/*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL licenses, (the "License");
+ * Licensed under the Apache License 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* https://www.openssl.org/source/license.html
#include <openssl/bio.h>
#include <openssl/err.h>
-#include "../ssl/packet_locl.h"
+#include "internal/packet.h"
#include "ssltestlib.h"
#include "testutil.h"
-#include "test_main_custom.h"
/* Should we fragment records or not? 0 = no, !0 = yes*/
static int fragment = 0;
unsigned int wctr;
};
-static const BIO_METHOD *bio_f_async_filter()
+static const BIO_METHOD *bio_f_async_filter(void)
{
if (methods_async == NULL) {
methods_async = BIO_meth_new(BIO_TYPE_ASYNC_FILTER, "Async filter");
return -1;
while (PACKET_remaining(&pkt) > 0) {
- PACKET payload, wholebody;
+ PACKET payload, wholebody, sessionid, extensions;
unsigned int contenttype, versionhi, versionlo, data;
unsigned int msgtype = 0, negversion = 0;
&& !PACKET_get_1(&wholebody, &msgtype))
return -1;
- if (msgtype == SSL3_MT_SERVER_HELLO
- && (!PACKET_forward(&wholebody,
+ if (msgtype == SSL3_MT_SERVER_HELLO) {
+ if (!PACKET_forward(&wholebody,
SSL3_HM_HEADER_LENGTH - 1)
- || !PACKET_get_net_2(&wholebody, &negversion)))
- return -1;
+ || !PACKET_get_net_2(&wholebody, &negversion)
+ /* Skip random (32 bytes) */
+ || !PACKET_forward(&wholebody, 32)
+ /* Skip session id */
+ || !PACKET_get_length_prefixed_1(&wholebody,
+ &sessionid)
+ /*
+ * Skip ciphersuite (2 bytes) and compression
+ * method (1 byte)
+ */
+ || !PACKET_forward(&wholebody, 2 + 1)
+ || !PACKET_get_length_prefixed_2(&wholebody,
+ &extensions))
+ return -1;
+
+ /*
+ * Find the negotiated version in supported_versions
+ * extension, if present.
+ */
+ while (PACKET_remaining(&extensions)) {
+ unsigned int type;
+ PACKET extbody;
+
+ if (!PACKET_get_net_2(&extensions, &type)
+ || !PACKET_get_length_prefixed_2(&extensions,
+ &extbody))
+ return -1;
+
+ if (type == TLSEXT_TYPE_supported_versions
+ && (!PACKET_get_net_2(&extbody, &negversion)
+ || PACKET_remaining(&extbody) != 0))
+ return -1;
+ }
+ }
while (PACKET_get_1(&payload, &data)) {
/* Create a new one byte long record for each byte in the
/*
* We can't fragment anything after the ServerHello (or CCS <=
* TLS1.2), otherwise we get a bad record MAC
- * TODO(TLS1.3): Change TLS1_3_VERSION_DRAFT to TLS1_3_VERSION
- * before release
*/
if (contenttype == SSL3_RT_CHANGE_CIPHER_SPEC
- || (negversion == TLS1_3_VERSION_DRAFT
+ || (negversion == TLS1_3_VERSION
&& msgtype == SSL3_MT_SERVER_HELLO)) {
fragment = 0;
break;
const char testdata[] = "Test data";
char buf[sizeof(testdata)];
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- &serverctx, &clientctx, cert, privkey)))
+ if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION, 0,
+ &serverctx, &clientctx, cert, privkey)))
goto end;
/*
goto end;
/*
- * Now read the test data. It may take more attemps here because
+ * Now read the test data. It may take more attempts here because
* it could fail once for each byte read, including all overhead
* bytes from the record header/padding etc.
*/
return testresult;
}
-int test_main(int argc, char *argv[])
-{
- int testresult = 0;
+OPT_TEST_DECLARE_USAGE("certname privkey\n")
- if (!TEST_int_eq(argc, 3))
- goto end;
+int setup_tests(void)
+{
+ if (!test_skip_common_options()) {
+ TEST_error("Error parsing test options\n");
+ return 0;
+ }
- cert = argv[1];
- privkey = argv[2];
+ if (!TEST_ptr(cert = test_get_argument(0))
+ || !TEST_ptr(privkey = test_get_argument(1)))
+ return 0;
ADD_ALL_TESTS(test_asyncio, 2);
+ return 1;
+}
- testresult = run_tests(argv[0]);
-
- end:
+void cleanup_tests(void)
+{
BIO_meth_free(methods_async);
-
- return testresult;
}