]> git.ipfire.org Git - thirdparty/openssl.git/blame_incremental - test/sslapitest.c
projects / thirdparty / openssl.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Update SSL_export_keying_material() for TLSv1.3
[thirdparty/openssl.git] / test / sslapitest.c
... / ...
CommitLineData
1/*
2 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <string.h>
11
12#include <openssl/opensslconf.h>
13#include <openssl/bio.h>
14#include <openssl/crypto.h>
15#include <openssl/ssl.h>
16#include <openssl/ocsp.h>
17
18#include "ssltestlib.h"
19#include "testutil.h"
20#include "e_os.h"
21#include "../ssl/ssl_locl.h"
22
23static char *cert = NULL;
24static char *privkey = NULL;
25
26#define LOG_BUFFER_SIZE 1024
27static char server_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
28static size_t server_log_buffer_index = 0;
29static char client_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
30static size_t client_log_buffer_index = 0;
31static int error_writing_log = 0;
32
33#ifndef OPENSSL_NO_OCSP
34static const unsigned char orespder[] = "Dummy OCSP Response";
35static int ocsp_server_called = 0;
36static int ocsp_client_called = 0;
37
38static int cdummyarg = 1;
39static X509 *ocspcert = NULL;
40#endif
41
42#define NUM_EXTRA_CERTS 40
43
44/*
45 * This structure is used to validate that the correct number of log messages
46 * of various types are emitted when emitting secret logs.
47 */
48struct sslapitest_log_counts {
49 unsigned int rsa_key_exchange_count;
50 unsigned int master_secret_count;
51 unsigned int client_handshake_secret_count;
52 unsigned int server_handshake_secret_count;
53 unsigned int client_application_secret_count;
54 unsigned int server_application_secret_count;
55};
56
57
58static unsigned char serverinfov1[] = {
59 0xff, 0xff, /* Dummy extension type */
60 0x00, 0x01, /* Extension length is 1 byte */
61 0xff /* Dummy extension data */
62};
63
64static unsigned char serverinfov2[] = {
65 0x00, 0x00, 0x00,
66 (unsigned char)(SSL_EXT_CLIENT_HELLO & 0xff), /* Dummy context - 4 bytes */
67 0xff, 0xff, /* Dummy extension type */
68 0x00, 0x01, /* Extension length is 1 byte */
69 0xff /* Dummy extension data */
70};
71
72static void client_keylog_callback(const SSL *ssl, const char *line)
73{
74 int line_length = strlen(line);
75
76 /* If the log doesn't fit, error out. */
77 if (client_log_buffer_index + line_length > sizeof(client_log_buffer) - 1) {
78 TEST_info("Client log too full");
79 error_writing_log = 1;
80 return;
81 }
82
83 strcat(client_log_buffer, line);
84 client_log_buffer_index += line_length;
85 client_log_buffer[client_log_buffer_index++] = '\n';
86}
87
88static void server_keylog_callback(const SSL *ssl, const char *line)
89{
90 int line_length = strlen(line);
91
92 /* If the log doesn't fit, error out. */
93 if (server_log_buffer_index + line_length > sizeof(server_log_buffer) - 1) {
94 TEST_info("Server og too full");
95 error_writing_log = 1;
96 return;
97 }
98
99 strcat(server_log_buffer, line);
100 server_log_buffer_index += line_length;
101 server_log_buffer[server_log_buffer_index++] = '\n';
102}
103
104static int compare_hex_encoded_buffer(const char *hex_encoded,
105 size_t hex_length,
106 const uint8_t *raw,
107 size_t raw_length)
108{
109 size_t i, j;
110 char hexed[3];
111
112 if (!TEST_size_t_eq(raw_length * 2, hex_length))
113 return 1;
114
115 for (i = j = 0; i < raw_length && j + 1 < hex_length; i++, j += 2) {
116 sprintf(hexed, "%02x", raw[i]);
117 if (!TEST_int_eq(hexed[0], hex_encoded[j])
118 || !TEST_int_eq(hexed[1], hex_encoded[j + 1]))
119 return 1;
120 }
121
122 return 0;
123}
124
125static int test_keylog_output(char *buffer, const SSL *ssl,
126 const SSL_SESSION *session,
127 struct sslapitest_log_counts *expected)
128{
129 char *token = NULL;
130 unsigned char actual_client_random[SSL3_RANDOM_SIZE] = {0};
131 size_t client_random_size = SSL3_RANDOM_SIZE;
132 unsigned char actual_master_key[SSL_MAX_MASTER_KEY_LENGTH] = {0};
133 size_t master_key_size = SSL_MAX_MASTER_KEY_LENGTH;
134 unsigned int rsa_key_exchange_count = 0;
135 unsigned int master_secret_count = 0;
136 unsigned int client_handshake_secret_count = 0;
137 unsigned int server_handshake_secret_count = 0;
138 unsigned int client_application_secret_count = 0;
139 unsigned int server_application_secret_count = 0;
140
141 for (token = strtok(buffer, " \n"); token != NULL;
142 token = strtok(NULL, " \n")) {
143 if (strcmp(token, "RSA") == 0) {
144 /*
145 * Premaster secret. Tokens should be: 16 ASCII bytes of
146 * hex-encoded encrypted secret, then the hex-encoded pre-master
147 * secret.
148 */
149 if (!TEST_ptr(token = strtok(NULL, " \n")))
150 return 0;
151 if (!TEST_size_t_eq(strlen(token), 16))
152 return 0;
153 if (!TEST_ptr(token = strtok(NULL, " \n")))
154 return 0;
155 /*
156 * We can't sensibly check the log because the premaster secret is
157 * transient, and OpenSSL doesn't keep hold of it once the master
158 * secret is generated.
159 */
160 rsa_key_exchange_count++;
161 } else if (strcmp(token, "CLIENT_RANDOM") == 0) {
162 /*
163 * Master secret. Tokens should be: 64 ASCII bytes of hex-encoded
164 * client random, then the hex-encoded master secret.
165 */
166 client_random_size = SSL_get_client_random(ssl,
167 actual_client_random,
168 SSL3_RANDOM_SIZE);
169 if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE))
170 return 0;
171
172 if (!TEST_ptr(token = strtok(NULL, " \n")))
173 return 0;
174 if (!TEST_size_t_eq(strlen(token), 64))
175 return 0;
176 if (!TEST_false(compare_hex_encoded_buffer(token, 64,
177 actual_client_random,
178 client_random_size)))
179 return 0;
180
181 if (!TEST_ptr(token = strtok(NULL, " \n")))
182 return 0;
183 master_key_size = SSL_SESSION_get_master_key(session,
184 actual_master_key,
185 master_key_size);
186 if (!TEST_size_t_ne(master_key_size, 0))
187 return 0;
188 if (!TEST_false(compare_hex_encoded_buffer(token, strlen(token),
189 actual_master_key,
190 master_key_size)))
191 return 0;
192 master_secret_count++;
193 } else if (strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0
194 || strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0
195 || strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0
196 || strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0) {
197 /*
198 * TLSv1.3 secret. Tokens should be: 64 ASCII bytes of hex-encoded
199 * client random, and then the hex-encoded secret. In this case,
200 * we treat all of these secrets identically and then just
201 * distinguish between them when counting what we saw.
202 */
203 if (strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0)
204 client_handshake_secret_count++;
205 else if (strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0)
206 server_handshake_secret_count++;
207 else if (strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0)
208 client_application_secret_count++;
209 else if (strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0)
210 server_application_secret_count++;
211
212 client_random_size = SSL_get_client_random(ssl,
213 actual_client_random,
214 SSL3_RANDOM_SIZE);
215 if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE))
216 return 0;
217
218 if (!TEST_ptr(token = strtok(NULL, " \n")))
219 return 0;
220 if (!TEST_size_t_eq(strlen(token), 64))
221 return 0;
222 if (!TEST_false(compare_hex_encoded_buffer(token, 64,
223 actual_client_random,
224 client_random_size)))
225 return 0;
226
227 if (!TEST_ptr(token = strtok(NULL, " \n")))
228 return 0;
229
230 /*
231 * TODO(TLS1.3): test that application traffic secrets are what
232 * we expect */
233 } else {
234 TEST_info("Unexpected token %s\n", token);
235 return 0;
236 }
237 }
238
239 /* Got what we expected? */
240 if (!TEST_size_t_eq(rsa_key_exchange_count,
241 expected->rsa_key_exchange_count)
242 || !TEST_size_t_eq(master_secret_count,
243 expected->master_secret_count)
244 || !TEST_size_t_eq(client_handshake_secret_count,
245 expected->client_handshake_secret_count)
246 || !TEST_size_t_eq(server_handshake_secret_count,
247 expected->server_handshake_secret_count)
248 || !TEST_size_t_eq(client_application_secret_count,
249 expected->client_application_secret_count)
250 || !TEST_size_t_eq(server_application_secret_count,
251 expected->server_application_secret_count))
252 return 0;
253 return 1;
254}
255
256static int test_keylog(void)
257{
258 SSL_CTX *cctx = NULL, *sctx = NULL;
259 SSL *clientssl = NULL, *serverssl = NULL;
260 int testresult = 0;
261 struct sslapitest_log_counts expected = {0};
262
263 /* Clean up logging space */
264 memset(client_log_buffer, 0, sizeof(client_log_buffer));
265 memset(server_log_buffer, 0, sizeof(server_log_buffer));
266 client_log_buffer_index = 0;
267 server_log_buffer_index = 0;
268 error_writing_log = 0;
269
270 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
271 TLS_client_method(),
272 &sctx, &cctx, cert, privkey)))
273 return 0;
274
275 /* We cannot log the master secret for TLSv1.3, so we should forbid it. */
276 SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
277 SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
278
279 /* We also want to ensure that we use RSA-based key exchange. */
280 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "RSA")))
281 goto end;
282
283 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL)
284 || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL))
285 goto end;
286 SSL_CTX_set_keylog_callback(cctx, client_keylog_callback);
287 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx)
288 == client_keylog_callback))
289 goto end;
290 SSL_CTX_set_keylog_callback(sctx, server_keylog_callback);
291 if (!TEST_true(SSL_CTX_get_keylog_callback(sctx)
292 == server_keylog_callback))
293 goto end;
294
295 /* Now do a handshake and check that the logs have been written to. */
296 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
297 &clientssl, NULL, NULL))
298 || !TEST_true(create_ssl_connection(serverssl, clientssl,
299 SSL_ERROR_NONE))
300 || !TEST_false(error_writing_log)
301 || !TEST_int_gt(client_log_buffer_index, 0)
302 || !TEST_int_gt(server_log_buffer_index, 0))
303 goto end;
304
305 /*
306 * Now we want to test that our output data was vaguely sensible. We
307 * do that by using strtok and confirming that we have more or less the
308 * data we expect. For both client and server, we expect to see one master
309 * secret. The client should also see a RSA key exchange.
310 */
311 expected.rsa_key_exchange_count = 1;
312 expected.master_secret_count = 1;
313 if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
314 SSL_get_session(clientssl), &expected)))
315 goto end;
316
317 expected.rsa_key_exchange_count = 0;
318 if (!TEST_true(test_keylog_output(server_log_buffer, serverssl,
319 SSL_get_session(serverssl), &expected)))
320 goto end;
321
322 testresult = 1;
323
324end:
325 SSL_free(serverssl);
326 SSL_free(clientssl);
327 SSL_CTX_free(sctx);
328 SSL_CTX_free(cctx);
329
330 return testresult;
331}
332
333#ifndef OPENSSL_NO_TLS1_3
334static int test_keylog_no_master_key(void)
335{
336 SSL_CTX *cctx = NULL, *sctx = NULL;
337 SSL *clientssl = NULL, *serverssl = NULL;
338 int testresult = 0;
339 struct sslapitest_log_counts expected = {0};
340
341 /* Clean up logging space */
342 memset(client_log_buffer, 0, sizeof(client_log_buffer));
343 memset(server_log_buffer, 0, sizeof(server_log_buffer));
344 client_log_buffer_index = 0;
345 server_log_buffer_index = 0;
346 error_writing_log = 0;
347
348 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
349 TLS_client_method(), &sctx,
350 &cctx, cert, privkey)))
351 return 0;
352
353 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL)
354 || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL))
355 goto end;
356
357 SSL_CTX_set_keylog_callback(cctx, client_keylog_callback);
358 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx)
359 == client_keylog_callback))
360 goto end;
361
362 SSL_CTX_set_keylog_callback(sctx, server_keylog_callback);
363 if (!TEST_true(SSL_CTX_get_keylog_callback(sctx)
364 == server_keylog_callback))
365 goto end;
366
367 /* Now do a handshake and check that the logs have been written to. */
368 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
369 &clientssl, NULL, NULL))
370 || !TEST_true(create_ssl_connection(serverssl, clientssl,
371 SSL_ERROR_NONE))
372 || !TEST_false(error_writing_log))
373 goto end;
374
375 /*
376 * Now we want to test that our output data was vaguely sensible. For this
377 * test, we expect no CLIENT_RANDOM entry because it doesn't make sense for
378 * TLSv1.3, but we do expect both client and server to emit keys.
379 */
380 expected.client_handshake_secret_count = 1;
381 expected.server_handshake_secret_count = 1;
382 expected.client_application_secret_count = 1;
383 expected.server_application_secret_count = 1;
384 if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
385 SSL_get_session(clientssl), &expected))
386 || !TEST_true(test_keylog_output(server_log_buffer, serverssl,
387 SSL_get_session(serverssl),
388 &expected)))
389 goto end;
390
391 testresult = 1;
392
393end:
394 SSL_free(serverssl);
395 SSL_free(clientssl);
396 SSL_CTX_free(sctx);
397 SSL_CTX_free(cctx);
398
399 return testresult;
400}
401#endif
402
403#ifndef OPENSSL_NO_TLS1_2
404static int full_early_callback(SSL *s, int *al, void *arg)
405{
406 int *ctr = arg;
407 const unsigned char *p;
408 int *exts;
409 /* We only configure two ciphers, but the SCSV is added automatically. */
410#ifdef OPENSSL_NO_EC
411 const unsigned char expected_ciphers[] = {0x00, 0x9d, 0x00, 0xff};
412#else
413 const unsigned char expected_ciphers[] = {0x00, 0x9d, 0xc0,
414 0x2c, 0x00, 0xff};
415#endif
416 const int expected_extensions[] = {
417#ifndef OPENSSL_NO_EC
418 11, 10,
419#endif
420 35, 13, 22, 23};
421 size_t len;
422
423 /* Make sure we can defer processing and get called back. */
424 if ((*ctr)++ == 0)
425 return -1;
426
427 len = SSL_early_get0_ciphers(s, &p);
428 if (!TEST_mem_eq(p, len, expected_ciphers, sizeof(expected_ciphers))
429 || !TEST_size_t_eq(SSL_early_get0_compression_methods(s, &p), 1)
430 || !TEST_int_eq(*p, 0))
431 return 0;
432 if (!SSL_early_get1_extensions_present(s, &exts, &len))
433 return 0;
434 if (len != OSSL_NELEM(expected_extensions) ||
435 memcmp(exts, expected_extensions, len * sizeof(*exts)) != 0) {
436 printf("Early callback expected ClientHello extensions mismatch\n");
437 OPENSSL_free(exts);
438 return 0;
439 }
440 OPENSSL_free(exts);
441 return 1;
442}
443
444static int test_early_cb(void)
445{
446 SSL_CTX *cctx = NULL, *sctx = NULL;
447 SSL *clientssl = NULL, *serverssl = NULL;
448 int testctr = 0, testresult = 0;
449
450 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
451 TLS_client_method(), &sctx,
452 &cctx, cert, privkey)))
453 goto end;
454 SSL_CTX_set_early_cb(sctx, full_early_callback, &testctr);
455
456 /* The gimpy cipher list we configure can't do TLS 1.3. */
457 SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
458
459 if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
460 "AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384"))
461 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
462 &clientssl, NULL, NULL))
463 || !TEST_false(create_ssl_connection(serverssl, clientssl,
464 SSL_ERROR_WANT_EARLY))
465 /*
466 * Passing a -1 literal is a hack since
467 * the real value was lost.
468 * */
469 || !TEST_int_eq(SSL_get_error(serverssl, -1), SSL_ERROR_WANT_EARLY)
470 || !TEST_true(create_ssl_connection(serverssl, clientssl,
471 SSL_ERROR_NONE)))
472 goto end;
473
474 testresult = 1;
475
476end:
477 SSL_free(serverssl);
478 SSL_free(clientssl);
479 SSL_CTX_free(sctx);
480 SSL_CTX_free(cctx);
481
482 return testresult;
483}
484#endif
485
486static int execute_test_large_message(const SSL_METHOD *smeth,
487 const SSL_METHOD *cmeth, int read_ahead)
488{
489 SSL_CTX *cctx = NULL, *sctx = NULL;
490 SSL *clientssl = NULL, *serverssl = NULL;
491 int testresult = 0;
492 int i;
493 BIO *certbio = NULL;
494 X509 *chaincert = NULL;
495 int certlen;
496
497 if (!TEST_ptr(certbio = BIO_new_file(cert, "r")))
498 goto end;
499 chaincert = PEM_read_bio_X509(certbio, NULL, NULL, NULL);
500 BIO_free(certbio);
501 certbio = NULL;
502 if (!TEST_ptr(chaincert))
503 goto end;
504
505 if (!TEST_true(create_ssl_ctx_pair(smeth, cmeth, &sctx,
506 &cctx, cert, privkey)))
507 goto end;
508
509 if (read_ahead) {
510 /*
511 * Test that read_ahead works correctly when dealing with large
512 * records
513 */
514 SSL_CTX_set_read_ahead(cctx, 1);
515 }
516
517 /*
518 * We assume the supplied certificate is big enough so that if we add
519 * NUM_EXTRA_CERTS it will make the overall message large enough. The
520 * default buffer size is requested to be 16k, but due to the way BUF_MEM
521 * works, it ends up allocating a little over 21k (16 * 4/3). So, in this
522 * test we need to have a message larger than that.
523 */
524 certlen = i2d_X509(chaincert, NULL);
525 OPENSSL_assert(certlen * NUM_EXTRA_CERTS >
526 (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3);
527 for (i = 0; i < NUM_EXTRA_CERTS; i++) {
528 if (!X509_up_ref(chaincert))
529 goto end;
530 if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) {
531 X509_free(chaincert);
532 goto end;
533 }
534 }
535
536 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
537 NULL, NULL))
538 || !TEST_true(create_ssl_connection(serverssl, clientssl,
539 SSL_ERROR_NONE)))
540 goto end;
541
542 /*
543 * Calling SSL_clear() first is not required but this tests that SSL_clear()
544 * doesn't leak (when using enable-crypto-mdebug).
545 */
546 if (!TEST_true(SSL_clear(serverssl)))
547 goto end;
548
549 testresult = 1;
550 end:
551 X509_free(chaincert);
552 SSL_free(serverssl);
553 SSL_free(clientssl);
554 SSL_CTX_free(sctx);
555 SSL_CTX_free(cctx);
556
557 return testresult;
558}
559
560static int test_large_message_tls(void)
561{
562 return execute_test_large_message(TLS_server_method(), TLS_client_method(),
563 0);
564}
565
566static int test_large_message_tls_read_ahead(void)
567{
568 return execute_test_large_message(TLS_server_method(), TLS_client_method(),
569 1);
570}
571
572#ifndef OPENSSL_NO_DTLS
573static int test_large_message_dtls(void)
574{
575 /*
576 * read_ahead is not relevant to DTLS because DTLS always acts as if
577 * read_ahead is set.
578 */
579 return execute_test_large_message(DTLS_server_method(),
580 DTLS_client_method(), 0);
581}
582#endif
583
584#ifndef OPENSSL_NO_OCSP
585static int ocsp_server_cb(SSL *s, void *arg)
586{
587 int *argi = (int *)arg;
588 unsigned char *copy = NULL;
589 STACK_OF(OCSP_RESPID) *ids = NULL;
590 OCSP_RESPID *id = NULL;
591
592 if (*argi == 2) {
593 /* In this test we are expecting exactly 1 OCSP_RESPID */
594 SSL_get_tlsext_status_ids(s, &ids);
595 if (ids == NULL || sk_OCSP_RESPID_num(ids) != 1)
596 return SSL_TLSEXT_ERR_ALERT_FATAL;
597
598 id = sk_OCSP_RESPID_value(ids, 0);
599 if (id == NULL || !OCSP_RESPID_match(id, ocspcert))
600 return SSL_TLSEXT_ERR_ALERT_FATAL;
601 } else if (*argi != 1) {
602 return SSL_TLSEXT_ERR_ALERT_FATAL;
603 }
604
605 if (!TEST_ptr(copy = OPENSSL_memdup(orespder, sizeof(orespder))))
606 return SSL_TLSEXT_ERR_ALERT_FATAL;
607
608 SSL_set_tlsext_status_ocsp_resp(s, copy, sizeof(orespder));
609 ocsp_server_called = 1;
610 return SSL_TLSEXT_ERR_OK;
611}
612
613static int ocsp_client_cb(SSL *s, void *arg)
614{
615 int *argi = (int *)arg;
616 const unsigned char *respderin;
617 size_t len;
618
619 if (*argi != 1 && *argi != 2)
620 return 0;
621
622 len = SSL_get_tlsext_status_ocsp_resp(s, &respderin);
623 if (!TEST_mem_eq(orespder, len, respderin, len))
624 return 0;
625
626 ocsp_client_called = 1;
627 return 1;
628}
629
630static int test_tlsext_status_type(void)
631{
632 SSL_CTX *cctx = NULL, *sctx = NULL;
633 SSL *clientssl = NULL, *serverssl = NULL;
634 int testresult = 0;
635 STACK_OF(OCSP_RESPID) *ids = NULL;
636 OCSP_RESPID *id = NULL;
637 BIO *certbio = NULL;
638
639 if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx,
640 &cctx, cert, privkey))
641 return 0;
642
643 if (SSL_CTX_get_tlsext_status_type(cctx) != -1)
644 goto end;
645
646 /* First just do various checks getting and setting tlsext_status_type */
647
648 clientssl = SSL_new(cctx);
649 if (!TEST_int_eq(SSL_get_tlsext_status_type(clientssl), -1)
650 || !TEST_true(SSL_set_tlsext_status_type(clientssl,
651 TLSEXT_STATUSTYPE_ocsp))
652 || !TEST_int_eq(SSL_get_tlsext_status_type(clientssl),
653 TLSEXT_STATUSTYPE_ocsp))
654 goto end;
655
656 SSL_free(clientssl);
657 clientssl = NULL;
658
659 if (!SSL_CTX_set_tlsext_status_type(cctx, TLSEXT_STATUSTYPE_ocsp)
660 || SSL_CTX_get_tlsext_status_type(cctx) != TLSEXT_STATUSTYPE_ocsp)
661 goto end;
662
663 clientssl = SSL_new(cctx);
664 if (SSL_get_tlsext_status_type(clientssl) != TLSEXT_STATUSTYPE_ocsp)
665 goto end;
666 SSL_free(clientssl);
667 clientssl = NULL;
668
669 /*
670 * Now actually do a handshake and check OCSP information is exchanged and
671 * the callbacks get called
672 */
673 SSL_CTX_set_tlsext_status_cb(cctx, ocsp_client_cb);
674 SSL_CTX_set_tlsext_status_arg(cctx, &cdummyarg);
675 SSL_CTX_set_tlsext_status_cb(sctx, ocsp_server_cb);
676 SSL_CTX_set_tlsext_status_arg(sctx, &cdummyarg);
677 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
678 &clientssl, NULL, NULL))
679 || !TEST_true(create_ssl_connection(serverssl, clientssl,
680 SSL_ERROR_NONE))
681 || !TEST_true(ocsp_client_called)
682 || !TEST_true(ocsp_server_called))
683 goto end;
684 SSL_free(serverssl);
685 SSL_free(clientssl);
686 serverssl = NULL;
687 clientssl = NULL;
688
689 /* Try again but this time force the server side callback to fail */
690 ocsp_client_called = 0;
691 ocsp_server_called = 0;
692 cdummyarg = 0;
693 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
694 &clientssl, NULL, NULL))
695 /* This should fail because the callback will fail */
696 || !TEST_false(create_ssl_connection(serverssl, clientssl,
697 SSL_ERROR_NONE))
698 || !TEST_false(ocsp_client_called)
699 || !TEST_false(ocsp_server_called))
700 goto end;
701 SSL_free(serverssl);
702 SSL_free(clientssl);
703 serverssl = NULL;
704 clientssl = NULL;
705
706 /*
707 * This time we'll get the client to send an OCSP_RESPID that it will
708 * accept.
709 */
710 ocsp_client_called = 0;
711 ocsp_server_called = 0;
712 cdummyarg = 2;
713 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
714 &clientssl, NULL, NULL)))
715 goto end;
716
717 /*
718 * We'll just use any old cert for this test - it doesn't have to be an OCSP
719 * specific one. We'll use the server cert.
720 */
721 if (!TEST_ptr(certbio = BIO_new_file(cert, "r"))
722 || !TEST_ptr(id = OCSP_RESPID_new())
723 || !TEST_ptr(ids = sk_OCSP_RESPID_new_null())
724 || !TEST_ptr(ocspcert = PEM_read_bio_X509(certbio,
725 NULL, NULL, NULL))
726 || !TEST_true(OCSP_RESPID_set_by_key(id, ocspcert))
727 || !TEST_true(sk_OCSP_RESPID_push(ids, id)))
728 goto end;
729 id = NULL;
730 SSL_set_tlsext_status_ids(clientssl, ids);
731 /* Control has been transferred */
732 ids = NULL;
733
734 BIO_free(certbio);
735 certbio = NULL;
736
737 if (!TEST_true(create_ssl_connection(serverssl, clientssl,
738 SSL_ERROR_NONE))
739 || !TEST_true(ocsp_client_called)
740 || !TEST_true(ocsp_server_called))
741 goto end;
742
743 testresult = 1;
744
745 end:
746 SSL_free(serverssl);
747 SSL_free(clientssl);
748 SSL_CTX_free(sctx);
749 SSL_CTX_free(cctx);
750 sk_OCSP_RESPID_pop_free(ids, OCSP_RESPID_free);
751 OCSP_RESPID_free(id);
752 BIO_free(certbio);
753 X509_free(ocspcert);
754 ocspcert = NULL;
755
756 return testresult;
757}
758#endif
759
760typedef struct ssl_session_test_fixture {
761 const char *test_case_name;
762 int use_ext_cache;
763 int use_int_cache;
764} SSL_SESSION_TEST_FIXTURE;
765
766static int new_called = 0, remove_called = 0;
767
768static SSL_SESSION_TEST_FIXTURE
769ssl_session_set_up(const char *const test_case_name)
770{
771 SSL_SESSION_TEST_FIXTURE fixture;
772
773 fixture.test_case_name = test_case_name;
774 fixture.use_ext_cache = 1;
775 fixture.use_int_cache = 1;
776
777 new_called = remove_called = 0;
778
779 return fixture;
780}
781
782static void ssl_session_tear_down(SSL_SESSION_TEST_FIXTURE fixture)
783{
784}
785
786static int new_session_cb(SSL *ssl, SSL_SESSION *sess)
787{
788 new_called++;
789 return 1;
790}
791
792static void remove_session_cb(SSL_CTX *ctx, SSL_SESSION *sess)
793{
794 remove_called++;
795}
796
797static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
798{
799 SSL_CTX *sctx = NULL, *cctx = NULL;
800 SSL *serverssl1 = NULL, *clientssl1 = NULL;
801 SSL *serverssl2 = NULL, *clientssl2 = NULL;
802#ifndef OPENSSL_NO_TLS1_1
803 SSL *serverssl3 = NULL, *clientssl3 = NULL;
804#endif
805 SSL_SESSION *sess1 = NULL, *sess2 = NULL;
806 int testresult = 0;
807
808 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
809 TLS_client_method(), &sctx,
810 &cctx, cert, privkey)))
811 return 0;
812
813#ifndef OPENSSL_NO_TLS1_2
814 /* Only allow TLS1.2 so we can force a connection failure later */
815 SSL_CTX_set_min_proto_version(cctx, TLS1_2_VERSION);
816#endif
817
818 /* Set up session cache */
819 if (fix.use_ext_cache) {
820 SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
821 SSL_CTX_sess_set_remove_cb(cctx, remove_session_cb);
822 }
823 if (fix.use_int_cache) {
824 /* Also covers instance where both are set */
825 SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT);
826 } else {
827 SSL_CTX_set_session_cache_mode(cctx,
828 SSL_SESS_CACHE_CLIENT
829 | SSL_SESS_CACHE_NO_INTERNAL_STORE);
830 }
831
832 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
833 NULL, NULL))
834 || !TEST_true(create_ssl_connection(serverssl1, clientssl1,
835 SSL_ERROR_NONE))
836 || !TEST_ptr(sess1 = SSL_get1_session(clientssl1)))
837 goto end;
838
839 /* Should fail because it should already be in the cache */
840 if (fix.use_int_cache && !TEST_false(SSL_CTX_add_session(cctx, sess1)))
841 goto end;
842 if (fix.use_ext_cache && (new_called != 1 || remove_called != 0))
843 goto end;
844
845 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
846 &clientssl2, NULL, NULL))
847 || !TEST_true(create_ssl_connection(serverssl2, clientssl2,
848 SSL_ERROR_NONE)))
849 goto end;
850
851 if (!TEST_ptr(sess2 = SSL_get1_session(clientssl2)))
852 goto end;
853
854 if (fix.use_ext_cache && (new_called != 2 || remove_called != 0))
855 goto end;
856
857 /*
858 * This should clear sess2 from the cache because it is a "bad" session.
859 * See SSL_set_session() documentation.
860 */
861 if (!TEST_true(SSL_set_session(clientssl2, sess1)))
862 goto end;
863 if (fix.use_ext_cache && (new_called != 2 || remove_called != 1))
864 goto end;
865 if (!TEST_ptr_eq(SSL_get_session(clientssl2), sess1))
866 goto end;
867
868 if (fix.use_int_cache) {
869 /* Should succeeded because it should not already be in the cache */
870 if (!TEST_true(SSL_CTX_add_session(cctx, sess2))
871 || !TEST_true(SSL_CTX_remove_session(cctx, sess2)))
872 goto end;
873
874 /*
875 * This is for the purposes of internal cache testing...ignore the
876 * counter for external cache
877 */
878 if (fix.use_ext_cache)
879 remove_called--;
880 }
881
882 /* This shouldn't be in the cache so should fail */
883 if (!TEST_false(SSL_CTX_remove_session(cctx, sess2)))
884 goto end;
885
886 if (fix.use_ext_cache && (new_called != 2 || remove_called != 2))
887 goto end;
888
889#if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_2)
890 /* Force a connection failure */
891 SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION);
892 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl3,
893 &clientssl3, NULL, NULL))
894 || !TEST_true(SSL_set_session(clientssl3, sess1))
895 /* This should fail because of the mismatched protocol versions */
896 || !TEST_false(create_ssl_connection(serverssl3, clientssl3,
897 SSL_ERROR_NONE)))
898 goto end;
899
900 /* We should have automatically removed the session from the cache */
901 if (fix.use_ext_cache && (new_called != 2 || remove_called != 3))
902 goto end;
903
904 /* Should succeed because it should not already be in the cache */
905 if (fix.use_int_cache && !SSL_CTX_add_session(cctx, sess2))
906 goto end;
907#endif
908
909 testresult = 1;
910
911 end:
912 SSL_free(serverssl1);
913 SSL_free(clientssl1);
914 SSL_free(serverssl2);
915 SSL_free(clientssl2);
916#ifndef OPENSSL_NO_TLS1_1
917 SSL_free(serverssl3);
918 SSL_free(clientssl3);
919#endif
920 SSL_SESSION_free(sess1);
921 SSL_SESSION_free(sess2);
922
923 /*
924 * Check if we need to remove any sessions up-refed for the external cache
925 */
926 if (new_called >= 1)
927 SSL_SESSION_free(sess1);
928 if (new_called >= 2)
929 SSL_SESSION_free(sess2);
930 SSL_CTX_free(sctx);
931 SSL_CTX_free(cctx);
932
933 return testresult;
934}
935
936static int test_session_with_only_int_cache(void)
937{
938 SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
939 fixture.use_ext_cache = 0;
940 EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
941}
942
943static int test_session_with_only_ext_cache(void)
944{
945 SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
946 fixture.use_int_cache = 0;
947 EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
948}
949
950static int test_session_with_both_cache(void)
951{
952 SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
953 EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
954}
955
956#define USE_NULL 0
957#define USE_BIO_1 1
958#define USE_BIO_2 2
959
960#define TOTAL_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3)
961
962static void setupbio(BIO **res, BIO *bio1, BIO *bio2, int type)
963{
964 switch (type) {
965 case USE_NULL:
966 *res = NULL;
967 break;
968 case USE_BIO_1:
969 *res = bio1;
970 break;
971 case USE_BIO_2:
972 *res = bio2;
973 break;
974 }
975}
976
977static int test_ssl_set_bio(int idx)
978{
979 SSL_CTX *ctx;
980 BIO *bio1 = NULL;
981 BIO *bio2 = NULL;
982 BIO *irbio = NULL, *iwbio = NULL, *nrbio = NULL, *nwbio = NULL;
983 SSL *ssl = NULL;
984 int initrbio, initwbio, newrbio, newwbio;
985 int testresult = 0;
986
987 initrbio = idx % 3;
988 idx /= 3;
989 initwbio = idx % 3;
990 idx /= 3;
991 newrbio = idx % 3;
992 idx /= 3;
993 newwbio = idx;
994 if (!TEST_int_le(newwbio, 2))
995 return 0;
996
997 if (!TEST_ptr(ctx = SSL_CTX_new(TLS_method()))
998 || !TEST_ptr(ssl = SSL_new(ctx)))
999 goto end;
1000
1001 if (initrbio == USE_BIO_1
1002 || initwbio == USE_BIO_1
1003 || newrbio == USE_BIO_1
1004 || newwbio == USE_BIO_1) {
1005 if (!TEST_ptr(bio1 = BIO_new(BIO_s_mem())))
1006 goto end;
1007 }
1008
1009 if (initrbio == USE_BIO_2
1010 || initwbio == USE_BIO_2
1011 || newrbio == USE_BIO_2
1012 || newwbio == USE_BIO_2) {
1013 if (!TEST_ptr(bio2 = BIO_new(BIO_s_mem())))
1014 goto end;
1015 }
1016
1017 setupbio(&irbio, bio1, bio2, initrbio);
1018 setupbio(&iwbio, bio1, bio2, initwbio);
1019
1020 /*
1021 * We want to maintain our own refs to these BIO, so do an up ref for each
1022 * BIO that will have ownership transferred in the SSL_set_bio() call
1023 */
1024 if (irbio != NULL)
1025 BIO_up_ref(irbio);
1026 if (iwbio != NULL && iwbio != irbio)
1027 BIO_up_ref(iwbio);
1028
1029 SSL_set_bio(ssl, irbio, iwbio);
1030
1031 setupbio(&nrbio, bio1, bio2, newrbio);
1032 setupbio(&nwbio, bio1, bio2, newwbio);
1033
1034 /*
1035 * We will (maybe) transfer ownership again so do more up refs.
1036 * SSL_set_bio() has some really complicated ownership rules where BIOs have
1037 * already been set!
1038 */
1039 if (nrbio != NULL
1040 && nrbio != irbio
1041 && (nwbio != iwbio || nrbio != nwbio))
1042 BIO_up_ref(nrbio);
1043 if (nwbio != NULL
1044 && nwbio != nrbio
1045 && (nwbio != iwbio || (nwbio == iwbio && irbio == iwbio)))
1046 BIO_up_ref(nwbio);
1047
1048 SSL_set_bio(ssl, nrbio, nwbio);
1049
1050 testresult = 1;
1051
1052 end:
1053 SSL_free(ssl);
1054 BIO_free(bio1);
1055 BIO_free(bio2);
1056
1057 /*
1058 * This test is checking that the ref counting for SSL_set_bio is correct.
1059 * If we get here and we did too many frees then we will fail in the above
1060 * functions. If we haven't done enough then this will only be detected in
1061 * a crypto-mdebug build
1062 */
1063 SSL_CTX_free(ctx);
1064 return testresult;
1065}
1066
1067typedef struct ssl_bio_test_fixture {
1068 const char *test_case_name;
1069 int pop_ssl;
1070 enum { NO_BIO_CHANGE, CHANGE_RBIO, CHANGE_WBIO } change_bio;
1071} SSL_BIO_TEST_FIXTURE;
1072
1073static SSL_BIO_TEST_FIXTURE ssl_bio_set_up(const char *const test_case_name)
1074{
1075 SSL_BIO_TEST_FIXTURE fixture;
1076
1077 fixture.test_case_name = test_case_name;
1078 fixture.pop_ssl = 0;
1079 fixture.change_bio = NO_BIO_CHANGE;
1080 return fixture;
1081}
1082
1083static void ssl_bio_tear_down(SSL_BIO_TEST_FIXTURE fixture)
1084{
1085}
1086
1087static int execute_test_ssl_bio(SSL_BIO_TEST_FIXTURE fix)
1088{
1089 BIO *sslbio = NULL, *membio1 = NULL, *membio2 = NULL;
1090 SSL_CTX *ctx;
1091 SSL *ssl = NULL;
1092 int testresult = 0;
1093
1094 if (!TEST_ptr(ctx = SSL_CTX_new(TLS_method()))
1095 || !TEST_ptr(ssl = SSL_new(ctx))
1096 || !TEST_ptr(sslbio = BIO_new(BIO_f_ssl()))
1097 || !TEST_ptr(membio1 = BIO_new(BIO_s_mem())))
1098 goto end;
1099
1100 BIO_set_ssl(sslbio, ssl, BIO_CLOSE);
1101
1102 /*
1103 * If anything goes wrong here then we could leak memory, so this will
1104 * be caught in a crypto-mdebug build
1105 */
1106 BIO_push(sslbio, membio1);
1107
1108 /* Verify changing the rbio/wbio directly does not cause leaks */
1109 if (fix.change_bio != NO_BIO_CHANGE) {
1110 if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem())))
1111 goto end;
1112 if (fix.change_bio == CHANGE_RBIO)
1113 SSL_set0_rbio(ssl, membio2);
1114 else
1115 SSL_set0_wbio(ssl, membio2);
1116 }
1117 ssl = NULL;
1118
1119 if (fix.pop_ssl)
1120 BIO_pop(sslbio);
1121 else
1122 BIO_pop(membio1);
1123
1124 testresult = 1;
1125 end:
1126 BIO_free(membio1);
1127 BIO_free(sslbio);
1128 SSL_free(ssl);
1129 SSL_CTX_free(ctx);
1130
1131 return testresult;
1132}
1133
1134static int test_ssl_bio_pop_next_bio(void)
1135{
1136 SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
1137 EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
1138}
1139
1140static int test_ssl_bio_pop_ssl_bio(void)
1141{
1142 SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
1143 fixture.pop_ssl = 1;
1144 EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
1145}
1146
1147static int test_ssl_bio_change_rbio(void)
1148{
1149 SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
1150 fixture.change_bio = CHANGE_RBIO;
1151 EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
1152}
1153
1154static int test_ssl_bio_change_wbio(void)
1155{
1156 SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
1157 fixture.change_bio = CHANGE_WBIO;
1158 EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
1159}
1160
1161typedef struct {
1162 /* The list of sig algs */
1163 const int *list;
1164 /* The length of the list */
1165 size_t listlen;
1166 /* A sigalgs list in string format */
1167 const char *liststr;
1168 /* Whether setting the list should succeed */
1169 int valid;
1170 /* Whether creating a connection with the list should succeed */
1171 int connsuccess;
1172} sigalgs_list;
1173
1174static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA};
1175#ifndef OPENSSL_NO_EC
1176static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC};
1177static const int validlist3[] = {NID_sha512, EVP_PKEY_EC};
1178#endif
1179static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA};
1180static const int invalidlist2[] = {NID_sha256, NID_undef};
1181static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256};
1182static const int invalidlist4[] = {NID_sha256};
1183static const sigalgs_list testsigalgs[] = {
1184 {validlist1, OSSL_NELEM(validlist1), NULL, 1, 1},
1185#ifndef OPENSSL_NO_EC
1186 {validlist2, OSSL_NELEM(validlist2), NULL, 1, 1},
1187 {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0},
1188#endif
1189 {NULL, 0, "RSA+SHA256", 1, 1},
1190#ifndef OPENSSL_NO_EC
1191 {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
1192 {NULL, 0, "ECDSA+SHA512", 1, 0},
1193#endif
1194 {invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0},
1195 {invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0},
1196 {invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0},
1197 {invalidlist4, OSSL_NELEM(invalidlist4), NULL, 0, 0},
1198 {NULL, 0, "RSA", 0, 0},
1199 {NULL, 0, "SHA256", 0, 0},
1200 {NULL, 0, "RSA+SHA256:SHA256", 0, 0},
1201 {NULL, 0, "Invalid", 0, 0}
1202};
1203
1204static int test_set_sigalgs(int idx)
1205{
1206 SSL_CTX *cctx = NULL, *sctx = NULL;
1207 SSL *clientssl = NULL, *serverssl = NULL;
1208 int testresult = 0;
1209 const sigalgs_list *curr;
1210 int testctx;
1211
1212 /* Should never happen */
1213 if (!TEST_size_t_le((size_t)idx, OSSL_NELEM(testsigalgs) * 2))
1214 return 0;
1215
1216 testctx = ((size_t)idx < OSSL_NELEM(testsigalgs));
1217 curr = testctx ? &testsigalgs[idx]
1218 : &testsigalgs[idx - OSSL_NELEM(testsigalgs)];
1219
1220 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1221 TLS_client_method(), &sctx,
1222 &cctx, cert, privkey)))
1223 return 0;
1224
1225 /*
1226 * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test it
1227 * for TLSv1.2 for now until we add a new API.
1228 */
1229 SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
1230
1231 if (testctx) {
1232 int ret;
1233
1234 if (curr->list != NULL)
1235 ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen);
1236 else
1237 ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr);
1238
1239 if (!ret) {
1240 if (curr->valid)
1241 TEST_info("Failure setting sigalgs in SSL_CTX (%d)\n", idx);
1242 else
1243 testresult = 1;
1244 goto end;
1245 }
1246 if (!curr->valid) {
1247 TEST_info("Not-failed setting sigalgs in SSL_CTX (%d)\n", idx);
1248 goto end;
1249 }
1250 }
1251
1252 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1253 &clientssl, NULL, NULL)))
1254 goto end;
1255
1256 if (!testctx) {
1257 int ret;
1258
1259 if (curr->list != NULL)
1260 ret = SSL_set1_sigalgs(clientssl, curr->list, curr->listlen);
1261 else
1262 ret = SSL_set1_sigalgs_list(clientssl, curr->liststr);
1263 if (!ret) {
1264 if (curr->valid)
1265 TEST_info("Failure setting sigalgs in SSL (%d)\n", idx);
1266 else
1267 testresult = 1;
1268 goto end;
1269 }
1270 if (!curr->valid)
1271 goto end;
1272 }
1273
1274 if (!TEST_int_eq(create_ssl_connection(serverssl, clientssl,
1275 SSL_ERROR_NONE),
1276 curr->connsuccess))
1277 goto end;
1278
1279 testresult = 1;
1280
1281 end:
1282 SSL_free(serverssl);
1283 SSL_free(clientssl);
1284 SSL_CTX_free(sctx);
1285 SSL_CTX_free(cctx);
1286
1287 return testresult;
1288}
1289
1290#ifndef OPENSSL_NO_TLS1_3
1291
1292#define MSG1 "Hello"
1293#define MSG2 "World."
1294#define MSG3 "This"
1295#define MSG4 "is"
1296#define MSG5 "a"
1297#define MSG6 "test"
1298#define MSG7 "message."
1299
1300/*
1301 * Helper method to setup objects for early data test. Caller frees objects on
1302 * error.
1303 */
1304static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl,
1305 SSL **serverssl, SSL_SESSION **sess, int idx)
1306{
1307 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1308 TLS_client_method(), sctx,
1309 cctx, cert, privkey)))
1310 return 0;
1311
1312 /* When idx == 1 we repeat the tests with read_ahead set */
1313 if (idx > 0) {
1314 SSL_CTX_set_read_ahead(*cctx, 1);
1315 SSL_CTX_set_read_ahead(*sctx, 1);
1316 }
1317
1318 if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl, clientssl,
1319 NULL, NULL))
1320 || !TEST_true(create_ssl_connection(*serverssl, *clientssl,
1321 SSL_ERROR_NONE)))
1322 return 0;
1323
1324 *sess = SSL_get1_session(*clientssl);
1325 SSL_shutdown(*clientssl);
1326 SSL_shutdown(*serverssl);
1327 SSL_free(*serverssl);
1328 SSL_free(*clientssl);
1329 *serverssl = *clientssl = NULL;
1330
1331 if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl,
1332 clientssl, NULL, NULL))
1333 || !TEST_true(SSL_set_session(*clientssl, *sess)))
1334 return 0;
1335
1336 return 1;
1337}
1338
1339static int test_early_data_read_write(int idx)
1340{
1341 SSL_CTX *cctx = NULL, *sctx = NULL;
1342 SSL *clientssl = NULL, *serverssl = NULL;
1343 int testresult = 0;
1344 SSL_SESSION *sess = NULL;
1345 unsigned char buf[20], data[1024];
1346 size_t readbytes, written, eoedlen, rawread, rawwritten;
1347 BIO *rbio;
1348
1349 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
1350 &serverssl, &sess, idx)))
1351 goto end;
1352
1353 /* Write and read some early data */
1354 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1355 &written))
1356 || !TEST_size_t_eq(written, strlen(MSG1))
1357 || !TEST_int_eq(SSL_read_early_data(serverssl, buf,
1358 sizeof(buf), &readbytes),
1359 SSL_READ_EARLY_DATA_SUCCESS)
1360 || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
1361 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1362 SSL_EARLY_DATA_ACCEPTED))
1363 goto end;
1364
1365 /*
1366 * Server should be able to write data, and client should be able to
1367 * read it.
1368 */
1369 if (!TEST_true(SSL_write_early_data(serverssl, MSG2, strlen(MSG2),
1370 &written))
1371 || !TEST_size_t_eq(written, strlen(MSG2))
1372 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1373 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
1374 goto end;
1375
1376 /* Even after reading normal data, client should be able write early data */
1377 if (!TEST_true(SSL_write_early_data(clientssl, MSG3, strlen(MSG3),
1378 &written))
1379 || !TEST_size_t_eq(written, strlen(MSG3)))
1380 goto end;
1381
1382 /* Server should still be able read early data after writing data */
1383 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1384 &readbytes),
1385 SSL_READ_EARLY_DATA_SUCCESS)
1386 || !TEST_mem_eq(buf, readbytes, MSG3, strlen(MSG3)))
1387 goto end;
1388
1389 /* Write more data from server and read it from client */
1390 if (!TEST_true(SSL_write_early_data(serverssl, MSG4, strlen(MSG4),
1391 &written))
1392 || !TEST_size_t_eq(written, strlen(MSG4))
1393 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1394 || !TEST_mem_eq(buf, readbytes, MSG4, strlen(MSG4)))
1395 goto end;
1396
1397 /*
1398 * If client writes normal data it should mean writing early data is no
1399 * longer possible.
1400 */
1401 if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written))
1402 || !TEST_size_t_eq(written, strlen(MSG5))
1403 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1404 SSL_EARLY_DATA_ACCEPTED))
1405 goto end;
1406
1407 /*
1408 * At this point the client has written EndOfEarlyData, ClientFinished and
1409 * normal (fully protected) data. We are going to cause a delay between the
1410 * arrival of EndOfEarlyData and ClientFinished. We read out all the data
1411 * in the read BIO, and then just put back the EndOfEarlyData message.
1412 */
1413 rbio = SSL_get_rbio(serverssl);
1414 if (!TEST_true(BIO_read_ex(rbio, data, sizeof(data), &rawread))
1415 || !TEST_size_t_lt(rawread, sizeof(data))
1416 || !TEST_size_t_gt(rawread, SSL3_RT_HEADER_LENGTH))
1417 goto end;
1418
1419 /* Record length is in the 4th and 5th bytes of the record header */
1420 eoedlen = SSL3_RT_HEADER_LENGTH + (data[3] << 8 | data[4]);
1421 if (!TEST_true(BIO_write_ex(rbio, data, eoedlen, &rawwritten))
1422 || !TEST_size_t_eq(rawwritten, eoedlen))
1423 goto end;
1424
1425 /* Server should be told that there is no more early data */
1426 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1427 &readbytes),
1428 SSL_READ_EARLY_DATA_FINISH)
1429 || !TEST_size_t_eq(readbytes, 0))
1430 goto end;
1431
1432 /*
1433 * Server has not finished init yet, so should still be able to write early
1434 * data.
1435 */
1436 if (!TEST_true(SSL_write_early_data(serverssl, MSG6, strlen(MSG6),
1437 &written))
1438 || !TEST_size_t_eq(written, strlen(MSG6)))
1439 goto end;
1440
1441 /* Push the ClientFinished and the normal data back into the server rbio */
1442 if (!TEST_true(BIO_write_ex(rbio, data + eoedlen, rawread - eoedlen,
1443 &rawwritten))
1444 || !TEST_size_t_eq(rawwritten, rawread - eoedlen))
1445 goto end;
1446
1447 /* Server should be able to read normal data */
1448 if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1449 || !TEST_size_t_eq(readbytes, strlen(MSG5)))
1450 goto end;
1451
1452 /* Client and server should not be able to write/read early data now */
1453 if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6),
1454 &written)))
1455 goto end;
1456 ERR_clear_error();
1457 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1458 &readbytes),
1459 SSL_READ_EARLY_DATA_ERROR))
1460 goto end;
1461 ERR_clear_error();
1462
1463 /* Client should be able to read the data sent by the server */
1464 if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1465 || !TEST_mem_eq(buf, readbytes, MSG6, strlen(MSG6)))
1466 goto end;
1467
1468 /*
1469 * Make sure we process the NewSessionTicket. This arrives post-handshake.
1470 * We attempt a read which we do not expect to return any data.
1471 */
1472 if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)))
1473 goto end;
1474
1475 /* Server should be able to write normal data */
1476 if (!TEST_true(SSL_write_ex(serverssl, MSG7, strlen(MSG7), &written))
1477 || !TEST_size_t_eq(written, strlen(MSG7))
1478 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1479 || !TEST_mem_eq(buf, readbytes, MSG7, strlen(MSG7)))
1480 goto end;
1481
1482 SSL_SESSION_free(sess);
1483 sess = SSL_get1_session(clientssl);
1484
1485 SSL_shutdown(clientssl);
1486 SSL_shutdown(serverssl);
1487 SSL_free(serverssl);
1488 SSL_free(clientssl);
1489 serverssl = clientssl = NULL;
1490 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1491 &clientssl, NULL, NULL))
1492 || !TEST_true(SSL_set_session(clientssl, sess)))
1493 goto end;
1494
1495 /* Write and read some early data */
1496 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1497 &written))
1498 || !TEST_size_t_eq(written, strlen(MSG1))
1499 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1500 &readbytes),
1501 SSL_READ_EARLY_DATA_SUCCESS)
1502 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)))
1503 goto end;
1504
1505 if (!TEST_int_gt(SSL_connect(clientssl), 0)
1506 || !TEST_int_gt(SSL_accept(serverssl), 0))
1507 goto end;
1508
1509 /* Client and server should not be able to write/read early data now */
1510 if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6),
1511 &written)))
1512 goto end;
1513 ERR_clear_error();
1514 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1515 &readbytes),
1516 SSL_READ_EARLY_DATA_ERROR))
1517 goto end;
1518 ERR_clear_error();
1519
1520 /* Client and server should be able to write/read normal data */
1521 if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written))
1522 || !TEST_size_t_eq(written, strlen(MSG5))
1523 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1524 || !TEST_size_t_eq(readbytes, strlen(MSG5)))
1525 goto end;
1526
1527 testresult = 1;
1528
1529 end:
1530 SSL_SESSION_free(sess);
1531 SSL_free(serverssl);
1532 SSL_free(clientssl);
1533 SSL_CTX_free(sctx);
1534 SSL_CTX_free(cctx);
1535 return testresult;
1536}
1537
1538/*
1539 * Test that a server attempting to read early data can handle a connection
1540 * from a client where the early data is not acceptable.
1541 */
1542static int test_early_data_skip(int idx)
1543{
1544 SSL_CTX *cctx = NULL, *sctx = NULL;
1545 SSL *clientssl = NULL, *serverssl = NULL;
1546 int testresult = 0;
1547 SSL_SESSION *sess = NULL;
1548 unsigned char buf[20];
1549 size_t readbytes, written;
1550
1551 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
1552 &serverssl, &sess, idx)))
1553 goto end;
1554
1555 /*
1556 * Deliberately corrupt the creation time. We take 20 seconds off the time.
1557 * It could be any value as long as it is not within tolerance. This should
1558 * mean the ticket is rejected.
1559 */
1560 if (!TEST_true(SSL_SESSION_set_time(sess, time(NULL) - 20)))
1561 goto end;
1562
1563 /* Write some early data */
1564 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1565 &written))
1566 || !TEST_size_t_eq(written, strlen(MSG1)))
1567 goto end;
1568
1569 /* Server should reject the early data and skip over it */
1570 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1571 &readbytes),
1572 SSL_READ_EARLY_DATA_FINISH)
1573 || !TEST_size_t_eq(readbytes, 0)
1574 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1575 SSL_EARLY_DATA_REJECTED))
1576 goto end;
1577
1578 /* Should be able to send normal data despite rejection of early data */
1579 if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
1580 || !TEST_size_t_eq(written, strlen(MSG2))
1581 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1582 SSL_EARLY_DATA_REJECTED)
1583 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1584 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
1585 goto end;
1586
1587 testresult = 1;
1588
1589 end:
1590 SSL_SESSION_free(sess);
1591 SSL_free(serverssl);
1592 SSL_free(clientssl);
1593 SSL_CTX_free(sctx);
1594 SSL_CTX_free(cctx);
1595 return testresult;
1596}
1597
1598/*
1599 * Test that a server attempting to read early data can handle a connection
1600 * from a client that doesn't send any.
1601 */
1602static int test_early_data_not_sent(int idx)
1603{
1604 SSL_CTX *cctx = NULL, *sctx = NULL;
1605 SSL *clientssl = NULL, *serverssl = NULL;
1606 int testresult = 0;
1607 SSL_SESSION *sess = NULL;
1608 unsigned char buf[20];
1609 size_t readbytes, written;
1610
1611 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
1612 &serverssl, &sess, idx)))
1613 goto end;
1614
1615 /* Write some data - should block due to handshake with server */
1616 SSL_set_connect_state(clientssl);
1617 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)))
1618 goto end;
1619
1620 /* Server should detect that early data has not been sent */
1621 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1622 &readbytes),
1623 SSL_READ_EARLY_DATA_FINISH)
1624 || !TEST_size_t_eq(readbytes, 0)
1625 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1626 SSL_EARLY_DATA_NOT_SENT)
1627 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1628 SSL_EARLY_DATA_NOT_SENT))
1629 goto end;
1630
1631 /* Continue writing the message we started earlier */
1632 if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
1633 || !TEST_size_t_eq(written, strlen(MSG1))
1634 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1635 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
1636 || !SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written)
1637 || !TEST_size_t_eq(written, strlen(MSG2)))
1638 goto end;
1639
1640 /*
1641 * Should block due to the NewSessionTicket arrival unless we're using
1642 * read_ahead
1643 */
1644 if (idx == 0) {
1645 if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)))
1646 goto end;
1647 }
1648
1649 if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
1650 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
1651 goto end;
1652
1653 testresult = 1;
1654
1655 end:
1656 SSL_SESSION_free(sess);
1657 SSL_free(serverssl);
1658 SSL_free(clientssl);
1659 SSL_CTX_free(sctx);
1660 SSL_CTX_free(cctx);
1661 return testresult;
1662}
1663
1664/*
1665 * Test that a server that doesn't try to read early data can handle a
1666 * client sending some.
1667 */
1668static int test_early_data_not_expected(int idx)
1669{
1670 SSL_CTX *cctx = NULL, *sctx = NULL;
1671 SSL *clientssl = NULL, *serverssl = NULL;
1672 int testresult = 0;
1673 SSL_SESSION *sess = NULL;
1674 unsigned char buf[20];
1675 size_t readbytes, written;
1676
1677
1678 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
1679 &serverssl, &sess, idx)))
1680 goto end;
1681
1682 /* Write some early data */
1683 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
1684 &written)))
1685 goto end;
1686
1687 /*
1688 * Server should skip over early data and then block waiting for client to
1689 * continue handshake
1690 */
1691 if (!TEST_int_le(SSL_accept(serverssl), 0)
1692 || !TEST_int_gt(SSL_connect(clientssl), 0)
1693 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1694 SSL_EARLY_DATA_REJECTED)
1695 || !TEST_int_gt(SSL_accept(serverssl), 0)
1696 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1697 SSL_EARLY_DATA_REJECTED))
1698 goto end;
1699
1700 /* Send some normal data from client to server */
1701 if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
1702 || !TEST_size_t_eq(written, strlen(MSG2)))
1703 goto end;
1704
1705 if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1706 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
1707 goto end;
1708
1709 testresult = 1;
1710
1711 end:
1712 SSL_SESSION_free(sess);
1713 SSL_free(serverssl);
1714 SSL_free(clientssl);
1715 SSL_CTX_free(sctx);
1716 SSL_CTX_free(cctx);
1717 return testresult;
1718}
1719
1720
1721# ifndef OPENSSL_NO_TLS1_2
1722/*
1723 * Test that a server attempting to read early data can handle a connection
1724 * from a TLSv1.2 client.
1725 */
1726static int test_early_data_tls1_2(int idx)
1727{
1728 SSL_CTX *cctx = NULL, *sctx = NULL;
1729 SSL *clientssl = NULL, *serverssl = NULL;
1730 int testresult = 0;
1731 unsigned char buf[20];
1732 size_t readbytes, written;
1733
1734 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1735 TLS_client_method(), &sctx,
1736 &cctx, cert, privkey)))
1737 goto end;
1738
1739 /* When idx == 1 we repeat the tests with read_ahead set */
1740 if (idx > 0) {
1741 SSL_CTX_set_read_ahead(cctx, 1);
1742 SSL_CTX_set_read_ahead(sctx, 1);
1743 }
1744
1745 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1746 &clientssl, NULL, NULL)))
1747 goto end;
1748
1749 /* Write some data - should block due to handshake with server */
1750 SSL_set_max_proto_version(clientssl, TLS1_2_VERSION);
1751 SSL_set_connect_state(clientssl);
1752 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)))
1753 goto end;
1754
1755 /*
1756 * Server should do TLSv1.2 handshake. First it will block waiting for more
1757 * messages from client after ServerDone. Then SSL_read_early_data should
1758 * finish and detect that early data has not been sent
1759 */
1760 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1761 &readbytes),
1762 SSL_READ_EARLY_DATA_ERROR))
1763 goto end;
1764
1765 /*
1766 * Continue writing the message we started earlier. Will still block waiting
1767 * for the CCS/Finished from server
1768 */
1769 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
1770 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
1771 &readbytes),
1772 SSL_READ_EARLY_DATA_FINISH)
1773 || !TEST_size_t_eq(readbytes, 0)
1774 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
1775 SSL_EARLY_DATA_NOT_SENT))
1776 goto end;
1777
1778 /* Continue writing the message we started earlier */
1779 if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
1780 || !TEST_size_t_eq(written, strlen(MSG1))
1781 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
1782 SSL_EARLY_DATA_NOT_SENT)
1783 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
1784 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
1785 || !TEST_true(SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written))
1786 || !TEST_size_t_eq(written, strlen(MSG2))
1787 || !SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)
1788 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
1789 goto end;
1790
1791 testresult = 1;
1792
1793 end:
1794 SSL_free(serverssl);
1795 SSL_free(clientssl);
1796 SSL_CTX_free(sctx);
1797 SSL_CTX_free(cctx);
1798
1799 return testresult;
1800}
1801# endif /* OPENSSL_NO_TLS1_2 */
1802
1803static int test_ciphersuite_change(void)
1804{
1805 SSL_CTX *cctx = NULL, *sctx = NULL;
1806 SSL *clientssl = NULL, *serverssl = NULL;
1807 SSL_SESSION *clntsess = NULL;
1808 int testresult = 0;
1809 const SSL_CIPHER *aes_128_gcm_sha256 = NULL;
1810
1811 /* Create a session based on SHA-256 */
1812 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
1813 TLS_client_method(), &sctx,
1814 &cctx, cert, privkey))
1815 || !TEST_true(SSL_CTX_set_cipher_list(cctx,
1816 "TLS13-AES-128-GCM-SHA256"))
1817 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1818 &clientssl, NULL, NULL))
1819 || !TEST_true(create_ssl_connection(serverssl, clientssl,
1820 SSL_ERROR_NONE)))
1821 goto end;
1822
1823 clntsess = SSL_get1_session(clientssl);
1824 /* Save for later */
1825 aes_128_gcm_sha256 = SSL_SESSION_get0_cipher(clntsess);
1826 SSL_shutdown(clientssl);
1827 SSL_shutdown(serverssl);
1828 SSL_free(serverssl);
1829 SSL_free(clientssl);
1830 serverssl = clientssl = NULL;
1831
1832 /* Check we can resume a session with a different SHA-256 ciphersuite */
1833 if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
1834 "TLS13-CHACHA20-POLY1305-SHA256"))
1835 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
1836 NULL, NULL))
1837 || !TEST_true(SSL_set_session(clientssl, clntsess))
1838 || !TEST_true(create_ssl_connection(serverssl, clientssl,
1839 SSL_ERROR_NONE))
1840 || !TEST_true(SSL_session_reused(clientssl)))
1841 goto end;
1842
1843 SSL_SESSION_free(clntsess);
1844 clntsess = SSL_get1_session(clientssl);
1845 SSL_shutdown(clientssl);
1846 SSL_shutdown(serverssl);
1847 SSL_free(serverssl);
1848 SSL_free(clientssl);
1849 serverssl = clientssl = NULL;
1850
1851 /*
1852 * Check attempting to resume a SHA-256 session with no SHA-256 ciphersuites
1853 * succeeds but does not resume.
1854 */
1855 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "TLS13-AES-256-GCM-SHA384"))
1856 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
1857 NULL, NULL))
1858 || !TEST_true(SSL_set_session(clientssl, clntsess))
1859 || !TEST_true(create_ssl_connection(serverssl, clientssl,
1860 SSL_ERROR_SSL))
1861 || !TEST_false(SSL_session_reused(clientssl)))
1862 goto end;
1863
1864 SSL_SESSION_free(clntsess);
1865 clntsess = NULL;
1866 SSL_shutdown(clientssl);
1867 SSL_shutdown(serverssl);
1868 SSL_free(serverssl);
1869 SSL_free(clientssl);
1870 serverssl = clientssl = NULL;
1871
1872 /* Create a session based on SHA384 */
1873 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "TLS13-AES-256-GCM-SHA384"))
1874 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1875 &clientssl, NULL, NULL))
1876 || !TEST_true(create_ssl_connection(serverssl, clientssl,
1877 SSL_ERROR_NONE)))
1878 goto end;
1879
1880 clntsess = SSL_get1_session(clientssl);
1881 SSL_shutdown(clientssl);
1882 SSL_shutdown(serverssl);
1883 SSL_free(serverssl);
1884 SSL_free(clientssl);
1885 serverssl = clientssl = NULL;
1886
1887 if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
1888 "TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384"))
1889 || !TEST_true(SSL_CTX_set_cipher_list(sctx,
1890 "TLS13-AES-256-GCM-SHA384"))
1891 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
1892 NULL, NULL))
1893 || !TEST_true(SSL_set_session(clientssl, clntsess))
1894 /*
1895 * We use SSL_ERROR_WANT_READ below so that we can pause the
1896 * connection after the initial ClientHello has been sent to
1897 * enable us to make some session changes.
1898 */
1899 || !TEST_false(create_ssl_connection(serverssl, clientssl,
1900 SSL_ERROR_WANT_READ)))
1901 goto end;
1902
1903 /* Trick the client into thinking this session is for a different digest */
1904 clntsess->cipher = aes_128_gcm_sha256;
1905 clntsess->cipher_id = clntsess->cipher->id;
1906
1907 /*
1908 * Continue the previously started connection. Server has selected a SHA-384
1909 * ciphersuite, but client thinks the session is for SHA-256, so it should
1910 * bail out.
1911 */
1912 if (!TEST_false(create_ssl_connection(serverssl, clientssl,
1913 SSL_ERROR_SSL))
1914 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()),
1915 SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED))
1916 goto end;
1917
1918 testresult = 1;
1919
1920 end:
1921 SSL_SESSION_free(clntsess);
1922 SSL_free(serverssl);
1923 SSL_free(clientssl);
1924 SSL_CTX_free(sctx);
1925 SSL_CTX_free(cctx);
1926
1927 return testresult;
1928}
1929
1930
1931static SSL_SESSION *psk = NULL;
1932static const char *pskid = "Identity";
1933static const char *srvid;
1934
1935static int use_session_cb_cnt = 0;
1936static int find_session_cb_cnt = 0;
1937
1938static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id,
1939 size_t *idlen, SSL_SESSION **sess)
1940{
1941 switch (++use_session_cb_cnt) {
1942 case 1:
1943 /* The first call should always have a NULL md */
1944 if (md != NULL)
1945 return 0;
1946 break;
1947
1948 case 2:
1949 /* The second call should always have an md */
1950 if (md == NULL)
1951 return 0;
1952 break;
1953
1954 default:
1955 /* We should only be called a maximum of twice */
1956 return 0;
1957 }
1958
1959 if (psk != NULL)
1960 SSL_SESSION_up_ref(psk);
1961
1962 *sess = psk;
1963 *id = (const unsigned char *)pskid;
1964 *idlen = strlen(pskid);
1965
1966 return 1;
1967}
1968
1969static int find_session_cb(SSL *ssl, const unsigned char *identity,
1970 size_t identity_len, SSL_SESSION **sess)
1971{
1972 find_session_cb_cnt++;
1973
1974 /* We should only ever be called a maximum of twice per connection */
1975 if (find_session_cb_cnt > 2)
1976 return 0;
1977
1978 if (psk == NULL)
1979 return 0;
1980
1981 /* Identity should match that set by the client */
1982 if (strlen(srvid) != identity_len
1983 || strncmp(srvid, (const char *)identity, identity_len) != 0) {
1984 /* No PSK found, continue but without a PSK */
1985 *sess = NULL;
1986 return 1;
1987 }
1988
1989 SSL_SESSION_up_ref(psk);
1990 *sess = psk;
1991
1992 return 1;
1993}
1994
1995#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02")
1996
1997static int test_tls13_psk(void)
1998{
1999 SSL_CTX *sctx = NULL, *cctx = NULL;
2000 SSL *serverssl = NULL, *clientssl = NULL;
2001 const SSL_CIPHER *cipher = NULL;
2002 const unsigned char key[] = {
2003 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2004 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2005 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2006 };
2007 int testresult = 0;
2008
2009 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
2010 TLS_client_method(), &sctx,
2011 &cctx, cert, privkey)))
2012 goto end;
2013
2014 SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb);
2015 SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb);
2016 srvid = pskid;
2017
2018 /* Check we can create a connection if callback decides not to send a PSK */
2019 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2020 NULL, NULL))
2021 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2022 SSL_ERROR_NONE))
2023 || !TEST_false(SSL_session_reused(clientssl))
2024 || !TEST_false(SSL_session_reused(serverssl))
2025 || !TEST_true(use_session_cb_cnt == 1)
2026 || !TEST_true(find_session_cb_cnt == 0))
2027 goto end;
2028
2029 shutdown_ssl_connection(serverssl, clientssl);
2030 serverssl = clientssl = NULL;
2031 use_session_cb_cnt = 0;
2032
2033 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2034 NULL, NULL)))
2035 goto end;
2036
2037 /* Create the PSK */
2038 cipher = SSL_CIPHER_find(clientssl, TLS13_AES_256_GCM_SHA384_BYTES);
2039 psk = SSL_SESSION_new();
2040 if (!TEST_ptr(psk)
2041 || !TEST_ptr(cipher)
2042 || !TEST_true(SSL_SESSION_set1_master_key(psk, key, sizeof(key)))
2043 || !TEST_true(SSL_SESSION_set_cipher(psk, cipher))
2044 || !TEST_true(SSL_SESSION_set_protocol_version(psk,
2045 TLS1_3_VERSION)))
2046 goto end;
2047
2048 /* Check we can create a connection and the PSK is used */
2049 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
2050 || !TEST_true(SSL_session_reused(clientssl))
2051 || !TEST_true(SSL_session_reused(serverssl))
2052 || !TEST_true(use_session_cb_cnt == 1)
2053 || !TEST_true(find_session_cb_cnt == 1))
2054 goto end;
2055
2056 shutdown_ssl_connection(serverssl, clientssl);
2057 serverssl = clientssl = NULL;
2058 use_session_cb_cnt = find_session_cb_cnt = 0;
2059
2060 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2061 NULL, NULL)))
2062 goto end;
2063
2064 /* Force an HRR */
2065 if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
2066 goto end;
2067
2068 /*
2069 * Check we can create a connection, the PSK is used and the callbacks are
2070 * called twice.
2071 */
2072 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
2073 || !TEST_true(SSL_session_reused(clientssl))
2074 || !TEST_true(SSL_session_reused(serverssl))
2075 || !TEST_true(use_session_cb_cnt == 2)
2076 || !TEST_true(find_session_cb_cnt == 2))
2077 goto end;
2078
2079 shutdown_ssl_connection(serverssl, clientssl);
2080 serverssl = clientssl = NULL;
2081 use_session_cb_cnt = find_session_cb_cnt = 0;
2082
2083 /*
2084 * Check that if the server rejects the PSK we can still connect, but with
2085 * a full handshake
2086 */
2087 srvid = "Dummy Identity";
2088 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2089 NULL, NULL))
2090 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2091 SSL_ERROR_NONE))
2092 || !TEST_false(SSL_session_reused(clientssl))
2093 || !TEST_false(SSL_session_reused(serverssl))
2094 || !TEST_true(use_session_cb_cnt == 1)
2095 || !TEST_true(find_session_cb_cnt == 1))
2096 goto end;
2097
2098 shutdown_ssl_connection(serverssl, clientssl);
2099 serverssl = clientssl = NULL;
2100 testresult = 1;
2101
2102 end:
2103 SSL_SESSION_free(psk);
2104 SSL_free(serverssl);
2105 SSL_free(clientssl);
2106 SSL_CTX_free(sctx);
2107 SSL_CTX_free(cctx);
2108 return testresult;
2109}
2110
2111#endif /* OPENSSL_NO_TLS1_3 */
2112
2113static int clntaddoldcb = 0;
2114static int clntparseoldcb = 0;
2115static int srvaddoldcb = 0;
2116static int srvparseoldcb = 0;
2117static int clntaddnewcb = 0;
2118static int clntparsenewcb = 0;
2119static int srvaddnewcb = 0;
2120static int srvparsenewcb = 0;
2121static int snicb = 0;
2122
2123#define TEST_EXT_TYPE1 0xff00
2124
2125static int old_add_cb(SSL *s, unsigned int ext_type, const unsigned char **out,
2126 size_t *outlen, int *al, void *add_arg)
2127{
2128 int *server = (int *)add_arg;
2129 unsigned char *data;
2130
2131 if (SSL_is_server(s))
2132 srvaddoldcb++;
2133 else
2134 clntaddoldcb++;
2135
2136 if (*server != SSL_is_server(s)
2137 || (data = OPENSSL_malloc(sizeof(*data))) == NULL)
2138 return -1;
2139
2140 *data = 1;
2141 *out = data;
2142 *outlen = sizeof(char);
2143 return 1;
2144}
2145
2146static void old_free_cb(SSL *s, unsigned int ext_type, const unsigned char *out,
2147 void *add_arg)
2148{
2149 OPENSSL_free((unsigned char *)out);
2150}
2151
2152static int old_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in,
2153 size_t inlen, int *al, void *parse_arg)
2154{
2155 int *server = (int *)parse_arg;
2156
2157 if (SSL_is_server(s))
2158 srvparseoldcb++;
2159 else
2160 clntparseoldcb++;
2161
2162 if (*server != SSL_is_server(s)
2163 || inlen != sizeof(char)
2164 || *in != 1)
2165 return -1;
2166
2167 return 1;
2168}
2169
2170static int new_add_cb(SSL *s, unsigned int ext_type, unsigned int context,
2171 const unsigned char **out, size_t *outlen, X509 *x,
2172 size_t chainidx, int *al, void *add_arg)
2173{
2174 int *server = (int *)add_arg;
2175 unsigned char *data;
2176
2177 if (SSL_is_server(s))
2178 srvaddnewcb++;
2179 else
2180 clntaddnewcb++;
2181
2182 if (*server != SSL_is_server(s)
2183 || (data = OPENSSL_malloc(sizeof(*data))) == NULL)
2184 return -1;
2185
2186 *data = 1;
2187 *out = data;
2188 *outlen = sizeof(*data);
2189 return 1;
2190}
2191
2192static void new_free_cb(SSL *s, unsigned int ext_type, unsigned int context,
2193 const unsigned char *out, void *add_arg)
2194{
2195 OPENSSL_free((unsigned char *)out);
2196}
2197
2198static int new_parse_cb(SSL *s, unsigned int ext_type, unsigned int context,
2199 const unsigned char *in, size_t inlen, X509 *x,
2200 size_t chainidx, int *al, void *parse_arg)
2201{
2202 int *server = (int *)parse_arg;
2203
2204 if (SSL_is_server(s))
2205 srvparsenewcb++;
2206 else
2207 clntparsenewcb++;
2208
2209 if (*server != SSL_is_server(s)
2210 || inlen != sizeof(char) || *in != 1)
2211 return -1;
2212
2213 return 1;
2214}
2215
2216static int sni_cb(SSL *s, int *al, void *arg)
2217{
2218 SSL_CTX *ctx = (SSL_CTX *)arg;
2219
2220 if (SSL_set_SSL_CTX(s, ctx) == NULL) {
2221 *al = SSL_AD_INTERNAL_ERROR;
2222 return SSL_TLSEXT_ERR_ALERT_FATAL;
2223 }
2224 snicb++;
2225 return SSL_TLSEXT_ERR_OK;
2226}
2227
2228/*
2229 * Custom call back tests.
2230 * Test 0: Old style callbacks in TLSv1.2
2231 * Test 1: New style callbacks in TLSv1.2
2232 * Test 2: New style callbacks in TLSv1.2 with SNI
2233 * Test 3: New style callbacks in TLSv1.3. Extensions in CH and EE
2234 * Test 4: New style callbacks in TLSv1.3. Extensions in CH, SH, EE, Cert + NST
2235 */
2236static int test_custom_exts(int tst)
2237{
2238 SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
2239 SSL *clientssl = NULL, *serverssl = NULL;
2240 int testresult = 0;
2241 static int server = 1;
2242 static int client = 0;
2243 SSL_SESSION *sess = NULL;
2244 unsigned int context;
2245
2246 /* Reset callback counters */
2247 clntaddoldcb = clntparseoldcb = srvaddoldcb = srvparseoldcb = 0;
2248 clntaddnewcb = clntparsenewcb = srvaddnewcb = srvparsenewcb = 0;
2249 snicb = 0;
2250
2251 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
2252 TLS_client_method(), &sctx,
2253 &cctx, cert, privkey)))
2254 goto end;
2255
2256 if (tst == 2
2257 && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL, &sctx2,
2258 NULL, cert, privkey)))
2259 goto end;
2260
2261
2262 if (tst < 3) {
2263 SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
2264 SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
2265 if (sctx2 != NULL)
2266 SSL_CTX_set_options(sctx2, SSL_OP_NO_TLSv1_3);
2267 }
2268
2269 if (tst == 4) {
2270 context = SSL_EXT_CLIENT_HELLO
2271 | SSL_EXT_TLS1_2_SERVER_HELLO
2272 | SSL_EXT_TLS1_3_SERVER_HELLO
2273 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
2274 | SSL_EXT_TLS1_3_CERTIFICATE
2275 | SSL_EXT_TLS1_3_NEW_SESSION_TICKET;
2276 } else {
2277 context = SSL_EXT_CLIENT_HELLO
2278 | SSL_EXT_TLS1_2_SERVER_HELLO
2279 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS;
2280 }
2281
2282 /* Create a client side custom extension */
2283 if (tst == 0) {
2284 if (!TEST_true(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1,
2285 old_add_cb, old_free_cb,
2286 &client, old_parse_cb,
2287 &client)))
2288 goto end;
2289 } else {
2290 if (!TEST_true(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1, context,
2291 new_add_cb, new_free_cb,
2292 &client, new_parse_cb, &client)))
2293 goto end;
2294 }
2295
2296 /* Should not be able to add duplicates */
2297 if (!TEST_false(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1,
2298 old_add_cb, old_free_cb,
2299 &client, old_parse_cb,
2300 &client))
2301 || !TEST_false(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1,
2302 context, new_add_cb,
2303 new_free_cb, &client,
2304 new_parse_cb, &client)))
2305 goto end;
2306
2307 /* Create a server side custom extension */
2308 if (tst == 0) {
2309 if (!TEST_true(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1,
2310 old_add_cb, old_free_cb,
2311 &server, old_parse_cb,
2312 &server)))
2313 goto end;
2314 } else {
2315 if (!TEST_true(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1, context,
2316 new_add_cb, new_free_cb,
2317 &server, new_parse_cb, &server)))
2318 goto end;
2319 if (sctx2 != NULL
2320 && !TEST_true(SSL_CTX_add_custom_ext(sctx2, TEST_EXT_TYPE1,
2321 context, new_add_cb,
2322 new_free_cb, &server,
2323 new_parse_cb, &server)))
2324 goto end;
2325 }
2326
2327 /* Should not be able to add duplicates */
2328 if (!TEST_false(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1,
2329 old_add_cb, old_free_cb,
2330 &server, old_parse_cb,
2331 &server))
2332 || !TEST_false(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1,
2333 context, new_add_cb,
2334 new_free_cb, &server,
2335 new_parse_cb, &server)))
2336 goto end;
2337
2338 if (tst == 2) {
2339 /* Set up SNI */
2340 if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb))
2341 || !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2)))
2342 goto end;
2343 }
2344
2345 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
2346 &clientssl, NULL, NULL))
2347 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2348 SSL_ERROR_NONE)))
2349 goto end;
2350
2351 if (tst == 0) {
2352 if (clntaddoldcb != 1
2353 || clntparseoldcb != 1
2354 || srvaddoldcb != 1
2355 || srvparseoldcb != 1)
2356 goto end;
2357 } else if (tst == 1 || tst == 2 || tst == 3) {
2358 if (clntaddnewcb != 1
2359 || clntparsenewcb != 1
2360 || srvaddnewcb != 1
2361 || srvparsenewcb != 1
2362 || (tst != 2 && snicb != 0)
2363 || (tst == 2 && snicb != 1))
2364 goto end;
2365 } else {
2366 if (clntaddnewcb != 1
2367 || clntparsenewcb != 4
2368 || srvaddnewcb != 4
2369 || srvparsenewcb != 1)
2370 goto end;
2371 }
2372
2373 sess = SSL_get1_session(clientssl);
2374 SSL_shutdown(clientssl);
2375 SSL_shutdown(serverssl);
2376 SSL_free(serverssl);
2377 SSL_free(clientssl);
2378 serverssl = clientssl = NULL;
2379
2380 if (tst == 3) {
2381 /* We don't bother with the resumption aspects for this test */
2382 testresult = 1;
2383 goto end;
2384 }
2385
2386 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
2387 NULL, NULL))
2388 || !TEST_true(SSL_set_session(clientssl, sess))
2389 || !TEST_true(create_ssl_connection(serverssl, clientssl,
2390 SSL_ERROR_NONE)))
2391 goto end;
2392
2393 /*
2394 * For a resumed session we expect to add the ClientHello extension. For the
2395 * old style callbacks we ignore it on the server side because they set
2396 * SSL_EXT_IGNORE_ON_RESUMPTION. The new style callbacks do not ignore
2397 * them.
2398 */
2399 if (tst == 0) {
2400 if (clntaddoldcb != 2
2401 || clntparseoldcb != 1
2402 || srvaddoldcb != 1
2403 || srvparseoldcb != 1)
2404 goto end;
2405 } else if (tst == 1 || tst == 2 || tst == 3) {
2406 if (clntaddnewcb != 2
2407 || clntparsenewcb != 2
2408 || srvaddnewcb != 2
2409 || srvparsenewcb != 2)
2410 goto end;
2411 } else {
2412 /* No Certificate message extensions in the resumption handshake */
2413 if (clntaddnewcb != 2
2414 || clntparsenewcb != 7
2415 || srvaddnewcb != 7
2416 || srvparsenewcb != 2)
2417 goto end;
2418 }
2419
2420 testresult = 1;
2421
2422end:
2423 SSL_SESSION_free(sess);
2424 SSL_free(serverssl);
2425 SSL_free(clientssl);
2426 SSL_CTX_free(sctx2);
2427 SSL_CTX_free(sctx);
2428 SSL_CTX_free(cctx);
2429 return testresult;
2430}
2431
2432/*
2433 * Test loading of serverinfo data in various formats. test_sslmessages actually
2434 * tests to make sure the extensions appear in the handshake
2435 */
2436static int test_serverinfo(int tst)
2437{
2438 unsigned int version;
2439 unsigned char *sibuf;
2440 size_t sibuflen;
2441 int ret, expected, testresult = 0;
2442 SSL_CTX *ctx;
2443
2444 ctx = SSL_CTX_new(TLS_method());
2445 if (!TEST_ptr(ctx))
2446 goto end;
2447
2448 if ((tst & 0x01) == 0x01)
2449 version = SSL_SERVERINFOV2;
2450 else
2451 version = SSL_SERVERINFOV1;
2452
2453 if ((tst & 0x02) == 0x02) {
2454 sibuf = serverinfov2;
2455 sibuflen = sizeof(serverinfov2);
2456 expected = (version == SSL_SERVERINFOV2);
2457 } else {
2458 sibuf = serverinfov1;
2459 sibuflen = sizeof(serverinfov1);
2460 expected = (version == SSL_SERVERINFOV1);
2461 }
2462
2463 if ((tst & 0x04) == 0x04) {
2464 ret = SSL_CTX_use_serverinfo_ex(ctx, version, sibuf, sibuflen);
2465 } else {
2466 ret = SSL_CTX_use_serverinfo(ctx, sibuf, sibuflen);
2467
2468 /*
2469 * The version variable is irrelevant in this case - it's what is in the
2470 * buffer that matters
2471 */
2472 if ((tst & 0x02) == 0x02)
2473 expected = 0;
2474 else
2475 expected = 1;
2476 }
2477
2478 if (!TEST_true(ret == expected))
2479 goto end;
2480
2481 testresult = 1;
2482
2483 end:
2484 SSL_CTX_free(ctx);
2485
2486 return testresult;
2487}
2488
2489int test_main(int argc, char *argv[])
2490{
2491 int testresult = 1;
2492
2493 if (argc != 3) {
2494 TEST_error("Wrong argument count");
2495 return 0;
2496 }
2497
2498 cert = argv[1];
2499 privkey = argv[2];
2500
2501 ADD_TEST(test_large_message_tls);
2502 ADD_TEST(test_large_message_tls_read_ahead);
2503#ifndef OPENSSL_NO_DTLS
2504 ADD_TEST(test_large_message_dtls);
2505#endif
2506#ifndef OPENSSL_NO_OCSP
2507 ADD_TEST(test_tlsext_status_type);
2508#endif
2509 ADD_TEST(test_session_with_only_int_cache);
2510 ADD_TEST(test_session_with_only_ext_cache);
2511 ADD_TEST(test_session_with_both_cache);
2512 ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS);
2513 ADD_TEST(test_ssl_bio_pop_next_bio);
2514 ADD_TEST(test_ssl_bio_pop_ssl_bio);
2515 ADD_TEST(test_ssl_bio_change_rbio);
2516 ADD_TEST(test_ssl_bio_change_wbio);
2517 ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2);
2518 ADD_TEST(test_keylog);
2519#ifndef OPENSSL_NO_TLS1_3
2520 ADD_TEST(test_keylog_no_master_key);
2521#endif
2522#ifndef OPENSSL_NO_TLS1_2
2523 ADD_TEST(test_early_cb);
2524#endif
2525#ifndef OPENSSL_NO_TLS1_3
2526 ADD_ALL_TESTS(test_early_data_read_write, 2);
2527 ADD_ALL_TESTS(test_early_data_skip, 2);
2528 ADD_ALL_TESTS(test_early_data_not_sent, 2);
2529 ADD_ALL_TESTS(test_early_data_not_expected, 2);
2530# ifndef OPENSSL_NO_TLS1_2
2531 ADD_ALL_TESTS(test_early_data_tls1_2, 2);
2532# endif
2533#endif
2534#ifndef OPENSSL_NO_TLS1_3
2535 ADD_TEST(test_ciphersuite_change);
2536 ADD_TEST(test_tls13_psk);
2537 ADD_ALL_TESTS(test_custom_exts, 5);
2538#else
2539 ADD_ALL_TESTS(test_custom_exts, 3);
2540#endif
2541 ADD_ALL_TESTS(test_serverinfo, 8);
2542
2543 testresult = run_tests(argv[0]);
2544
2545 bio_s_mempacket_test_free();
2546
2547 return testresult;
2548}
A mirror of the official openssl repository