 93 if (server_log_buffer_index + line_length > sizeof(server_log_buffer) - 1) {
bdcacd93 94 TEST_info("Server log too full");
6acdd3e5
CB		 95 error_writing_log = 1;
96 return;
97 }
98
99 strcat(server_log_buffer, line);
100 server_log_buffer_index += line_length;
710756a9 101 server_log_buffer[server_log_buffer_index++] = '\n';
6acdd3e5
CB		 102}
103
104static int compare_hex_encoded_buffer(const char *hex_encoded,
105 size_t hex_length,
106 const uint8_t *raw,
710756a9
RS		 107 size_t raw_length)
108{
109 size_t i, j;
110 char hexed[3];
6acdd3e5 111
710756a9 112 if (!TEST_size_t_eq(raw_length * 2, hex_length))
6acdd3e5 113 return 1;
6acdd3e5 114
710756a9 115 for (i = j = 0; i < raw_length && j + 1 < hex_length; i++, j += 2) {
6acdd3e5 116 sprintf(hexed, "%02x", raw[i]);
710756a9
RS		 117 if (!TEST_int_eq(hexed[0], hex_encoded[j])
118 || !TEST_int_eq(hexed[1], hex_encoded[j + 1]))
6acdd3e5 119 return 1;
6acdd3e5
CB		 120 }
121
122 return 0;
123}
124
125static int test_keylog_output(char *buffer, const SSL *ssl,
f1a5939f 126 const SSL_SESSION *session,
710756a9
RS		 127 struct sslapitest_log_counts *expected)
128{
6acdd3e5
CB		 129 char *token = NULL;
130 unsigned char actual_client_random[SSL3_RANDOM_SIZE] = {0};
131 size_t client_random_size = SSL3_RANDOM_SIZE;
132 unsigned char actual_master_key[SSL_MAX_MASTER_KEY_LENGTH] = {0};
133 size_t master_key_size = SSL_MAX_MASTER_KEY_LENGTH;
f1a5939f
CB		 134 unsigned int rsa_key_exchange_count = 0;
135 unsigned int master_secret_count = 0;
136 unsigned int client_handshake_secret_count = 0;
137 unsigned int server_handshake_secret_count = 0;
138 unsigned int client_application_secret_count = 0;
139 unsigned int server_application_secret_count = 0;
6acdd3e5 140
710756a9
RS		 141 for (token = strtok(buffer, " \n"); token != NULL;
142 token = strtok(NULL, " \n")) {
6acdd3e5 143 if (strcmp(token, "RSA") == 0) {
f1a5939f
CB		 144 /*
145 * Premaster secret. Tokens should be: 16 ASCII bytes of
6acdd3e5
CB		 146 * hex-encoded encrypted secret, then the hex-encoded pre-master
147 * secret.
148 */
710756a9 149 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 150 return 0;
710756a9 151 if (!TEST_size_t_eq(strlen(token), 16))
f1a5939f 152 return 0;
710756a9 153 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 154 return 0;
f1a5939f
CB		 155 /*
156 * We can't sensibly check the log because the premaster secret is
157 * transient, and OpenSSL doesn't keep hold of it once the master
158 * secret is generated.
159 */
160 rsa_key_exchange_count++;
6acdd3e5 161 } else if (strcmp(token, "CLIENT_RANDOM") == 0) {
f1a5939f
CB		 162 /*
163 * Master secret. Tokens should be: 64 ASCII bytes of hex-encoded
6acdd3e5
CB		 164 * client random, then the hex-encoded master secret.
165 */
166 client_random_size = SSL_get_client_random(ssl,
167 actual_client_random,
168 SSL3_RANDOM_SIZE);
710756a9 169 if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE))
f1a5939f 170 return 0;
6acdd3e5 171
710756a9 172 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 173 return 0;
710756a9 174 if (!TEST_size_t_eq(strlen(token), 64))
f1a5939f 175 return 0;
710756a9
RS		 176 if (!TEST_false(compare_hex_encoded_buffer(token, 64,
177 actual_client_random,
178 client_random_size)))
f1a5939f 179 return 0;
6acdd3e5 180
710756a9 181 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 182 return 0;
6acdd3e5
CB		 183 master_key_size = SSL_SESSION_get_master_key(session,
184 actual_master_key,
185 master_key_size);
710756a9 186 if (!TEST_size_t_ne(master_key_size, 0))
f1a5939f 187 return 0;
710756a9
RS		 188 if (!TEST_false(compare_hex_encoded_buffer(token, strlen(token),
189 actual_master_key,
190 master_key_size)))
f1a5939f 191 return 0;
f1a5939f 192 master_secret_count++;
710756a9
RS		 193 } else if (strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0
194 || strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0
195 || strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0
196 || strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0) {
f1a5939f
CB		 197 /*
198 * TLSv1.3 secret. Tokens should be: 64 ASCII bytes of hex-encoded
199 * client random, and then the hex-encoded secret. In this case,
200 * we treat all of these secrets identically and then just
201 * distinguish between them when counting what we saw.
202 */
203 if (strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0)
204 client_handshake_secret_count++;
205 else if (strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0)
206 server_handshake_secret_count++;
207 else if (strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0)
208 client_application_secret_count++;
209 else if (strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0)
210 server_application_secret_count++;
211
212 client_random_size = SSL_get_client_random(ssl,
213 actual_client_random,
214 SSL3_RANDOM_SIZE);
710756a9 215 if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE))
f1a5939f 216 return 0;
f1a5939f 217
710756a9 218 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 219 return 0;
710756a9 220 if (!TEST_size_t_eq(strlen(token), 64))
f1a5939f 221 return 0;
710756a9
RS		 222 if (!TEST_false(compare_hex_encoded_buffer(token, 64,
223 actual_client_random,
224 client_random_size)))
f1a5939f 225 return 0;
6acdd3e5 226
710756a9 227 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 228 return 0;
f1a5939f
CB		 229
230 /*
231 * TODO(TLS1.3): test that application traffic secrets are what
232 * we expect */
6acdd3e5 233 } else {
710756a9 234 TEST_info("Unexpected token %s\n", token);
f1a5939f 235 return 0;
6acdd3e5 236 }
6acdd3e5
CB		 237 }
238
710756a9
RS		 239 /* Got what we expected? */
240 if (!TEST_size_t_eq(rsa_key_exchange_count,
241 expected->rsa_key_exchange_count)
242 || !TEST_size_t_eq(master_secret_count,
243 expected->master_secret_count)
244 || !TEST_size_t_eq(client_handshake_secret_count,
245 expected->client_handshake_secret_count)
246 || !TEST_size_t_eq(server_handshake_secret_count,
247 expected->server_handshake_secret_count)
248 || !TEST_size_t_eq(client_application_secret_count,
249 expected->client_application_secret_count)
250 || !TEST_size_t_eq(server_application_secret_count,
251 expected->server_application_secret_count))
252 return 0;
253 return 1;
6acdd3e5
CB		 254}
255
710756a9
RS		 256static int test_keylog(void)
257{
6acdd3e5
CB		 258 SSL_CTX *cctx = NULL, *sctx = NULL;
259 SSL *clientssl = NULL, *serverssl = NULL;
260 int testresult = 0;
f1a5939f 261 struct sslapitest_log_counts expected = {0};
6acdd3e5
CB		 262
263 /* Clean up logging space */
710756a9
RS		 264 memset(client_log_buffer, 0, sizeof(client_log_buffer));
265 memset(server_log_buffer, 0, sizeof(server_log_buffer));
6acdd3e5
CB		 266 client_log_buffer_index = 0;
267 server_log_buffer_index = 0;
268 error_writing_log = 0;
269
710756a9
RS		 270 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
271 TLS_client_method(),
272 &sctx, &cctx, cert, privkey)))
6acdd3e5 273 return 0;
6acdd3e5
CB		 274
275 /* We cannot log the master secret for TLSv1.3, so we should forbid it. */
276 SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
277 SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
278
f0deb4d3 279 /* We also want to ensure that we use RSA-based key exchange. */
710756a9 280 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "RSA")))
f0deb4d3 281 goto end;
f0deb4d3 282
cf10df81
RS		 283 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL)
284 || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL))
6acdd3e5 285 goto end;
6acdd3e5 286 SSL_CTX_set_keylog_callback(cctx, client_keylog_callback);
cf10df81
RS		 287 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx)
288 == client_keylog_callback))
6acdd3e5 289 goto end;
710756a9 290 SSL_CTX_set_keylog_callback(sctx, server_keylog_callback);
cf10df81
RS		 291 if (!TEST_true(SSL_CTX_get_keylog_callback(sctx)
292 == server_keylog_callback))
6acdd3e5 293 goto end;
6acdd3e5 294
710756a9
RS		 295 /* Now do a handshake and check that the logs have been written to. */
296 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
297 &clientssl, NULL, NULL))
298 || !TEST_true(create_ssl_connection(serverssl, clientssl,
299 SSL_ERROR_NONE))
300 || !TEST_false(error_writing_log)
301 || !TEST_int_gt(client_log_buffer_index, 0)
302 || !TEST_int_gt(server_log_buffer_index, 0))
6acdd3e5 303 goto end;
6acdd3e5 304
f1a5939f
CB		 305 /*
306 * Now we want to test that our output data was vaguely sensible. We
6acdd3e5 307 * do that by using strtok and confirming that we have more or less the
f1a5939f
CB		 308 * data we expect. For both client and server, we expect to see one master
309 * secret. The client should also see a RSA key exchange.
6acdd3e5 310 */
f1a5939f
CB		 311 expected.rsa_key_exchange_count = 1;
312 expected.master_secret_count = 1;
710756a9
RS		 313 if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
314 SSL_get_session(clientssl), &expected)))
6acdd3e5 315 goto end;
f1a5939f
CB		 316
317 expected.rsa_key_exchange_count = 0;
710756a9
RS		 318 if (!TEST_true(test_keylog_output(server_log_buffer, serverssl,
319 SSL_get_session(serverssl), &expected)))
6acdd3e5 320 goto end;
6acdd3e5
CB		 321
322 testresult = 1;
323
324end:
325 SSL_free(serverssl);
326 SSL_free(clientssl);
327 SSL_CTX_free(sctx);
328 SSL_CTX_free(cctx);
329
330 return testresult;
331}
332
333#ifndef OPENSSL_NO_TLS1_3
710756a9
RS		 334static int test_keylog_no_master_key(void)
335{
6acdd3e5
CB		 336 SSL_CTX *cctx = NULL, *sctx = NULL;
337 SSL *clientssl = NULL, *serverssl = NULL;
338 int testresult = 0;
f1a5939f 339 struct sslapitest_log_counts expected = {0};
6acdd3e5
CB		 340
341 /* Clean up logging space */
710756a9
RS		 342 memset(client_log_buffer, 0, sizeof(client_log_buffer));
343 memset(server_log_buffer, 0, sizeof(server_log_buffer));
6acdd3e5
CB		 344 client_log_buffer_index = 0;
345 server_log_buffer_index = 0;
346 error_writing_log = 0;
347
710756a9
RS		 348 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
349 TLS_client_method(), &sctx,
350 &cctx, cert, privkey)))
6acdd3e5 351 return 0;
6acdd3e5 352
cf10df81
RS		 353 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL)
354 || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL))
6acdd3e5 355 goto end;
6acdd3e5
CB		 356
357 SSL_CTX_set_keylog_callback(cctx, client_keylog_callback);
cf10df81
RS		 358 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx)
359 == client_keylog_callback))
6acdd3e5 360 goto end;
6acdd3e5 361
710756a9 362 SSL_CTX_set_keylog_callback(sctx, server_keylog_callback);
cf10df81
RS		 363 if (!TEST_true(SSL_CTX_get_keylog_callback(sctx)
364 == server_keylog_callback))
6acdd3e5 365 goto end;
6acdd3e5 366
710756a9
RS		 367 /* Now do a handshake and check that the logs have been written to. */
368 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
369 &clientssl, NULL, NULL))
370 || !TEST_true(create_ssl_connection(serverssl, clientssl,
371 SSL_ERROR_NONE))
372 || !TEST_false(error_writing_log))
6acdd3e5 373 goto end;
6acdd3e5 374
f1a5939f
CB		 375 /*
376 * Now we want to test that our output data was vaguely sensible. For this
69687aa8 377 * test, we expect no CLIENT_RANDOM entry because it doesn't make sense for
f1a5939f 378 * TLSv1.3, but we do expect both client and server to emit keys.
6acdd3e5 379 */
f1a5939f
CB		 380 expected.client_handshake_secret_count = 1;
381 expected.server_handshake_secret_count = 1;
382 expected.client_application_secret_count = 1;
383 expected.server_application_secret_count = 1;
710756a9
RS		 384 if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
385 SSL_get_session(clientssl), &expected))
386 || !TEST_true(test_keylog_output(server_log_buffer, serverssl,
387 SSL_get_session(serverssl),
388 &expected)))
6acdd3e5 389 goto end;
6acdd3e5
CB		 390
391 testresult = 1;
392
393end:
394 SSL_free(serverssl);
395 SSL_free(clientssl);
396 SSL_CTX_free(sctx);
397 SSL_CTX_free(cctx);
398
399 return testresult;
400}
401#endif
402
e9ee6536 403#ifndef OPENSSL_NO_TLS1_2
2afaee51
BK		 404static int full_early_callback(SSL *s, int *al, void *arg)
405{
406 int *ctr = arg;
407 const unsigned char *p;
8ea404fb 408 int *exts;
2afaee51
BK		 409 /* We only configure two ciphers, but the SCSV is added automatically. */
410#ifdef OPENSSL_NO_EC
411 const unsigned char expected_ciphers[] = {0x00, 0x9d, 0x00, 0xff};
412#else
413 const unsigned char expected_ciphers[] = {0x00, 0x9d, 0xc0,
414 0x2c, 0x00, 0xff};
415#endif
8ea404fb
BK		 416 const int expected_extensions[] = {
417#ifndef OPENSSL_NO_EC
418 11, 10,
419#endif
10ed1b72 420 35, 22, 23, 13};
2afaee51
BK		 421 size_t len;
422
423 /* Make sure we can defer processing and get called back. */
424 if ((*ctr)++ == 0)
425 return -1;
426
427 len = SSL_early_get0_ciphers(s, &p);
710756a9
RS		 428 if (!TEST_mem_eq(p, len, expected_ciphers, sizeof(expected_ciphers))
429 || !TEST_size_t_eq(SSL_early_get0_compression_methods(s, &p), 1)
430 || !TEST_int_eq(*p, 0))
2afaee51 431 return 0;
8ea404fb
BK		 432 if (!SSL_early_get1_extensions_present(s, &exts, &len))
433 return 0;
434 if (len != OSSL_NELEM(expected_extensions) ||
435 memcmp(exts, expected_extensions, len * sizeof(*exts)) != 0) {
436 printf("Early callback expected ClientHello extensions mismatch\n");
437 OPENSSL_free(exts);
438 return 0;
439 }
440 OPENSSL_free(exts);
2afaee51
BK		 441 return 1;
442}
443
710756a9
RS		 444static int test_early_cb(void)
445{
2afaee51
BK		 446 SSL_CTX *cctx = NULL, *sctx = NULL;
447 SSL *clientssl = NULL, *serverssl = NULL;
448 int testctr = 0, testresult = 0;
449
710756a9
RS		 450 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
451 TLS_client_method(), &sctx,
452 &cctx, cert, privkey)))
2afaee51 453 goto end;
2afaee51 454 SSL_CTX_set_early_cb(sctx, full_early_callback, &testctr);
710756a9 455
2afaee51
BK		 456 /* The gimpy cipher list we configure can't do TLS 1.3. */
457 SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
2afaee51 458
710756a9
RS		 459 if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
460 "AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384"))
461 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
462 &clientssl, NULL, NULL))
463 || !TEST_false(create_ssl_connection(serverssl, clientssl,
464 SSL_ERROR_WANT_EARLY))
465 /*
466 * Passing a -1 literal is a hack since
467 * the real value was lost.
468 * */
469 || !TEST_int_eq(SSL_get_error(serverssl, -1), SSL_ERROR_WANT_EARLY)
470 || !TEST_true(create_ssl_connection(serverssl, clientssl,
471 SSL_ERROR_NONE)))
2afaee51 472 goto end;
2afaee51
BK		 473
474 testresult = 1;
475
476end:
477 SSL_free(serverssl);
478 SSL_free(clientssl);
479 SSL_CTX_free(sctx);
480 SSL_CTX_free(cctx);
481
482 return testresult;
483}
e9ee6536 484#endif
2afaee51 485
84d5549e 486static int execute_test_large_message(const SSL_METHOD *smeth,
7856332e 487 const SSL_METHOD *cmeth, int read_ahead)
84d5549e
MC		 488{
489 SSL_CTX *cctx = NULL, *sctx = NULL;
490 SSL *clientssl = NULL, *serverssl = NULL;
491 int testresult = 0;
492 int i;
710756a9 493 BIO *certbio = NULL;
84d5549e
MC		 494 X509 *chaincert = NULL;
495 int certlen;
496
710756a9 497 if (!TEST_ptr(certbio = BIO_new_file(cert, "r")))
84d5549e 498 goto end;
84d5549e 499 chaincert = PEM_read_bio_X509(certbio, NULL, NULL, NULL);
fa454945
MC		 500 BIO_free(certbio);
501 certbio = NULL;
710756a9 502 if (!TEST_ptr(chaincert))
fa454945 503 goto end;
84d5549e 504
710756a9
RS		 505 if (!TEST_true(create_ssl_ctx_pair(smeth, cmeth, &sctx,
506 &cctx, cert, privkey)))
84d5549e 507 goto end;
84d5549e 508
710756a9 509 if (read_ahead) {
7856332e
MC		 510 /*
511 * Test that read_ahead works correctly when dealing with large
512 * records
513 */
514 SSL_CTX_set_read_ahead(cctx, 1);
515 }
516
84d5549e
MC		 517 /*
518 * We assume the supplied certificate is big enough so that if we add
519 * NUM_EXTRA_CERTS it will make the overall message large enough. The
520 * default buffer size is requested to be 16k, but due to the way BUF_MEM
710756a9
RS		 521 * works, it ends up allocating a little over 21k (16 * 4/3). So, in this
522 * test we need to have a message larger than that.
84d5549e
MC		 523 */
524 certlen = i2d_X509(chaincert, NULL);
710756a9
RS		 525 OPENSSL_assert(certlen * NUM_EXTRA_CERTS >
526 (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3);
84d5549e 527 for (i = 0; i < NUM_EXTRA_CERTS; i++) {
710756a9 528 if (!X509_up_ref(chaincert))
84d5549e 529 goto end;
84d5549e 530 if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) {
84d5549e
MC		 531 X509_free(chaincert);
532 goto end;
533 }
534 }
535
710756a9
RS		 536 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
537 NULL, NULL))
538 || !TEST_true(create_ssl_connection(serverssl, clientssl,
539 SSL_ERROR_NONE)))
84d5549e 540 goto end;
84d5549e 541
4bf08600
MC		 542 /*
543 * Calling SSL_clear() first is not required but this tests that SSL_clear()
544 * doesn't leak (when using enable-crypto-mdebug).
545 */
710756a9 546 if (!TEST_true(SSL_clear(serverssl)))
4bf08600 547 goto end;
84d5549e 548
4bf08600 549 testresult = 1;
84d5549e
MC		 550 end:
551 X509_free(chaincert);
552 SSL_free(serverssl);
553 SSL_free(clientssl);
554 SSL_CTX_free(sctx);
555 SSL_CTX_free(cctx);
556
557 return testresult;
558}
559
560static int test_large_message_tls(void)
561{
7856332e
MC		 562 return execute_test_large_message(TLS_server_method(), TLS_client_method(),
563 0);
564}
565
566static int test_large_message_tls_read_ahead(void)
567{
568 return execute_test_large_message(TLS_server_method(), TLS_client_method(),
569 1);
84d5549e
MC		 570}
571
55386bef 572#ifndef OPENSSL_NO_DTLS
84d5549e
MC		 573static int test_large_message_dtls(void)
574{
7856332e
MC		 575 /*
576 * read_ahead is not relevant to DTLS because DTLS always acts as if
577 * read_ahead is set.
578 */
84d5549e 579 return execute_test_large_message(DTLS_server_method(),
7856332e 580 DTLS_client_method(), 0);
84d5549e 581}
55386bef 582#endif
84d5549e 583
8f8c11d8 584#ifndef OPENSSL_NO_OCSP
ba881d3b
MC		 585static int ocsp_server_cb(SSL *s, void *arg)
586{
587 int *argi = (int *)arg;
710756a9 588 unsigned char *copy = NULL;
ba881d3b
MC		 589 STACK_OF(OCSP_RESPID) *ids = NULL;
590 OCSP_RESPID *id = NULL;
591
592 if (*argi == 2) {
593 /* In this test we are expecting exactly 1 OCSP_RESPID */
594 SSL_get_tlsext_status_ids(s, &ids);
595 if (ids == NULL || sk_OCSP_RESPID_num(ids) != 1)
596 return SSL_TLSEXT_ERR_ALERT_FATAL;
597
598 id = sk_OCSP_RESPID_value(ids, 0);
599 if (id == NULL || !OCSP_RESPID_match(id, ocspcert))
600 return SSL_TLSEXT_ERR_ALERT_FATAL;
601 } else if (*argi != 1) {
602 return SSL_TLSEXT_ERR_ALERT_FATAL;
603 }
604
710756a9 605 if (!TEST_ptr(copy = OPENSSL_memdup(orespder, sizeof(orespder))))
ba881d3b
MC		 606 return SSL_TLSEXT_ERR_ALERT_FATAL;
607
710756a9 608 SSL_set_tlsext_status_ocsp_resp(s, copy, sizeof(orespder));
ba881d3b 609 ocsp_server_called = 1;
ba881d3b
MC		 610 return SSL_TLSEXT_ERR_OK;
611}
612
613static int ocsp_client_cb(SSL *s, void *arg)
614{
615 int *argi = (int *)arg;
616 const unsigned char *respderin;
617 size_t len;
618
619 if (*argi != 1 && *argi != 2)
620 return 0;
621
622 len = SSL_get_tlsext_status_ocsp_resp(s, &respderin);
710756a9 623 if (!TEST_mem_eq(orespder, len, respderin, len))
ba881d3b
MC		 624 return 0;
625
626 ocsp_client_called = 1;
ba881d3b
MC		 627 return 1;
628}
629
2cb4b5f6
MC		 630static int test_tlsext_status_type(void)
631{
ba881d3b
MC		 632 SSL_CTX *cctx = NULL, *sctx = NULL;
633 SSL *clientssl = NULL, *serverssl = NULL;
2cb4b5f6 634 int testresult = 0;
ba881d3b
MC		 635 STACK_OF(OCSP_RESPID) *ids = NULL;
636 OCSP_RESPID *id = NULL;
637 BIO *certbio = NULL;
2cb4b5f6 638
ba881d3b 639 if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx,
710756a9 640 &cctx, cert, privkey))
ba881d3b 641 return 0;
2cb4b5f6 642
710756a9 643 if (SSL_CTX_get_tlsext_status_type(cctx) != -1)
2cb4b5f6 644 goto end;
2cb4b5f6 645
ba881d3b 646 /* First just do various checks getting and setting tlsext_status_type */
2cb4b5f6 647
ba881d3b 648 clientssl = SSL_new(cctx);
710756a9
RS		 649 if (!TEST_int_eq(SSL_get_tlsext_status_type(clientssl), -1)
650 || !TEST_true(SSL_set_tlsext_status_type(clientssl,
651 TLSEXT_STATUSTYPE_ocsp))
652 || !TEST_int_eq(SSL_get_tlsext_status_type(clientssl),
653 TLSEXT_STATUSTYPE_ocsp))
2cb4b5f6 654 goto end;
2cb4b5f6 655
ba881d3b
MC		 656 SSL_free(clientssl);
657 clientssl = NULL;
2cb4b5f6 658
710756a9
RS		 659 if (!SSL_CTX_set_tlsext_status_type(cctx, TLSEXT_STATUSTYPE_ocsp)
660 || SSL_CTX_get_tlsext_status_type(cctx) != TLSEXT_STATUSTYPE_ocsp)
2cb4b5f6 661 goto end;
2cb4b5f6 662
ba881d3b 663 clientssl = SSL_new(cctx);
710756a9 664 if (SSL_get_tlsext_status_type(clientssl) != TLSEXT_STATUSTYPE_ocsp)
2cb4b5f6 665 goto end;
ba881d3b
MC		 666 SSL_free(clientssl);
667 clientssl = NULL;
668
669 /*
670 * Now actually do a handshake and check OCSP information is exchanged and
671 * the callbacks get called
672 */
ba881d3b
MC		 673 SSL_CTX_set_tlsext_status_cb(cctx, ocsp_client_cb);
674 SSL_CTX_set_tlsext_status_arg(cctx, &cdummyarg);
675 SSL_CTX_set_tlsext_status_cb(sctx, ocsp_server_cb);
676 SSL_CTX_set_tlsext_status_arg(sctx, &cdummyarg);
710756a9
RS		 677 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
678 &clientssl, NULL, NULL))
679 || !TEST_true(create_ssl_connection(serverssl, clientssl,
680 SSL_ERROR_NONE))
681 || !TEST_true(ocsp_client_called)
682 || !TEST_true(ocsp_server_called))
ba881d3b 683 goto end;
ba881d3b
MC		 684 SSL_free(serverssl);
685 SSL_free(clientssl);
686 serverssl = NULL;
687 clientssl = NULL;
688
689 /* Try again but this time force the server side callback to fail */
690 ocsp_client_called = 0;
691 ocsp_server_called = 0;
692 cdummyarg = 0;
710756a9
RS		 693 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
694 &clientssl, NULL, NULL))
695 /* This should fail because the callback will fail */
696 || !TEST_false(create_ssl_connection(serverssl, clientssl,
697 SSL_ERROR_NONE))
698 || !TEST_false(ocsp_client_called)
699 || !TEST_false(ocsp_server_called))
ba881d3b 700 goto end;
ba881d3b
MC		 701 SSL_free(serverssl);
702 SSL_free(clientssl);
703 serverssl = NULL;
704 clientssl = NULL;
705
706 /*
707 * This time we'll get the client to send an OCSP_RESPID that it will
708 * accept.
709 */
710 ocsp_client_called = 0;
711 ocsp_server_called = 0;
712 cdummyarg = 2;
710756a9
RS		 713 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
714 &clientssl, NULL, NULL)))
ba881d3b 715 goto end;
ba881d3b
MC		 716
717 /*
718 * We'll just use any old cert for this test - it doesn't have to be an OCSP
69687aa8 719 * specific one. We'll use the server cert.
ba881d3b 720 */
710756a9
RS		 721 if (!TEST_ptr(certbio = BIO_new_file(cert, "r"))
722 || !TEST_ptr(id = OCSP_RESPID_new())
723 || !TEST_ptr(ids = sk_OCSP_RESPID_new_null())
724 || !TEST_ptr(ocspcert = PEM_read_bio_X509(certbio,
725 NULL, NULL, NULL))
726 || !TEST_true(OCSP_RESPID_set_by_key(id, ocspcert))
727 || !TEST_true(sk_OCSP_RESPID_push(ids, id)))
ba881d3b 728 goto end;
ba881d3b
MC		 729 id = NULL;
730 SSL_set_tlsext_status_ids(clientssl, ids);
731 /* Control has been transferred */
732 ids = NULL;
733
734 BIO_free(certbio);
735 certbio = NULL;
736
710756a9
RS		 737 if (!TEST_true(create_ssl_connection(serverssl, clientssl,
738 SSL_ERROR_NONE))
739 || !TEST_true(ocsp_client_called)
740 || !TEST_true(ocsp_server_called))
ba881d3b 741 goto end;
ba881d3b 742
2cb4b5f6
MC		 743 testresult = 1;
744
745 end:
ba881d3b
MC		 746 SSL_free(serverssl);
747 SSL_free(clientssl);
748 SSL_CTX_free(sctx);
749 SSL_CTX_free(cctx);
750 sk_OCSP_RESPID_pop_free(ids, OCSP_RESPID_free);
751 OCSP_RESPID_free(id);
752 BIO_free(certbio);
753 X509_free(ocspcert);
754 ocspcert = NULL;
2cb4b5f6
MC		 755
756 return testresult;
757}
8f8c11d8 758#endif
2cb4b5f6 759
bf208d95 760#if !defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)
0afca811 761static int new_called, remove_called, get_called;
eaa776da 762
eaa776da
MC		 763static int new_session_cb(SSL *ssl, SSL_SESSION *sess)
764{
765 new_called++;
c0537ebd
MC		 766 /*
767 * sess has been up-refed for us, but we don't actually need it so free it
768 * immediately.
769 */
770 SSL_SESSION_free(sess);
eaa776da
MC		 771 return 1;
772}
773
774static void remove_session_cb(SSL_CTX *ctx, SSL_SESSION *sess)
775{
776 remove_called++;
777}
778
7a301f08
MC		 779static SSL_SESSION *get_sess_val = NULL;
780
781static SSL_SESSION *get_session_cb(SSL *ssl, const unsigned char *id, int len,
782 int *copy)
783{
0afca811 784 get_called++;
7a301f08
MC		 785 *copy = 1;
786 return get_sess_val;
787}
788
7a301f08
MC		 789static int execute_test_session(int maxprot, int use_int_cache,
790 int use_ext_cache)
2cb4b5f6
MC		 791{
792 SSL_CTX *sctx = NULL, *cctx = NULL;
793 SSL *serverssl1 = NULL, *clientssl1 = NULL;
794 SSL *serverssl2 = NULL, *clientssl2 = NULL;
bf208d95 795# ifndef OPENSSL_NO_TLS1_1
eaa776da 796 SSL *serverssl3 = NULL, *clientssl3 = NULL;
bf208d95 797# endif
2cb4b5f6
MC		 798 SSL_SESSION *sess1 = NULL, *sess2 = NULL;
799 int testresult = 0;
800
7e885b7b
P		 801 new_called = remove_called = 0;
802
710756a9
RS		 803 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
804 TLS_client_method(), &sctx,
805 &cctx, cert, privkey)))
2cb4b5f6 806 return 0;
2cb4b5f6 807
7a301f08
MC		 808 /*
809 * Only allow the max protocol version so we can force a connection failure
810 * later
811 */
812 SSL_CTX_set_min_proto_version(cctx, maxprot);
813 SSL_CTX_set_max_proto_version(cctx, maxprot);
eaa776da
MC		 814
815 /* Set up session cache */
7e885b7b 816 if (use_ext_cache) {
eaa776da
MC		 817 SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
818 SSL_CTX_sess_set_remove_cb(cctx, remove_session_cb);
819 }
7e885b7b 820 if (use_int_cache) {
eaa776da
MC		 821 /* Also covers instance where both are set */
822 SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT);
823 } else {
824 SSL_CTX_set_session_cache_mode(cctx,
825 SSL_SESS_CACHE_CLIENT
826 | SSL_SESS_CACHE_NO_INTERNAL_STORE);
827 }
2cb4b5f6 828
710756a9
RS		 829 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
830 NULL, NULL))
831 || !TEST_true(create_ssl_connection(serverssl1, clientssl1,
832 SSL_ERROR_NONE))
833 || !TEST_ptr(sess1 = SSL_get1_session(clientssl1)))
2cb4b5f6 834 goto end;
2cb4b5f6 835
710756a9 836 /* Should fail because it should already be in the cache */
7e885b7b 837 if (use_int_cache && !TEST_false(SSL_CTX_add_session(cctx, sess1)))
eaa776da 838 goto end;
7a301f08
MC		 839 if (use_ext_cache
840 && (!TEST_int_eq(new_called, 1) || !TEST_int_eq(remove_called, 0)))
b4982125 841 goto end;
b4982125 842
c0537ebd
MC		 843 new_called = remove_called = 0;
844 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
845 &clientssl2, NULL, NULL))
846 || !TEST_true(SSL_set_session(clientssl2, sess1))
847 || !TEST_true(create_ssl_connection(serverssl2, clientssl2,
848 SSL_ERROR_NONE))
849 || !TEST_true(SSL_session_reused(clientssl2)))
850 goto end;
851
7a301f08
MC		 852 if (maxprot == TLS1_3_VERSION) {
853 /*
854 * In TLSv1.3 we should have created a new session even though we have
855 * resumed. The original session should also have been removed.
856 */
857 if (use_ext_cache
858 && (!TEST_int_eq(new_called, 1)
859 || !TEST_int_eq(remove_called, 1)))
860 goto end;
861 } else {
862 /*
863 * In TLSv1.2 we expect to have resumed so no sessions added or
864 * removed.
865 */
866 if (use_ext_cache
867 && (!TEST_int_eq(new_called, 0)
868 || !TEST_int_eq(remove_called, 0)))
869 goto end;
870 }
c0537ebd
MC		 871
872 SSL_SESSION_free(sess1);
873 if (!TEST_ptr(sess1 = SSL_get1_session(clientssl2)))
874 goto end;
875 shutdown_ssl_connection(serverssl2, clientssl2);
876 serverssl2 = clientssl2 = NULL;
c0537ebd
MC		 877
878 new_called = remove_called = 0;
710756a9
RS		 879 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
880 &clientssl2, NULL, NULL))
881 || !TEST_true(create_ssl_connection(serverssl2, clientssl2,
882 SSL_ERROR_NONE)))
2cb4b5f6 883 goto end;
2cb4b5f6 884
710756a9 885 if (!TEST_ptr(sess2 = SSL_get1_session(clientssl2)))
2cb4b5f6 886 goto end;
2cb4b5f6 887
7a301f08
MC		 888 if (use_ext_cache
889 && (!TEST_int_eq(new_called, 1) || !TEST_int_eq(remove_called, 0)))
eaa776da 890 goto end;
eaa776da 891
c0537ebd 892 new_called = remove_called = 0;
2cb4b5f6 893 /*
710756a9
RS		 894 * This should clear sess2 from the cache because it is a "bad" session.
895 * See SSL_set_session() documentation.
2cb4b5f6 896 */
710756a9 897 if (!TEST_true(SSL_set_session(clientssl2, sess1)))
2cb4b5f6 898 goto end;
7a301f08
MC		 899 if (use_ext_cache
900 && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1)))
eaa776da 901 goto end;
710756a9 902 if (!TEST_ptr_eq(SSL_get_session(clientssl2), sess1))
2cb4b5f6 903 goto end;
2cb4b5f6 904
7e885b7b 905 if (use_int_cache) {
710756a9
RS		 906 /* Should succeeded because it should not already be in the cache */
907 if (!TEST_true(SSL_CTX_add_session(cctx, sess2))
908 || !TEST_true(SSL_CTX_remove_session(cctx, sess2)))
eaa776da 909 goto end;
eaa776da
MC		 910 }
911
c0537ebd 912 new_called = remove_called = 0;
eaa776da 913 /* This shouldn't be in the cache so should fail */
710756a9 914 if (!TEST_false(SSL_CTX_remove_session(cctx, sess2)))
2cb4b5f6 915 goto end;
2cb4b5f6 916
7a301f08
MC		 917 if (use_ext_cache
918 && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1)))
2cb4b5f6 919 goto end;
2cb4b5f6 920
bf208d95 921# if !defined(OPENSSL_NO_TLS1_1)
c0537ebd 922 new_called = remove_called = 0;
eaa776da
MC		 923 /* Force a connection failure */
924 SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION);
710756a9
RS		 925 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl3,
926 &clientssl3, NULL, NULL))
927 || !TEST_true(SSL_set_session(clientssl3, sess1))
c0537ebd 928 /* This should fail because of the mismatched protocol versions */
710756a9
RS		 929 || !TEST_false(create_ssl_connection(serverssl3, clientssl3,
930 SSL_ERROR_NONE)))
eaa776da 931 goto end;
b4982125 932
eaa776da 933 /* We should have automatically removed the session from the cache */
7a301f08
MC		 934 if (use_ext_cache
935 && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1)))
2cb4b5f6 936 goto end;
2cb4b5f6 937
710756a9 938 /* Should succeed because it should not already be in the cache */
7e885b7b 939 if (use_int_cache && !TEST_true(SSL_CTX_add_session(cctx, sess2)))
eaa776da 940 goto end;
bf208d95 941# endif
eaa776da 942
7a301f08
MC		 943 /* Now do some tests for server side caching */
944 if (use_ext_cache) {
945 SSL_CTX_sess_set_new_cb(cctx, NULL);
946 SSL_CTX_sess_set_remove_cb(cctx, NULL);
947 SSL_CTX_sess_set_new_cb(sctx, new_session_cb);
948 SSL_CTX_sess_set_remove_cb(sctx, remove_session_cb);
949 SSL_CTX_sess_set_get_cb(sctx, get_session_cb);
950 get_sess_val = NULL;
951 }
952
953 SSL_CTX_set_session_cache_mode(cctx, 0);
954 /* Internal caching is the default on the server side */
955 if (!use_int_cache)
956 SSL_CTX_set_session_cache_mode(sctx,
957 SSL_SESS_CACHE_SERVER
958 | SSL_SESS_CACHE_NO_INTERNAL_STORE);
959
960 SSL_free(serverssl1);
961 SSL_free(clientssl1);
962 serverssl1 = clientssl1 = NULL;
963 SSL_free(serverssl2);
964 SSL_free(clientssl2);
965 serverssl2 = clientssl2 = NULL;
966 SSL_SESSION_free(sess1);
967 sess1 = NULL;
968 SSL_SESSION_free(sess2);
969 sess2 = NULL;
970
971 SSL_CTX_set_max_proto_version(sctx, maxprot);
972 SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET);
0afca811 973 new_called = remove_called = get_called = 0;
7a301f08
MC		 974 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
975 NULL, NULL))
976 || !TEST_true(create_ssl_connection(serverssl1, clientssl1,
977 SSL_ERROR_NONE))
978 || !TEST_ptr(sess1 = SSL_get1_session(clientssl1))
979 || !TEST_ptr(sess2 = SSL_get1_session(serverssl1)))
980 goto end;
981
982 /* Should fail because it should already be in the cache */
983 if (use_int_cache && !TEST_false(SSL_CTX_add_session(sctx, sess2)))
984 goto end;
985
986 if (use_ext_cache) {
987 SSL_SESSION *tmp = sess2;
988
0afca811
KY		 989 if (!TEST_int_eq(new_called, 1)
990 || !TEST_int_eq(remove_called, 0)
991 || !TEST_int_eq(get_called, 0))
7a301f08
MC		 992 goto end;
993 /*
994 * Delete the session from the internal cache to force a lookup from
995 * the external cache. We take a copy first because
996 * SSL_CTX_remove_session() also marks the session as non-resumable.
997 */
3cb6a4d6
BK		 998 if (use_int_cache) {
999 if (!TEST_ptr(tmp = SSL_SESSION_dup(sess2))
1000 || !TEST_true(SSL_CTX_remove_session(sctx, sess2)))
1001 goto end;
1002 SSL_SESSION_free(sess2);
1003 }
7a301f08
MC		 1004 sess2 = tmp;
1005 }
1006
0afca811 1007 new_called = remove_called = get_called = 0;
7a301f08
MC		 1008 get_sess_val = sess2;
1009 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
1010 &clientssl2, NULL, NULL))
1011 || !TEST_true(SSL_set_session(clientssl2, sess1))
1012 || !TEST_true(create_ssl_connection(serverssl2, clientssl2,
1013 SSL_ERROR_NONE))
1014 || !TEST_true(SSL_session_reused(clientssl2)))
1015 goto end;
1016
0afca811
KY		 1017 if (use_ext_cache) {
1018 if (!TEST_int_eq(new_called, 0)
1019 || !TEST_int_eq(remove_called, 0))
1020 goto end;
1021
1022 if (maxprot == TLS1_3_VERSION) {
1023 if (!TEST_int_eq(get_called, 0))
1024 goto end;
1025 } else {
1026 if (!TEST_int_eq(get_called, 1))
1027 goto end;
1028 }
1029 }
7a301f08 1030
2cb4b5f6 1031 testresult = 1;
eaa776da 1032
2cb4b5f6
MC		 1033 end:
1034 SSL_free(serverssl1);
1035 SSL_free(clientssl1);
1036 SSL_free(serverssl2);
1037 SSL_free(clientssl2);
bf208d95 1038# ifndef OPENSSL_NO_TLS1_1
eaa776da
MC		 1039 SSL_free(serverssl3);
1040 SSL_free(clientssl3);
bf208d95 1041# endif
2cb4b5f6
MC		 1042 SSL_SESSION_free(sess1);
1043 SSL_SESSION_free(sess2);
1044 SSL_CTX_free(sctx);
1045 SSL_CTX_free(cctx);
1046
1047 return testresult;
1048}
bf208d95 1049#endif /* !defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) */
2cb4b5f6 1050
7fb4c820
MC		 1051static int test_session_with_only_int_cache(void)
1052{
7a301f08
MC		 1053#ifndef OPENSSL_NO_TLS1_3
1054 if (!execute_test_session(TLS1_3_VERSION, 1, 0))
1055 return 0;
1056#endif
1057
1058#ifndef OPENSSL_NO_TLS1_2
1059 return execute_test_session(TLS1_2_VERSION, 1, 0);
1060#else
1061 return 1;
1062#endif
eaa776da
MC		 1063}
1064
7fb4c820
MC		 1065static int test_session_with_only_ext_cache(void)
1066{
7a301f08
MC		 1067#ifndef OPENSSL_NO_TLS1_3
1068 if (!execute_test_session(TLS1_3_VERSION, 0, 1))
1069 return 0;
1070#endif
1071
1072#ifndef OPENSSL_NO_TLS1_2
1073 return execute_test_session(TLS1_2_VERSION, 0, 1);
1074#else
1075 return 1;
1076#endif
eaa776da
MC		 1077}
1078
7fb4c820
MC		 1079static int test_session_with_both_cache(void)
1080{
7a301f08
MC		 1081#ifndef OPENSSL_NO_TLS1_3
1082 if (!execute_test_session(TLS1_3_VERSION, 1, 1))
1083 return 0;
1084#endif
1085
1086#ifndef OPENSSL_NO_TLS1_2
1087 return execute_test_session(TLS1_2_VERSION, 1, 1);
1088#else
1089 return 1;
1090#endif
eaa776da
MC		 1091}
1092
7fb4c820
MC		 1093#define USE_NULL 0
1094#define USE_BIO_1 1
1095#define USE_BIO_2 2
1096
1097#define TOTAL_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3)
1098
1099static void setupbio(BIO **res, BIO *bio1, BIO *bio2, int type)
1100{
1101 switch (type) {
1102 case USE_NULL:
1103 *res = NULL;
1104 break;
1105 case USE_BIO_1:
1106 *res = bio1;
1107 break;
1108 case USE_BIO_2:
1109 *res = bio2;
1110 break;
1111 }
1112}
1113
1114static int test_ssl_set_bio(int idx)
1115{
710756a9 1116 SSL_CTX *ctx;
7fb4c820
MC		 1117 BIO *bio1 = NULL;
1118 BIO *bio2 = NULL;
0fae8150 1119 BIO *irbio = NULL, *iwbio = NULL, *nrbio = NULL, *nwbio = NULL;
7fb4c820
MC		 1120 SSL *ssl = NULL;
1121 int initrbio, initwbio, newrbio, newwbio;
1122 int testresult = 0;
1123
7fb4c820
MC		 1124 initrbio = idx % 3;
1125 idx /= 3;
1126 initwbio = idx % 3;
1127 idx /= 3;
1128 newrbio = idx % 3;
1129 idx /= 3;
1130 newwbio = idx;
710756a9
RS		 1131 if (!TEST_int_le(newwbio, 2))
1132 return 0;
1133
1134 if (!TEST_ptr(ctx = SSL_CTX_new(TLS_method()))
1135 || !TEST_ptr(ssl = SSL_new(ctx)))
1136 goto end;
7fb4c820 1137
710756a9
RS		 1138 if (initrbio == USE_BIO_1
1139 || initwbio == USE_BIO_1
1140 || newrbio == USE_BIO_1
7fb4c820 1141 || newwbio == USE_BIO_1) {
710756a9 1142 if (!TEST_ptr(bio1 = BIO_new(BIO_s_mem())))
7fb4c820 1143 goto end;
7fb4c820
MC		 1144 }
1145
710756a9
RS		 1146 if (initrbio == USE_BIO_2
1147 || initwbio == USE_BIO_2
1148 || newrbio == USE_BIO_2
7fb4c820 1149 || newwbio == USE_BIO_2) {
710756a9 1150 if (!TEST_ptr(bio2 = BIO_new(BIO_s_mem())))
7fb4c820 1151 goto end;
7fb4c820
MC		 1152 }
1153
1154 setupbio(&irbio, bio1, bio2, initrbio);
1155 setupbio(&iwbio, bio1, bio2, initwbio);
1156
1157 /*
1158 * We want to maintain our own refs to these BIO, so do an up ref for each
69687aa8 1159 * BIO that will have ownership transferred in the SSL_set_bio() call
7fb4c820
MC		 1160 */
1161 if (irbio != NULL)
1162 BIO_up_ref(irbio);
1163 if (iwbio != NULL && iwbio != irbio)
1164 BIO_up_ref(iwbio);
1165
1166 SSL_set_bio(ssl, irbio, iwbio);
1167
1168 setupbio(&nrbio, bio1, bio2, newrbio);
1169 setupbio(&nwbio, bio1, bio2, newwbio);
1170
1171 /*
1172 * We will (maybe) transfer ownership again so do more up refs.
1173 * SSL_set_bio() has some really complicated ownership rules where BIOs have
1174 * already been set!
1175 */
710756a9
RS		 1176 if (nrbio != NULL
1177 && nrbio != irbio
1178 && (nwbio != iwbio || nrbio != nwbio))
7fb4c820 1179 BIO_up_ref(nrbio);
710756a9
RS		 1180 if (nwbio != NULL
1181 && nwbio != nrbio
1182 && (nwbio != iwbio || (nwbio == iwbio && irbio == iwbio)))
7fb4c820
MC		 1183 BIO_up_ref(nwbio);
1184
1185 SSL_set_bio(ssl, nrbio, nwbio);
1186
1187 testresult = 1;
1188
1189 end:
1190 SSL_free(ssl);
1191 BIO_free(bio1);
1192 BIO_free(bio2);
710756a9 1193
7fb4c820
MC		 1194 /*
1195 * This test is checking that the ref counting for SSL_set_bio is correct.
1196 * If we get here and we did too many frees then we will fail in the above
1197 * functions. If we haven't done enough then this will only be detected in
1198 * a crypto-mdebug build
1199 */
1200 SSL_CTX_free(ctx);
7fb4c820
MC		 1201 return testresult;
1202}
1203
7e885b7b 1204typedef enum { NO_BIO_CHANGE, CHANGE_RBIO, CHANGE_WBIO } bio_change_t;
9a716987 1205
7e885b7b 1206static int execute_test_ssl_bio(int pop_ssl, bio_change_t change_bio)
9a716987
MC		 1207{
1208 BIO *sslbio = NULL, *membio1 = NULL, *membio2 = NULL;
710756a9 1209 SSL_CTX *ctx;
9a716987
MC		 1210 SSL *ssl = NULL;
1211 int testresult = 0;
1212
710756a9
RS		 1213 if (!TEST_ptr(ctx = SSL_CTX_new(TLS_method()))
1214 || !TEST_ptr(ssl = SSL_new(ctx))
1215 || !TEST_ptr(sslbio = BIO_new(BIO_f_ssl()))
1216 || !TEST_ptr(membio1 = BIO_new(BIO_s_mem())))
9a716987 1217 goto end;
9a716987
MC		 1218
1219 BIO_set_ssl(sslbio, ssl, BIO_CLOSE);
1220
1221 /*
1222 * If anything goes wrong here then we could leak memory, so this will
1223 * be caught in a crypto-mdebug build
1224 */
1225 BIO_push(sslbio, membio1);
1226
69687aa8 1227 /* Verify changing the rbio/wbio directly does not cause leaks */
7e885b7b 1228 if (change_bio != NO_BIO_CHANGE) {
710756a9 1229 if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem())))
9a716987 1230 goto end;
7e885b7b 1231 if (change_bio == CHANGE_RBIO)
65e2d672 1232 SSL_set0_rbio(ssl, membio2);
9a716987 1233 else
65e2d672 1234 SSL_set0_wbio(ssl, membio2);
9a716987
MC		 1235 }
1236 ssl = NULL;
1237
7e885b7b 1238 if (pop_ssl)
9a716987
MC		 1239 BIO_pop(sslbio);
1240 else
1241 BIO_pop(membio1);
1242
1243 testresult = 1;
1244 end:
1245 BIO_free(membio1);
1246 BIO_free(sslbio);
1247 SSL_free(ssl);
1248 SSL_CTX_free(ctx);
1249
1250 return testresult;
1251}
1252
1253static int test_ssl_bio_pop_next_bio(void)
1254{
7e885b7b 1255 return execute_test_ssl_bio(0, NO_BIO_CHANGE);
9a716987
MC		 1256}
1257
1258static int test_ssl_bio_pop_ssl_bio(void)
1259{
7e885b7b 1260 return execute_test_ssl_bio(1, NO_BIO_CHANGE);
9a716987
MC		 1261}
1262
1263static int test_ssl_bio_change_rbio(void)
1264{
7e885b7b 1265 return execute_test_ssl_bio(0, CHANGE_RBIO);
9a716987
MC		 1266}
1267
1268static int test_ssl_bio_change_wbio(void)
1269{
7e885b7b 1270 return execute_test_ssl_bio(0, CHANGE_WBIO);
9a716987
MC		 1271}
1272
f1b25aae
MC		 1273typedef struct {
1274 /* The list of sig algs */
1275 const int *list;
1276 /* The length of the list */
1277 size_t listlen;
1278 /* A sigalgs list in string format */
1279 const char *liststr;
1280 /* Whether setting the list should succeed */
1281 int valid;
1282 /* Whether creating a connection with the list should succeed */
1283 int connsuccess;
1284} sigalgs_list;
1285
1286static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA};
5eeb6c6e 1287#ifndef OPENSSL_NO_EC
f1b25aae
MC		 1288static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC};
1289static const int validlist3[] = {NID_sha512, EVP_PKEY_EC};
5eeb6c6e 1290#endif
f1b25aae
MC		 1291static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA};
1292static const int invalidlist2[] = {NID_sha256, NID_undef};
1293static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256};
1294static const int invalidlist4[] = {NID_sha256};
1295static const sigalgs_list testsigalgs[] = {
1296 {validlist1, OSSL_NELEM(validlist1), NULL, 1, 1},
5eeb6c6e 1297#ifndef OPENSSL_NO_EC
f1b25aae
MC		 1298 {validlist2, OSSL_NELEM(validlist2), NULL, 1, 1},
1299 {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0},
5eeb6c6e 1300#endif
f1b25aae 1301 {NULL, 0, "RSA+SHA256", 1, 1},
5eeb6c6e 1302#ifndef OPENSSL_NO_EC
f1b25aae
MC		 1303 {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
1304 {NULL, 0, "ECDSA+SHA512", 1, 0},
5eeb6c6e 1305#endif
f1b25aae
MC		 1306 {invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0},
1307 {invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0},
1308 {invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0},
1309 {invalidlist4, OSSL_NELEM(invalidlist4), NULL, 0, 0},
1310 {NULL, 0, "RSA", 0, 0},
1311 {NULL, 0, "SHA256", 0, 0},
1312 {NULL, 0, "RSA+SHA256:SHA256", 0, 0},
710756a9
RS		 1313 {NULL, 0, "Invalid", 0, 0}
1314};
f1b25aae
MC		 1315
1316static int test_set_sigalgs(int idx)
1317{
1318 SSL_CTX *cctx = NULL, *sctx = NULL;
1319 SSL *clientssl = NULL, *serverssl = NULL;
1320 int testresult = 0;
1321 const sigalgs_list *curr;
1322 int testctx;
1323
1324 /* Should never happen */
710756a9 1325 if (!TEST_size_t_le((size_t)idx, OSSL_NELEM(testsigalgs) * 2))
f1b25aae
MC		 1326 return 0;
1327
1328 testctx = ((size_t)idx < OSSL_NELEM(testsigalgs));
1329 curr = testctx ? &testsigalgs[idx]
1330 : &testsigalgs[idx - OSSL_NELEM(testsigalgs)];
1331
710756a9
RS		 1332 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1333 TLS_client_method(), &sctx,
1334 &cctx, cert, privkey)))
f1b25aae 1335 return 0;
f1b25aae 1336
d2e491f2
MC		 1337 /*
1338 * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test it
1339 * for TLSv1.2 for now until we add a new API.
1340 */
1341 SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
1342
f1b25aae
MC		 1343 if (testctx) {
1344 int ret;
710756a9 1345
f1b25aae
MC		 1346 if (curr->list != NULL)
1347 ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen);
1348 else
1349 ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr);
1350
1351 if (!ret) {
1352 if (curr->valid)
710756a9 1353 TEST_info("Failure setting sigalgs in SSL_CTX (%d)\n", idx);
f1b25aae
MC		 1354 else
1355 testresult = 1;
1356 goto end;
1357 }
1358 if (!curr->valid) {
710756a9 1359 TEST_info("Not-failed setting sigalgs in SSL_CTX (%d)\n", idx);
f1b25aae
MC		 1360 goto end;
1361 }
1362 }
1363
710756a9
RS		 1364 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1365 &clientssl, NULL, NULL)))
f1b25aae 1366 goto end;
f1b25aae
MC		 1367
1368 if (!testctx) {
1369 int ret;
1370
1371 if (curr->list != NULL)
1372 ret = SSL_set1_sigalgs(clientssl, curr->list, curr->listlen);
1373 else
1374 ret = SSL_set1_sigalgs_list(clientssl, curr->liststr);
1375 if (!ret) {
1376 if (curr->valid)
710756a9 1377 TEST_info("Failure setting sigalgs in SSL (%d)\n", idx);
f1b25aae
MC		 1378 else
1379 testresult = 1;
1380 goto end;
1381 }
710756a9 1382 if (!curr->valid)
f1b25aae 1383 goto end;
f1b25aae
MC		 1384 }
1385
710756a9
RS		 1386 if (!TEST_int_eq(create_ssl_connection(serverssl, clientssl,
1387 SSL_ERROR_NONE),
1388 curr->connsuccess))
f1b25aae 1389 goto end;
f1b25aae
MC		 1390
1391 testresult = 1;
1392
1393 end:
1394 SSL_free(serverssl);
1395 SSL_free(clientssl);
1396 SSL_CTX_free(sctx);
1397 SSL_CTX_free(cctx);
1398
1399 return testresult;
1400}
1401
5f982038
MC		 1402#ifndef OPENSSL_NO_TLS1_3
1403
1404#define MSG1 "Hello"
1405#define MSG2 "World."
1406#define MSG3 "This"
1407#define MSG4 "is"
1408#define MSG5 "a"
90049cea
MC		 1409#define MSG6 "test"
1410#define MSG7 "message."
5f982038
MC		 1411
1412/*
1413 * Helper method to setup objects for early data test. Caller frees objects on
1414 * error.
1415 */
1416static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl,
3cb47b4e 1417 SSL **serverssl, SSL_SESSION **sess, int idx)
5f982038 1418{
710756a9
RS		 1419 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1420 TLS_client_method(), sctx,
1421 cctx, cert, privkey)))
5f982038 1422 return 0;
5f982038 1423
3cb47b4e
MC		 1424 /* When idx == 1 we repeat the tests with read_ahead set */
1425 if (idx > 0) {
1426 SSL_CTX_set_read_ahead(*cctx, 1);
1427 SSL_CTX_set_read_ahead(*sctx, 1);
1428 }
1429
710756a9
RS		 1430 if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl, clientssl,
1431 NULL, NULL))
1432 || !TEST_true(create_ssl_connection(*serverssl, *clientssl,
1433 SSL_ERROR_NONE)))
5f982038 1434 return 0;
5f982038
MC		 1435
1436 *sess = SSL_get1_session(*clientssl);
5f982038
MC		 1437 SSL_shutdown(*clientssl);
1438 SSL_shutdown(*serverssl);
5f982038
MC		 1439 SSL_free(*serverssl);
1440 SSL_free(*clientssl);
1441 *serverssl = *clientssl = NULL;
1442
710756a9
RS		 1443 if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl,
1444 clientssl, NULL, NULL))
1445 || !TEST_true(SSL_set_session(*clientssl, *sess)))
5f982038 1446 return 0;
5f982038
MC		 1447
1448 return 1;
1449}
1450
3cb47b4e 1451static int test_early_data_read_write(int idx)
5f982038
MC		 1452{
1453 SSL_CTX *cctx = NULL, *sctx = NULL;
1454 SSL *clientssl = NULL, *serverssl = NULL;
1455 int testresult = 0;
1456 SSL_SESSION *sess = NULL;
9b5c865d
MC		 1457 unsigned char buf[20], data[1024];
1458 size_t readbytes, written, eoedlen, rawread, rawwritten;
1459 BIO *rbio;
5f982038 1460
710756a9
RS		 1461 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
1462 &serverssl, &sess, idx)))
5f982038
MC		 1463 goto end;
1464
1465 /* Write and read some early data */
710756a9
RS		 1466 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1467 &written))
1468 || !TEST_size_t_eq(written, strlen(MSG1))
1469 || !TEST_int_eq(SSL_read_early_data(serverssl, buf,
1470 sizeof(buf), &readbytes),
1471 SSL_READ_EARLY_DATA_SUCCESS)
1472 || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
1473 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1474 SSL_EARLY_DATA_ACCEPTED))
5f982038 1475 goto end;
5f982038
MC		 1476
1477 /*
09f28874 1478 * Server should be able to write data, and client should be able to
5f982038
MC		 1479 * read it.
1480 */
710756a9
RS		 1481 if (!TEST_true(SSL_write_early_data(serverssl, MSG2, strlen(MSG2),
1482 &written))
1483 || !TEST_size_t_eq(written, strlen(MSG2))
1484 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1485 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 1486 goto end;
5f982038
MC		 1487
1488 /* Even after reading normal data, client should be able write early data */
710756a9
RS		 1489 if (!TEST_true(SSL_write_early_data(clientssl, MSG3, strlen(MSG3),
1490 &written))
1491 || !TEST_size_t_eq(written, strlen(MSG3)))
5f982038 1492 goto end;
5f982038 1493
09f28874 1494 /* Server should still be able read early data after writing data */
710756a9
RS		 1495 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1496 &readbytes),
1497 SSL_READ_EARLY_DATA_SUCCESS)
1498 || !TEST_mem_eq(buf, readbytes, MSG3, strlen(MSG3)))
5f982038 1499 goto end;
5f982038 1500
09f28874 1501 /* Write more data from server and read it from client */
710756a9
RS		 1502 if (!TEST_true(SSL_write_early_data(serverssl, MSG4, strlen(MSG4),
1503 &written))
1504 || !TEST_size_t_eq(written, strlen(MSG4))
1505 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1506 || !TEST_mem_eq(buf, readbytes, MSG4, strlen(MSG4)))
5f982038 1507 goto end;
5f982038
MC		 1508
1509 /*
1510 * If client writes normal data it should mean writing early data is no
1511 * longer possible.
1512 */
710756a9
RS		 1513 if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written))
1514 || !TEST_size_t_eq(written, strlen(MSG5))
1515 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1516 SSL_EARLY_DATA_ACCEPTED))
5f982038 1517 goto end;
5f982038 1518
9b5c865d
MC		 1519 /*
1520 * At this point the client has written EndOfEarlyData, ClientFinished and
1521 * normal (fully protected) data. We are going to cause a delay between the
1522 * arrival of EndOfEarlyData and ClientFinished. We read out all the data
1523 * in the read BIO, and then just put back the EndOfEarlyData message.
1524 */
1525 rbio = SSL_get_rbio(serverssl);
710756a9
RS		 1526 if (!TEST_true(BIO_read_ex(rbio, data, sizeof(data), &rawread))
1527 || !TEST_size_t_lt(rawread, sizeof(data))
1528 || !TEST_size_t_gt(rawread, SSL3_RT_HEADER_LENGTH))
9b5c865d 1529 goto end;
710756a9 1530
9b5c865d
MC		 1531 /* Record length is in the 4th and 5th bytes of the record header */
1532 eoedlen = SSL3_RT_HEADER_LENGTH + (data[3] << 8 | data[4]);
710756a9
RS		 1533 if (!TEST_true(BIO_write_ex(rbio, data, eoedlen, &rawwritten))
1534 || !TEST_size_t_eq(rawwritten, eoedlen))
9b5c865d 1535 goto end;
9b5c865d 1536
5f982038 1537 /* Server should be told that there is no more early data */
710756a9
RS		 1538 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1539 &readbytes),
1540 SSL_READ_EARLY_DATA_FINISH)
1541 || !TEST_size_t_eq(readbytes, 0))
5f982038 1542 goto end;
5f982038 1543
9b5c865d
MC		 1544 /*
1545 * Server has not finished init yet, so should still be able to write early
1546 * data.
1547 */
710756a9
RS		 1548 if (!TEST_true(SSL_write_early_data(serverssl, MSG6, strlen(MSG6),
1549 &written))
1550 || !TEST_size_t_eq(written, strlen(MSG6)))
9b5c865d 1551 goto end;
9b5c865d 1552
f8a303fa 1553 /* Push the ClientFinished and the normal data back into the server rbio */
710756a9
RS		 1554 if (!TEST_true(BIO_write_ex(rbio, data + eoedlen, rawread - eoedlen,
1555 &rawwritten))
1556 || !TEST_size_t_eq(rawwritten, rawread - eoedlen))
f8a303fa 1557 goto end;
f8a303fa 1558
5f982038 1559 /* Server should be able to read normal data */
710756a9
RS		 1560 if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1561 || !TEST_size_t_eq(readbytes, strlen(MSG5)))
5f982038 1562 goto end;
5f982038 1563
09f28874 1564 /* Client and server should not be able to write/read early data now */
710756a9
RS		 1565 if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6),
1566 &written)))
5f982038 1567 goto end;
5f982038 1568 ERR_clear_error();
710756a9
RS		 1569 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1570 &readbytes),
1571 SSL_READ_EARLY_DATA_ERROR))
5f982038 1572 goto end;
5f982038
MC		 1573 ERR_clear_error();
1574
9b5c865d 1575 /* Client should be able to read the data sent by the server */
710756a9
RS		 1576 if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1577 || !TEST_mem_eq(buf, readbytes, MSG6, strlen(MSG6)))
9b5c865d 1578 goto end;
710756a9 1579
f8a303fa
MC		 1580 /*
1581 * Make sure we process the NewSessionTicket. This arrives post-handshake.
1582 * We attempt a read which we do not expect to return any data.
1583 */
710756a9 1584 if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)))
f8a303fa 1585 goto end;
5f982038 1586
90049cea 1587 /* Server should be able to write normal data */
710756a9
RS		 1588 if (!TEST_true(SSL_write_ex(serverssl, MSG7, strlen(MSG7), &written))
1589 || !TEST_size_t_eq(written, strlen(MSG7))
1590 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1591 || !TEST_mem_eq(buf, readbytes, MSG7, strlen(MSG7)))
90049cea 1592 goto end;
90049cea 1593
5f982038
MC		 1594 SSL_SESSION_free(sess);
1595 sess = SSL_get1_session(clientssl);
1596
1597 SSL_shutdown(clientssl);
1598 SSL_shutdown(serverssl);
5f982038
MC		 1599 SSL_free(serverssl);
1600 SSL_free(clientssl);
1601 serverssl = clientssl = NULL;
710756a9
RS		 1602 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1603 &clientssl, NULL, NULL))
1604 || !TEST_true(SSL_set_session(clientssl, sess)))
5f982038 1605 goto end;
5f982038
MC		 1606
1607 /* Write and read some early data */
710756a9
RS		 1608 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1609 &written))
1610 || !TEST_size_t_eq(written, strlen(MSG1))
1611 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1612 &readbytes),
1613 SSL_READ_EARLY_DATA_SUCCESS)
1614 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)))
5f982038 1615 goto end;
5f982038 1616
710756a9
RS		 1617 if (!TEST_int_gt(SSL_connect(clientssl), 0)
1618 || !TEST_int_gt(SSL_accept(serverssl), 0))
5f982038 1619 goto end;
5f982038 1620
09f28874 1621 /* Client and server should not be able to write/read early data now */
710756a9
RS		 1622 if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6),
1623 &written)))
5f982038 1624 goto end;
5f982038 1625 ERR_clear_error();
710756a9
RS		 1626 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1627 &readbytes),
1628 SSL_READ_EARLY_DATA_ERROR))
5f982038 1629 goto end;
5f982038
MC		 1630 ERR_clear_error();
1631
1632 /* Client and server should be able to write/read normal data */
710756a9
RS		 1633 if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written))
1634 || !TEST_size_t_eq(written, strlen(MSG5))
1635 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1636 || !TEST_size_t_eq(readbytes, strlen(MSG5)))
5f982038 1637 goto end;
5f982038
MC		 1638
1639 testresult = 1;
1640
1641 end:
5f982038
MC		 1642 SSL_SESSION_free(sess);
1643 SSL_free(serverssl);
1644 SSL_free(clientssl);
1645 SSL_CTX_free(sctx);
1646 SSL_CTX_free(cctx);
5f982038
MC		 1647 return testresult;
1648}
1649
710756a9 1650/*
6b84e6bf
MC		 1651 * Helper function to test that a server attempting to read early data can
1652 * handle a connection from a client where the early data should be skipped.
710756a9 1653 */
6b84e6bf 1654static int early_data_skip_helper(int hrr, int idx)
5f982038
MC		 1655{
1656 SSL_CTX *cctx = NULL, *sctx = NULL;
1657 SSL *clientssl = NULL, *serverssl = NULL;
1658 int testresult = 0;
018fcbec 1659 SSL_SESSION *sess = NULL;
5f982038
MC		 1660 unsigned char buf[20];
1661 size_t readbytes, written;
1662
710756a9
RS		 1663 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
1664 &serverssl, &sess, idx)))
5f982038
MC		 1665 goto end;
1666
6b84e6bf
MC		 1667 if (hrr) {
1668 /* Force an HRR to occur */
1669 if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
1670 goto end;
1671 } else {
1672 /*
1673 * Deliberately corrupt the creation time. We take 20 seconds off the
1674 * time. It could be any value as long as it is not within tolerance.
1675 * This should mean the ticket is rejected.
1676 */
1677 if (!TEST_true(SSL_SESSION_set_time(sess, time(NULL) - 20)))
1678 goto end;
1679 }
5f982038
MC		 1680
1681 /* Write some early data */
710756a9
RS		 1682 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1683 &written))
1684 || !TEST_size_t_eq(written, strlen(MSG1)))
5f982038 1685 goto end;
5f982038
MC		 1686
1687 /* Server should reject the early data and skip over it */
710756a9
RS		 1688 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1689 &readbytes),
1690 SSL_READ_EARLY_DATA_FINISH)
1691 || !TEST_size_t_eq(readbytes, 0)
1692 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1693 SSL_EARLY_DATA_REJECTED))
5f982038 1694 goto end;
5f982038 1695
6b84e6bf
MC		 1696 if (hrr) {
1697 /*
1698 * Finish off the handshake. We perform the same writes and reads as
1699 * further down but we expect them to fail due to the incomplete
1700 * handshake.
1701 */
1702 if (!TEST_false(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
1703 || !TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf),
1704 &readbytes)))
1705 goto end;
1706 }
1707
710756a9
RS		 1708 /* Should be able to send normal data despite rejection of early data */
1709 if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
1710 || !TEST_size_t_eq(written, strlen(MSG2))
1711 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1712 SSL_EARLY_DATA_REJECTED)
1713 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1714 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 1715 goto end;
5f982038
MC		 1716
1717 testresult = 1;
1718
1719 end:
5f982038
MC		 1720 SSL_SESSION_free(sess);
1721 SSL_free(serverssl);
1722 SSL_free(clientssl);
1723 SSL_CTX_free(sctx);
1724 SSL_CTX_free(cctx);
5f982038
MC		 1725 return testresult;
1726}
1727
6b84e6bf
MC		 1728/*
1729 * Test that a server attempting to read early data can handle a connection
1730 * from a client where the early data is not acceptable.
1731 */
1732static int test_early_data_skip(int idx)
1733{
1734 return early_data_skip_helper(0, idx);
1735}
1736
1737/*
1738 * Test that a server attempting to read early data can handle a connection
1739 * from a client where an HRR occurs.
1740 */
1741static int test_early_data_skip_hrr(int idx)
1742{
1743 return early_data_skip_helper(1, idx);
1744}
1745
710756a9
RS		 1746/*
1747 * Test that a server attempting to read early data can handle a connection
1748 * from a client that doesn't send any.
1749 */
3cb47b4e 1750static int test_early_data_not_sent(int idx)
5f982038
MC		 1751{
1752 SSL_CTX *cctx = NULL, *sctx = NULL;
1753 SSL *clientssl = NULL, *serverssl = NULL;
1754 int testresult = 0;
018fcbec 1755 SSL_SESSION *sess = NULL;
5f982038
MC		 1756 unsigned char buf[20];
1757 size_t readbytes, written;
1758
710756a9
RS		 1759 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
1760 &serverssl, &sess, idx)))
5f982038
MC		 1761 goto end;
1762
1763 /* Write some data - should block due to handshake with server */
1764 SSL_set_connect_state(clientssl);
710756a9 1765 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)))
5f982038 1766 goto end;
5f982038
MC		 1767
1768 /* Server should detect that early data has not been sent */
710756a9
RS		 1769 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1770 &readbytes),
1771 SSL_READ_EARLY_DATA_FINISH)
1772 || !TEST_size_t_eq(readbytes, 0)
1773 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1774 SSL_EARLY_DATA_NOT_SENT)
1775 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1776 SSL_EARLY_DATA_NOT_SENT))
5f982038 1777 goto end;
5f982038
MC		 1778
1779 /* Continue writing the message we started earlier */
710756a9
RS		 1780 if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
1781 || !TEST_size_t_eq(written, strlen(MSG1))
1782 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1783 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
1784 || !SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written)
1785 || !TEST_size_t_eq(written, strlen(MSG2)))
5f982038 1786 goto end;
5f982038 1787
3cb47b4e
MC		 1788 /*
1789 * Should block due to the NewSessionTicket arrival unless we're using
1790 * read_ahead
1791 */
1792 if (idx == 0) {
710756a9 1793 if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)))
3cb47b4e 1794 goto end;
5f982038
MC		 1795 }
1796
710756a9
RS		 1797 if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1798 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 1799 goto end;
5f982038
MC		 1800
1801 testresult = 1;
1802
1803 end:
5f982038
MC		 1804 SSL_SESSION_free(sess);
1805 SSL_free(serverssl);
1806 SSL_free(clientssl);
1807 SSL_CTX_free(sctx);
1808 SSL_CTX_free(cctx);
5f982038
MC		 1809 return testresult;
1810}
1811
710756a9
RS		 1812/*
1813 * Test that a server that doesn't try to read early data can handle a
1814 * client sending some.
1815 */
3cb47b4e 1816static int test_early_data_not_expected(int idx)
5f982038
MC		 1817{
1818 SSL_CTX *cctx = NULL, *sctx = NULL;
1819 SSL *clientssl = NULL, *serverssl = NULL;
1820 int testresult = 0;
018fcbec 1821 SSL_SESSION *sess = NULL;
5f982038
MC		 1822 unsigned char buf[20];
1823 size_t readbytes, written;
1824
5f982038 1825
710756a9
RS		 1826 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
1827 &serverssl, &sess, idx)))
5f982038
MC		 1828 goto end;
1829
1830 /* Write some early data */
710756a9
RS		 1831 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1832 &written)))
5f982038 1833 goto end;
5f982038
MC		 1834
1835 /*
1836 * Server should skip over early data and then block waiting for client to
1837 * continue handshake
1838 */
710756a9
RS		 1839 if (!TEST_int_le(SSL_accept(serverssl), 0)
1840 || !TEST_int_gt(SSL_connect(clientssl), 0)
1841 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1842 SSL_EARLY_DATA_REJECTED)
1843 || !TEST_int_gt(SSL_accept(serverssl), 0)
1844 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1845 SSL_EARLY_DATA_REJECTED))
5f982038 1846 goto end;
5f982038
MC		 1847
1848 /* Send some normal data from client to server */
710756a9
RS		 1849 if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
1850 || !TEST_size_t_eq(written, strlen(MSG2)))
5f982038 1851 goto end;
5f982038 1852
710756a9
RS		 1853 if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1854 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 1855 goto end;
5f982038
MC		 1856
1857 testresult = 1;
1858
1859 end:
5f982038
MC		 1860 SSL_SESSION_free(sess);
1861 SSL_free(serverssl);
1862 SSL_free(clientssl);
1863 SSL_CTX_free(sctx);
1864 SSL_CTX_free(cctx);
5f982038
MC		 1865 return testresult;
1866}
1867
1868
1869# ifndef OPENSSL_NO_TLS1_2
710756a9
RS		 1870/*
1871 * Test that a server attempting to read early data can handle a connection
1872 * from a TLSv1.2 client.
1873 */
3cb47b4e 1874static int test_early_data_tls1_2(int idx)
5f982038
MC		 1875{
1876 SSL_CTX *cctx = NULL, *sctx = NULL;
1877 SSL *clientssl = NULL, *serverssl = NULL;
1878 int testresult = 0;
1879 unsigned char buf[20];
1880 size_t readbytes, written;
1881
710756a9
RS		 1882 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1883 TLS_client_method(), &sctx,
1884 &cctx, cert, privkey)))
5f982038 1885 goto end;
5f982038 1886
3cb47b4e
MC		 1887 /* When idx == 1 we repeat the tests with read_ahead set */
1888 if (idx > 0) {
1889 SSL_CTX_set_read_ahead(cctx, 1);
1890 SSL_CTX_set_read_ahead(sctx, 1);
1891 }
1892
710756a9
RS		 1893 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1894 &clientssl, NULL, NULL)))
5f982038 1895 goto end;
5f982038
MC		 1896
1897 /* Write some data - should block due to handshake with server */
1898 SSL_set_max_proto_version(clientssl, TLS1_2_VERSION);
1899 SSL_set_connect_state(clientssl);
710756a9 1900 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)))
5f982038 1901 goto end;
5f982038
MC		 1902
1903 /*
1904 * Server should do TLSv1.2 handshake. First it will block waiting for more
f533fbd4
MC		 1905 * messages from client after ServerDone. Then SSL_read_early_data should
1906 * finish and detect that early data has not been sent
5f982038 1907 */
710756a9
RS		 1908 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1909 &readbytes),
1910 SSL_READ_EARLY_DATA_ERROR))
5f982038 1911 goto end;
5f982038
MC		 1912
1913 /*
1914 * Continue writing the message we started earlier. Will still block waiting
1915 * for the CCS/Finished from server
1916 */
710756a9
RS		 1917 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
1918 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1919 &readbytes),
1920 SSL_READ_EARLY_DATA_FINISH)
1921 || !TEST_size_t_eq(readbytes, 0)
1922 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1923 SSL_EARLY_DATA_NOT_SENT))
5f982038 1924 goto end;
5f982038
MC		 1925
1926 /* Continue writing the message we started earlier */
710756a9
RS		 1927 if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
1928 || !TEST_size_t_eq(written, strlen(MSG1))
1929 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1930 SSL_EARLY_DATA_NOT_SENT)
1931 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1932 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
1933 || !TEST_true(SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written))
1934 || !TEST_size_t_eq(written, strlen(MSG2))
1935 || !SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)
1936 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 1937 goto end;
5f982038
MC		 1938
1939 testresult = 1;
1940
1941 end:
5f982038
MC		 1942 SSL_free(serverssl);
1943 SSL_free(clientssl);
1944 SSL_CTX_free(sctx);
1945 SSL_CTX_free(cctx);
1946
1947 return testresult;
1948}
ca0413ae
MC		 1949# endif /* OPENSSL_NO_TLS1_2 */
1950
1951static int test_ciphersuite_change(void)
1952{
1953 SSL_CTX *cctx = NULL, *sctx = NULL;
1954 SSL *clientssl = NULL, *serverssl = NULL;
1955 SSL_SESSION *clntsess = NULL;
1956 int testresult = 0;
1957 const SSL_CIPHER *aes_128_gcm_sha256 = NULL;
1958
1959 /* Create a session based on SHA-256 */
1960 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1961 TLS_client_method(), &sctx,
1962 &cctx, cert, privkey))
1963 || !TEST_true(SSL_CTX_set_cipher_list(cctx,
1964 "TLS13-AES-128-GCM-SHA256"))
1965 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1966 &clientssl, NULL, NULL))
1967 || !TEST_true(create_ssl_connection(serverssl, clientssl,
1968 SSL_ERROR_NONE)))
1969 goto end;
1970
1971 clntsess = SSL_get1_session(clientssl);
1972 /* Save for later */
1973 aes_128_gcm_sha256 = SSL_SESSION_get0_cipher(clntsess);
1974 SSL_shutdown(clientssl);
1975 SSL_shutdown(serverssl);
1976 SSL_free(serverssl);
1977 SSL_free(clientssl);
1978 serverssl = clientssl = NULL;
1979
1980 /* Check we can resume a session with a different SHA-256 ciphersuite */
1981 if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
1982 "TLS13-CHACHA20-POLY1305-SHA256"))
1983 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
1984 NULL, NULL))
1985 || !TEST_true(SSL_set_session(clientssl, clntsess))
1986 || !TEST_true(create_ssl_connection(serverssl, clientssl,
1987 SSL_ERROR_NONE))
1988 || !TEST_true(SSL_session_reused(clientssl)))
1989 goto end;
1990
1991 SSL_SESSION_free(clntsess);
1992 clntsess = SSL_get1_session(clientssl);
1993 SSL_shutdown(clientssl);
1994 SSL_shutdown(serverssl);
1995 SSL_free(serverssl);
1996 SSL_free(clientssl);
1997 serverssl = clientssl = NULL;
1998
1999 /*
2000 * Check attempting to resume a SHA-256 session with no SHA-256 ciphersuites
0de6d66d 2001 * succeeds but does not resume.
ca0413ae
MC		 2002 */
2003 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "TLS13-AES-256-GCM-SHA384"))
2004 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2005 NULL, NULL))
2006 || !TEST_true(SSL_set_session(clientssl, clntsess))
0de6d66d 2007 || !TEST_true(create_ssl_connection(serverssl, clientssl,
ca0413ae 2008 SSL_ERROR_SSL))
0de6d66d 2009 || !TEST_false(SSL_session_reused(clientssl)))
ca0413ae
MC		 2010 goto end;
2011
2012 SSL_SESSION_free(clntsess);
2013 clntsess = NULL;
2014 SSL_shutdown(clientssl);
2015 SSL_shutdown(serverssl);
2016 SSL_free(serverssl);
2017 SSL_free(clientssl);
2018 serverssl = clientssl = NULL;
2019
2020 /* Create a session based on SHA384 */
2021 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "TLS13-AES-256-GCM-SHA384"))
2022 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
2023 &clientssl, NULL, NULL))
2024 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2025 SSL_ERROR_NONE)))
2026 goto end;
2027
2028 clntsess = SSL_get1_session(clientssl);
2029 SSL_shutdown(clientssl);
2030 SSL_shutdown(serverssl);
2031 SSL_free(serverssl);
2032 SSL_free(clientssl);
2033 serverssl = clientssl = NULL;
2034
2035 if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
2036 "TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384"))
0de6d66d
MC		 2037 || !TEST_true(SSL_CTX_set_cipher_list(sctx,
2038 "TLS13-AES-256-GCM-SHA384"))
ca0413ae
MC		 2039 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2040 NULL, NULL))
2041 || !TEST_true(SSL_set_session(clientssl, clntsess))
3b0e88d3
MC		 2042 /*
2043 * We use SSL_ERROR_WANT_READ below so that we can pause the
2044 * connection after the initial ClientHello has been sent to
2045 * enable us to make some session changes.
2046 */
ca0413ae
MC		 2047 || !TEST_false(create_ssl_connection(serverssl, clientssl,
2048 SSL_ERROR_WANT_READ)))
2049 goto end;
2050
2051 /* Trick the client into thinking this session is for a different digest */
2052 clntsess->cipher = aes_128_gcm_sha256;
2053 clntsess->cipher_id = clntsess->cipher->id;
2054
2055 /*
3b0e88d3
MC		 2056 * Continue the previously started connection. Server has selected a SHA-384
2057 * ciphersuite, but client thinks the session is for SHA-256, so it should
2058 * bail out.
ca0413ae
MC		 2059 */
2060 if (!TEST_false(create_ssl_connection(serverssl, clientssl,
2061 SSL_ERROR_SSL))
2062 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()),
2063 SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED))
2064 goto end;
2065
2066 testresult = 1;
2067
2068 end:
2069 SSL_SESSION_free(clntsess);
2070 SSL_free(serverssl);
2071 SSL_free(clientssl);
2072 SSL_CTX_free(sctx);
2073 SSL_CTX_free(cctx);
2074
2075 return testresult;
2076}
2077
ca8c71ba
MC		 2078
2079static SSL_SESSION *psk = NULL;
2080static const char *pskid = "Identity";
2081static const char *srvid;
2082
2083static int use_session_cb_cnt = 0;
2084static int find_session_cb_cnt = 0;
2085
2086static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id,
2087 size_t *idlen, SSL_SESSION **sess)
2088{
72257204
MC		 2089 switch (++use_session_cb_cnt) {
2090 case 1:
2091 /* The first call should always have a NULL md */
2092 if (md != NULL)
2093 return 0;
2094 break;
ca8c71ba 2095
72257204
MC		 2096 case 2:
2097 /* The second call should always have an md */
2098 if (md == NULL)
2099 return 0;
2100 break;
ca8c71ba 2101
72257204
MC		 2102 default:
2103 /* We should only be called a maximum of twice */
ca8c71ba 2104 return 0;
72257204 2105 }
ca8c71ba
MC		 2106
2107 if (psk != NULL)
2108 SSL_SESSION_up_ref(psk);
2109
2110 *sess = psk;
2111 *id = (const unsigned char *)pskid;
2112 *idlen = strlen(pskid);
2113
2114 return 1;
2115}
2116
2117static int find_session_cb(SSL *ssl, const unsigned char *identity,
2118 size_t identity_len, SSL_SESSION **sess)
2119{
2120 find_session_cb_cnt++;
2121
2122 /* We should only ever be called a maximum of twice per connection */
2123 if (find_session_cb_cnt > 2)
2124 return 0;
2125
2126 if (psk == NULL)
2127 return 0;
2128
2129 /* Identity should match that set by the client */
2130 if (strlen(srvid) != identity_len
2131 || strncmp(srvid, (const char *)identity, identity_len) != 0) {
2132 /* No PSK found, continue but without a PSK */
2133 *sess = NULL;
2134 return 1;
2135 }
2136
2137 SSL_SESSION_up_ref(psk);
2138 *sess = psk;
2139
2140 return 1;
2141}
2142
2143#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02")
2144
2145static int test_tls13_psk(void)
2146{
2147 SSL_CTX *sctx = NULL, *cctx = NULL;
2148 SSL *serverssl = NULL, *clientssl = NULL;
2149 const SSL_CIPHER *cipher = NULL;
2150 const unsigned char key[] = {
2151 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2152 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
de2f409e
MC		 2153 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
2154 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f
ca8c71ba
MC		 2155 };
2156 int testresult = 0;
2157
2158 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
2159 TLS_client_method(), &sctx,
2160 &cctx, cert, privkey)))
2161 goto end;
2162
2163 SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb);
2164 SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb);
2165 srvid = pskid;
2166
2167 /* Check we can create a connection if callback decides not to send a PSK */
2168 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2169 NULL, NULL))
2170 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2171 SSL_ERROR_NONE))
2172 || !TEST_false(SSL_session_reused(clientssl))
2173 || !TEST_false(SSL_session_reused(serverssl))
2174 || !TEST_true(use_session_cb_cnt == 1)
2175 || !TEST_true(find_session_cb_cnt == 0))
2176 goto end;
2177
2178 shutdown_ssl_connection(serverssl, clientssl);
2179 serverssl = clientssl = NULL;
2180 use_session_cb_cnt = 0;
2181
2182 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2183 NULL, NULL)))
2184 goto end;
2185
2186 /* Create the PSK */
2187 cipher = SSL_CIPHER_find(clientssl, TLS13_AES_256_GCM_SHA384_BYTES);
2188 psk = SSL_SESSION_new();
2189 if (!TEST_ptr(psk)
2190 || !TEST_ptr(cipher)
2191 || !TEST_true(SSL_SESSION_set1_master_key(psk, key, sizeof(key)))
2192 || !TEST_true(SSL_SESSION_set_cipher(psk, cipher))
2193 || !TEST_true(SSL_SESSION_set_protocol_version(psk,
2194 TLS1_3_VERSION)))
2195 goto end;
2196
2197 /* Check we can create a connection and the PSK is used */
2198 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
2199 || !TEST_true(SSL_session_reused(clientssl))
2200 || !TEST_true(SSL_session_reused(serverssl))
2201 || !TEST_true(use_session_cb_cnt == 1)
2202 || !TEST_true(find_session_cb_cnt == 1))
2203 goto end;
2204
2205 shutdown_ssl_connection(serverssl, clientssl);
2206 serverssl = clientssl = NULL;
2207 use_session_cb_cnt = find_session_cb_cnt = 0;
2208
2209 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2210 NULL, NULL)))
2211 goto end;
2212
2213 /* Force an HRR */
2214 if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
2215 goto end;
2216
2217 /*
2218 * Check we can create a connection, the PSK is used and the callbacks are
2219 * called twice.
2220 */
2221 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
2222 || !TEST_true(SSL_session_reused(clientssl))
2223 || !TEST_true(SSL_session_reused(serverssl))
2224 || !TEST_true(use_session_cb_cnt == 2)
2225 || !TEST_true(find_session_cb_cnt == 2))
2226 goto end;
2227
2228 shutdown_ssl_connection(serverssl, clientssl);
2229 serverssl = clientssl = NULL;
2230 use_session_cb_cnt = find_session_cb_cnt = 0;
2231
2232 /*
2233 * Check that if the server rejects the PSK we can still connect, but with
2234 * a full handshake
2235 */
2236 srvid = "Dummy Identity";
2237 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2238 NULL, NULL))
2239 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2240 SSL_ERROR_NONE))
2241 || !TEST_false(SSL_session_reused(clientssl))
2242 || !TEST_false(SSL_session_reused(serverssl))
2243 || !TEST_true(use_session_cb_cnt == 1)
2244 || !TEST_true(find_session_cb_cnt == 1))
2245 goto end;
2246
2247 shutdown_ssl_connection(serverssl, clientssl);
2248 serverssl = clientssl = NULL;
2249 testresult = 1;
2250
2251 end:
2252 SSL_SESSION_free(psk);
2253 SSL_free(serverssl);
2254 SSL_free(clientssl);
2255 SSL_CTX_free(sctx);
2256 SSL_CTX_free(cctx);
2257 return testresult;
2258}
2259
ca0413ae 2260#endif /* OPENSSL_NO_TLS1_3 */
5f982038 2261
a37008d9
MC		 2262static int clntaddoldcb = 0;
2263static int clntparseoldcb = 0;
2264static int srvaddoldcb = 0;
2265static int srvparseoldcb = 0;
2266static int clntaddnewcb = 0;
2267static int clntparsenewcb = 0;
2268static int srvaddnewcb = 0;
2269static int srvparsenewcb = 0;
bb01ef3f 2270static int snicb = 0;
a37008d9
MC		 2271
2272#define TEST_EXT_TYPE1 0xff00
2273
2274static int old_add_cb(SSL *s, unsigned int ext_type, const unsigned char **out,
2275 size_t *outlen, int *al, void *add_arg)
2276{
2277 int *server = (int *)add_arg;
2278 unsigned char *data;
2279
2280 if (SSL_is_server(s))
2281 srvaddoldcb++;
2282 else
2283 clntaddoldcb++;
2284
710756a9
RS		 2285 if (*server != SSL_is_server(s)
2286 || (data = OPENSSL_malloc(sizeof(*data))) == NULL)
a37008d9
MC		 2287 return -1;
2288
2289 *data = 1;
2290 *out = data;
2291 *outlen = sizeof(char);
a37008d9
MC		 2292 return 1;
2293}
2294
2295static void old_free_cb(SSL *s, unsigned int ext_type, const unsigned char *out,
2296 void *add_arg)
2297{
2298 OPENSSL_free((unsigned char *)out);
2299}
2300
2301static int old_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in,
2302 size_t inlen, int *al, void *parse_arg)
2303{
2304 int *server = (int *)parse_arg;
2305
2306 if (SSL_is_server(s))
2307 srvparseoldcb++;
2308 else
2309 clntparseoldcb++;
2310
710756a9
RS		 2311 if (*server != SSL_is_server(s)
2312 || inlen != sizeof(char)
2313 || *in != 1)
a37008d9
MC		 2314 return -1;
2315
2316 return 1;
2317}
2318
2319static int new_add_cb(SSL *s, unsigned int ext_type, unsigned int context,
2320 const unsigned char **out, size_t *outlen, X509 *x,
2321 size_t chainidx, int *al, void *add_arg)
2322{
2323 int *server = (int *)add_arg;
2324 unsigned char *data;
2325
2326 if (SSL_is_server(s))
2327 srvaddnewcb++;
2328 else
2329 clntaddnewcb++;
2330
710756a9
RS		 2331 if (*server != SSL_is_server(s)
2332 || (data = OPENSSL_malloc(sizeof(*data))) == NULL)
a37008d9
MC		 2333 return -1;
2334
2335 *data = 1;
2336 *out = data;
710756a9 2337 *outlen = sizeof(*data);
a37008d9
MC		 2338 return 1;
2339}
2340
2341static void new_free_cb(SSL *s, unsigned int ext_type, unsigned int context,
2342 const unsigned char *out, void *add_arg)
2343{
2344 OPENSSL_free((unsigned char *)out);
2345}
2346
2347static int new_parse_cb(SSL *s, unsigned int ext_type, unsigned int context,
2348 const unsigned char *in, size_t inlen, X509 *x,
2349 size_t chainidx, int *al, void *parse_arg)
2350{
2351 int *server = (int *)parse_arg;
2352
2353 if (SSL_is_server(s))
2354 srvparsenewcb++;
2355 else
2356 clntparsenewcb++;
2357
710756a9
RS		 2358 if (*server != SSL_is_server(s)
2359 || inlen != sizeof(char) || *in != 1)
a37008d9
MC		 2360 return -1;
2361
2362 return 1;
2363}
bb01ef3f
MC		 2364
2365static int sni_cb(SSL *s, int *al, void *arg)
2366{
2367 SSL_CTX *ctx = (SSL_CTX *)arg;
2368
2369 if (SSL_set_SSL_CTX(s, ctx) == NULL) {
2370 *al = SSL_AD_INTERNAL_ERROR;
2371 return SSL_TLSEXT_ERR_ALERT_FATAL;
2372 }
2373 snicb++;
2374 return SSL_TLSEXT_ERR_OK;
2375}
2376
a37008d9
MC		 2377/*
2378 * Custom call back tests.
2379 * Test 0: Old style callbacks in TLSv1.2
2380 * Test 1: New style callbacks in TLSv1.2
bb01ef3f
MC		 2381 * Test 2: New style callbacks in TLSv1.2 with SNI
2382 * Test 3: New style callbacks in TLSv1.3. Extensions in CH and EE
2383 * Test 4: New style callbacks in TLSv1.3. Extensions in CH, SH, EE, Cert + NST
a37008d9 2384 */
710756a9
RS		 2385static int test_custom_exts(int tst)
2386{
bb01ef3f 2387 SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
a37008d9
MC		 2388 SSL *clientssl = NULL, *serverssl = NULL;
2389 int testresult = 0;
2390 static int server = 1;
2391 static int client = 0;
2392 SSL_SESSION *sess = NULL;
2393 unsigned int context;
2394
2395 /* Reset callback counters */
2396 clntaddoldcb = clntparseoldcb = srvaddoldcb = srvparseoldcb = 0;
2397 clntaddnewcb = clntparsenewcb = srvaddnewcb = srvparsenewcb = 0;
bb01ef3f 2398 snicb = 0;
a37008d9 2399
710756a9
RS		 2400 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
2401 TLS_client_method(), &sctx,
2402 &cctx, cert, privkey)))
2403 goto end;
a37008d9 2404
bb01ef3f
MC		 2405 if (tst == 2
2406 && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL, &sctx2,
2407 NULL, cert, privkey)))
2408 goto end;
2409
2410
2411 if (tst < 3) {
a37008d9
MC		 2412 SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
2413 SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
bb01ef3f
MC		 2414 if (sctx2 != NULL)
2415 SSL_CTX_set_options(sctx2, SSL_OP_NO_TLSv1_3);
a37008d9
MC		 2416 }
2417
bb01ef3f 2418 if (tst == 4) {
710756a9
RS		 2419 context = SSL_EXT_CLIENT_HELLO
2420 | SSL_EXT_TLS1_2_SERVER_HELLO
a37008d9
MC		 2421 | SSL_EXT_TLS1_3_SERVER_HELLO
2422 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
2423 | SSL_EXT_TLS1_3_CERTIFICATE
2424 | SSL_EXT_TLS1_3_NEW_SESSION_TICKET;
2425 } else {
710756a9
RS		 2426 context = SSL_EXT_CLIENT_HELLO
2427 | SSL_EXT_TLS1_2_SERVER_HELLO
a37008d9
MC		 2428 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS;
2429 }
2430
2431 /* Create a client side custom extension */
2432 if (tst == 0) {
710756a9
RS		 2433 if (!TEST_true(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1,
2434 old_add_cb, old_free_cb,
2435 &client, old_parse_cb,
2436 &client)))
2437 goto end;
a37008d9 2438 } else {
710756a9
RS		 2439 if (!TEST_true(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1, context,
2440 new_add_cb, new_free_cb,
2441 &client, new_parse_cb, &client)))
2442 goto end;
a37008d9
MC		 2443 }
2444
2445 /* Should not be able to add duplicates */
710756a9
RS		 2446 if (!TEST_false(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1,
2447 old_add_cb, old_free_cb,
2448 &client, old_parse_cb,
2449 &client))
2450 || !TEST_false(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1,
2451 context, new_add_cb,
2452 new_free_cb, &client,
2453 new_parse_cb, &client)))
2454 goto end;
a37008d9
MC		 2455
2456 /* Create a server side custom extension */
2457 if (tst == 0) {
710756a9
RS		 2458 if (!TEST_true(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1,
2459 old_add_cb, old_free_cb,
2460 &server, old_parse_cb,
2461 &server)))
2462 goto end;
a37008d9 2463 } else {
710756a9
RS		 2464 if (!TEST_true(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1, context,
2465 new_add_cb, new_free_cb,
2466 &server, new_parse_cb, &server)))
2467 goto end;
bb01ef3f
MC		 2468 if (sctx2 != NULL
2469 && !TEST_true(SSL_CTX_add_custom_ext(sctx2, TEST_EXT_TYPE1,
2470 context, new_add_cb,
2471 new_free_cb, &server,
2472 new_parse_cb, &server)))
2473 goto end;
a37008d9
MC		 2474 }
2475
2476 /* Should not be able to add duplicates */
710756a9
RS		 2477 if (!TEST_false(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1,
2478 old_add_cb, old_free_cb,
2479 &server, old_parse_cb,
2480 &server))
2481 || !TEST_false(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1,
2482 context, new_add_cb,
2483 new_free_cb, &server,
2484 new_parse_cb, &server)))
a37008d9 2485 goto end;
a37008d9 2486
bb01ef3f
MC		 2487 if (tst == 2) {
2488 /* Set up SNI */
2489 if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb))
2490 || !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2)))
2491 goto end;
2492 }
2493
710756a9
RS		 2494 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
2495 &clientssl, NULL, NULL))
2496 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2497 SSL_ERROR_NONE)))
a37008d9 2498 goto end;
a37008d9
MC		 2499
2500 if (tst == 0) {
710756a9
RS		 2501 if (clntaddoldcb != 1
2502 || clntparseoldcb != 1
2503 || srvaddoldcb != 1
2504 || srvparseoldcb != 1)
a37008d9 2505 goto end;
bb01ef3f 2506 } else if (tst == 1 || tst == 2 || tst == 3) {
710756a9
RS		 2507 if (clntaddnewcb != 1
2508 || clntparsenewcb != 1
2509 || srvaddnewcb != 1
bb01ef3f
MC		 2510 || srvparsenewcb != 1
2511 || (tst != 2 && snicb != 0)
2512 || (tst == 2 && snicb != 1))
a37008d9 2513 goto end;
a37008d9 2514 } else {
710756a9
RS		 2515 if (clntaddnewcb != 1
2516 || clntparsenewcb != 4
2517 || srvaddnewcb != 4
2518 || srvparsenewcb != 1)
a37008d9 2519 goto end;
a37008d9
MC		 2520 }
2521
2522 sess = SSL_get1_session(clientssl);
a37008d9
MC		 2523 SSL_shutdown(clientssl);
2524 SSL_shutdown(serverssl);
a37008d9
MC		 2525 SSL_free(serverssl);
2526 SSL_free(clientssl);
2527 serverssl = clientssl = NULL;
2528
bb01ef3f
MC		 2529 if (tst == 3) {
2530 /* We don't bother with the resumption aspects for this test */
2531 testresult = 1;
2532 goto end;
2533 }
2534
710756a9
RS		 2535 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2536 NULL, NULL))
2537 || !TEST_true(SSL_set_session(clientssl, sess))
2538 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2539 SSL_ERROR_NONE)))
a37008d9 2540 goto end;
a37008d9
MC		 2541
2542 /*
2543 * For a resumed session we expect to add the ClientHello extension. For the
2544 * old style callbacks we ignore it on the server side because they set
2545 * SSL_EXT_IGNORE_ON_RESUMPTION. The new style callbacks do not ignore
2546 * them.
2547 */
2548 if (tst == 0) {
710756a9
RS		 2549 if (clntaddoldcb != 2
2550 || clntparseoldcb != 1
2551 || srvaddoldcb != 1
2552 || srvparseoldcb != 1)
a37008d9 2553 goto end;
bb01ef3f 2554 } else if (tst == 1 || tst == 2 || tst == 3) {
710756a9
RS		 2555 if (clntaddnewcb != 2
2556 || clntparsenewcb != 2
2557 || srvaddnewcb != 2
2558 || srvparsenewcb != 2)
a37008d9 2559 goto end;
a37008d9
MC		 2560 } else {
2561 /* No Certificate message extensions in the resumption handshake */
710756a9
RS		 2562 if (clntaddnewcb != 2
2563 || clntparsenewcb != 7
2564 || srvaddnewcb != 7
2565 || srvparsenewcb != 2)
a37008d9 2566 goto end;
a37008d9
MC		 2567 }
2568
2569 testresult = 1;
2570
2571end:
2572 SSL_SESSION_free(sess);
2573 SSL_free(serverssl);
2574 SSL_free(clientssl);
bb01ef3f 2575 SSL_CTX_free(sctx2);
a37008d9
MC		 2576 SSL_CTX_free(sctx);
2577 SSL_CTX_free(cctx);
a37008d9
MC		 2578 return testresult;
2579}
2580
16afd71c
MC		 2581/*
2582 * Test loading of serverinfo data in various formats. test_sslmessages actually
2583 * tests to make sure the extensions appear in the handshake
2584 */
2585static int test_serverinfo(int tst)
2586{
2587 unsigned int version;
2588 unsigned char *sibuf;
2589 size_t sibuflen;
2590 int ret, expected, testresult = 0;
2591 SSL_CTX *ctx;
2592
2593 ctx = SSL_CTX_new(TLS_method());
2594 if (!TEST_ptr(ctx))
2595 goto end;
2596
2597 if ((tst & 0x01) == 0x01)
2598 version = SSL_SERVERINFOV2;
2599 else
2600 version = SSL_SERVERINFOV1;
2601
2602 if ((tst & 0x02) == 0x02) {
2603 sibuf = serverinfov2;
2604 sibuflen = sizeof(serverinfov2);
2605 expected = (version == SSL_SERVERINFOV2);
2606 } else {
2607 sibuf = serverinfov1;
2608 sibuflen = sizeof(serverinfov1);
2609 expected = (version == SSL_SERVERINFOV1);
2610 }
2611
2612 if ((tst & 0x04) == 0x04) {
2613 ret = SSL_CTX_use_serverinfo_ex(ctx, version, sibuf, sibuflen);
2614 } else {
2615 ret = SSL_CTX_use_serverinfo(ctx, sibuf, sibuflen);
2616
2617 /*
2618 * The version variable is irrelevant in this case - it's what is in the
2619 * buffer that matters
2620 */
2621 if ((tst & 0x02) == 0x02)
2622 expected = 0;
2623 else
2624 expected = 1;
2625 }
2626
2627 if (!TEST_true(ret == expected))
2628 goto end;
2629
2630 testresult = 1;
2631
2632 end:
2633 SSL_CTX_free(ctx);
2634
2635 return testresult;
2636}
2637
2197d1df
MC		 2638/*
2639 * Test that SSL_export_keying_material() produces expected results. There are
2640 * no test vectors so all we do is test that both sides of the communication
2641 * produce the same results for different protocol versions.
2642 */
2643static int test_export_key_mat(int tst)
2644{
a599574b 2645 int testresult = 0;
2197d1df
MC		 2646 SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
2647 SSL *clientssl = NULL, *serverssl = NULL;
2648 const char label[] = "test label";
2649 const unsigned char context[] = "context";
2650 const unsigned char *emptycontext = NULL;
2651 unsigned char ckeymat1[80], ckeymat2[80], ckeymat3[80];
2652 unsigned char skeymat1[80], skeymat2[80], skeymat3[80];
a599574b
MC		 2653 const int protocols[] = {
2654 TLS1_VERSION,
2655 TLS1_1_VERSION,
2656 TLS1_2_VERSION,
2657 TLS1_3_VERSION
2658 };
2197d1df
MC		 2659
2660#ifdef OPENSSL_NO_TLS1
2661 if (tst == 0)
2662 return 1;
2663#endif
2664#ifdef OPENSSL_NO_TLS1_1
2665 if (tst == 1)
2666 return 1;
2667#endif
2668#ifdef OPENSSL_NO_TLS1_2
2669 if (tst == 2)
2670 return 1;
2671#endif
2672#ifdef OPENSSL_NO_TLS1_3
2673 if (tst == 3)
2674 return 1;
2675#endif
2676 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
2677 TLS_client_method(), &sctx,
2678 &cctx, cert, privkey)))
2679 goto end;
2680
a599574b
MC		 2681 OPENSSL_assert(tst >= 0 && (size_t)tst < OSSL_NELEM(protocols));
2682 SSL_CTX_set_max_proto_version(cctx, protocols[tst]);
2683 SSL_CTX_set_min_proto_version(cctx, protocols[tst]);
2197d1df
MC		 2684
2685 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
2686 NULL))
2687 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2688 SSL_ERROR_NONE)))
2689 goto end;
2690
2691 if (!TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat1,
2692 sizeof(ckeymat1), label,
2693 sizeof(label) - 1, context,
2694 sizeof(context) - 1, 1), 1)
2695 || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat2,
2696 sizeof(ckeymat2), label,
2697 sizeof(label) - 1,
2698 emptycontext,
2699 0, 1), 1)
2700 || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat3,
2701 sizeof(ckeymat3), label,
2702 sizeof(label) - 1,
2703 NULL, 0, 0), 1)
2704 || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat1,
2705 sizeof(skeymat1), label,
2706 sizeof(label) - 1,
2707 context,
2708 sizeof(context) -1, 1),
2709 1)
2710 || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat2,
2711 sizeof(skeymat2), label,
2712 sizeof(label) - 1,
2713 emptycontext,
2714 0, 1), 1)
2715 || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat3,
2716 sizeof(skeymat3), label,
2717 sizeof(label) - 1,
2718 NULL, 0, 0), 1)
2719 /*
2720 * Check that both sides created the same key material with the
2721 * same context.
2722 */
2723 || !TEST_mem_eq(ckeymat1, sizeof(ckeymat1), skeymat1,
2724 sizeof(skeymat1))
2725 /*
2726 * Check that both sides created the same key material with an
2727 * empty context.
2728 */
2729 || !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), skeymat2,
2730 sizeof(skeymat2))
2731 /*
2732 * Check that both sides created the same key material without a
2733 * context.
2734 */
2735 || !TEST_mem_eq(ckeymat3, sizeof(ckeymat3), skeymat3,
2736 sizeof(skeymat3))
2737 /* Different contexts should produce different results */
2738 || !TEST_mem_ne(ckeymat1, sizeof(ckeymat1), ckeymat2,
2739 sizeof(ckeymat2)))
2740 goto end;
2741
2742 /*
2743 * Check that an empty context and no context produce different results in
2744 * protocols less than TLSv1.3. In TLSv1.3 they should be the same.
2745 */
2746 if ((tst != 3 && !TEST_mem_ne(ckeymat2, sizeof(ckeymat2), ckeymat3,
2747 sizeof(ckeymat3)))
2748 || (tst ==3 && !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), ckeymat3,
2749 sizeof(ckeymat3))))
2750 goto end;
2751
2752 testresult = 1;
2753
2754 end:
2755 SSL_free(serverssl);
2756 SSL_free(clientssl);
2757 SSL_CTX_free(sctx2);
2758 SSL_CTX_free(sctx);
2759 SSL_CTX_free(cctx);
2760
2761 return testresult;
2762}
2763
e11b6aa4
MC		 2764static int test_ssl_clear(int idx)
2765{
2766 SSL_CTX *cctx = NULL, *sctx = NULL;
2767 SSL *clientssl = NULL, *serverssl = NULL;
2768 int testresult = 0;
2769
2770#ifdef OPENSSL_NO_TLS1_2
2771 if (idx == 1)
2772 return 1;
2773#endif
2774
2775 /* Create an initial connection */
2776 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
2777 TLS_client_method(), &sctx,
2778 &cctx, cert, privkey))
2779 || (idx == 1
2780 && !TEST_true(SSL_CTX_set_max_proto_version(cctx,
2781 TLS1_2_VERSION)))
2782 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
2783 &clientssl, NULL, NULL))
2784 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2785 SSL_ERROR_NONE)))
2786 goto end;
2787
2788 SSL_shutdown(clientssl);
2789 SSL_shutdown(serverssl);
2790 SSL_free(serverssl);
2791 serverssl = NULL;
2792
2793 /* Clear clientssl - we're going to reuse the object */
2794 if (!TEST_true(SSL_clear(clientssl)))
2795 goto end;
2796
2797 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2798 NULL, NULL))
2799 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2800 SSL_ERROR_NONE))
2801 || !TEST_true(SSL_session_reused(clientssl)))
2802 goto end;
2803
2804 SSL_shutdown(clientssl);
2805 SSL_shutdown(serverssl);
2806
2807 testresult = 1;
2808
2809 end:
2810 SSL_free(serverssl);
2811 SSL_free(clientssl);
2812 SSL_CTX_free(sctx);
2813 SSL_CTX_free(cctx);
2814
2815 return testresult;
2816}
2817
ad887416 2818int setup_tests(void)
2cb4b5f6 2819{
ad887416
P		 2820 if (!TEST_ptr(cert = test_get_argument(0))
2821 || !TEST_ptr(privkey = test_get_argument(1)))
710756a9 2822 return 0;
2cb4b5f6 2823
84d5549e 2824 ADD_TEST(test_large_message_tls);
7856332e 2825 ADD_TEST(test_large_message_tls_read_ahead);
55386bef 2826#ifndef OPENSSL_NO_DTLS
84d5549e 2827 ADD_TEST(test_large_message_dtls);
55386bef 2828#endif
8f8c11d8 2829#ifndef OPENSSL_NO_OCSP
c887104f 2830 ADD_TEST(test_tlsext_status_type);
8f8c11d8 2831#endif
eaa776da
MC		 2832 ADD_TEST(test_session_with_only_int_cache);
2833 ADD_TEST(test_session_with_only_ext_cache);
2834 ADD_TEST(test_session_with_both_cache);
7fb4c820 2835 ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS);
9a716987
MC		 2836 ADD_TEST(test_ssl_bio_pop_next_bio);
2837 ADD_TEST(test_ssl_bio_pop_ssl_bio);
2838 ADD_TEST(test_ssl_bio_change_rbio);
2839 ADD_TEST(test_ssl_bio_change_wbio);
f1b25aae 2840 ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2);
6acdd3e5
CB		 2841 ADD_TEST(test_keylog);
2842#ifndef OPENSSL_NO_TLS1_3
2843 ADD_TEST(test_keylog_no_master_key);
2844#endif
e9ee6536 2845#ifndef OPENSSL_NO_TLS1_2
2afaee51 2846 ADD_TEST(test_early_cb);
5f982038
MC		 2847#endif
2848#ifndef OPENSSL_NO_TLS1_3
3cb47b4e
MC		 2849 ADD_ALL_TESTS(test_early_data_read_write, 2);
2850 ADD_ALL_TESTS(test_early_data_skip, 2);
6b84e6bf 2851 ADD_ALL_TESTS(test_early_data_skip_hrr, 2);
3cb47b4e
MC		 2852 ADD_ALL_TESTS(test_early_data_not_sent, 2);
2853 ADD_ALL_TESTS(test_early_data_not_expected, 2);
5f982038 2854# ifndef OPENSSL_NO_TLS1_2
3cb47b4e 2855 ADD_ALL_TESTS(test_early_data_tls1_2, 2);
5f982038 2856# endif
e9ee6536 2857#endif
a273157a 2858#ifndef OPENSSL_NO_TLS1_3
ca0413ae 2859 ADD_TEST(test_ciphersuite_change);
ca8c71ba 2860 ADD_TEST(test_tls13_psk);
bb01ef3f 2861 ADD_ALL_TESTS(test_custom_exts, 5);
a273157a 2862#else
bb01ef3f 2863 ADD_ALL_TESTS(test_custom_exts, 3);
a273157a 2864#endif
16afd71c 2865 ADD_ALL_TESTS(test_serverinfo, 8);
2197d1df 2866 ADD_ALL_TESTS(test_export_key_mat, 4);
e11b6aa4 2867 ADD_ALL_TESTS(test_ssl_clear, 2);
ad887416
P		 2868 return 1;
2869}
2cb4b5f6 2870
ad887416
P		 2871void cleanup_tests(void)
2872{
fa454945 2873 bio_s_mempacket_test_free();
2cb4b5f6 2874}
A mirror of the official openssl repository