/*
- * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include <openssl/core_names.h>
#include <openssl/core_dispatch.h>
#include <openssl/provider.h>
+#include <openssl/param_build.h>
+#include <openssl/x509v3.h>
+#include <openssl/dh.h>
+#include <openssl/engine.h>
-#include "ssltestlib.h"
+#include "helpers/ssltestlib.h"
#include "testutil.h"
#include "testutil/output.h"
#include "internal/nelem.h"
#include "internal/ktls.h"
#include "../ssl/ssl_local.h"
+#include "../ssl/record/methods/recmethod_local.h"
+#include "filterprov.h"
-/* Defined in filterprov.c */
-OSSL_provider_init_fn filter_provider_init;
-int filter_provider_set_filter(int operation, const char *name);
+#undef OSSL_NO_USABLE_TLS1_3
+#if defined(OPENSSL_NO_TLS1_3) \
+ || (defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_DH))
+/*
+ * If we don't have ec or dh then there are no built-in groups that are usable
+ * with TLSv1.3
+ */
+# define OSSL_NO_USABLE_TLS1_3
+#endif
/* Defined in tls-provider.c */
int tls_provider_init(const OSSL_CORE_HANDLE *handle,
static OSSL_LIB_CTX *libctx = NULL;
static OSSL_PROVIDER *defctxnull = NULL;
-#ifndef OPENSSL_NO_TLS1_3
+#ifndef OSSL_NO_USABLE_TLS1_3
static SSL_SESSION *clientpsk = NULL;
static SSL_SESSION *serverpsk = NULL;
static int use_session_cb_cnt = 0;
static int find_session_cb_cnt = 0;
-static SSL_SESSION *create_a_psk(SSL *ssl);
+static SSL_SESSION *create_a_psk(SSL *ssl, size_t mdsize);
#endif
static char *certsdir = NULL;
static char *privkey = NULL;
static char *cert2 = NULL;
static char *privkey2 = NULL;
+static char *cert1024 = NULL;
+static char *privkey1024 = NULL;
+static char *cert3072 = NULL;
+static char *privkey3072 = NULL;
+static char *cert4096 = NULL;
+static char *privkey4096 = NULL;
+static char *cert8192 = NULL;
+static char *privkey8192 = NULL;
static char *srpvfile = NULL;
static char *tmpfilename = NULL;
+static char *dhfile = NULL;
static int is_fips = 0;
};
-static unsigned char serverinfov1[] = {
- 0xff, 0xff, /* Dummy extension type */
- 0x00, 0x01, /* Extension length is 1 byte */
- 0xff /* Dummy extension data */
-};
-
-static unsigned char serverinfov2[] = {
- 0x00, 0x00, 0x00,
- (unsigned char)(SSL_EXT_CLIENT_HELLO & 0xff), /* Dummy context - 4 bytes */
- 0xff, 0xff, /* Dummy extension type */
- 0x00, 0x01, /* Extension length is 1 byte */
- 0xff /* Dummy extension data */
-};
-
static int hostname_cb(SSL *s, int *al, void *arg)
{
const char *hostname = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
if (!TEST_ptr(token = strtok(NULL, " \n")))
return 0;
-
- /*
- * TODO(TLS1.3): test that application traffic secrets are what
- * we expect */
} else {
TEST_info("Unexpected token %s\n", token);
return 0;
return 1;
}
-#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
+#if !defined(OPENSSL_NO_TLS1_2) || defined(OSSL_NO_USABLE_TLS1_3)
static int test_keylog(void)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
* Now we want to test that our output data was vaguely sensible. We
* do that by using strtok and confirming that we have more or less the
* data we expect. For both client and server, we expect to see one master
- * secret. The client should also see a RSA key exchange.
+ * secret. The client should also see an RSA key exchange.
*/
expected.rsa_key_exchange_count = 1;
expected.master_secret_count = 1;
}
#endif
-#ifndef OPENSSL_NO_TLS1_3
+#ifndef OSSL_NO_USABLE_TLS1_3
static int test_keylog_no_master_key(void)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
}
#endif
+static int verify_retry_cb(X509_STORE_CTX *ctx, void *arg)
+{
+ int res = X509_verify_cert(ctx);
+ int idx = SSL_get_ex_data_X509_STORE_CTX_idx();
+ SSL *ssl;
+
+ /* this should not happen but check anyway */
+ if (idx < 0
+ || (ssl = X509_STORE_CTX_get_ex_data(ctx, idx)) == NULL)
+ return 0;
+
+ if (res == 0 && X509_STORE_CTX_get_error(ctx) ==
+ X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
+ /* indicate SSL_ERROR_WANT_RETRY_VERIFY */
+ return SSL_set_retry_verify(ssl);
+
+ return res;
+}
+
+static int test_client_cert_verify_cb(void)
+{
+ /* server key, cert, chain, and root */
+ char *skey = test_mk_file_path(certsdir, "leaf.key");
+ char *leaf = test_mk_file_path(certsdir, "leaf.pem");
+ char *int2 = test_mk_file_path(certsdir, "subinterCA.pem");
+ char *int1 = test_mk_file_path(certsdir, "interCA.pem");
+ char *root = test_mk_file_path(certsdir, "rootCA.pem");
+ X509 *crt1 = NULL, *crt2 = NULL;
+ STACK_OF(X509) *server_chain;
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
+ &sctx, &cctx, NULL, NULL)))
+ goto end;
+ if (!TEST_int_eq(SSL_CTX_use_certificate_chain_file(sctx, leaf), 1)
+ || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(sctx, skey,
+ SSL_FILETYPE_PEM), 1)
+ || !TEST_int_eq(SSL_CTX_check_private_key(sctx), 1))
+ goto end;
+ if (!TEST_true(SSL_CTX_load_verify_locations(cctx, root, NULL)))
+ goto end;
+ SSL_CTX_set_verify(cctx, SSL_VERIFY_PEER, NULL);
+ SSL_CTX_set_cert_verify_callback(cctx, verify_retry_cb, NULL);
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL)))
+ goto end;
+
+ /* attempt SSL_connect() with incomplete server chain */
+ if (!TEST_false(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_WANT_RETRY_VERIFY)))
+ goto end;
+
+ /* application provides intermediate certs needed to verify server cert */
+ if (!TEST_ptr((crt1 = load_cert_pem(int1, libctx)))
+ || !TEST_ptr((crt2 = load_cert_pem(int2, libctx)))
+ || !TEST_ptr((server_chain = SSL_get_peer_cert_chain(clientssl))))
+ goto end;
+ /* add certs in reverse order to demonstrate real chain building */
+ if (!TEST_true(sk_X509_push(server_chain, crt1)))
+ goto end;
+ crt1 = NULL;
+ if (!TEST_true(sk_X509_push(server_chain, crt2)))
+ goto end;
+ crt2 = NULL;
+
+ /* continue SSL_connect(), must now succeed with completed server chain */
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ testresult = 1;
+
+end:
+ X509_free(crt1);
+ X509_free(crt2);
+ if (clientssl != NULL) {
+ SSL_shutdown(clientssl);
+ SSL_free(clientssl);
+ }
+ if (serverssl != NULL) {
+ SSL_shutdown(serverssl);
+ SSL_free(serverssl);
+ }
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ OPENSSL_free(skey);
+ OPENSSL_free(leaf);
+ OPENSSL_free(int2);
+ OPENSSL_free(int1);
+ OPENSSL_free(root);
+
+ return testresult;
+}
+
+static int test_ssl_build_cert_chain(void)
+{
+ int ret = 0;
+ SSL_CTX *ssl_ctx = NULL;
+ SSL *ssl = NULL;
+ char *skey = test_mk_file_path(certsdir, "leaf.key");
+ char *leaf_chain = test_mk_file_path(certsdir, "leaf-chain.pem");
+
+ if (!TEST_ptr(ssl_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method())))
+ goto end;
+ if (!TEST_ptr(ssl = SSL_new(ssl_ctx)))
+ goto end;
+ /* leaf_chain contains leaf + subinterCA + interCA + rootCA */
+ if (!TEST_int_eq(SSL_use_certificate_chain_file(ssl, leaf_chain), 1)
+ || !TEST_int_eq(SSL_use_PrivateKey_file(ssl, skey, SSL_FILETYPE_PEM), 1)
+ || !TEST_int_eq(SSL_check_private_key(ssl), 1))
+ goto end;
+ if (!TEST_true(SSL_build_cert_chain(ssl, SSL_BUILD_CHAIN_FLAG_NO_ROOT
+ | SSL_BUILD_CHAIN_FLAG_CHECK)))
+ goto end;
+ ret = 1;
+end:
+ SSL_free(ssl);
+ SSL_CTX_free(ssl_ctx);
+ OPENSSL_free(leaf_chain);
+ OPENSSL_free(skey);
+ return ret;
+}
+
+static int get_password_cb(char *buf, int size, int rw_flag, void *userdata)
+{
+ static const char pass[] = "testpass";
+
+ if (!TEST_int_eq(size, PEM_BUFSIZE))
+ return -1;
+
+ memcpy(buf, pass, sizeof(pass) - 1);
+ return sizeof(pass) - 1;
+}
+
+static int test_ssl_ctx_build_cert_chain(void)
+{
+ int ret = 0;
+ SSL_CTX *ctx = NULL;
+ char *skey = test_mk_file_path(certsdir, "leaf-encrypted.key");
+ char *leaf_chain = test_mk_file_path(certsdir, "leaf-chain.pem");
+
+ if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method())))
+ goto end;
+ SSL_CTX_set_default_passwd_cb(ctx, get_password_cb);
+ /* leaf_chain contains leaf + subinterCA + interCA + rootCA */
+ if (!TEST_int_eq(SSL_CTX_use_certificate_chain_file(ctx, leaf_chain), 1)
+ || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(ctx, skey,
+ SSL_FILETYPE_PEM), 1)
+ || !TEST_int_eq(SSL_CTX_check_private_key(ctx), 1))
+ goto end;
+ if (!TEST_true(SSL_CTX_build_cert_chain(ctx, SSL_BUILD_CHAIN_FLAG_NO_ROOT
+ | SSL_BUILD_CHAIN_FLAG_CHECK)))
+ goto end;
+ ret = 1;
+end:
+ SSL_CTX_free(ctx);
+ OPENSSL_free(leaf_chain);
+ OPENSSL_free(skey);
+ return ret;
+}
+
#ifndef OPENSSL_NO_TLS1_2
static int full_client_hello_callback(SSL *s, int *al, void *arg)
{
size_t readbytes;
/*
- * Create a conection so we can resume and potentially (but not) use
+ * Create a connection so we can resume and potentially (but not) use
* a different cipher in the second connection.
*/
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
privkey)))
goto end;
+#ifdef OPENSSL_NO_DTLS1_2
+ if (smeth == DTLS_server_method()) {
+ /*
+ * Default sigalgs are SHA1 based in <DTLS1.2 which is in security
+ * level 0
+ */
+ if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
+ || !TEST_true(SSL_CTX_set_cipher_list(cctx,
+ "DEFAULT:@SECLEVEL=0")))
+ goto end;
+ }
+#endif
+
if (read_ahead) {
/*
* Test that read_ahead works correctly when dealing with large
}
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_KTLS) && \
- !(defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_TLS1_2))
-#define TLS_CIPHER_MAX_REC_SEQ_SIZE 8
+ !(defined(OSSL_NO_USABLE_TLS1_3) && defined(OPENSSL_NO_TLS1_2))
/* sock must be connected */
static int ktls_chk_platform(int sock)
{
return 1;
}
-static int ping_pong_query(SSL *clientssl, SSL *serverssl, int cfd, int sfd, int rec_seq_size)
+static int ping_pong_query(SSL *clientssl, SSL *serverssl)
{
static char count = 1;
unsigned char cbuf[16000] = {0};
unsigned char sbuf[16000];
size_t err = 0;
- char crec_wseq_before[TLS_CIPHER_MAX_REC_SEQ_SIZE];
- char crec_wseq_after[TLS_CIPHER_MAX_REC_SEQ_SIZE];
- char crec_rseq_before[TLS_CIPHER_MAX_REC_SEQ_SIZE];
- char crec_rseq_after[TLS_CIPHER_MAX_REC_SEQ_SIZE];
- char srec_wseq_before[TLS_CIPHER_MAX_REC_SEQ_SIZE];
- char srec_wseq_after[TLS_CIPHER_MAX_REC_SEQ_SIZE];
- char srec_rseq_before[TLS_CIPHER_MAX_REC_SEQ_SIZE];
- char srec_rseq_after[TLS_CIPHER_MAX_REC_SEQ_SIZE];
+ char crec_wseq_before[SEQ_NUM_SIZE];
+ char crec_wseq_after[SEQ_NUM_SIZE];
+ char crec_rseq_before[SEQ_NUM_SIZE];
+ char crec_rseq_after[SEQ_NUM_SIZE];
+ char srec_wseq_before[SEQ_NUM_SIZE];
+ char srec_wseq_after[SEQ_NUM_SIZE];
+ char srec_rseq_before[SEQ_NUM_SIZE];
+ char srec_rseq_after[SEQ_NUM_SIZE];
+ SSL_CONNECTION *clientsc, *serversc;
+
+ if (!TEST_ptr(clientsc = SSL_CONNECTION_FROM_SSL_ONLY(clientssl))
+ || !TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl)))
+ goto end;
cbuf[0] = count++;
- memcpy(crec_wseq_before, &clientssl->rlayer.write_sequence, rec_seq_size);
- memcpy(crec_rseq_before, &clientssl->rlayer.read_sequence, rec_seq_size);
- memcpy(srec_wseq_before, &serverssl->rlayer.write_sequence, rec_seq_size);
- memcpy(srec_rseq_before, &serverssl->rlayer.read_sequence, rec_seq_size);
+ memcpy(crec_wseq_before, &clientsc->rlayer.wrl->sequence, SEQ_NUM_SIZE);
+ memcpy(srec_wseq_before, &serversc->rlayer.wrl->sequence, SEQ_NUM_SIZE);
+ memcpy(crec_rseq_before, &clientsc->rlayer.rrl->sequence, SEQ_NUM_SIZE);
+ memcpy(srec_rseq_before, &serversc->rlayer.rrl->sequence, SEQ_NUM_SIZE);
if (!TEST_true(SSL_write(clientssl, cbuf, sizeof(cbuf)) == sizeof(cbuf)))
goto end;
}
}
- memcpy(crec_wseq_after, &clientssl->rlayer.write_sequence, rec_seq_size);
- memcpy(crec_rseq_after, &clientssl->rlayer.read_sequence, rec_seq_size);
- memcpy(srec_wseq_after, &serverssl->rlayer.write_sequence, rec_seq_size);
- memcpy(srec_rseq_after, &serverssl->rlayer.read_sequence, rec_seq_size);
+ memcpy(crec_wseq_after, &clientsc->rlayer.wrl->sequence, SEQ_NUM_SIZE);
+ memcpy(srec_wseq_after, &serversc->rlayer.wrl->sequence, SEQ_NUM_SIZE);
+ memcpy(crec_rseq_after, &clientsc->rlayer.rrl->sequence, SEQ_NUM_SIZE);
+ memcpy(srec_rseq_after, &serversc->rlayer.rrl->sequence, SEQ_NUM_SIZE);
/* verify the payload */
if (!TEST_mem_eq(cbuf, sizeof(cbuf), sbuf, sizeof(sbuf)))
goto end;
- /* ktls is used then kernel sequences are used instead of OpenSSL sequences */
- if (clientssl->mode & SSL_MODE_NO_KTLS_TX) {
- if (!TEST_mem_ne(crec_wseq_before, rec_seq_size,
- crec_wseq_after, rec_seq_size))
+ /*
+ * If ktls is used then kernel sequences are used instead of
+ * OpenSSL sequences
+ */
+ if (!BIO_get_ktls_send(clientsc->wbio)) {
+ if (!TEST_mem_ne(crec_wseq_before, SEQ_NUM_SIZE,
+ crec_wseq_after, SEQ_NUM_SIZE))
goto end;
} else {
- if (!TEST_mem_eq(crec_wseq_before, rec_seq_size,
- crec_wseq_after, rec_seq_size))
+ if (!TEST_mem_eq(crec_wseq_before, SEQ_NUM_SIZE,
+ crec_wseq_after, SEQ_NUM_SIZE))
goto end;
}
- if (serverssl->mode & SSL_MODE_NO_KTLS_TX) {
- if (!TEST_mem_ne(srec_wseq_before, rec_seq_size,
- srec_wseq_after, rec_seq_size))
+ if (!BIO_get_ktls_send(serversc->wbio)) {
+ if (!TEST_mem_ne(srec_wseq_before, SEQ_NUM_SIZE,
+ srec_wseq_after, SEQ_NUM_SIZE))
goto end;
} else {
- if (!TEST_mem_eq(srec_wseq_before, rec_seq_size,
- srec_wseq_after, rec_seq_size))
+ if (!TEST_mem_eq(srec_wseq_before, SEQ_NUM_SIZE,
+ srec_wseq_after, SEQ_NUM_SIZE))
goto end;
}
- if (clientssl->mode & SSL_MODE_NO_KTLS_RX) {
- if (!TEST_mem_ne(crec_rseq_before, rec_seq_size,
- crec_rseq_after, rec_seq_size))
+ if (!BIO_get_ktls_recv(clientsc->wbio)) {
+ if (!TEST_mem_ne(crec_rseq_before, SEQ_NUM_SIZE,
+ crec_rseq_after, SEQ_NUM_SIZE))
goto end;
} else {
- if (!TEST_mem_eq(crec_rseq_before, rec_seq_size,
- crec_rseq_after, rec_seq_size))
+ if (!TEST_mem_eq(crec_rseq_before, SEQ_NUM_SIZE,
+ crec_rseq_after, SEQ_NUM_SIZE))
goto end;
}
- if (serverssl->mode & SSL_MODE_NO_KTLS_RX) {
- if (!TEST_mem_ne(srec_rseq_before, rec_seq_size,
- srec_rseq_after, rec_seq_size))
+ if (!BIO_get_ktls_recv(serversc->wbio)) {
+ if (!TEST_mem_ne(srec_rseq_before, SEQ_NUM_SIZE,
+ srec_rseq_after, SEQ_NUM_SIZE))
goto end;
} else {
- if (!TEST_mem_eq(srec_rseq_before, rec_seq_size,
- srec_rseq_after, rec_seq_size))
+ if (!TEST_mem_eq(srec_rseq_before, SEQ_NUM_SIZE,
+ srec_rseq_after, SEQ_NUM_SIZE))
goto end;
}
return 0;
}
-static int execute_test_ktls(int cis_ktls_tx, int cis_ktls_rx,
- int sis_ktls_tx, int sis_ktls_rx,
- int tls_version, const char *cipher,
- int rec_seq_size)
+static int execute_test_ktls(int cis_ktls, int sis_ktls,
+ int tls_version, const char *cipher)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
- int testresult = 0;
- int cfd, sfd;
+ int ktls_used = 0, testresult = 0;
+ int cfd = -1, sfd = -1;
+ int rx_supported;
+ SSL_CONNECTION *clientsc, *serversc;
if (!TEST_true(create_test_sockets(&cfd, &sfd)))
goto end;
/* Skip this test if the platform does not support ktls */
- if (!ktls_chk_platform(cfd))
- return 1;
+ if (!ktls_chk_platform(cfd)) {
+ testresult = TEST_skip("Kernel does not support KTLS");
+ goto end;
+ }
+
+ if (is_fips && strstr(cipher, "CHACHA") != NULL) {
+ testresult = TEST_skip("CHACHA is not supported in FIPS");
+ goto end;
+ }
/* Create a session based on SHA-256 */
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
tls_version, tls_version,
- &sctx, &cctx, cert, privkey))
- || !TEST_true(SSL_CTX_set_cipher_list(cctx, cipher))
- || !TEST_true(SSL_CTX_set_cipher_list(sctx, cipher))
- || !TEST_true(create_ssl_objects2(sctx, cctx, &serverssl,
- &clientssl, sfd, cfd)))
+ &sctx, &cctx, cert, privkey)))
goto end;
- if (!cis_ktls_tx) {
- if (!TEST_true(SSL_set_mode(clientssl, SSL_MODE_NO_KTLS_TX)))
+ if (tls_version == TLS1_3_VERSION) {
+ if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, cipher))
+ || !TEST_true(SSL_CTX_set_ciphersuites(sctx, cipher)))
goto end;
- }
-
- if (!sis_ktls_tx) {
- if (!TEST_true(SSL_set_mode(serverssl, SSL_MODE_NO_KTLS_TX)))
+ } else {
+ if (!TEST_true(SSL_CTX_set_cipher_list(cctx, cipher))
+ || !TEST_true(SSL_CTX_set_cipher_list(sctx, cipher)))
goto end;
}
- if (!cis_ktls_rx) {
- if (!TEST_true(SSL_set_mode(clientssl, SSL_MODE_NO_KTLS_RX)))
+ if (!TEST_true(create_ssl_objects2(sctx, cctx, &serverssl,
+ &clientssl, sfd, cfd)))
+ goto end;
+
+ if (!TEST_ptr(clientsc = SSL_CONNECTION_FROM_SSL_ONLY(clientssl))
+ || !TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl)))
+ goto end;
+
+ if (cis_ktls) {
+ if (!TEST_true(SSL_set_options(clientssl, SSL_OP_ENABLE_KTLS)))
goto end;
}
- if (!sis_ktls_rx) {
- if (!TEST_true(SSL_set_mode(serverssl, SSL_MODE_NO_KTLS_RX)))
+ if (sis_ktls) {
+ if (!TEST_true(SSL_set_options(serverssl, SSL_OP_ENABLE_KTLS)))
goto end;
}
- if (!TEST_true(create_ssl_connection(serverssl, clientssl,
- SSL_ERROR_NONE)))
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
goto end;
- if (!cis_ktls_tx) {
- if (!TEST_false(BIO_get_ktls_send(clientssl->wbio)))
+ /*
+ * The running kernel may not support a given cipher suite
+ * or direction, so just check that KTLS isn't used when it
+ * isn't enabled.
+ */
+ if (!cis_ktls) {
+ if (!TEST_false(BIO_get_ktls_send(clientsc->wbio)))
goto end;
} else {
- if (!TEST_true(BIO_get_ktls_send(clientssl->wbio)))
- goto end;
+ if (BIO_get_ktls_send(clientsc->wbio))
+ ktls_used = 1;
}
- if (!sis_ktls_tx) {
- if (!TEST_false(BIO_get_ktls_send(serverssl->wbio)))
+ if (!sis_ktls) {
+ if (!TEST_false(BIO_get_ktls_send(serversc->wbio)))
goto end;
} else {
- if (!TEST_true(BIO_get_ktls_send(serverssl->wbio)))
- goto end;
+ if (BIO_get_ktls_send(serversc->wbio))
+ ktls_used = 1;
}
- if (!cis_ktls_rx) {
- if (!TEST_false(BIO_get_ktls_recv(clientssl->rbio)))
+#if defined(OPENSSL_NO_KTLS_RX)
+ rx_supported = 0;
+#else
+ rx_supported = 1;
+#endif
+ if (!cis_ktls || !rx_supported) {
+ if (!TEST_false(BIO_get_ktls_recv(clientsc->rbio)))
goto end;
} else {
- if (!TEST_true(BIO_get_ktls_recv(clientssl->rbio)))
- goto end;
+ if (BIO_get_ktls_send(clientsc->rbio))
+ ktls_used = 1;
}
- if (!sis_ktls_rx) {
- if (!TEST_false(BIO_get_ktls_recv(serverssl->rbio)))
+ if (!sis_ktls || !rx_supported) {
+ if (!TEST_false(BIO_get_ktls_recv(serversc->rbio)))
goto end;
} else {
- if (!TEST_true(BIO_get_ktls_recv(serverssl->rbio)))
- goto end;
+ if (BIO_get_ktls_send(serversc->rbio))
+ ktls_used = 1;
+ }
+
+ if ((cis_ktls || sis_ktls) && !ktls_used) {
+ testresult = TEST_skip("KTLS not supported for %s cipher %s",
+ tls_version == TLS1_3_VERSION ? "TLS 1.3" :
+ "TLS 1.2", cipher);
+ goto end;
}
- if (!TEST_true(ping_pong_query(clientssl, serverssl, cfd, sfd,
- rec_seq_size)))
+ if (!TEST_true(ping_pong_query(clientssl, serverssl)))
goto end;
testresult = 1;
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
serverssl = clientssl = NULL;
+ if (cfd != -1)
+ close(cfd);
+ if (sfd != -1)
+ close(sfd);
return testresult;
}
#define SENDFILE_CHUNK (4 * 4096)
#define min(a,b) ((a) > (b) ? (b) : (a))
-static int test_ktls_sendfile(int tls_version, const char *cipher)
+static int execute_test_ktls_sendfile(int tls_version, const char *cipher,
+ int zerocopy)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
unsigned char *buf, *buf_dst;
BIO *out = NULL, *in = NULL;
- int cfd, sfd, ffd, err;
+ int cfd = -1, sfd = -1, ffd, err;
ssize_t chunk_size = 0;
off_t chunk_off = 0;
int testresult = 0;
FILE *ffdp;
+ SSL_CONNECTION *serversc;
buf = OPENSSL_zalloc(SENDFILE_SZ);
buf_dst = OPENSSL_zalloc(SENDFILE_SZ);
/* Skip this test if the platform does not support ktls */
if (!ktls_chk_platform(sfd)) {
- testresult = 1;
+ testresult = TEST_skip("Kernel does not support KTLS");
+ goto end;
+ }
+
+ if (is_fips && strstr(cipher, "CHACHA") != NULL) {
+ testresult = TEST_skip("CHACHA is not supported in FIPS");
goto end;
}
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
tls_version, tls_version,
- &sctx, &cctx, cert, privkey))
- || !TEST_true(SSL_CTX_set_cipher_list(cctx, cipher))
- || !TEST_true(SSL_CTX_set_cipher_list(sctx, cipher))
- || !TEST_true(create_ssl_objects2(sctx, cctx, &serverssl,
- &clientssl, sfd, cfd)))
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (tls_version == TLS1_3_VERSION) {
+ if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, cipher))
+ || !TEST_true(SSL_CTX_set_ciphersuites(sctx, cipher)))
+ goto end;
+ } else {
+ if (!TEST_true(SSL_CTX_set_cipher_list(cctx, cipher))
+ || !TEST_true(SSL_CTX_set_cipher_list(sctx, cipher)))
+ goto end;
+ }
+
+ if (!TEST_true(create_ssl_objects2(sctx, cctx, &serverssl,
+ &clientssl, sfd, cfd)))
+ goto end;
+
+ if (!TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl)))
+ goto end;
+
+ if (!TEST_true(SSL_set_options(serverssl, SSL_OP_ENABLE_KTLS)))
goto end;
+ if (zerocopy) {
+ if (!TEST_true(SSL_set_options(serverssl,
+ SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE)))
+ goto end;
+ }
+
if (!TEST_true(create_ssl_connection(serverssl, clientssl,
- SSL_ERROR_NONE))
- || !TEST_true(BIO_get_ktls_send(serverssl->wbio)))
+ SSL_ERROR_NONE)))
+ goto end;
+
+ if (!BIO_get_ktls_send(serversc->wbio)) {
+ testresult = TEST_skip("Failed to enable KTLS for %s cipher %s",
+ tls_version == TLS1_3_VERSION ? "TLS 1.3" :
+ "TLS 1.2", cipher);
goto end;
+ }
- if (!TEST_true(RAND_bytes_ex(libctx, buf, SENDFILE_SZ)))
+ if (!TEST_int_gt(RAND_bytes_ex(libctx, buf, SENDFILE_SZ, 0), 0))
goto end;
out = BIO_new_file(tmpfilename, "wb");
serverssl = clientssl = NULL;
BIO_free(out);
BIO_free(in);
+ if (cfd != -1)
+ close(cfd);
+ if (sfd != -1)
+ close(sfd);
OPENSSL_free(buf);
OPENSSL_free(buf_dst);
return testresult;
}
-#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3)
+static struct ktls_test_cipher {
+ int tls_version;
+ const char *cipher;
+} ktls_test_ciphers[] = {
+# if !defined(OPENSSL_NO_TLS1_2)
+# ifdef OPENSSL_KTLS_AES_GCM_128
+ { TLS1_2_VERSION, "AES128-GCM-SHA256" },
+# endif
+# ifdef OPENSSL_KTLS_AES_CCM_128
+ { TLS1_2_VERSION, "AES128-CCM"},
+# endif
+# ifdef OPENSSL_KTLS_AES_GCM_256
+ { TLS1_2_VERSION, "AES256-GCM-SHA384"},
+# endif
+# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+# ifndef OPENSSL_NO_EC
+ { TLS1_2_VERSION, "ECDHE-RSA-CHACHA20-POLY1305"},
+# endif
+# endif
+# endif
+# if !defined(OSSL_NO_USABLE_TLS1_3)
+# ifdef OPENSSL_KTLS_AES_GCM_128
+ { TLS1_3_VERSION, "TLS_AES_128_GCM_SHA256" },
+# endif
+# ifdef OPENSSL_KTLS_AES_CCM_128
+ { TLS1_3_VERSION, "TLS_AES_128_CCM_SHA256" },
+# endif
+# ifdef OPENSSL_KTLS_AES_GCM_256
+ { TLS1_3_VERSION, "TLS_AES_256_GCM_SHA384" },
+# endif
+# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+ { TLS1_3_VERSION, "TLS_CHACHA20_POLY1305_SHA256" },
+# endif
+# endif
+};
+
+#define NUM_KTLS_TEST_CIPHERS \
+ (sizeof(ktls_test_ciphers) / sizeof(ktls_test_ciphers[0]))
+
static int test_ktls(int test)
{
- int cis_ktls_tx, cis_ktls_rx, sis_ktls_tx, sis_ktls_rx;
- int tlsver, testresult;
-
- if (test > 15) {
-#if defined(OPENSSL_NO_TLS1_3)
- return 1;
-#else
- test -= 16;
- tlsver = TLS1_3_VERSION;
-#endif
- } else {
-#if defined(OPENSSL_NO_TLS1_2)
- return 1;
-#else
- tlsver = TLS1_2_VERSION;
-#endif
- }
+ struct ktls_test_cipher *cipher;
+ int cis_ktls, sis_ktls;
- cis_ktls_tx = (test & 1) != 0;
- cis_ktls_rx = (test & 2) != 0;
- sis_ktls_tx = (test & 4) != 0;
- sis_ktls_rx = (test & 8) != 0;
+ OPENSSL_assert(test / 4 < (int)NUM_KTLS_TEST_CIPHERS);
+ cipher = &ktls_test_ciphers[test / 4];
-#if defined(OPENSSL_NO_KTLS_RX)
- if (cis_ktls_rx || sis_ktls_rx)
- return 1;
-#endif
-#if !defined(OPENSSL_NO_TLS1_3)
- if (tlsver == TLS1_3_VERSION && (cis_ktls_rx || sis_ktls_rx))
- return 1;
-#endif
+ cis_ktls = (test & 1) != 0;
+ sis_ktls = (test & 2) != 0;
- testresult = 1;
-#ifdef OPENSSL_KTLS_AES_GCM_128
- testresult &= execute_test_ktls(cis_ktls_tx, cis_ktls_rx, sis_ktls_tx,
- sis_ktls_rx, tlsver, "AES128-GCM-SHA256",
- TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_CCM_128
- testresult &= execute_test_ktls(cis_ktls_tx, cis_ktls_rx, sis_ktls_tx,
- sis_ktls_rx, tlsver, "AES128-CCM",
- TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_GCM_256
- testresult &= execute_test_ktls(cis_ktls_tx, cis_ktls_rx, sis_ktls_tx,
- sis_ktls_rx, tlsver, "AES256-GCM-SHA384",
- TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
-#endif
- return testresult;
+ return execute_test_ktls(cis_ktls, sis_ktls, cipher->tls_version,
+ cipher->cipher);
}
-static int test_ktls_sendfile_anytls(int tst)
+static int test_ktls_sendfile(int test)
{
- char *cipher[] = {"AES128-GCM-SHA256","AES128-CCM","AES256-GCM-SHA384"};
- int tlsver;
+ struct ktls_test_cipher *cipher;
+ int tst = test >> 1;
- if (tst > 2) {
-#if defined(OPENSSL_NO_TLS1_3)
- return 1;
-#else
- tst -= 3;
- tlsver = TLS1_3_VERSION;
-#endif
- } else {
-#if defined(OPENSSL_NO_TLS1_2)
- return 1;
-#else
- tlsver = TLS1_2_VERSION;
-#endif
- }
+ OPENSSL_assert(tst < (int)NUM_KTLS_TEST_CIPHERS);
+ cipher = &ktls_test_ciphers[tst];
-#ifndef OPENSSL_KTLS_AES_GCM_128
- if(tst == 0) return 1;
-#endif
-#ifndef OPENSSL_KTLS_AES_CCM_128
- if(tst == 1) return 1;
-#endif
-#ifndef OPENSSL_KTLS_AES_GCM_256
- if(tst == 2) return 1;
-#endif
- return test_ktls_sendfile(tlsver, cipher[tst]);
+ return execute_test_ktls_sendfile(cipher->tls_version, cipher->cipher,
+ test & 1);
}
-
-#endif
#endif
static int test_large_message_tls(void)
#ifndef OPENSSL_NO_DTLS
static int test_large_message_dtls(void)
{
+# ifdef OPENSSL_NO_DTLS1_2
+ /* Not supported in the FIPS provider */
+ if (is_fips)
+ return 1;
+# endif
/*
* read_ahead is not relevant to DTLS because DTLS always acts as if
* read_ahead is set.
}
#endif
-static int execute_cleanse_plaintext(const SSL_METHOD *smeth,
- const SSL_METHOD *cmeth,
- int min_version, int max_version)
+/*
+ * Test we can successfully send the maximum amount of application data. We
+ * test each protocol version individually, each with and without EtM enabled.
+ * TLSv1.3 doesn't use EtM so technically it is redundant to test both but it is
+ * simpler this way. We also test all combinations with and without the
+ * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option which affects the size of the
+ * underlying buffer.
+ */
+static int test_large_app_data(int tst)
{
- size_t i;
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
- int testresult = 0;
- SSL3_RECORD *rr;
- void *zbuf;
+ int testresult = 0, prot;
+ unsigned char *msg, *buf = NULL;
+ size_t written, readbytes;
+ const SSL_METHOD *smeth = TLS_server_method();
+ const SSL_METHOD *cmeth = TLS_client_method();
- static unsigned char cbuf[16000];
- static unsigned char sbuf[16000];
+ switch (tst >> 2) {
+ case 0:
+#ifndef OSSL_NO_USABLE_TLS1_3
+ prot = TLS1_3_VERSION;
+ break;
+#else
+ return 1;
+#endif
- if (!TEST_true(create_ssl_ctx_pair(libctx,
- smeth, cmeth,
- min_version, max_version,
- &sctx, &cctx, cert,
- privkey)))
- goto end;
+ case 1:
+#ifndef OPENSSL_NO_TLS1_2
+ prot = TLS1_2_VERSION;
+ break;
+#else
+ return 1;
+#endif
- if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
- NULL, NULL)))
- goto end;
+ case 2:
+#ifndef OPENSSL_NO_TLS1_1
+ prot = TLS1_1_VERSION;
+ break;
+#else
+ return 1;
+#endif
- if (!TEST_true(SSL_set_options(serverssl, SSL_OP_CLEANSE_PLAINTEXT)))
- goto end;
+ case 3:
+#ifndef OPENSSL_NO_TLS1
+ prot = TLS1_VERSION;
+ break;
+#else
+ return 1;
+#endif
- if (!TEST_true(create_ssl_connection(serverssl, clientssl,
- SSL_ERROR_NONE)))
- goto end;
+ case 4:
+#ifndef OPENSSL_NO_SSL3
+ prot = SSL3_VERSION;
+ break;
+#else
+ return 1;
+#endif
- for (i = 0; i < sizeof(cbuf); i++) {
- cbuf[i] = i & 0xff;
- }
+ case 5:
+#ifndef OPENSSL_NO_DTLS1_2
+ prot = DTLS1_2_VERSION;
+ smeth = DTLS_server_method();
+ cmeth = DTLS_client_method();
+ break;
+#else
+ return 1;
+#endif
+
+ case 6:
+#ifndef OPENSSL_NO_DTLS1
+ prot = DTLS1_VERSION;
+ smeth = DTLS_server_method();
+ cmeth = DTLS_client_method();
+ break;
+#else
+ return 1;
+#endif
+
+ default:
+ /* Shouldn't happen */
+ return 0;
+ }
+
+ if ((prot < TLS1_2_VERSION || prot == DTLS1_VERSION) && is_fips)
+ return 1;
+
+ /* Maximal sized message of zeros */
+ msg = OPENSSL_zalloc(SSL3_RT_MAX_PLAIN_LENGTH);
+ if (!TEST_ptr(msg))
+ goto end;
+
+ buf = OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH + 1);
+ if (!TEST_ptr(buf))
+ goto end;
+ /* Set whole buffer to all bits set */
+ memset(buf, 0xff, SSL3_RT_MAX_PLAIN_LENGTH + 1);
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, smeth, cmeth, prot, prot,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (prot < TLS1_2_VERSION || prot == DTLS1_VERSION) {
+ /* Older protocol versions need SECLEVEL=0 due to SHA1 usage */
+ if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "DEFAULT:@SECLEVEL=0"))
+ || !TEST_true(SSL_CTX_set_cipher_list(sctx,
+ "DEFAULT:@SECLEVEL=0")))
+ goto end;
+ }
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL)))
+ goto end;
+
+ if ((tst & 1) != 0) {
+ /* Setting this option gives us a minimally sized underlying buffer */
+ if (!TEST_true(SSL_set_options(serverssl,
+ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+ || !TEST_true(SSL_set_options(clientssl,
+ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)))
+ goto end;
+ }
+
+ if ((tst & 2) != 0) {
+ /*
+ * Setting this option means the MAC is added before encryption
+ * giving us a larger record for the encryption process
+ */
+ if (!TEST_true(SSL_set_options(serverssl, SSL_OP_NO_ENCRYPT_THEN_MAC))
+ || !TEST_true(SSL_set_options(clientssl,
+ SSL_OP_NO_ENCRYPT_THEN_MAC)))
+ goto end;
+ }
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ if (!TEST_true(SSL_write_ex(clientssl, msg, SSL3_RT_MAX_PLAIN_LENGTH,
+ &written))
+ || !TEST_size_t_eq(written, SSL3_RT_MAX_PLAIN_LENGTH))
+ goto end;
+
+ /* We provide a buffer slightly larger than what we are actually expecting */
+ if (!TEST_true(SSL_read_ex(serverssl, buf, SSL3_RT_MAX_PLAIN_LENGTH + 1,
+ &readbytes)))
+ goto end;
+
+ if (!TEST_mem_eq(msg, written, buf, readbytes))
+ goto end;
+
+ testresult = 1;
+end:
+ OPENSSL_free(msg);
+ OPENSSL_free(buf);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ return testresult;
+}
+
+static int execute_cleanse_plaintext(const SSL_METHOD *smeth,
+ const SSL_METHOD *cmeth,
+ int min_version, int max_version)
+{
+ size_t i;
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ void *zbuf;
+ SSL_CONNECTION *serversc;
+ TLS_RECORD *rr;
+
+ static unsigned char cbuf[16000];
+ static unsigned char sbuf[16000];
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx,
+ smeth, cmeth,
+ min_version, max_version,
+ &sctx, &cctx, cert,
+ privkey)))
+ goto end;
+
+#ifdef OPENSSL_NO_DTLS1_2
+ if (smeth == DTLS_server_method()) {
+# ifdef OPENSSL_NO_DTLS1_2
+ /* Not supported in the FIPS provider */
+ if (is_fips) {
+ testresult = 1;
+ goto end;
+ };
+# endif
+ /*
+ * Default sigalgs are SHA1 based in <DTLS1.2 which is in security
+ * level 0
+ */
+ if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
+ || !TEST_true(SSL_CTX_set_cipher_list(cctx,
+ "DEFAULT:@SECLEVEL=0")))
+ goto end;
+ }
+#endif
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ if (!TEST_true(SSL_set_options(serverssl, SSL_OP_CLEANSE_PLAINTEXT)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ for (i = 0; i < sizeof(cbuf); i++) {
+ cbuf[i] = i & 0xff;
+ }
if (!TEST_int_eq(SSL_write(clientssl, cbuf, sizeof(cbuf)), sizeof(cbuf)))
goto end;
* layer is a plaintext record. We can gather the pointer to check
* for zeroization after SSL_read().
*/
- rr = serverssl->rlayer.rrec;
+ if (!TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl)))
+ goto end;
+ rr = serversc->rlayer.tlsrecs;
+
zbuf = &rr->data[rr->off];
if (!TEST_int_eq(rr->length, sizeof(cbuf)))
goto end;
#endif
-#if !defined(OPENSSL_NO_TLS1_3)
+#if !defined(OSSL_NO_USABLE_TLS1_3)
if (!TEST_true(execute_cleanse_plaintext(TLS_server_method(),
TLS_client_method(),
TLS1_3_VERSION,
#endif
#if !defined(OPENSSL_NO_DTLS)
+
if (!TEST_true(execute_cleanse_plaintext(DTLS_server_method(),
DTLS_client_method(),
DTLS1_VERSION,
if (!TEST_ptr(copy = OPENSSL_memdup(orespder, sizeof(orespder))))
return SSL_TLSEXT_ERR_ALERT_FATAL;
- SSL_set_tlsext_status_ocsp_resp(s, copy, sizeof(orespder));
+ if (!TEST_true(SSL_set_tlsext_status_ocsp_resp(s, copy,
+ sizeof(orespder)))) {
+ OPENSSL_free(copy);
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
+ }
ocsp_server_called = 1;
return SSL_TLSEXT_ERR_OK;
}
}
#endif
-#if !defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)
+#if !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)
static int new_called, remove_called, get_called;
static int new_session_cb(SSL *ssl, SSL_SESSION *sess)
goto end;
}
}
+ /*
+ * Make a small cache, force out all other sessions but
+ * sess2, try to add sess1, which should succeed. Then
+ * make sure it's there by checking the owners. Despite
+ * the timeouts, sess1 should have kicked out sess2
+ */
+
+ /* Make sess1 expire before sess2 */
+ if (!TEST_long_gt(SSL_SESSION_set_time(sess1, 1000), 0)
+ || !TEST_long_gt(SSL_SESSION_set_timeout(sess1, 1000), 0)
+ || !TEST_long_gt(SSL_SESSION_set_time(sess2, 2000), 0)
+ || !TEST_long_gt(SSL_SESSION_set_timeout(sess2, 2000), 0))
+ goto end;
+
+ if (!TEST_long_ne(SSL_CTX_sess_set_cache_size(sctx, 1), 0))
+ goto end;
+
+ /* Don't care about results - cache should only be sess2 at end */
+ SSL_CTX_add_session(sctx, sess1);
+ SSL_CTX_add_session(sctx, sess2);
+
+ /* Now add sess1, and make sure it remains, despite timeout */
+ if (!TEST_true(SSL_CTX_add_session(sctx, sess1))
+ || !TEST_ptr(sess1->owner)
+ || !TEST_ptr_null(sess2->owner))
+ goto end;
testresult = 1;
return testresult;
}
-#endif /* !defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) */
+#endif /* !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) */
static int test_session_with_only_int_cache(void)
{
-#ifndef OPENSSL_NO_TLS1_3
+#ifndef OSSL_NO_USABLE_TLS1_3
if (!execute_test_session(TLS1_3_VERSION, 1, 0, 0))
return 0;
#endif
static int test_session_with_only_ext_cache(void)
{
-#ifndef OPENSSL_NO_TLS1_3
+#ifndef OSSL_NO_USABLE_TLS1_3
if (!execute_test_session(TLS1_3_VERSION, 0, 1, 0))
return 0;
#endif
static int test_session_with_both_cache(void)
{
-#ifndef OPENSSL_NO_TLS1_3
+#ifndef OSSL_NO_USABLE_TLS1_3
if (!execute_test_session(TLS1_3_VERSION, 1, 1, 0))
return 0;
#endif
static int test_session_wo_ca_names(void)
{
-#ifndef OPENSSL_NO_TLS1_3
+#ifndef OSSL_NO_USABLE_TLS1_3
if (!execute_test_session(TLS1_3_VERSION, 1, 0, SSL_OP_DISABLE_TLSEXT_CA_NAMES))
return 0;
#endif
}
-#ifndef OPENSSL_NO_TLS1_3
+#ifndef OSSL_NO_USABLE_TLS1_3
static SSL_SESSION *sesscache[6];
static int do_cache;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
goto end;
- clientpsk = serverpsk = create_a_psk(clientssl);
+ clientpsk = serverpsk = create_a_psk(clientssl, SHA384_DIGEST_LENGTH);
if (!TEST_ptr(clientpsk))
goto end;
SSL_SESSION_up_ref(clientpsk);
|| !TEST_int_eq(4, new_called))
goto end;
+ /* Once more, but with SSL_do_handshake() to drive the ticket generation */
+ c = '4';
+ new_called = 0;
+ if (!TEST_true(SSL_new_session_ticket(serverssl))
+ || !TEST_true(SSL_new_session_ticket(serverssl))
+ || !TEST_true(SSL_do_handshake(serverssl))
+ || !TEST_int_eq(2, new_called)
+ || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes))
+ || !TEST_int_eq(4, new_called))
+ goto end;
+
/*
* Use the always-retry BIO to exercise the logic that forces ticket
* generation to wait until a record boundary.
*/
- c = '4';
+ c = '5';
new_called = 0;
tmp = SSL_get_wbio(serverssl);
if (!TEST_ptr(tmp) || !TEST_true(BIO_up_ref(tmp))) {
/* Restore a BIO that will let the write succeed */
SSL_set0_wbio(serverssl, tmp);
tmp = NULL;
- /* These calls should just queue the request and not send anything. */
+ /*
+ * These calls should just queue the request and not send anything
+ * even if we explicitly try to hit the state machine.
+ */
if (!TEST_true(SSL_new_session_ticket(serverssl))
|| !TEST_true(SSL_new_session_ticket(serverssl))
+ || !TEST_int_eq(0, new_called)
+ || !TEST_true(SSL_do_handshake(serverssl))
|| !TEST_int_eq(0, new_called))
goto end;
/* Re-do the write; still no tickets sent */
|| !TEST_int_eq(c, buf[0])
|| !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)))
goto end;
+ /* Even trying to hit the state machine now will still not send tickets */
+ if (!TEST_true(SSL_do_handshake(serverssl))
+ || !TEST_int_eq(0, new_called))
+ goto end;
/* Now the *next* write should send the tickets */
- c = '5';
+ c = '6';
if (!TEST_true(SSL_write_ex(serverssl, &c, 1, &nbytes))
|| !TEST_size_t_eq(1, nbytes)
|| !TEST_int_eq(2, new_called)
#define TOTAL_NO_CONN_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3)
#define TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS (2 * 2)
-#if !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_2)
+#if !defined(OSSL_NO_USABLE_TLS1_3) && !defined(OPENSSL_NO_TLS1_2)
# define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS (2 * 2)
#else
# define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS 0
/* Verify changing the rbio/wbio directly does not cause leaks */
if (change_bio != NO_BIO_CHANGE) {
- if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem())))
+ if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem()))) {
+ ssl = NULL;
goto end;
+ }
if (change_bio == CHANGE_RBIO)
SSL_set0_rbio(ssl, membio2);
else
return execute_test_ssl_bio(0, CHANGE_WBIO);
}
-#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
+#if !defined(OPENSSL_NO_TLS1_2) || defined(OSSL_NO_USABLE_TLS1_3)
typedef struct {
/* The list of sig algs */
const int *list;
&sctx, &cctx, cert, privkey)))
return 0;
- /*
- * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test it
- * for TLSv1.2 for now until we add a new API.
- */
SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
if (testctx) {
}
#endif
-#ifndef OPENSSL_NO_TLS1_3
+#ifndef OSSL_NO_USABLE_TLS1_3
static int psk_client_cb_cnt = 0;
static int psk_server_cb_cnt = 0;
#define TLS13_AES_128_CCM_8_SHA256_BYTES ((const unsigned char *)"\x13\05")
-static SSL_SESSION *create_a_psk(SSL *ssl)
+static SSL_SESSION *create_a_psk(SSL *ssl, size_t mdsize)
{
const SSL_CIPHER *cipher = NULL;
const unsigned char key[] = {
0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
- 0x2c, 0x2d, 0x2e, 0x2f
+ 0x2c, 0x2d, 0x2e, 0x2f /* SHA384_DIGEST_LENGTH bytes */
};
SSL_SESSION *sess = NULL;
- cipher = SSL_CIPHER_find(ssl, TLS13_AES_256_GCM_SHA384_BYTES);
+ if (mdsize == SHA384_DIGEST_LENGTH) {
+ cipher = SSL_CIPHER_find(ssl, TLS13_AES_256_GCM_SHA384_BYTES);
+ } else if (mdsize == SHA256_DIGEST_LENGTH) {
+ /*
+ * Any ciphersuite using SHA256 will do - it will be compatible with
+ * the actual ciphersuite selected as long as it too is based on SHA256
+ */
+ cipher = SSL_CIPHER_find(ssl, TLS13_AES_128_GCM_SHA256_BYTES);
+ } else {
+ /* Should not happen */
+ return NULL;
+ }
sess = SSL_SESSION_new();
if (!TEST_ptr(sess)
|| !TEST_ptr(cipher)
- || !TEST_true(SSL_SESSION_set1_master_key(sess, key,
- sizeof(key)))
+ || !TEST_true(SSL_SESSION_set1_master_key(sess, key, mdsize))
|| !TEST_true(SSL_SESSION_set_cipher(sess, cipher))
|| !TEST_true(
SSL_SESSION_set_protocol_version(sess,
return sess;
}
+static int artificial_ticket_time = 0;
+
+static int ed_gen_cb(SSL *s, void *arg)
+{
+ SSL_SESSION *sess = SSL_get0_session(s);
+
+ if (sess == NULL)
+ return 0;
+
+ /*
+ * Artificially give the ticket some age. Just do it for the number of
+ * tickets we've been told to do.
+ */
+ if (artificial_ticket_time == 0)
+ return 1;
+ artificial_ticket_time--;
+
+ if (SSL_SESSION_set_time(sess, SSL_SESSION_get_time(sess) - 10) == 0)
+ return 0;
+
+ return 1;
+}
+
/*
* Helper method to setup objects for early data test. Caller frees objects on
* error.
*/
static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl,
- SSL **serverssl, SSL_SESSION **sess, int idx)
+ SSL **serverssl, SSL_SESSION **sess, int idx,
+ size_t mdsize)
{
+ int artificial = (artificial_ticket_time > 0);
+
if (*sctx == NULL
&& !TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
sctx, cctx, cert, privkey)))
return 0;
+ if (artificial)
+ SSL_CTX_set_session_ticket_cb(*sctx, ed_gen_cb, NULL, NULL);
+
if (!TEST_true(SSL_CTX_set_max_early_data(*sctx, SSL3_RT_MAX_PLAIN_LENGTH)))
return 0;
return 0;
if (idx == 2) {
- clientpsk = create_a_psk(*clientssl);
+ clientpsk = create_a_psk(*clientssl, mdsize);
if (!TEST_ptr(clientpsk)
/*
* We just choose an arbitrary value for max_early_data which
SSL_free(*clientssl);
*serverssl = *clientssl = NULL;
+ /*
+ * Artificially give the ticket some age to match the artificial age we
+ * gave it on the server side
+ */
+ if (artificial
+ && !TEST_long_gt(SSL_SESSION_set_time(*sess,
+ SSL_SESSION_get_time(*sess) - 10), 0))
+ return 0;
+
if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl,
clientssl, NULL, NULL))
|| !TEST_true(SSL_set_session(*clientssl, *sess)))
size_t readbytes, written, eoedlen, rawread, rawwritten;
BIO *rbio;
+ /* Artificially give the next 2 tickets some age for non PSK sessions */
+ if (idx != 2)
+ artificial_ticket_time = 2;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, idx)))
+ &serverssl, &sess, idx,
+ SHA384_DIGEST_LENGTH))) {
+ artificial_ticket_time = 0;
goto end;
+ }
+ artificial_ticket_time = 0;
/* Write and read some early data */
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
}
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, idx)))
+ &serverssl, &sess, idx,
+ SHA384_DIGEST_LENGTH)))
goto end;
/*
return ret;
}
+static const char *ciphersuites[] = {
+ "TLS_AES_128_CCM_8_SHA256",
+ "TLS_AES_128_GCM_SHA256",
+ "TLS_AES_256_GCM_SHA384",
+ "TLS_AES_128_CCM_SHA256",
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+ "TLS_CHACHA20_POLY1305_SHA256"
+#endif
+};
+
/*
* Helper function to test that a server attempting to read early data can
* handle a connection from a client where the early data should be skipped.
* testtype: 2 == HRR, invalid early_data sent after HRR
* testtype: 3 == recv_max_early_data set to 0
*/
-static int early_data_skip_helper(int testtype, int idx)
+static int early_data_skip_helper(int testtype, int cipher, int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
unsigned char buf[20];
size_t readbytes, written;
+ if (is_fips && cipher == 4)
+ return 1;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION, 0,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (cipher == 0) {
+ SSL_CTX_set_security_level(sctx, 0);
+ SSL_CTX_set_security_level(cctx, 0);
+ }
+
+ if (!TEST_true(SSL_CTX_set_ciphersuites(sctx, ciphersuites[cipher]))
+ || !TEST_true(SSL_CTX_set_ciphersuites(cctx, ciphersuites[cipher])))
+ goto end;
+
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, idx)))
+ &serverssl, &sess, idx,
+ cipher == 2 ? SHA384_DIGEST_LENGTH
+ : SHA256_DIGEST_LENGTH)))
goto end;
if (testtype == 1 || testtype == 2) {
goto end;
}
+ ERR_clear_error();
/*
* Should be able to send normal data despite rejection of early data. The
* early_data should be skipped.
|| !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
goto end;
+ /*
+ * Failure to decrypt early data records should not leave spurious errors
+ * on the error stack
+ */
+ if (!TEST_long_eq(ERR_peek_error(), 0))
+ goto end;
+
testresult = 1;
end:
*/
static int test_early_data_skip(int idx)
{
- return early_data_skip_helper(0, idx);
+ return early_data_skip_helper(0,
+ idx % OSSL_NELEM(ciphersuites),
+ idx / OSSL_NELEM(ciphersuites));
}
/*
*/
static int test_early_data_skip_hrr(int idx)
{
- return early_data_skip_helper(1, idx);
+ return early_data_skip_helper(1,
+ idx % OSSL_NELEM(ciphersuites),
+ idx / OSSL_NELEM(ciphersuites));
}
/*
*/
static int test_early_data_skip_hrr_fail(int idx)
{
- return early_data_skip_helper(2, idx);
+ return early_data_skip_helper(2,
+ idx % OSSL_NELEM(ciphersuites),
+ idx / OSSL_NELEM(ciphersuites));
}
/*
*/
static int test_early_data_skip_abort(int idx)
{
- return early_data_skip_helper(3, idx);
+ return early_data_skip_helper(3,
+ idx % OSSL_NELEM(ciphersuites),
+ idx / OSSL_NELEM(ciphersuites));
}
/*
size_t readbytes, written;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, idx)))
+ &serverssl, &sess, idx,
+ SHA384_DIGEST_LENGTH)))
goto end;
/* Write some data - should block due to handshake with server */
/* We always set this up with a final parameter of "2" for PSK */
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, 2)))
+ &serverssl, &sess, 2,
+ SHA384_DIGEST_LENGTH)))
goto end;
servalpn = "goodalpn";
/* We always set this up with a final parameter of "2" for PSK */
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, 2)))
+ &serverssl, &sess, 2,
+ SHA384_DIGEST_LENGTH)))
goto end;
+ if (idx == 4) {
+ /* CCM8 ciphers are considered low security due to their short tag */
+ SSL_set_security_level(clientssl, 0);
+ SSL_set_security_level(serverssl, 0);
+ }
+
if (!TEST_true(SSL_set_ciphersuites(clientssl, cipher_str[idx]))
|| !TEST_true(SSL_set_ciphersuites(serverssl, cipher_str[idx])))
goto end;
size_t readbytes, written;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, idx)))
+ &serverssl, &sess, idx,
+ SHA384_DIGEST_LENGTH)))
goto end;
/* Write some early data */
size_t readbytes, written;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, NULL, idx)))
+ &serverssl, NULL, idx,
+ SHA384_DIGEST_LENGTH)))
goto end;
/* Write some data - should block due to handshake with server */
"TLS_AES_256_GCM_SHA384:"
"TLS_AES_128_CCM_SHA256"))
|| !TEST_true(SSL_CTX_set_ciphersuites(cctx,
- "TLS_AES_128_GCM_SHA256"))
- || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
- &clientssl, NULL, NULL))
+ "TLS_AES_128_GCM_SHA256")))
+ goto end;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
* Test 12 = Test all ECDHE with TLSv1.2 client and server
* Test 13 = Test all FFDHE with TLSv1.2 client and server
*/
+# ifndef OPENSSL_NO_EC
+static int ecdhe_kexch_groups[] = {NID_X9_62_prime256v1, NID_secp384r1,
+ NID_secp521r1, NID_X25519, NID_X448};
+# endif
+# ifndef OPENSSL_NO_DH
+static int ffdhe_kexch_groups[] = {NID_ffdhe2048, NID_ffdhe3072, NID_ffdhe4096,
+ NID_ffdhe6144, NID_ffdhe8192};
+# endif
static int test_key_exchange(int idx)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl = NULL, *clientssl = NULL;
int testresult = 0;
-# ifndef OPENSSL_NO_EC
- int ecdhe_kexch_groups[] = {NID_X9_62_prime256v1, NID_secp384r1,
- NID_secp521r1, NID_X25519, NID_X448};
-# endif
-# ifndef OPENSSL_NO_DH
- int ffdhe_kexch_groups[] = {NID_ffdhe2048, NID_ffdhe3072, NID_ffdhe4096,
- NID_ffdhe6144, NID_ffdhe8192};
-# endif
int kexch_alg;
int *kexch_groups = &kexch_alg;
int kexch_groups_size = 1;
int max_version = TLS1_3_VERSION;
+ char *kexch_name0 = NULL;
switch (idx) {
# ifndef OPENSSL_NO_EC
case 0:
kexch_groups = ecdhe_kexch_groups;
kexch_groups_size = OSSL_NELEM(ecdhe_kexch_groups);
+ kexch_name0 = "secp256r1";
break;
case 1:
kexch_alg = NID_X9_62_prime256v1;
+ kexch_name0 = "secp256r1";
break;
case 2:
kexch_alg = NID_secp384r1;
+ kexch_name0 = "secp384r1";
break;
case 3:
kexch_alg = NID_secp521r1;
+ kexch_name0 = "secp521r1";
break;
case 4:
kexch_alg = NID_X25519;
+ kexch_name0 = "x25519";
break;
case 5:
kexch_alg = NID_X448;
+ kexch_name0 = "x448";
break;
# endif
# ifndef OPENSSL_NO_DH
# ifndef OPENSSL_NO_TLS1_2
case 13:
max_version = TLS1_2_VERSION;
+ kexch_name0 = "ffdhe2048";
# endif
/* Fall through */
case 6:
kexch_groups = ffdhe_kexch_groups;
kexch_groups_size = OSSL_NELEM(ffdhe_kexch_groups);
+ kexch_name0 = "ffdhe2048";
break;
case 7:
kexch_alg = NID_ffdhe2048;
+ kexch_name0 = "ffdhe2048";
break;
case 8:
kexch_alg = NID_ffdhe3072;
+ kexch_name0 = "ffdhe3072";
break;
case 9:
kexch_alg = NID_ffdhe4096;
+ kexch_name0 = "ffdhe4096";
break;
case 10:
kexch_alg = NID_ffdhe6144;
+ kexch_name0 = "ffdhe6144";
break;
case 11:
kexch_alg = NID_ffdhe8192;
+ kexch_name0 = "ffdhe8192";
break;
# endif
default:
goto end;
if (!TEST_true(SSL_CTX_set_cipher_list(sctx,
- TLS1_TXT_RSA_WITH_AES_128_SHA)))
+ TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ":"
+ TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256))
+ || !TEST_true(SSL_CTX_set_dh_auto(sctx, 1)))
goto end;
/*
*/
# ifndef OPENSSL_NO_TLS1_2
if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM ":"
- TLS1_TXT_RSA_WITH_AES_128_SHA)))
+ TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ":"
+ TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256)))
goto end;
# endif
if (!TEST_int_eq(SSL_get_shared_group(serverssl, 0),
idx == 13 ? 0 : kexch_groups[0]))
goto end;
- if (max_version == TLS1_3_VERSION) {
+
+ if (!TEST_str_eq(SSL_group_to_name(serverssl, kexch_groups[0]),
+ kexch_name0))
+ goto end;
+
+ /* We don't implement RFC 7919 named groups for TLS 1.2. */
+ if (idx != 13) {
if (!TEST_int_eq(SSL_get_negotiated_group(serverssl), kexch_groups[0]))
goto end;
if (!TEST_int_eq(SSL_get_negotiated_group(clientssl), kexch_groups[0]))
return testresult;
}
-/*
- * Test TLSv1.3 Cipher Suite
- * Test 0 = Set TLS1.3 cipher on context
- * Test 1 = Set TLS1.3 cipher on SSL
- * Test 2 = Set TLS1.3 and TLS1.2 cipher on context
- * Test 3 = Set TLS1.3 and TLS1.2 cipher on SSL
+# if !defined(OPENSSL_NO_TLS1_2) \
+ && !defined(OPENSSL_NO_EC) \
+ && !defined(OPENSSL_NO_DH)
+static int set_ssl_groups(SSL *serverssl, SSL *clientssl, int clientmulti,
+ int isecdhe, int idx)
+{
+ int kexch_alg;
+ int *kexch_groups = &kexch_alg;
+ int numec, numff;
+
+ numec = OSSL_NELEM(ecdhe_kexch_groups);
+ numff = OSSL_NELEM(ffdhe_kexch_groups);
+ if (isecdhe)
+ kexch_alg = ecdhe_kexch_groups[idx];
+ else
+ kexch_alg = ffdhe_kexch_groups[idx];
+
+ if (clientmulti) {
+ if (!TEST_true(SSL_set1_groups(serverssl, kexch_groups, 1)))
+ return 0;
+ if (isecdhe) {
+ if (!TEST_true(SSL_set1_groups(clientssl, ecdhe_kexch_groups,
+ numec)))
+ return 0;
+ } else {
+ if (!TEST_true(SSL_set1_groups(clientssl, ffdhe_kexch_groups,
+ numff)))
+ return 0;
+ }
+ } else {
+ if (!TEST_true(SSL_set1_groups(clientssl, kexch_groups, 1)))
+ return 0;
+ if (isecdhe) {
+ if (!TEST_true(SSL_set1_groups(serverssl, ecdhe_kexch_groups,
+ numec)))
+ return 0;
+ } else {
+ if (!TEST_true(SSL_set1_groups(serverssl, ffdhe_kexch_groups,
+ numff)))
+ return 0;
+ }
+ }
+ return 1;
+}
+
+/*-
+ * Test the SSL_get_negotiated_group() API across a battery of scenarios.
+ * Run through both the ECDHE and FFDHE group lists used in the previous
+ * test, for both TLS 1.2 and TLS 1.3, negotiating each group in turn,
+ * confirming the expected result; then perform a resumption handshake
+ * while offering the same group list, and another resumption handshake
+ * offering a different group list. The returned value should be the
+ * negotiated group for the initial handshake; for TLS 1.3 resumption
+ * handshakes the returned value will be negotiated on the resumption
+ * handshake itself, but for TLS 1.2 resumption handshakes the value will
+ * be cached in the session from the original handshake, regardless of what
+ * was offered in the resumption ClientHello.
+ *
+ * Using E for the number of EC groups and F for the number of FF groups:
+ * E tests of ECDHE with TLS 1.3, server only has one group
+ * F tests of FFDHE with TLS 1.3, server only has one group
+ * E tests of ECDHE with TLS 1.2, server only has one group
+ * F tests of FFDHE with TLS 1.2, server only has one group
+ * E tests of ECDHE with TLS 1.3, client sends only one group
+ * F tests of FFDHE with TLS 1.3, client sends only one group
+ * E tests of ECDHE with TLS 1.2, client sends only one group
+ * F tests of FFDHE with TLS 1.2, client sends only one group
*/
-static int test_tls13_ciphersuite(int idx)
+static int test_negotiated_group(int idx)
{
+ int clientmulti, istls13, isecdhe, numec, numff, numgroups;
+ int expectednid;
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl = NULL, *clientssl = NULL;
- static const struct {
- const char *ciphername;
- int fipscapable;
- } t13_ciphers[] = {
- { TLS1_3_RFC_AES_128_GCM_SHA256, 1 },
- { TLS1_3_RFC_AES_256_GCM_SHA384, 1 },
- { TLS1_3_RFC_AES_128_CCM_SHA256, 1 },
-# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
- { TLS1_3_RFC_CHACHA20_POLY1305_SHA256, 0 },
- { TLS1_3_RFC_AES_256_GCM_SHA384
- ":" TLS1_3_RFC_CHACHA20_POLY1305_SHA256, 0 },
-# endif
- { TLS1_3_RFC_AES_128_CCM_8_SHA256 ":" TLS1_3_RFC_AES_128_CCM_SHA256, 1 }
- };
- const char *t13_cipher = NULL;
- const char *t12_cipher = NULL;
- const char *negotiated_scipher;
- const char *negotiated_ccipher;
- int set_at_ctx = 0;
- int set_at_ssl = 0;
+ SSL_SESSION *origsess = NULL;
int testresult = 0;
- int max_ver;
- size_t i;
+ int kexch_alg;
+ int max_version = TLS1_3_VERSION;
- switch (idx) {
+ numec = OSSL_NELEM(ecdhe_kexch_groups);
+ numff = OSSL_NELEM(ffdhe_kexch_groups);
+ numgroups = numec + numff;
+ clientmulti = (idx < 2 * numgroups);
+ idx = idx % (2 * numgroups);
+ istls13 = (idx < numgroups);
+ idx = idx % numgroups;
+ isecdhe = (idx < numec);
+ if (!isecdhe)
+ idx -= numec;
+ /* Now 'idx' is an index into ecdhe_kexch_groups or ffdhe_kexch_groups */
+ if (isecdhe)
+ kexch_alg = ecdhe_kexch_groups[idx];
+ else
+ kexch_alg = ffdhe_kexch_groups[idx];
+ /* We expect nothing for the unimplemented TLS 1.2 FFDHE named groups */
+ if (!istls13 && !isecdhe)
+ expectednid = NID_undef;
+ else
+ expectednid = kexch_alg;
+
+ if (!istls13)
+ max_version = TLS1_2_VERSION;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION,
+ max_version, &sctx, &cctx, cert,
+ privkey)))
+ goto end;
+
+ /*
+ * Force (EC)DHE ciphers for TLS 1.2.
+ * Be sure to enable auto tmp DH so that FFDHE can succeed.
+ */
+ if (!TEST_true(SSL_CTX_set_cipher_list(sctx,
+ TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ":"
+ TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256))
+ || !TEST_true(SSL_CTX_set_dh_auto(sctx, 1)))
+ goto end;
+ if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
+ TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ":"
+ TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256)))
+ goto end;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ if (!TEST_true(set_ssl_groups(serverssl, clientssl, clientmulti, isecdhe,
+ idx)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ /* Initial handshake; always the configured one */
+ if (!TEST_uint_eq(SSL_get_negotiated_group(clientssl), expectednid)
+ || !TEST_uint_eq(SSL_get_negotiated_group(serverssl), expectednid))
+ goto end;
+
+ if (!TEST_ptr((origsess = SSL_get1_session(clientssl))))
+ goto end;
+
+ SSL_shutdown(clientssl);
+ SSL_shutdown(serverssl);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ serverssl = clientssl = NULL;
+
+ /* First resumption attempt; use the same config as initial handshake */
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(SSL_set_session(clientssl, origsess))
+ || !TEST_true(set_ssl_groups(serverssl, clientssl, clientmulti,
+ isecdhe, idx)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
+ || !TEST_true(SSL_session_reused(clientssl)))
+ goto end;
+
+ /* Still had better agree, since nothing changed... */
+ if (!TEST_uint_eq(SSL_get_negotiated_group(clientssl), expectednid)
+ || !TEST_uint_eq(SSL_get_negotiated_group(serverssl), expectednid))
+ goto end;
+
+ SSL_shutdown(clientssl);
+ SSL_shutdown(serverssl);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ serverssl = clientssl = NULL;
+
+ /*-
+ * Second resumption attempt
+ * The party that picks one group changes it, which we effectuate by
+ * changing 'idx' and updating what we expect.
+ */
+ if (idx == 0)
+ idx = 1;
+ else
+ idx--;
+ if (istls13) {
+ if (isecdhe)
+ expectednid = ecdhe_kexch_groups[idx];
+ else
+ expectednid = ffdhe_kexch_groups[idx];
+ /* Verify that we are changing what we expect. */
+ if (!TEST_int_ne(expectednid, kexch_alg))
+ goto end;
+ } else {
+ /* TLS 1.2 only supports named groups for ECDHE. */
+ if (isecdhe)
+ expectednid = kexch_alg;
+ else
+ expectednid = 0;
+ }
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(SSL_set_session(clientssl, origsess))
+ || !TEST_true(set_ssl_groups(serverssl, clientssl, clientmulti,
+ isecdhe, idx)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
+ || !TEST_true(SSL_session_reused(clientssl)))
+ goto end;
+
+ /* Check that we get what we expected */
+ if (!TEST_uint_eq(SSL_get_negotiated_group(clientssl), expectednid)
+ || !TEST_uint_eq(SSL_get_negotiated_group(serverssl), expectednid))
+ goto end;
+
+ testresult = 1;
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ SSL_SESSION_free(origsess);
+ return testresult;
+}
+# endif /* !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DH) */
+
+/*
+ * Test TLSv1.3 Cipher Suite
+ * Test 0 = Set TLS1.3 cipher on context
+ * Test 1 = Set TLS1.3 cipher on SSL
+ * Test 2 = Set TLS1.3 and TLS1.2 cipher on context
+ * Test 3 = Set TLS1.3 and TLS1.2 cipher on SSL
+ */
+static int test_tls13_ciphersuite(int idx)
+{
+ SSL_CTX *sctx = NULL, *cctx = NULL;
+ SSL *serverssl = NULL, *clientssl = NULL;
+ static const struct {
+ const char *ciphername;
+ int fipscapable;
+ int low_security;
+ } t13_ciphers[] = {
+ { TLS1_3_RFC_AES_128_GCM_SHA256, 1, 0 },
+ { TLS1_3_RFC_AES_256_GCM_SHA384, 1, 0 },
+ { TLS1_3_RFC_AES_128_CCM_SHA256, 1, 0 },
+# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+ { TLS1_3_RFC_CHACHA20_POLY1305_SHA256, 0, 0 },
+ { TLS1_3_RFC_AES_256_GCM_SHA384
+ ":" TLS1_3_RFC_CHACHA20_POLY1305_SHA256, 0, 0 },
+# endif
+ /* CCM8 ciphers are considered low security due to their short tag */
+ { TLS1_3_RFC_AES_128_CCM_8_SHA256
+ ":" TLS1_3_RFC_AES_128_CCM_SHA256, 1, 1 }
+ };
+ const char *t13_cipher = NULL;
+ const char *t12_cipher = NULL;
+ const char *negotiated_scipher;
+ const char *negotiated_ccipher;
+ int set_at_ctx = 0;
+ int set_at_ssl = 0;
+ int testresult = 0;
+ int max_ver;
+ size_t i;
+
+ switch (idx) {
case 0:
set_at_ctx = 1;
break;
&sctx, &cctx, cert, privkey)))
goto end;
+ if (t13_ciphers[i].low_security) {
+ SSL_CTX_set_security_level(sctx, 0);
+ SSL_CTX_set_security_level(cctx, 0);
+ }
+
if (set_at_ctx) {
if (!TEST_true(SSL_CTX_set_ciphersuites(sctx, t13_cipher))
|| !TEST_true(SSL_CTX_set_ciphersuites(cctx, t13_cipher)))
return testresult;
}
-#endif /* OPENSSL_NO_TLS1_3 */
+#endif /* OSSL_NO_USABLE_TLS1_3 */
static int clntaddoldcb = 0;
static int clntparseoldcb = 0;
return SSL_TLSEXT_ERR_OK;
}
+static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
+{
+ return 1;
+}
+
/*
* Custom call back tests.
* Test 0: Old style callbacks in TLSv1.2
* Test 2: New style callbacks in TLSv1.2 with SNI
* Test 3: New style callbacks in TLSv1.3. Extensions in CH and EE
* Test 4: New style callbacks in TLSv1.3. Extensions in CH, SH, EE, Cert + NST
+ * Test 5: New style callbacks in TLSv1.3. Extensions in CR + Client Cert
*/
static int test_custom_exts(int tst)
{
SSL_SESSION *sess = NULL;
unsigned int context;
-#if defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_3)
+#if defined(OPENSSL_NO_TLS1_2) && !defined(OSSL_NO_USABLE_TLS1_3)
/* Skip tests for TLSv1.2 and below in this case */
if (tst < 3)
return 1;
SSL_CTX_set_options(sctx2, SSL_OP_NO_TLSv1_3);
}
- if (tst == 4) {
+ if (tst == 5) {
+ context = SSL_EXT_TLS1_3_CERTIFICATE_REQUEST
+ | SSL_EXT_TLS1_3_CERTIFICATE;
+ SSL_CTX_set_verify(sctx,
+ SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+ verify_cb);
+ if (!TEST_int_eq(SSL_CTX_use_certificate_file(cctx, cert,
+ SSL_FILETYPE_PEM), 1)
+ || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(cctx, privkey,
+ SSL_FILETYPE_PEM), 1)
+ || !TEST_int_eq(SSL_CTX_check_private_key(cctx), 1))
+ goto end;
+ } else if (tst == 4) {
context = SSL_EXT_CLIENT_HELLO
| SSL_EXT_TLS1_2_SERVER_HELLO
| SSL_EXT_TLS1_3_SERVER_HELLO
|| (tst != 2 && snicb != 0)
|| (tst == 2 && snicb != 1))
goto end;
+ } else if (tst == 5) {
+ if (clntaddnewcb != 1
+ || clntparsenewcb != 1
+ || srvaddnewcb != 1
+ || srvparsenewcb != 1)
+ goto end;
} else {
/* In this case there 2 NewSessionTicket messages created */
if (clntaddnewcb != 1
SSL_free(clientssl);
serverssl = clientssl = NULL;
- if (tst == 3) {
- /* We don't bother with the resumption aspects for this test */
+ if (tst == 3 || tst == 5) {
+ /* We don't bother with the resumption aspects for these tests */
testresult = 1;
goto end;
}
return testresult;
}
-/*
- * Test loading of serverinfo data in various formats. test_sslmessages actually
- * tests to make sure the extensions appear in the handshake
- */
-static int test_serverinfo(int tst)
-{
- unsigned int version;
- unsigned char *sibuf;
- size_t sibuflen;
- int ret, expected, testresult = 0;
- SSL_CTX *ctx;
+#if !defined(OPENSSL_NO_TLS1_2) && !defined(OSSL_NO_USABLE_TLS1_3)
- ctx = SSL_CTX_new_ex(libctx, NULL, TLS_method());
- if (!TEST_ptr(ctx))
- goto end;
+#define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \
+ | SSL_EXT_CLIENT_HELLO \
+ | SSL_EXT_TLS1_2_SERVER_HELLO \
+ | SSL_EXT_IGNORE_ON_RESUMPTION)
- if ((tst & 0x01) == 0x01)
- version = SSL_SERVERINFOV2;
- else
- version = SSL_SERVERINFOV1;
+#define TLS13CONTEXT (SSL_EXT_TLS1_3_CERTIFICATE \
+ | SSL_EXT_TLS1_2_SERVER_HELLO \
+ | SSL_EXT_CLIENT_HELLO)
- if ((tst & 0x02) == 0x02) {
- sibuf = serverinfov2;
- sibuflen = sizeof(serverinfov2);
- expected = (version == SSL_SERVERINFOV2);
- } else {
- sibuf = serverinfov1;
- sibuflen = sizeof(serverinfov1);
- expected = (version == SSL_SERVERINFOV1);
+#define SERVERINFO_CUSTOM \
+ 0x00, (char)TLSEXT_TYPE_signed_certificate_timestamp, \
+ 0x00, 0x03, \
+ 0x04, 0x05, 0x06 \
+
+static const unsigned char serverinfo_custom_tls13[] = {
+ 0x00, 0x00, (TLS13CONTEXT >> 8) & 0xff, TLS13CONTEXT & 0xff,
+ SERVERINFO_CUSTOM
+};
+static const unsigned char serverinfo_custom_v2[] = {
+ 0x00, 0x00, (SYNTHV1CONTEXT >> 8) & 0xff, SYNTHV1CONTEXT & 0xff,
+ SERVERINFO_CUSTOM
+};
+static const unsigned char serverinfo_custom_v1[] = {
+ SERVERINFO_CUSTOM
+};
+static const size_t serverinfo_custom_tls13_len = sizeof(serverinfo_custom_tls13);
+static const size_t serverinfo_custom_v2_len = sizeof(serverinfo_custom_v2);
+static const size_t serverinfo_custom_v1_len = sizeof(serverinfo_custom_v1);
+
+static int serverinfo_custom_parse_cb(SSL *s, unsigned int ext_type,
+ unsigned int context,
+ const unsigned char *in,
+ size_t inlen, X509 *x,
+ size_t chainidx, int *al,
+ void *parse_arg)
+{
+ const size_t len = serverinfo_custom_v1_len;
+ const unsigned char *si = &serverinfo_custom_v1[len - 3];
+ int *p_cb_result = (int*)parse_arg;
+ *p_cb_result = TEST_mem_eq(in, inlen, si, 3);
+ return 1;
+}
+
+static int test_serverinfo_custom(const int idx)
+{
+ SSL_CTX *sctx = NULL, *cctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ int cb_result = 0;
+
+ /*
+ * Following variables are set in the switch statement
+ * according to the test iteration.
+ * Default values do not make much sense: test would fail with them.
+ */
+ int serverinfo_version = 0;
+ int protocol_version = 0;
+ unsigned int extension_context = 0;
+ const unsigned char *si = NULL;
+ size_t si_len = 0;
+
+ const int call_use_serverinfo_ex = idx > 0;
+ switch (idx) {
+ case 0: /* FALLTHROUGH */
+ case 1:
+ serverinfo_version = SSL_SERVERINFOV1;
+ protocol_version = TLS1_2_VERSION;
+ extension_context = SYNTHV1CONTEXT;
+ si = serverinfo_custom_v1;
+ si_len = serverinfo_custom_v1_len;
+ break;
+ case 2:
+ serverinfo_version = SSL_SERVERINFOV2;
+ protocol_version = TLS1_2_VERSION;
+ extension_context = SYNTHV1CONTEXT;
+ si = serverinfo_custom_v2;
+ si_len = serverinfo_custom_v2_len;
+ break;
+ case 3:
+ serverinfo_version = SSL_SERVERINFOV2;
+ protocol_version = TLS1_3_VERSION;
+ extension_context = TLS13CONTEXT;
+ si = serverinfo_custom_tls13;
+ si_len = serverinfo_custom_tls13_len;
+ break;
}
- if ((tst & 0x04) == 0x04) {
- ret = SSL_CTX_use_serverinfo_ex(ctx, version, sibuf, sibuflen);
- } else {
- ret = SSL_CTX_use_serverinfo(ctx, sibuf, sibuflen);
+ if (!TEST_true(create_ssl_ctx_pair(libctx,
+ TLS_method(),
+ TLS_method(),
+ protocol_version,
+ protocol_version,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
- /*
- * The version variable is irrelevant in this case - it's what is in the
- * buffer that matters
- */
- if ((tst & 0x02) == 0x02)
- expected = 0;
- else
- expected = 1;
+ if (call_use_serverinfo_ex) {
+ if (!TEST_true(SSL_CTX_use_serverinfo_ex(sctx, serverinfo_version,
+ si, si_len)))
+ goto end;
+ } else {
+ if (!TEST_true(SSL_CTX_use_serverinfo(sctx, si, si_len)))
+ goto end;
}
- if (!TEST_true(ret == expected))
+ if (!TEST_true(SSL_CTX_add_custom_ext(cctx, TLSEXT_TYPE_signed_certificate_timestamp,
+ extension_context,
+ NULL, NULL, NULL,
+ serverinfo_custom_parse_cb,
+ &cb_result))
+ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE))
+ || !TEST_int_eq(SSL_do_handshake(clientssl), 1))
+ goto end;
+
+ if (!TEST_true(cb_result))
goto end;
testresult = 1;
end:
- SSL_CTX_free(ctx);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
return testresult;
}
+#endif
/*
* Test that SSL_export_keying_material() produces expected results. There are
if (tst == 2)
return 1;
#endif
-#ifdef OPENSSL_NO_TLS1_3
+#ifdef OSSL_NO_USABLE_TLS1_3
if (tst >= 3)
return 1;
#endif
return testresult;
}
-#ifndef OPENSSL_NO_TLS1_3
+#ifndef OSSL_NO_USABLE_TLS1_3
/*
* Test that SSL_export_keying_material_early() produces expected
* results. There are no test vectors so all we do is test that both
size_t readbytes, written;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, &serverssl,
- &sess, idx)))
+ &sess, idx, SHA384_DIGEST_LENGTH)))
goto end;
/* Here writing 0 length early data is enough. */
}
/*
- * Test we can handle a KeyUpdate (update requested) message while write data
- * is pending.
+ * Test we can handle a KeyUpdate (update requested) message while
+ * write data is pending in peer.
* Test 0: Client sends KeyUpdate while Server is writing
* Test 1: Server sends KeyUpdate while Client is writing
*/
-static int test_key_update_in_write(int tst)
+static int test_key_update_peer_in_write(int tst)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
peerwrite = tst == 0 ? serverssl : clientssl;
if (!TEST_true(SSL_key_update(peerupdate, SSL_KEY_UPDATE_REQUESTED))
- || !TEST_true(SSL_do_handshake(peerupdate)))
+ || !TEST_int_eq(SSL_do_handshake(peerupdate), 1))
goto end;
/* Swap the writing endpoint's write BIO to force a retry */
return testresult;
}
-#endif /* OPENSSL_NO_TLS1_3 */
-static int test_ssl_clear(int idx)
+/*
+ * Test we can handle a KeyUpdate (update requested) message while
+ * peer read data is pending after peer accepted keyupdate(the msg header
+ * had been read 5 bytes).
+ * Test 0: Client sends KeyUpdate while Server is reading
+ * Test 1: Server sends KeyUpdate while Client is reading
+ */
+static int test_key_update_peer_in_read(int tst)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
+ char prbuf[515], lwbuf[515] = {0};
+ static char *mess = "A test message";
+ BIO *lbio = NULL, *pbio = NULL;
+ SSL *local = NULL, *peer = NULL;
-#ifdef OPENSSL_NO_TLS1_2
- if (idx == 1)
- return 1;
-#endif
-
- /* Create an initial connection */
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
- TLS_client_method(), TLS1_VERSION, 0,
- &sctx, &cctx, cert, privkey))
- || (idx == 1
- && !TEST_true(SSL_CTX_set_max_proto_version(cctx,
- TLS1_2_VERSION)))
- || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
- &clientssl, NULL, NULL))
+ TLS_client_method(),
+ TLS1_3_VERSION,
+ 0,
+ &sctx, &cctx, cert, privkey))
+ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
- SSL_shutdown(clientssl);
- SSL_shutdown(serverssl);
- SSL_free(serverssl);
- serverssl = NULL;
+ local = tst == 0 ? clientssl : serverssl;
+ peer = tst == 0 ? serverssl : clientssl;
- /* Clear clientssl - we're going to reuse the object */
- if (!TEST_true(SSL_clear(clientssl)))
+ if (!TEST_int_eq(BIO_new_bio_pair(&lbio, 512, &pbio, 512), 1))
goto end;
- if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
- NULL, NULL))
- || !TEST_true(create_ssl_connection(serverssl, clientssl,
- SSL_ERROR_NONE))
- || !TEST_true(SSL_session_reused(clientssl)))
+ SSL_set_bio(local, lbio, lbio);
+ SSL_set_bio(peer, pbio, pbio);
+
+ /*
+ * we first write keyupdate msg then appdata in local
+ * write data in local will fail with SSL_ERROR_WANT_WRITE,because
+ * lwbuf app data msg size + key updata msg size > 512(the size of
+ * the bio pair buffer)
+ */
+ if (!TEST_true(SSL_key_update(local, SSL_KEY_UPDATE_REQUESTED))
+ || !TEST_int_eq(SSL_write(local, lwbuf, sizeof(lwbuf)), -1)
+ || !TEST_int_eq(SSL_get_error(local, -1), SSL_ERROR_WANT_WRITE))
goto end;
- SSL_shutdown(clientssl);
- SSL_shutdown(serverssl);
+ /*
+ * first read keyupdate msg in peer in peer
+ * then read appdata that we know will fail with SSL_ERROR_WANT_READ
+ */
+ if (!TEST_int_eq(SSL_read(peer, prbuf, sizeof(prbuf)), -1)
+ || !TEST_int_eq(SSL_get_error(peer, -1), SSL_ERROR_WANT_READ))
+ goto end;
+
+ /* Now write some data in peer - we will write the key update */
+ if (!TEST_int_eq(SSL_write(peer, mess, strlen(mess)), strlen(mess)))
+ goto end;
+
+ /*
+ * write data in local previously that we will complete
+ * read data in peer previously that we will complete
+ */
+ if (!TEST_int_eq(SSL_write(local, lwbuf, sizeof(lwbuf)), sizeof(lwbuf))
+ || !TEST_int_eq(SSL_read(peer, prbuf, sizeof(prbuf)), sizeof(prbuf)))
+ goto end;
+
+ /* check that sending and receiving appdata ok */
+ if (!TEST_int_eq(SSL_write(local, mess, strlen(mess)), strlen(mess))
+ || !TEST_int_eq(SSL_read(peer, prbuf, sizeof(prbuf)), strlen(mess)))
+ goto end;
testresult = 1;
return testresult;
}
-/* Parse CH and retrieve any MFL extension value if present */
-static int get_MFL_from_client_hello(BIO *bio, int *mfl_codemfl_code)
+/*
+ * Test we can't send a KeyUpdate (update requested) message while
+ * local write data is pending.
+ * Test 0: Client sends KeyUpdate while Client is writing
+ * Test 1: Server sends KeyUpdate while Server is writing
+ */
+static int test_key_update_local_in_write(int tst)
{
- long len;
- unsigned char *data;
- PACKET pkt, pkt2, pkt3;
- unsigned int MFL_code = 0, type = 0;
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ char buf[20];
+ static char *mess = "A test message";
+ BIO *bretry = BIO_new(bio_s_always_retry());
+ BIO *tmp = NULL;
+ SSL *local = NULL, *peer = NULL;
- if (!TEST_uint_gt( len = BIO_get_mem_data( bio, (char **) &data ), 0 ) )
+ if (!TEST_ptr(bretry)
+ || !TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+ TLS1_3_VERSION,
+ 0,
+ &sctx, &cctx, cert, privkey))
+ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
goto end;
- memset(&pkt, 0, sizeof(pkt));
- memset(&pkt2, 0, sizeof(pkt2));
- memset(&pkt3, 0, sizeof(pkt3));
+ local = tst == 0 ? clientssl : serverssl;
+ peer = tst == 0 ? serverssl : clientssl;
- if (!TEST_true( PACKET_buf_init( &pkt, data, len ) )
- /* Skip the record header */
+ /* Swap the writing endpoint's write BIO to force a retry */
+ tmp = SSL_get_wbio(local);
+ if (!TEST_ptr(tmp) || !TEST_true(BIO_up_ref(tmp))) {
+ tmp = NULL;
+ goto end;
+ }
+ SSL_set0_wbio(local, bretry);
+ bretry = NULL;
+
+ /* write data in local will fail with SSL_ERROR_WANT_WRITE */
+ if (!TEST_int_eq(SSL_write(local, mess, strlen(mess)), -1)
+ || !TEST_int_eq(SSL_get_error(local, -1), SSL_ERROR_WANT_WRITE))
+ goto end;
+
+ /* Reinstate the original writing endpoint's write BIO */
+ SSL_set0_wbio(local, tmp);
+ tmp = NULL;
+
+ /* SSL_key_update will fail, because writing in local*/
+ if (!TEST_false(SSL_key_update(local, SSL_KEY_UPDATE_REQUESTED))
+ || !TEST_int_eq(ERR_GET_REASON(ERR_peek_error()), SSL_R_BAD_WRITE_RETRY))
+ goto end;
+
+ ERR_clear_error();
+ /* write data in local previously that we will complete */
+ if (!TEST_int_eq(SSL_write(local, mess, strlen(mess)), strlen(mess)))
+ goto end;
+
+ /* SSL_key_update will succeed because there is no pending write data */
+ if (!TEST_true(SSL_key_update(local, SSL_KEY_UPDATE_REQUESTED))
+ || !TEST_int_eq(SSL_do_handshake(local), 1))
+ goto end;
+
+ /*
+ * we write some appdata in local
+ * read data in peer - we will read the keyupdate msg
+ */
+ if (!TEST_int_eq(SSL_write(local, mess, strlen(mess)), strlen(mess))
+ || !TEST_int_eq(SSL_read(peer, buf, sizeof(buf)), strlen(mess)))
+ goto end;
+
+ /* Write more peer more data to ensure we send the keyupdate message back */
+ if (!TEST_int_eq(SSL_write(peer, mess, strlen(mess)), strlen(mess))
+ || !TEST_int_eq(SSL_read(local, buf, sizeof(buf)), strlen(mess)))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ BIO_free(bretry);
+ BIO_free(tmp);
+
+ return testresult;
+}
+
+/*
+ * Test we can handle a KeyUpdate (update requested) message while
+ * local read data is pending(the msg header had been read 5 bytes).
+ * Test 0: Client sends KeyUpdate while Client is reading
+ * Test 1: Server sends KeyUpdate while Server is reading
+ */
+static int test_key_update_local_in_read(int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ char lrbuf[515], pwbuf[515] = {0}, prbuf[20];
+ static char *mess = "A test message";
+ BIO *lbio = NULL, *pbio = NULL;
+ SSL *local = NULL, *peer = NULL;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+ TLS1_3_VERSION,
+ 0,
+ &sctx, &cctx, cert, privkey))
+ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ local = tst == 0 ? clientssl : serverssl;
+ peer = tst == 0 ? serverssl : clientssl;
+
+ if (!TEST_int_eq(BIO_new_bio_pair(&lbio, 512, &pbio, 512), 1))
+ goto end;
+
+ SSL_set_bio(local, lbio, lbio);
+ SSL_set_bio(peer, pbio, pbio);
+
+ /* write app data in peer will fail with SSL_ERROR_WANT_WRITE */
+ if (!TEST_int_eq(SSL_write(peer, pwbuf, sizeof(pwbuf)), -1)
+ || !TEST_int_eq(SSL_get_error(peer, -1), SSL_ERROR_WANT_WRITE))
+ goto end;
+
+ /* read appdata in local will fail with SSL_ERROR_WANT_READ */
+ if (!TEST_int_eq(SSL_read(local, lrbuf, sizeof(lrbuf)), -1)
+ || !TEST_int_eq(SSL_get_error(local, -1), SSL_ERROR_WANT_READ))
+ goto end;
+
+ /* SSL_do_handshake will send keyupdate msg */
+ if (!TEST_true(SSL_key_update(local, SSL_KEY_UPDATE_REQUESTED))
+ || !TEST_int_eq(SSL_do_handshake(local), 1))
+ goto end;
+
+ /*
+ * write data in peer previously that we will complete
+ * read data in local previously that we will complete
+ */
+ if (!TEST_int_eq(SSL_write(peer, pwbuf, sizeof(pwbuf)), sizeof(pwbuf))
+ || !TEST_int_eq(SSL_read(local, lrbuf, sizeof(lrbuf)), sizeof(lrbuf)))
+ goto end;
+
+ /*
+ * write data in local
+ * read data in peer - we will read the key update
+ */
+ if (!TEST_int_eq(SSL_write(local, mess, strlen(mess)), strlen(mess))
+ || !TEST_int_eq(SSL_read(peer, prbuf, sizeof(prbuf)), strlen(mess)))
+ goto end;
+
+ /* Write more peer data to ensure we send the keyupdate message back */
+ if (!TEST_int_eq(SSL_write(peer, mess, strlen(mess)), strlen(mess))
+ || !TEST_int_eq(SSL_read(local, lrbuf, sizeof(lrbuf)), strlen(mess)))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+#endif /* OSSL_NO_USABLE_TLS1_3 */
+
+static int test_ssl_clear(int idx)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+
+#ifdef OPENSSL_NO_TLS1_2
+ if (idx == 1)
+ return 1;
+#endif
+
+ /* Create an initial connection */
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
+ &sctx, &cctx, cert, privkey))
+ || (idx == 1
+ && !TEST_true(SSL_CTX_set_max_proto_version(cctx,
+ TLS1_2_VERSION)))
+ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ SSL_shutdown(clientssl);
+ SSL_shutdown(serverssl);
+ SSL_free(serverssl);
+ serverssl = NULL;
+
+ /* Clear clientssl - we're going to reuse the object */
+ if (!TEST_true(SSL_clear(clientssl)))
+ goto end;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE))
+ || !TEST_true(SSL_session_reused(clientssl)))
+ goto end;
+
+ SSL_shutdown(clientssl);
+ SSL_shutdown(serverssl);
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
+/* Parse CH and retrieve any MFL extension value if present */
+static int get_MFL_from_client_hello(BIO *bio, int *mfl_codemfl_code)
+{
+ long len;
+ unsigned char *data;
+ PACKET pkt, pkt2, pkt3;
+ unsigned int MFL_code = 0, type = 0;
+
+ if (!TEST_uint_gt(len = BIO_get_mem_data(bio, (char **) &data), 0))
+ goto end;
+
+ memset(&pkt, 0, sizeof(pkt));
+ memset(&pkt2, 0, sizeof(pkt2));
+ memset(&pkt3, 0, sizeof(pkt3));
+
+ if (!TEST_long_gt(len, 0)
+ || !TEST_true(PACKET_buf_init(&pkt, data, len))
+ /* Skip the record header */
|| !PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH)
/* Skip the handshake message header */
|| !TEST_true(PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH))
static int test_max_fragment_len_ext(int idx_tst)
{
- SSL_CTX *ctx;
+ SSL_CTX *ctx = NULL;
SSL *con = NULL;
int testresult = 0, MFL_mode = 0;
BIO *rbio, *wbio;
- ctx = SSL_CTX_new_ex(libctx, NULL, TLS_method());
- if (!TEST_ptr(ctx))
- goto end;
+ if (!TEST_true(create_ssl_ctx_pair(libctx, NULL, TLS_client_method(),
+ TLS1_VERSION, 0, NULL, &ctx, NULL,
+ NULL)))
+ return 0;
if (!TEST_true(SSL_CTX_set_tlsext_max_fragment_length(
ctx, max_fragment_len_test[idx_tst])))
}
SSL_set_bio(con, rbio, wbio);
- SSL_set_connect_state(con);
if (!TEST_int_le(SSL_connect(con), 0)) {
/* This shouldn't succeed because we don't have a server! */
return testresult;
}
-#ifndef OPENSSL_NO_TLS1_3
+#ifndef OSSL_NO_USABLE_TLS1_3
static int test_pha_key_update(void)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
row = NULL;
- if (!TXT_DB_write(out, db))
+ if (TXT_DB_write(out, db) <= 0)
goto end;
ret = 1;
} info_cb_states[][60] = {
{
/* TLSv1.2 server followed by resumption */
- {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
- {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
+ {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
+ {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
{SSL_CB_LOOP, "TWSC"}, {SSL_CB_LOOP, "TWSKE"}, {SSL_CB_LOOP, "TWSD"},
{SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWSD"}, {SSL_CB_LOOP, "TRCKE"},
{SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWST"},
{SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
{SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
- {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"},
+ {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"},
{SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
{SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TRCCS"},
{SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
{SSL_CB_EXIT, NULL}, {0, NULL},
}, {
/* TLSv1.2 client followed by resumption */
- {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
+ {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
{SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"},
{SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRSC"}, {SSL_CB_LOOP, "TRSKE"},
{SSL_CB_LOOP, "TRSD"}, {SSL_CB_LOOP, "TWCKE"}, {SSL_CB_LOOP, "TWCCS"},
{SSL_CB_LOOP, "TWFIN"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"},
{SSL_CB_LOOP, "TRST"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL},
- {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
+ {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
{SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"},
{SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"},
{SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL},
}, {
/* TLSv1.3 server followed by resumption */
- {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
- {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
+ {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
+ {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
{SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWSC"},
- {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"},
+ {SSL_CB_LOOP, "TWSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"},
{SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_LOOP, "TWST"},
{SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL},
- {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
- {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
+ {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
+ {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
{SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"},
{SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"},
{SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
{SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {0, NULL},
}, {
/* TLSv1.3 client followed by resumption */
- {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
+ {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
{SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"},
{SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRSC"},
{SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"},
{SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
- {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "},
- {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "},
- {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL},
+ {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"},
+ {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"},
+ {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL},
{SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
- {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL},
+ {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL},
{SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"},
{SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
- {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
+ {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "TRST"},
{SSL_CB_EXIT, NULL}, {0, NULL},
}, {
/* TLSv1.3 server, early_data */
- {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
- {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
+ {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
+ {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
{SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
{SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"},
{SSL_CB_EXIT, NULL}, {0, NULL},
}, {
/* TLSv1.3 client, early_data */
- {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
+ {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
{SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TWCCS"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
{SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"},
{SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"},
{SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TPEDE"}, {SSL_CB_LOOP, "TWEOED"},
{SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
- {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "},
+ {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"},
{SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {0, NULL},
+ }, {
+ /* TLSv1.3 server, certificate compression, followed by resumption */
+ {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
+ {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
+ {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWSCC"},
+ {SSL_CB_LOOP, "TWSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"},
+ {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"},
+ {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_LOOP, "TWST"},
+ {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL},
+ {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
+ {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
+ {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"},
+ {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"},
+ {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
+ {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {0, NULL},
+ }, {
+ /* TLSv1.3 client, certificate compression, followed by resumption */
+ {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
+ {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"},
+ {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRSCC"},
+ {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"},
+ {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
+ {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"},
+ {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"},
+ {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL},
+ {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
+ {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL},
+ {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"},
+ {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
+ {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
+ {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "TRST"},
+ {SSL_CB_EXIT, NULL}, {0, NULL},
}, {
{0, NULL},
}
* Test 3: TLSv1.3, client
* Test 4: TLSv1.3, server, early_data
* Test 5: TLSv1.3, client, early_data
+ * Test 6: TLSv1.3, server, compressed certificate
+ * Test 7: TLSv1.3, client, compressed certificate
*/
static int test_info_callback(int tst)
{
return 1;
#endif
} else {
-#ifndef OPENSSL_NO_TLS1_3
+#ifndef OSSL_NO_USABLE_TLS1_3
tlsvers = TLS1_3_VERSION;
#else
return 1;
info_cb_this_state = -1;
info_cb_offset = tst;
-#ifndef OPENSSL_NO_TLS1_3
- if (tst >= 4) {
+#ifndef OSSL_NO_USABLE_TLS1_3
+ if (tst >= 4 && tst < 6) {
SSL_SESSION *sess = NULL;
size_t written, readbytes;
unsigned char buf[80];
/* early_data tests */
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, 0)))
+ &serverssl, &sess, 0,
+ SHA384_DIGEST_LENGTH)))
goto end;
/* We don't actually need this reference */
privkey)))
goto end;
+ if (!TEST_true(SSL_CTX_set_dh_auto(sctx, 1)))
+ goto end;
+
/*
* For even numbered tests we check the server callbacks. For odd numbers we
* check the client.
*/
SSL_CTX_set_info_callback((tst % 2) == 0 ? sctx : cctx,
sslapi_info_callback);
+ if (tst >= 6) {
+ if (!SSL_CTX_compress_certs(sctx, 0))
+ goto end;
+ }
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL))
DTLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
+
+# ifdef OPENSSL_NO_DTLS1_2
+ /* Not supported in the FIPS provider */
+ if (is_fips) {
+ testresult = 1;
+ goto end;
+ };
+ /*
+ * Default sigalgs are SHA1 based in <DTLS1.2 which is in security
+ * level 0
+ */
+ if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
+ || !TEST_true(SSL_CTX_set_cipher_list(cctx,
+ "DEFAULT:@SECLEVEL=0")))
+ goto end;
+# endif
#else
return 1;
#endif
* We can't establish a connection (even in TLSv1.1) with these ciphersuites if
* TLSv1.3 is enabled but TLSv1.2 is disabled.
*/
-#if defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)
+#if defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)
{
TLS1_2_VERSION,
"AES128-SHA:AES256-SHA",
* This test combines TLSv1.3 and TLSv1.2 ciphersuites so they must both be
* enabled.
*/
-#if !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_2) \
+#if !defined(OSSL_NO_USABLE_TLS1_3) && !defined(OPENSSL_NO_TLS1_2) \
&& !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
{
TLS1_3_VERSION,
"TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:AES256-SHA"
},
#endif
-#ifndef OPENSSL_NO_TLS1_3
+#ifndef OSSL_NO_USABLE_TLS1_3
{
TLS1_3_VERSION,
"AES128-SHA",
{
const unsigned char tick_aes_key[16] = "0123456789abcdef";
const unsigned char tick_hmac_key[16] = "0123456789abcdef";
- EVP_CIPHER *aes128cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", NULL);
- EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA-256", NULL);
+ EVP_CIPHER *aes128cbc;
+ EVP_MD *sha256;
int ret;
tick_key_cb_called = 1;
+
+ if (tick_key_renew == -1)
+ return 0;
+
+ aes128cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", NULL);
+ if (!TEST_ptr(aes128cbc))
+ return 0;
+ sha256 = EVP_MD_fetch(libctx, "SHA-256", NULL);
+ if (!TEST_ptr(sha256)) {
+ EVP_CIPHER_free(aes128cbc);
+ return 0;
+ }
+
memset(iv, 0, AES_BLOCK_SIZE);
memset(key_name, 0, 16);
if (aes128cbc == NULL
{
const unsigned char tick_aes_key[16] = "0123456789abcdef";
unsigned char tick_hmac_key[16] = "0123456789abcdef";
- OSSL_PARAM params[3];
- EVP_CIPHER *aes128cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", NULL);
+ OSSL_PARAM params[2];
+ EVP_CIPHER *aes128cbc;
int ret;
tick_key_cb_called = 1;
+
+ if (tick_key_renew == -1)
+ return 0;
+
+ aes128cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", NULL);
+ if (!TEST_ptr(aes128cbc))
+ return 0;
+
memset(iv, 0, AES_BLOCK_SIZE);
memset(key_name, 0, 16);
params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
"SHA256", 0);
- params[1] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
- tick_hmac_key,
- sizeof(tick_hmac_key));
- params[2] = OSSL_PARAM_construct_end();
+ params[1] = OSSL_PARAM_construct_end();
if (aes128cbc == NULL
|| !EVP_CipherInit_ex(ctx, aes128cbc, NULL, tick_aes_key, iv, enc)
- || !EVP_MAC_CTX_set_params(hctx, params)
- || !EVP_MAC_init(hctx))
+ || !EVP_MAC_init(hctx, tick_hmac_key, sizeof(tick_hmac_key),
+ params))
ret = -1;
else
ret = tick_key_renew ? 2 : 1;
* Test 9: TLSv1.3, old ticket key callback, ticket, no renewal
* Test 10: TLSv1.2, old ticket key callback, ticket, renewal
* Test 11: TLSv1.3, old ticket key callback, ticket, renewal
- * Test 12: TLSv1.2, ticket key callback, ticket, no renewal
- * Test 13: TLSv1.3, ticket key callback, ticket, no renewal
- * Test 14: TLSv1.2, ticket key callback, ticket, renewal
- * Test 15: TLSv1.3, ticket key callback, ticket, renewal
+ * Test 12: TLSv1.2, old ticket key callback, no ticket
+ * Test 13: TLSv1.3, old ticket key callback, no ticket
+ * Test 14: TLSv1.2, ticket key callback, ticket, no renewal
+ * Test 15: TLSv1.3, ticket key callback, ticket, no renewal
+ * Test 16: TLSv1.2, ticket key callback, ticket, renewal
+ * Test 17: TLSv1.3, ticket key callback, ticket, renewal
+ * Test 18: TLSv1.2, ticket key callback, no ticket
+ * Test 19: TLSv1.3, ticket key callback, no ticket
*/
static int test_ticket_callbacks(int tst)
{
if (tst % 2 == 0)
return 1;
#endif
-#ifdef OPENSSL_NO_TLS1_3
+#ifdef OSSL_NO_USABLE_TLS1_3
if (tst % 2 == 1)
return 1;
#endif
#ifdef OPENSSL_NO_DEPRECATED_3_0
- if (tst >= 8 && tst <= 11)
+ if (tst >= 8 && tst <= 13)
return 1;
#endif
gen_tick_called = dec_tick_called = tick_key_cb_called = 0;
/* Which tests the ticket key callback should request renewal for */
- if (tst == 10 || tst == 11 || tst == 14 || tst == 15)
+
+ if (tst == 10 || tst == 11 || tst == 16 || tst == 17)
tick_key_renew = 1;
+ else if (tst == 12 || tst == 13 || tst == 18 || tst == 19)
+ tick_key_renew = -1; /* abort sending the ticket/0-length ticket */
else
tick_key_renew = 0;
NULL)))
goto end;
- if (tst >= 12) {
+ if (tst >= 14) {
if (!TEST_true(SSL_CTX_set_tlsext_ticket_key_evp_cb(sctx, tick_key_evp_cb)))
goto end;
#ifndef OPENSSL_NO_DEPRECATED_3_0
goto end;
if (tick_dec_ret == SSL_TICKET_RETURN_IGNORE
- || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW) {
+ || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW
+ || tick_key_renew == -1) {
if (!TEST_false(SSL_session_reused(clientssl)))
goto end;
} else {
|| tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW
|| tick_dec_ret == SSL_TICKET_RETURN_USE_RENEW)
? 1 : 0)
- || !TEST_int_eq(dec_tick_called, 1))
+ /* There is no ticket to decrypt in tests 13 and 19 */
+ || !TEST_int_eq(dec_tick_called, (tst == 13 || tst == 19) ? 0 : 1))
goto end;
testresult = 1;
if (tst <= 1)
return 1;
#endif
-#ifdef OPENSSL_NO_TLS1_3
+#ifdef OSSL_NO_USABLE_TLS1_3
if (tst >= 2)
return 1;
#endif
if (tst == 3) {
if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
- SSL_ERROR_NONE, 1))
+ SSL_ERROR_NONE, 1, 0))
|| !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
|| !TEST_false(SSL_SESSION_is_resumable(sess)))
goto end;
return testresult;
}
-#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3)
-static int cert_cb_cnt;
-
-static int cert_cb(SSL *s, void *arg)
+/*
+ * Test that sending close_notify alerts works correctly in the case of a
+ * retryable write failure.
+ */
+static int test_async_shutdown(void)
{
- SSL_CTX *ctx = (SSL_CTX *)arg;
- BIO *in = NULL;
- EVP_PKEY *pkey = NULL;
- X509 *x509 = NULL, *rootx = NULL;
- STACK_OF(X509) *chain = NULL;
- char *rootfile = NULL, *ecdsacert = NULL, *ecdsakey = NULL;
- int ret = 0;
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ BIO *bretry = BIO_new(bio_s_always_retry()), *tmp = NULL;
- if (cert_cb_cnt == 0) {
- /* Suspend the handshake */
- cert_cb_cnt++;
- return -1;
- } else if (cert_cb_cnt == 1) {
- /*
- * Update the SSL_CTX, set the certificate and private key and then
- * continue the handshake normally.
- */
- if (ctx != NULL && !TEST_ptr(SSL_set_SSL_CTX(s, ctx)))
- return 0;
+ if (!TEST_ptr(bretry))
+ goto end;
- if (!TEST_true(SSL_use_certificate_file(s, cert, SSL_FILETYPE_PEM))
- || !TEST_true(SSL_use_PrivateKey_file(s, privkey,
- SSL_FILETYPE_PEM))
- || !TEST_true(SSL_check_private_key(s)))
- return 0;
- cert_cb_cnt++;
- return 1;
- } else if (cert_cb_cnt == 3) {
- int rv;
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+ 0, 0,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
- rootfile = test_mk_file_path(certsdir, "rootcert.pem");
- ecdsacert = test_mk_file_path(certsdir, "server-ecdsa-cert.pem");
- ecdsakey = test_mk_file_path(certsdir, "server-ecdsa-key.pem");
- if (!TEST_ptr(rootfile) || !TEST_ptr(ecdsacert) || !TEST_ptr(ecdsakey))
- goto out;
- chain = sk_X509_new_null();
- if (!TEST_ptr(chain))
- goto out;
- if (!TEST_ptr(in = BIO_new(BIO_s_file()))
- || !TEST_int_ge(BIO_read_filename(in, rootfile), 0)
- || !TEST_ptr(rootx = X509_new_ex(libctx, NULL))
- || !TEST_ptr(PEM_read_bio_X509(in, &rootx, NULL, NULL))
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
+ NULL)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ /* Close write side of clientssl */
+ if (!TEST_int_eq(SSL_shutdown(clientssl), 0))
+ goto end;
+
+ tmp = SSL_get_wbio(serverssl);
+ if (!TEST_true(BIO_up_ref(tmp))) {
+ tmp = NULL;
+ goto end;
+ }
+ SSL_set0_wbio(serverssl, bretry);
+ bretry = NULL;
+
+ /* First server shutdown should fail because of a retrable write failure */
+ if (!TEST_int_eq(SSL_shutdown(serverssl), -1)
+ || !TEST_int_eq(SSL_get_error(serverssl, -1), SSL_ERROR_WANT_WRITE))
+ goto end;
+
+ /* Second server shutdown should fail for the same reason */
+ if (!TEST_int_eq(SSL_shutdown(serverssl), -1)
+ || !TEST_int_eq(SSL_get_error(serverssl, -1), SSL_ERROR_WANT_WRITE))
+ goto end;
+
+ SSL_set0_wbio(serverssl, tmp);
+ tmp = NULL;
+
+ /* Third server shutdown should send close_notify */
+ if (!TEST_int_eq(SSL_shutdown(serverssl), 0))
+ goto end;
+
+ /* Fourth server shutdown should read close_notify from client and finish */
+ if (!TEST_int_eq(SSL_shutdown(serverssl), 1))
+ goto end;
+
+ /* Client should also successfully fully shutdown */
+ if (!TEST_int_eq(SSL_shutdown(clientssl), 1))
+ goto end;
+
+ testresult = 1;
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ BIO_free(bretry);
+ BIO_free(tmp);
+
+ return testresult;
+}
+
+#if !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3)
+static int cert_cb_cnt;
+
+static int cert_cb(SSL *s, void *arg)
+{
+ SSL_CTX *ctx = (SSL_CTX *)arg;
+ BIO *in = NULL;
+ EVP_PKEY *pkey = NULL;
+ X509 *x509 = NULL, *rootx = NULL;
+ STACK_OF(X509) *chain = NULL;
+ char *rootfile = NULL, *ecdsacert = NULL, *ecdsakey = NULL;
+ int ret = 0;
+
+ if (cert_cb_cnt == 0) {
+ /* Suspend the handshake */
+ cert_cb_cnt++;
+ return -1;
+ } else if (cert_cb_cnt == 1) {
+ /*
+ * Update the SSL_CTX, set the certificate and private key and then
+ * continue the handshake normally.
+ */
+ if (ctx != NULL && !TEST_ptr(SSL_set_SSL_CTX(s, ctx)))
+ return 0;
+
+ if (!TEST_true(SSL_use_certificate_file(s, cert, SSL_FILETYPE_PEM))
+ || !TEST_true(SSL_use_PrivateKey_file(s, privkey,
+ SSL_FILETYPE_PEM))
+ || !TEST_true(SSL_check_private_key(s)))
+ return 0;
+ cert_cb_cnt++;
+ return 1;
+ } else if (cert_cb_cnt == 3) {
+ int rv;
+
+ rootfile = test_mk_file_path(certsdir, "rootcert.pem");
+ ecdsacert = test_mk_file_path(certsdir, "server-ecdsa-cert.pem");
+ ecdsakey = test_mk_file_path(certsdir, "server-ecdsa-key.pem");
+ if (!TEST_ptr(rootfile) || !TEST_ptr(ecdsacert) || !TEST_ptr(ecdsakey))
+ goto out;
+ chain = sk_X509_new_null();
+ if (!TEST_ptr(chain))
+ goto out;
+ if (!TEST_ptr(in = BIO_new(BIO_s_file()))
+ || !TEST_int_gt(BIO_read_filename(in, rootfile), 0)
+ || !TEST_ptr(rootx = X509_new_ex(libctx, NULL))
+ || !TEST_ptr(PEM_read_bio_X509(in, &rootx, NULL, NULL))
|| !TEST_true(sk_X509_push(chain, rootx)))
goto out;
rootx = NULL;
BIO_free(in);
if (!TEST_ptr(in = BIO_new(BIO_s_file()))
- || !TEST_int_ge(BIO_read_filename(in, ecdsacert), 0)
+ || !TEST_int_gt(BIO_read_filename(in, ecdsacert), 0)
|| !TEST_ptr(x509 = X509_new_ex(libctx, NULL))
|| !TEST_ptr(PEM_read_bio_X509(in, &x509, NULL, NULL)))
goto out;
BIO_free(in);
if (!TEST_ptr(in = BIO_new(BIO_s_file()))
- || !TEST_int_ge(BIO_read_filename(in, ecdsakey), 0)
+ || !TEST_int_gt(BIO_read_filename(in, ecdsakey), 0)
|| !TEST_ptr(pkey = PEM_read_bio_PrivateKey_ex(in, NULL,
NULL, NULL,
libctx, NULL)))
EVP_PKEY_free(pkey);
X509_free(x509);
X509_free(rootx);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
return ret;
}
else
cert_cb_cnt = 0;
- if (tst == 2)
- snictx = SSL_CTX_new(TLS_server_method());
+ if (tst == 2) {
+ snictx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method());
+ if (!TEST_ptr(snictx))
+ goto end;
+ }
+
SSL_CTX_set_cert_cb(sctx, cert_cb, snictx);
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
#ifndef OPENSSL_NO_TLS1_2
testresult &= test_cert_cb_int(TLS1_2_VERSION, tst);
#endif
-#ifndef OPENSSL_NO_TLS1_3
+#ifndef OSSL_NO_USABLE_TLS1_3
testresult &= test_cert_cb_int(TLS1_3_VERSION, tst);
#endif
return 0;
}
-static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
-{
- return 1;
-}
-
static int test_client_cert_cb(int tst)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
if (tst == 0)
return 1;
#endif
-#ifdef OPENSSL_NO_TLS1_3
+#ifdef OSSL_NO_USABLE_TLS1_3
if (tst == 1)
return 1;
#endif
return testresult;
}
-#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3)
+#if !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3)
/*
* Test setting certificate authorities on both client and server.
*
#ifndef OPENSSL_NO_TLS1_2
testresult &= test_ca_names_int(TLS1_2_VERSION, tst);
#endif
-#ifndef OPENSSL_NO_TLS1_3
+#ifndef OSSL_NO_USABLE_TLS1_3
testresult &= test_ca_names_int(TLS1_3_VERSION, tst);
#endif
* Check if the cipher exists before attempting to use it since it only has
* a hardware specific implementation.
*/
- ciph = EVP_CIPHER_fetch(NULL, fetchable_ciphers[test_index], "");
+ ciph = EVP_CIPHER_fetch(libctx, fetchable_ciphers[test_index], "");
if (ciph == NULL) {
TEST_skip("Multiblock cipher is not available for %s", cipherlist);
return 1;
}
#endif /* OPENSSL_NO_TLS1_2 */
+static int test_session_timeout(int test)
+{
+ /*
+ * Test session ordering and timeout
+ * Can't explicitly test performance of the new code,
+ * but can test to see if the ordering of the sessions
+ * are correct, and they they are removed as expected
+ */
+ SSL_SESSION *early = NULL;
+ SSL_SESSION *middle = NULL;
+ SSL_SESSION *late = NULL;
+ SSL_CTX *ctx;
+ int testresult = 0;
+ long now = (long)time(NULL);
+#define TIMEOUT 10
+
+ if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_method()))
+ || !TEST_ptr(early = SSL_SESSION_new())
+ || !TEST_ptr(middle = SSL_SESSION_new())
+ || !TEST_ptr(late = SSL_SESSION_new()))
+ goto end;
+
+ /* assign unique session ids */
+ early->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+ memset(early->session_id, 1, SSL3_SSL_SESSION_ID_LENGTH);
+ middle->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+ memset(middle->session_id, 2, SSL3_SSL_SESSION_ID_LENGTH);
+ late->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+ memset(late->session_id, 3, SSL3_SSL_SESSION_ID_LENGTH);
+
+ if (!TEST_int_eq(SSL_CTX_add_session(ctx, early), 1)
+ || !TEST_int_eq(SSL_CTX_add_session(ctx, middle), 1)
+ || !TEST_int_eq(SSL_CTX_add_session(ctx, late), 1))
+ goto end;
+
+ /* Make sure they are all added */
+ if (!TEST_ptr(early->prev)
+ || !TEST_ptr(middle->prev)
+ || !TEST_ptr(late->prev))
+ goto end;
+
+ if (!TEST_int_ne(SSL_SESSION_set_time(early, now - 10), 0)
+ || !TEST_int_ne(SSL_SESSION_set_time(middle, now), 0)
+ || !TEST_int_ne(SSL_SESSION_set_time(late, now + 10), 0))
+ goto end;
+
+ if (!TEST_int_ne(SSL_SESSION_set_timeout(early, TIMEOUT), 0)
+ || !TEST_int_ne(SSL_SESSION_set_timeout(middle, TIMEOUT), 0)
+ || !TEST_int_ne(SSL_SESSION_set_timeout(late, TIMEOUT), 0))
+ goto end;
+
+ /* Make sure they are all still there */
+ if (!TEST_ptr(early->prev)
+ || !TEST_ptr(middle->prev)
+ || !TEST_ptr(late->prev))
+ goto end;
+
+ /* Make sure they are in the expected order */
+ if (!TEST_ptr_eq(late->next, middle)
+ || !TEST_ptr_eq(middle->next, early)
+ || !TEST_ptr_eq(early->prev, middle)
+ || !TEST_ptr_eq(middle->prev, late))
+ goto end;
+
+ /* This should remove "early" */
+ SSL_CTX_flush_sessions(ctx, now + TIMEOUT - 1);
+ if (!TEST_ptr_null(early->prev)
+ || !TEST_ptr(middle->prev)
+ || !TEST_ptr(late->prev))
+ goto end;
+
+ /* This should remove "middle" */
+ SSL_CTX_flush_sessions(ctx, now + TIMEOUT + 1);
+ if (!TEST_ptr_null(early->prev)
+ || !TEST_ptr_null(middle->prev)
+ || !TEST_ptr(late->prev))
+ goto end;
+
+ /* This should remove "late" */
+ SSL_CTX_flush_sessions(ctx, now + TIMEOUT + 11);
+ if (!TEST_ptr_null(early->prev)
+ || !TEST_ptr_null(middle->prev)
+ || !TEST_ptr_null(late->prev))
+ goto end;
+
+ /* Add them back in again */
+ if (!TEST_int_eq(SSL_CTX_add_session(ctx, early), 1)
+ || !TEST_int_eq(SSL_CTX_add_session(ctx, middle), 1)
+ || !TEST_int_eq(SSL_CTX_add_session(ctx, late), 1))
+ goto end;
+
+ /* Make sure they are all added */
+ if (!TEST_ptr(early->prev)
+ || !TEST_ptr(middle->prev)
+ || !TEST_ptr(late->prev))
+ goto end;
+
+ /* This should remove all of them */
+ SSL_CTX_flush_sessions(ctx, 0);
+ if (!TEST_ptr_null(early->prev)
+ || !TEST_ptr_null(middle->prev)
+ || !TEST_ptr_null(late->prev))
+ goto end;
+
+ (void)SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_UPDATE_TIME
+ | SSL_CTX_get_session_cache_mode(ctx));
+
+ /* make sure |now| is NOT equal to the current time */
+ now -= 10;
+ if (!TEST_int_ne(SSL_SESSION_set_time(early, now), 0)
+ || !TEST_int_eq(SSL_CTX_add_session(ctx, early), 1)
+ || !TEST_long_ne(SSL_SESSION_get_time(early), now))
+ goto end;
+
+ testresult = 1;
+ end:
+ SSL_CTX_free(ctx);
+ SSL_SESSION_free(early);
+ SSL_SESSION_free(middle);
+ SSL_SESSION_free(late);
+ return testresult;
+}
+
/*
* Test 0: Client sets servername and server acknowledges it (TLSv1.2)
* Test 1: Client sets servername and server does not acknowledge it (TLSv1.2)
if (tst <= 4)
return 1;
#endif
-#ifdef OPENSSL_NO_TLS1_3
+#ifdef OSSL_NO_USABLE_TLS1_3
if (tst >= 5)
return 1;
#endif
return testresult;
}
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) \
+ && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2))
/*
* Test that if signature algorithms are not available, then we do not offer or
* accept them.
if (!TEST_ptr(cctx) || !TEST_ptr(sctx))
goto end;
- if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
- TLS_client_method(),
- TLS1_VERSION,
- 0,
- &sctx, &cctx, cert, privkey)))
- goto end;
+ if (idx != 5) {
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ 0,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+ } else {
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ 0,
+ &sctx, &cctx, cert2, privkey2)))
+ goto end;
+ }
+
+ /* Ensure we only use TLSv1.2 ciphersuites based on SHA256 */
+ if (idx < 4) {
+ if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
+ "ECDHE-RSA-AES128-GCM-SHA256")))
+ goto end;
+ } else {
+ if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
+ "ECDHE-ECDSA-AES128-GCM-SHA256")))
+ goto end;
+ }
if (idx < 3) {
if (!SSL_CTX_set1_sigalgs_list(cctx,
goto end;
}
- if (!TEST_int_eq(SSL_CTX_use_certificate_file(sctx, cert2,
- SSL_FILETYPE_PEM), 1)
+ if (idx != 5
+ && (!TEST_int_eq(SSL_CTX_use_certificate_file(sctx, cert2,
+ SSL_FILETYPE_PEM), 1)
|| !TEST_int_eq(SSL_CTX_use_PrivateKey_file(sctx,
privkey2,
SSL_FILETYPE_PEM), 1)
- || !TEST_int_eq(SSL_CTX_check_private_key(sctx), 1))
+ || !TEST_int_eq(SSL_CTX_check_private_key(sctx), 1)))
goto end;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
- NULL, NULL)))
+ NULL, NULL)))
goto end;
if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
: NID_rsassaPss))
goto end;
- testresult = 1;
+ testresult = filter_provider_check_clean_finish();
end:
SSL_free(serverssl);
return testresult;
}
-#endif /* OPENSSL_NO_EC */
+#endif /*
+ * !defined(OPENSSL_NO_EC) \
+ * && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2))
+ */
#ifndef OPENSSL_NO_TLS1_3
+/* This test can run in TLSv1.3 even if ec and dh are disabled */
static int test_pluggable_group(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
OSSL_PROVIDER *legacyprov = OSSL_PROVIDER_load(libctx, "legacy");
const char *group_name = idx == 0 ? "xorgroup" : "xorkemgroup";
- if (!TEST_ptr(tlsprov) || !TEST_ptr(legacyprov))
+ if (!TEST_ptr(tlsprov))
+ goto end;
+
+ if (legacyprov == NULL) {
+ /*
+ * In this case we assume we've been built with "no-legacy" and skip
+ * this test (there is no OPENSSL_NO_LEGACY)
+ */
+ testresult = 1;
goto end;
+ }
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
goto end;
+ if (!TEST_str_eq(group_name,
+ SSL_group_to_name(serverssl, SSL_get_shared_group(serverssl, 0))))
+ goto end;
+
testresult = 1;
end:
return testresult;
}
+
+/*
+ * This function triggers encode, decode and sign functions
+ * of the artificial "xorhmacsig" algorithm implemented in tls-provider
+ * creating private key and certificate files for use in TLS testing.
+ */
+static int create_cert_key(int idx, char *certfilename, char *privkeyfilename)
+{
+ EVP_PKEY_CTX * evpctx = EVP_PKEY_CTX_new_from_name(libctx,
+ (idx == 0) ? "xorhmacsig" : "xorhmacsha2sig", NULL);
+ EVP_PKEY *pkey = NULL;
+ X509 *x509 = X509_new();
+ X509_NAME *name = NULL;
+ BIO *keybio = NULL, *certbio = NULL;
+ int ret = 1;
+
+ if (!TEST_ptr(evpctx)
+ || !TEST_true(EVP_PKEY_keygen_init(evpctx))
+ || !TEST_true(EVP_PKEY_generate(evpctx, &pkey))
+ || !TEST_ptr(pkey)
+ || !TEST_ptr(x509)
+ || !TEST_true(ASN1_INTEGER_set(X509_get_serialNumber(x509), 1))
+ || !TEST_true(X509_gmtime_adj(X509_getm_notBefore(x509), 0))
+ || !TEST_true(X509_gmtime_adj(X509_getm_notAfter(x509), 31536000L))
+ || !TEST_true(X509_set_pubkey(x509, pkey))
+ || !TEST_ptr(name = X509_get_subject_name(x509))
+ || !TEST_true(X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
+ (unsigned char *)"CH", -1, -1, 0))
+ || !TEST_true(X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC,
+ (unsigned char *)"test.org", -1, -1, 0))
+ || !TEST_true(X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
+ (unsigned char *)"localhost", -1, -1, 0))
+ || !TEST_true(X509_set_issuer_name(x509, name))
+ || !TEST_true(X509_sign(x509, pkey, EVP_sha1()))
+ || !TEST_ptr(keybio = BIO_new_file(privkeyfilename, "wb"))
+ || !TEST_true(PEM_write_bio_PrivateKey(keybio, pkey, NULL, NULL, 0, NULL, NULL))
+ || !TEST_ptr(certbio = BIO_new_file(certfilename, "wb"))
+ || !TEST_true(PEM_write_bio_X509(certbio, x509)))
+ ret = 0;
+
+ EVP_PKEY_free(pkey);
+ X509_free(x509);
+ EVP_PKEY_CTX_free(evpctx);
+ BIO_free(keybio);
+ BIO_free(certbio);
+ return ret;
+}
+
+/*
+ * Test that signature algorithms loaded via the provider interface can
+ * correctly establish a TLS (1.3) connection.
+ * Test 0: Signature algorithm with built-in hashing functionality: "xorhmacsig"
+ * Test 1: Signature algorithm using external SHA2 hashing: "xorhmacsha2sig"
+ */
+static int test_pluggable_signature(int idx)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ OSSL_PROVIDER *tlsprov = OSSL_PROVIDER_load(libctx, "tls-provider");
+ OSSL_PROVIDER *defaultprov = OSSL_PROVIDER_load(libctx, "default");
+ char *certfilename = "tls-prov-cert.pem";
+ char *privkeyfilename = "tls-prov-key.pem";
+
+ /* create key and certificate for the different algorithm types */
+ if (!TEST_ptr(tlsprov)
+ || !TEST_true(create_cert_key(idx, certfilename, privkeyfilename)))
+ goto end;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+ TLS1_3_VERSION,
+ TLS1_3_VERSION,
+ &sctx, &cctx, certfilename, privkeyfilename))
+ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ /* This is necessary to pass minimal setup w/o other groups configured */
+ if (!TEST_true(SSL_set1_groups_list(serverssl, "xorgroup"))
+ || !TEST_true(SSL_set1_groups_list(clientssl, "xorgroup")))
+ goto end;
+
+ /*
+ * If this connection gets established, it must have been completed
+ * via the tls-provider-implemented "hmacsig" algorithm, testing
+ * both sign and verify functions during handshake.
+ */
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ OSSL_PROVIDER_unload(tlsprov);
+ OSSL_PROVIDER_unload(defaultprov);
+
+ return testresult;
+}
#endif
#ifndef OPENSSL_NO_TLS1_2
return testresult;
}
-#endif
-OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config\n")
+# ifndef OPENSSL_NO_DH
-int setup_tests(void)
+static EVP_PKEY *tmp_dh_params = NULL;
+
+/* Helper function for the test_set_tmp_dh() tests */
+static EVP_PKEY *get_tmp_dh_params(void)
{
- char *modulename;
- char *configfile;
+ if (tmp_dh_params == NULL) {
+ BIGNUM *p = NULL;
+ OSSL_PARAM_BLD *tmpl = NULL;
+ EVP_PKEY_CTX *pctx = NULL;
+ OSSL_PARAM *params = NULL;
+ EVP_PKEY *dhpkey = NULL;
- libctx = OSSL_LIB_CTX_new();
- if (!TEST_ptr(libctx))
- return 0;
+ p = BN_get_rfc3526_prime_2048(NULL);
+ if (!TEST_ptr(p))
+ goto end;
- defctxnull = OSSL_PROVIDER_load(NULL, "null");
+ pctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL);
+ if (!TEST_ptr(pctx)
+ || !TEST_int_eq(EVP_PKEY_fromdata_init(pctx), 1))
+ goto end;
- /*
- * Verify that the default and fips providers in the default libctx are not
- * available
- */
- if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))
- || !TEST_false(OSSL_PROVIDER_available(NULL, "fips")))
- return 0;
+ tmpl = OSSL_PARAM_BLD_new();
+ if (!TEST_ptr(tmpl)
+ || !TEST_true(OSSL_PARAM_BLD_push_BN(tmpl,
+ OSSL_PKEY_PARAM_FFC_P,
+ p))
+ || !TEST_true(OSSL_PARAM_BLD_push_uint(tmpl,
+ OSSL_PKEY_PARAM_FFC_G,
+ 2)))
+ goto end;
- if (!test_skip_common_options()) {
- TEST_error("Error parsing test options\n");
- return 0;
+ params = OSSL_PARAM_BLD_to_param(tmpl);
+ if (!TEST_ptr(params)
+ || !TEST_int_eq(EVP_PKEY_fromdata(pctx, &dhpkey,
+ EVP_PKEY_KEY_PARAMETERS,
+ params), 1))
+ goto end;
+
+ tmp_dh_params = dhpkey;
+ end:
+ BN_free(p);
+ EVP_PKEY_CTX_free(pctx);
+ OSSL_PARAM_BLD_free(tmpl);
+ OSSL_PARAM_free(params);
}
- if (!TEST_ptr(certsdir = test_get_argument(0))
- || !TEST_ptr(srpvfile = test_get_argument(1))
- || !TEST_ptr(tmpfilename = test_get_argument(2))
- || !TEST_ptr(modulename = test_get_argument(3))
- || !TEST_ptr(configfile = test_get_argument(4)))
- return 0;
+ if (tmp_dh_params != NULL && !EVP_PKEY_up_ref(tmp_dh_params))
+ return NULL;
- if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile)))
- return 0;
+ return tmp_dh_params;
+}
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+/* Callback used by test_set_tmp_dh() */
+static DH *tmp_dh_callback(SSL *s, int is_export, int keylen)
+{
+ EVP_PKEY *dhpkey = get_tmp_dh_params();
+ DH *ret = NULL;
+
+ if (!TEST_ptr(dhpkey))
+ return NULL;
+
+ /*
+ * libssl does not free the returned DH, so we free it now knowing that even
+ * after we free dhpkey, there will still be a reference to the owning
+ * EVP_PKEY in tmp_dh_params, and so the DH object will live for the length
+ * of time we need it for.
+ */
+ ret = EVP_PKEY_get1_DH(dhpkey);
+ DH_free(ret);
+
+ EVP_PKEY_free(dhpkey);
+
+ return ret;
+}
+# endif
+
+/*
+ * Test the various methods for setting temporary DH parameters
+ *
+ * Test 0: Default (no auto) setting
+ * Test 1: Explicit SSL_CTX auto off
+ * Test 2: Explicit SSL auto off
+ * Test 3: Explicit SSL_CTX auto on
+ * Test 4: Explicit SSL auto on
+ * Test 5: Explicit SSL_CTX auto off, custom DH params via EVP_PKEY
+ * Test 6: Explicit SSL auto off, custom DH params via EVP_PKEY
+ *
+ * The following are testing deprecated APIs, so we only run them if available
+ * Test 7: Explicit SSL_CTX auto off, custom DH params via DH
+ * Test 8: Explicit SSL auto off, custom DH params via DH
+ * Test 9: Explicit SSL_CTX auto off, custom DH params via callback
+ * Test 10: Explicit SSL auto off, custom DH params via callback
+ */
+static int test_set_tmp_dh(int idx)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ int dhauto = (idx == 3 || idx == 4) ? 1 : 0;
+ int expected = (idx <= 2) ? 0 : 1;
+ EVP_PKEY *dhpkey = NULL;
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+ DH *dh = NULL;
+# else
+
+ if (idx >= 7)
+ return 1;
+# endif
+
+ if (idx >= 5 && idx <= 8) {
+ dhpkey = get_tmp_dh_params();
+ if (!TEST_ptr(dhpkey))
+ goto end;
+ }
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+ if (idx == 7 || idx == 8) {
+ dh = EVP_PKEY_get1_DH(dhpkey);
+ if (!TEST_ptr(dh))
+ goto end;
+ }
+# endif
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+ 0,
+ 0,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if ((idx & 1) == 1) {
+ if (!TEST_true(SSL_CTX_set_dh_auto(sctx, dhauto)))
+ goto end;
+ }
+
+ if (idx == 5) {
+ if (!TEST_true(SSL_CTX_set0_tmp_dh_pkey(sctx, dhpkey)))
+ goto end;
+ dhpkey = NULL;
+ }
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+ else if (idx == 7) {
+ if (!TEST_true(SSL_CTX_set_tmp_dh(sctx, dh)))
+ goto end;
+ } else if (idx == 9) {
+ SSL_CTX_set_tmp_dh_callback(sctx, tmp_dh_callback);
+ }
+# endif
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ if ((idx & 1) == 0 && idx != 0) {
+ if (!TEST_true(SSL_set_dh_auto(serverssl, dhauto)))
+ goto end;
+ }
+ if (idx == 6) {
+ if (!TEST_true(SSL_set0_tmp_dh_pkey(serverssl, dhpkey)))
+ goto end;
+ dhpkey = NULL;
+ }
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+ else if (idx == 8) {
+ if (!TEST_true(SSL_set_tmp_dh(serverssl, dh)))
+ goto end;
+ } else if (idx == 10) {
+ SSL_set_tmp_dh_callback(serverssl, tmp_dh_callback);
+ }
+# endif
+
+ if (!TEST_true(SSL_set_min_proto_version(serverssl, TLS1_2_VERSION))
+ || !TEST_true(SSL_set_max_proto_version(serverssl, TLS1_2_VERSION))
+ || !TEST_true(SSL_set_cipher_list(serverssl, "DHE-RSA-AES128-SHA")))
+ goto end;
+
+ /*
+ * If autoon then we should succeed. Otherwise we expect failure because
+ * there are no parameters
+ */
+ if (!TEST_int_eq(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE), expected))
+ goto end;
+
+ testresult = 1;
+
+ end:
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+ DH_free(dh);
+# endif
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ EVP_PKEY_free(dhpkey);
+
+ return testresult;
+}
+
+/*
+ * Test the auto DH keys are appropriately sized
+ */
+static int test_dh_auto(int idx)
+{
+ SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, TLS_client_method());
+ SSL_CTX *sctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method());
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ EVP_PKEY *tmpkey = NULL;
+ char *thiscert = NULL, *thiskey = NULL;
+ size_t expdhsize = 0;
+ const char *ciphersuite = "DHE-RSA-AES128-SHA";
+
+ if (!TEST_ptr(sctx) || !TEST_ptr(cctx))
+ goto end;
+
+ switch (idx) {
+ case 0:
+ /* The FIPS provider doesn't support this DH size - so we ignore it */
+ if (is_fips) {
+ testresult = 1;
+ goto end;
+ }
+ thiscert = cert1024;
+ thiskey = privkey1024;
+ expdhsize = 1024;
+ SSL_CTX_set_security_level(sctx, 1);
+ SSL_CTX_set_security_level(cctx, 1);
+ break;
+ case 1:
+ /* 2048 bit prime */
+ thiscert = cert;
+ thiskey = privkey;
+ expdhsize = 2048;
+ break;
+ case 2:
+ thiscert = cert3072;
+ thiskey = privkey3072;
+ expdhsize = 3072;
+ break;
+ case 3:
+ thiscert = cert4096;
+ thiskey = privkey4096;
+ expdhsize = 4096;
+ break;
+ case 4:
+ thiscert = cert8192;
+ thiskey = privkey8192;
+ expdhsize = 8192;
+ break;
+ /* No certificate cases */
+ case 5:
+ /* The FIPS provider doesn't support this DH size - so we ignore it */
+ if (is_fips) {
+ testresult = 1;
+ goto end;
+ }
+ ciphersuite = "ADH-AES128-SHA256:@SECLEVEL=0";
+ expdhsize = 1024;
+ break;
+ case 6:
+ ciphersuite = "ADH-AES256-SHA256:@SECLEVEL=0";
+ expdhsize = 3072;
+ break;
+ default:
+ TEST_error("Invalid text index");
+ goto end;
+ }
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, NULL,
+ NULL,
+ 0,
+ 0,
+ &sctx, &cctx, thiscert, thiskey)))
+ goto end;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ if (!TEST_true(SSL_set_dh_auto(serverssl, 1))
+ || !TEST_true(SSL_set_min_proto_version(serverssl, TLS1_2_VERSION))
+ || !TEST_true(SSL_set_max_proto_version(serverssl, TLS1_2_VERSION))
+ || !TEST_true(SSL_set_cipher_list(serverssl, ciphersuite))
+ || !TEST_true(SSL_set_cipher_list(clientssl, ciphersuite)))
+ goto end;
+
+ /*
+ * Send the server's first flight. At this point the server has created the
+ * temporary DH key but hasn't finished using it yet. Once used it is
+ * removed, so we cannot test it.
+ */
+ if (!TEST_int_le(SSL_connect(clientssl), 0)
+ || !TEST_int_le(SSL_accept(serverssl), 0))
+ goto end;
+
+ if (!TEST_int_gt(SSL_get_tmp_key(serverssl, &tmpkey), 0))
+ goto end;
+ if (!TEST_size_t_eq(EVP_PKEY_get_bits(tmpkey), expdhsize))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ EVP_PKEY_free(tmpkey);
+
+ return testresult;
+
+}
+# endif /* OPENSSL_NO_DH */
+#endif /* OPENSSL_NO_TLS1_2 */
+
+#ifndef OSSL_NO_USABLE_TLS1_3
+/*
+ * Test that setting an SNI callback works with TLSv1.3. Specifically we check
+ * that it works even without a certificate configured for the original
+ * SSL_CTX
+ */
+static int test_sni_tls13(void)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+
+ /* Reset callback counter */
+ snicb = 0;
+
+ /* Create an initial SSL_CTX with no certificate configured */
+ sctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method());
+ if (!TEST_ptr(sctx))
+ goto end;
+ /* Require TLSv1.3 as a minimum */
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_3_VERSION, 0,
+ &sctx2, &cctx, cert, privkey)))
+ goto end;
+
+ /* Set up SNI */
+ if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb))
+ || !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2)))
+ goto end;
+
+ /*
+ * Connection should still succeed because the final SSL_CTX has the right
+ * certificates configured.
+ */
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ /* We should have had the SNI callback called exactly once */
+ if (!TEST_int_eq(snicb, 1))
+ goto end;
+
+ testresult = 1;
+
+end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx2);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ return testresult;
+}
+
+/*
+ * Test that the lifetime hint of a TLSv1.3 ticket is no more than 1 week
+ * 0 = TLSv1.2
+ * 1 = TLSv1.3
+ */
+static int test_ticket_lifetime(int idx)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ int version = TLS1_3_VERSION;
+
+#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
+#define TWO_WEEK_SEC (2 * ONE_WEEK_SEC)
+
+ if (idx == 0) {
+#ifdef OPENSSL_NO_TLS1_2
+ return TEST_skip("TLS 1.2 is disabled.");
+#else
+ version = TLS1_2_VERSION;
+#endif
+ }
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), version, version,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL)))
+ goto end;
+
+ /*
+ * Set the timeout to be more than 1 week
+ * make sure the returned value is the default
+ */
+ if (!TEST_long_eq(SSL_CTX_set_timeout(sctx, TWO_WEEK_SEC),
+ SSL_get_default_timeout(serverssl)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ if (idx == 0) {
+ /* TLSv1.2 uses the set value */
+ if (!TEST_ulong_eq(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), TWO_WEEK_SEC))
+ goto end;
+ } else {
+ /* TLSv1.3 uses the limited value */
+ if (!TEST_ulong_le(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), ONE_WEEK_SEC))
+ goto end;
+ }
+ testresult = 1;
+
+end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ return testresult;
+}
+#endif
+/*
+ * Test that setting an ALPN does not violate RFC
+ */
+static int test_set_alpn(void)
+{
+ SSL_CTX *ctx = NULL;
+ SSL *ssl = NULL;
+ int testresult = 0;
+
+ unsigned char bad0[] = { 0x00, 'b', 'a', 'd' };
+ unsigned char good[] = { 0x04, 'g', 'o', 'o', 'd' };
+ unsigned char bad1[] = { 0x01, 'b', 'a', 'd' };
+ unsigned char bad2[] = { 0x03, 'b', 'a', 'd', 0x00};
+ unsigned char bad3[] = { 0x03, 'b', 'a', 'd', 0x01, 'b', 'a', 'd'};
+ unsigned char bad4[] = { 0x03, 'b', 'a', 'd', 0x06, 'b', 'a', 'd'};
+
+ /* Create an initial SSL_CTX with no certificate configured */
+ ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method());
+ if (!TEST_ptr(ctx))
+ goto end;
+
+ /* the set_alpn functions return 0 (false) on success, non-zero (true) on failure */
+ if (!TEST_false(SSL_CTX_set_alpn_protos(ctx, NULL, 2)))
+ goto end;
+ if (!TEST_false(SSL_CTX_set_alpn_protos(ctx, good, 0)))
+ goto end;
+ if (!TEST_false(SSL_CTX_set_alpn_protos(ctx, good, sizeof(good))))
+ goto end;
+ if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, good, 1)))
+ goto end;
+ if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad0, sizeof(bad0))))
+ goto end;
+ if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad1, sizeof(bad1))))
+ goto end;
+ if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad2, sizeof(bad2))))
+ goto end;
+ if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad3, sizeof(bad3))))
+ goto end;
+ if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad4, sizeof(bad4))))
+ goto end;
+
+ ssl = SSL_new(ctx);
+ if (!TEST_ptr(ssl))
+ goto end;
+
+ if (!TEST_false(SSL_set_alpn_protos(ssl, NULL, 2)))
+ goto end;
+ if (!TEST_false(SSL_set_alpn_protos(ssl, good, 0)))
+ goto end;
+ if (!TEST_false(SSL_set_alpn_protos(ssl, good, sizeof(good))))
+ goto end;
+ if (!TEST_true(SSL_set_alpn_protos(ssl, good, 1)))
+ goto end;
+ if (!TEST_true(SSL_set_alpn_protos(ssl, bad0, sizeof(bad0))))
+ goto end;
+ if (!TEST_true(SSL_set_alpn_protos(ssl, bad1, sizeof(bad1))))
+ goto end;
+ if (!TEST_true(SSL_set_alpn_protos(ssl, bad2, sizeof(bad2))))
+ goto end;
+ if (!TEST_true(SSL_set_alpn_protos(ssl, bad3, sizeof(bad3))))
+ goto end;
+ if (!TEST_true(SSL_set_alpn_protos(ssl, bad4, sizeof(bad4))))
+ goto end;
+
+ testresult = 1;
+
+end:
+ SSL_free(ssl);
+ SSL_CTX_free(ctx);
+ return testresult;
+}
+
+/*
+ * Test SSL_CTX_set1_verify/chain_cert_store and SSL_CTX_get_verify/chain_cert_store.
+ */
+static int test_set_verify_cert_store_ssl_ctx(void)
+{
+ SSL_CTX *ctx = NULL;
+ int testresult = 0;
+ X509_STORE *store = NULL, *new_store = NULL,
+ *cstore = NULL, *new_cstore = NULL;
+
+ /* Create an initial SSL_CTX. */
+ ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method());
+ if (!TEST_ptr(ctx))
+ goto end;
+
+ /* Retrieve verify store pointer. */
+ if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store)))
+ goto end;
+
+ /* Retrieve chain store pointer. */
+ if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore)))
+ goto end;
+
+ /* We haven't set any yet, so this should be NULL. */
+ if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore))
+ goto end;
+
+ /* Create stores. We use separate stores so pointers are different. */
+ new_store = X509_STORE_new();
+ if (!TEST_ptr(new_store))
+ goto end;
+
+ new_cstore = X509_STORE_new();
+ if (!TEST_ptr(new_cstore))
+ goto end;
+
+ /* Set stores. */
+ if (!TEST_true(SSL_CTX_set1_verify_cert_store(ctx, new_store)))
+ goto end;
+
+ if (!TEST_true(SSL_CTX_set1_chain_cert_store(ctx, new_cstore)))
+ goto end;
+
+ /* Should be able to retrieve the same pointer. */
+ if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store)))
+ goto end;
+
+ if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore)))
+ goto end;
+
+ if (!TEST_ptr_eq(store, new_store) || !TEST_ptr_eq(cstore, new_cstore))
+ goto end;
+
+ /* Should be able to unset again. */
+ if (!TEST_true(SSL_CTX_set1_verify_cert_store(ctx, NULL)))
+ goto end;
+
+ if (!TEST_true(SSL_CTX_set1_chain_cert_store(ctx, NULL)))
+ goto end;
+
+ /* Should now be NULL. */
+ if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store)))
+ goto end;
+
+ if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore)))
+ goto end;
+
+ if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore))
+ goto end;
+
+ testresult = 1;
+
+end:
+ X509_STORE_free(new_store);
+ X509_STORE_free(new_cstore);
+ SSL_CTX_free(ctx);
+ return testresult;
+}
+
+/*
+ * Test SSL_set1_verify/chain_cert_store and SSL_get_verify/chain_cert_store.
+ */
+static int test_set_verify_cert_store_ssl(void)
+{
+ SSL_CTX *ctx = NULL;
+ SSL *ssl = NULL;
+ int testresult = 0;
+ X509_STORE *store = NULL, *new_store = NULL,
+ *cstore = NULL, *new_cstore = NULL;
+
+ /* Create an initial SSL_CTX. */
+ ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method());
+ if (!TEST_ptr(ctx))
+ goto end;
+
+ /* Create an SSL object. */
+ ssl = SSL_new(ctx);
+ if (!TEST_ptr(ssl))
+ goto end;
+
+ /* Retrieve verify store pointer. */
+ if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store)))
+ goto end;
+
+ /* Retrieve chain store pointer. */
+ if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore)))
+ goto end;
+
+ /* We haven't set any yet, so this should be NULL. */
+ if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore))
+ goto end;
+
+ /* Create stores. We use separate stores so pointers are different. */
+ new_store = X509_STORE_new();
+ if (!TEST_ptr(new_store))
+ goto end;
+
+ new_cstore = X509_STORE_new();
+ if (!TEST_ptr(new_cstore))
+ goto end;
+
+ /* Set stores. */
+ if (!TEST_true(SSL_set1_verify_cert_store(ssl, new_store)))
+ goto end;
+
+ if (!TEST_true(SSL_set1_chain_cert_store(ssl, new_cstore)))
+ goto end;
+
+ /* Should be able to retrieve the same pointer. */
+ if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store)))
+ goto end;
+
+ if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore)))
+ goto end;
+
+ if (!TEST_ptr_eq(store, new_store) || !TEST_ptr_eq(cstore, new_cstore))
+ goto end;
+
+ /* Should be able to unset again. */
+ if (!TEST_true(SSL_set1_verify_cert_store(ssl, NULL)))
+ goto end;
+
+ if (!TEST_true(SSL_set1_chain_cert_store(ssl, NULL)))
+ goto end;
+
+ /* Should now be NULL. */
+ if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store)))
+ goto end;
+
+ if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore)))
+ goto end;
+
+ if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore))
+ goto end;
+
+ testresult = 1;
+
+end:
+ X509_STORE_free(new_store);
+ X509_STORE_free(new_cstore);
+ SSL_free(ssl);
+ SSL_CTX_free(ctx);
+ return testresult;
+}
+
+
+static int test_inherit_verify_param(void)
+{
+ int testresult = 0;
+
+ SSL_CTX *ctx = NULL;
+ X509_VERIFY_PARAM *cp = NULL;
+ SSL *ssl = NULL;
+ X509_VERIFY_PARAM *sp = NULL;
+ int hostflags = X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;
+
+ ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method());
+ if (!TEST_ptr(ctx))
+ goto end;
+
+ cp = SSL_CTX_get0_param(ctx);
+ if (!TEST_ptr(cp))
+ goto end;
+ if (!TEST_int_eq(X509_VERIFY_PARAM_get_hostflags(cp), 0))
+ goto end;
+
+ X509_VERIFY_PARAM_set_hostflags(cp, hostflags);
+
+ ssl = SSL_new(ctx);
+ if (!TEST_ptr(ssl))
+ goto end;
+
+ sp = SSL_get0_param(ssl);
+ if (!TEST_ptr(sp))
+ goto end;
+ if (!TEST_int_eq(X509_VERIFY_PARAM_get_hostflags(sp), hostflags))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(ssl);
+ SSL_CTX_free(ctx);
+
+ return testresult;
+}
+
+static int test_load_dhfile(void)
+{
+#ifndef OPENSSL_NO_DH
+ int testresult = 0;
+
+ SSL_CTX *ctx = NULL;
+ SSL_CONF_CTX *cctx = NULL;
+
+ if (dhfile == NULL)
+ return 1;
+
+ if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_client_method()))
+ || !TEST_ptr(cctx = SSL_CONF_CTX_new()))
+ goto end;
+
+ SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
+ SSL_CONF_CTX_set_flags(cctx,
+ SSL_CONF_FLAG_CERTIFICATE
+ | SSL_CONF_FLAG_SERVER
+ | SSL_CONF_FLAG_FILE);
+
+ if (!TEST_int_eq(SSL_CONF_cmd(cctx, "DHParameters", dhfile), 2))
+ goto end;
+
+ testresult = 1;
+end:
+ SSL_CONF_CTX_free(cctx);
+ SSL_CTX_free(ctx);
+
+ return testresult;
+#else
+ return TEST_skip("DH not supported by this build");
+#endif
+}
+
+#ifndef OSSL_NO_USABLE_TLS1_3
+/* Test that read_ahead works across a key change */
+static int test_read_ahead_key_change(void)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ char *msg = "Hello World";
+ size_t written, readbytes;
+ char buf[80];
+ int i;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_3_VERSION, 0,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ SSL_CTX_set_read_ahead(sctx, 1);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ /* Write some data, send a key update, write more data */
+ if (!TEST_true(SSL_write_ex(clientssl, msg, strlen(msg), &written))
+ || !TEST_size_t_eq(written, strlen(msg)))
+ goto end;
+
+ if (!TEST_true(SSL_key_update(clientssl, SSL_KEY_UPDATE_NOT_REQUESTED)))
+ goto end;
+
+ if (!TEST_true(SSL_write_ex(clientssl, msg, strlen(msg), &written))
+ || !TEST_size_t_eq(written, strlen(msg)))
+ goto end;
+
+ /*
+ * Since read_ahead is on the first read below should read the record with
+ * the first app data, the second record with the key update message, and
+ * the third record with the app data all in one go. We should be able to
+ * still process the read_ahead data correctly even though it crosses
+ * epochs
+ */
+ for (i = 0; i < 2; i++) {
+ if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf) - 1,
+ &readbytes)))
+ goto end;
+
+ buf[readbytes] = '\0';
+ if (!TEST_str_eq(buf, msg))
+ goto end;
+ }
+
+ testresult = 1;
+
+end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ return testresult;
+}
+
+static size_t record_pad_cb(SSL *s, int type, size_t len, void *arg)
+{
+ int *called = arg;
+
+ switch ((*called)++) {
+ case 0:
+ /* Add some padding to first record */
+ return 512;
+ case 1:
+ /* Maximally pad the second record */
+ return SSL3_RT_MAX_PLAIN_LENGTH - len;
+ case 2:
+ /*
+ * Exceeding the maximum padding should be fine. It should just pad to
+ * the maximum anyway
+ */
+ return SSL3_RT_MAX_PLAIN_LENGTH + 1 - len;
+ case 3:
+ /*
+ * Very large padding should also be ok. Should just pad to the maximum
+ * allowed
+ */
+ return SIZE_MAX;
+ default:
+ return 0;
+ }
+}
+
+/*
+ * Test that setting record padding in TLSv1.3 works as expected
+ * Test 0: Record padding callback on the SSL_CTX
+ * Test 1: Record padding callback on the SSL
+ * Test 2: Record block padding on the SSL_CTX
+ * Test 3: Record block padding on the SSL
+ */
+static int test_tls13_record_padding(int idx)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ char *msg = "Hello World";
+ size_t written, readbytes;
+ char buf[80];
+ int i;
+ int called = 0;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_3_VERSION, 0,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (idx == 0) {
+ SSL_CTX_set_record_padding_callback(cctx, record_pad_cb);
+ SSL_CTX_set_record_padding_callback_arg(cctx, &called);
+ if (!TEST_ptr_eq(SSL_CTX_get_record_padding_callback_arg(cctx), &called))
+ goto end;
+ } else if (idx == 2) {
+ /* Exceeding the max plain length should fail */
+ if (!TEST_false(SSL_CTX_set_block_padding(cctx,
+ SSL3_RT_MAX_PLAIN_LENGTH + 1)))
+ goto end;
+ if (!TEST_true(SSL_CTX_set_block_padding(cctx, 512)))
+ goto end;
+ }
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL)))
+ goto end;
+
+ if (idx == 1) {
+ SSL_set_record_padding_callback(clientssl, record_pad_cb);
+ SSL_set_record_padding_callback_arg(clientssl, &called);
+ if (!TEST_ptr_eq(SSL_get_record_padding_callback_arg(clientssl), &called))
+ goto end;
+ } else if (idx == 3) {
+ /* Exceeding the max plain length should fail */
+ if (!TEST_false(SSL_set_block_padding(clientssl,
+ SSL3_RT_MAX_PLAIN_LENGTH + 1)))
+ goto end;
+ if (!TEST_true(SSL_set_block_padding(clientssl, 512)))
+ goto end;
+ }
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ called = 0;
+ /*
+ * Write some data, then check we can read it. Do this four times to check
+ * we can continue to write and read padded data after the initial record
+ * padding has been added. We don't actually check that the padding has
+ * been applied to the record - just that we can continue to communicate
+ * normally and that the callback has been called (if appropriate).
+ */
+ for (i = 0; i < 4; i++) {
+ if (!TEST_true(SSL_write_ex(clientssl, msg, strlen(msg), &written))
+ || !TEST_size_t_eq(written, strlen(msg)))
+ goto end;
+
+ if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf) - 1,
+ &readbytes))
+ || !TEST_size_t_eq(written, readbytes))
+ goto end;
+
+ buf[readbytes] = '\0';
+ if (!TEST_str_eq(buf, msg))
+ goto end;
+ }
+
+ if ((idx == 0 || idx == 1) && !TEST_int_eq(called, 4))
+ goto end;
+
+ testresult = 1;
+end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ return testresult;
+}
+#endif /* OSSL_NO_USABLE_TLS1_3 */
+
+#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
+/*
+ * Test TLSv1.2 with a pipeline capable cipher. TLSv1.3 and DTLS do not
+ * support this yet. The only pipeline capable cipher that we have is in the
+ * dasync engine (providers don't support this yet), so we have to use
+ * deprecated APIs for this test.
+ *
+ * Test 0: Client has pipelining enabled, server does not
+ * Test 1: Server has pipelining enabled, client does not
+ * Test 2: Client has pipelining enabled, server does not: not enough data to
+ * fill all the pipelines
+ * Test 3: Client has pipelining enabled, server does not: not enough data to
+ * fill all the pipelines by more than a full pipeline's worth
+ * Test 4: Client has pipelining enabled, server does not: more data than all
+ * the available pipelines can take
+ * Test 5: Client has pipelining enabled, server does not: Maximum size pipeline
+ */
+static int test_pipelining(int idx)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL, *peera, *peerb;
+ int testresult = 0, numreads;
+ /* A 55 byte message */
+ unsigned char *msg = (unsigned char *)
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123";
+ size_t written, readbytes, offset, msglen, fragsize = 10, numpipes = 5;
+ size_t expectedreads;
+ unsigned char *buf = NULL;
+ ENGINE *e;
+
+ if (!TEST_ptr(e = ENGINE_by_id("dasync")))
+ return 0;
+
+ if (!TEST_true(ENGINE_init(e))) {
+ ENGINE_free(e);
+ return 0;
+ }
+
+ if (!TEST_true(ENGINE_register_ciphers(e)))
+ goto end;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), 0,
+ TLS1_2_VERSION, &sctx, &cctx, cert,
+ privkey)))
+ goto end;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL)))
+ goto end;
+
+ if (!TEST_true(SSL_set_cipher_list(clientssl, "AES128-SHA")))
+ goto end;
+
+ /* peera is always configured for pipelining, while peerb is not. */
+ if (idx == 1) {
+ peera = serverssl;
+ peerb = clientssl;
+
+ } else {
+ peera = clientssl;
+ peerb = serverssl;
+ }
+
+ if (idx == 5) {
+ numpipes = 2;
+ /* Maximum allowed fragment size */
+ fragsize = SSL3_RT_MAX_PLAIN_LENGTH;
+ msglen = fragsize * numpipes;
+ msg = OPENSSL_malloc(msglen);
+ if (!TEST_ptr(msg))
+ goto end;
+ if (!TEST_int_gt(RAND_bytes_ex(libctx, msg, msglen, 0), 0))
+ goto end;
+ } else if (idx == 4) {
+ msglen = 55;
+ } else {
+ msglen = 50;
+ }
+ if (idx == 2)
+ msglen -= 2; /* Send 2 less bytes */
+ else if (idx == 3)
+ msglen -= 12; /* Send 12 less bytes */
+
+ buf = OPENSSL_malloc(msglen);
+ if (!TEST_ptr(buf))
+ goto end;
+
+ if (idx == 5) {
+ /*
+ * Test that setting a split send fragment longer than the maximum
+ * allowed fails
+ */
+ if (!TEST_false(SSL_set_split_send_fragment(peera, fragsize + 1)))
+ goto end;
+ }
+
+ /*
+ * In the normal case. We have 5 pipelines with 10 bytes per pipeline
+ * (50 bytes in total). This is a ridiculously small number of bytes -
+ * but sufficient for our purposes
+ */
+ if (!TEST_true(SSL_set_max_pipelines(peera, numpipes))
+ || !TEST_true(SSL_set_split_send_fragment(peera, fragsize)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ /* Write some data from peera to peerb */
+ if (!TEST_true(SSL_write_ex(peera, msg, msglen, &written))
+ || !TEST_size_t_eq(written, msglen))
+ goto end;
+
+ /*
+ * If the pipelining code worked, then we expect all |numpipes| pipelines to
+ * have been used - except in test 3 where only |numpipes - 1| pipelines
+ * will be used. This will result in |numpipes| records (|numpipes - 1| for
+ * test 3) having been sent to peerb. Since peerb is not using read_ahead we
+ * expect this to be read in |numpipes| or |numpipes - 1| separate
+ * SSL_read_ex calls. In the case of test 4, there is then one additional
+ * read for left over data that couldn't fit in the previous pipelines
+ */
+ for (offset = 0, numreads = 0;
+ offset < msglen;
+ offset += readbytes, numreads++) {
+ if (!TEST_true(SSL_read_ex(peerb, buf + offset,
+ msglen - offset, &readbytes)))
+ goto end;
+ }
+
+ expectedreads = idx == 4 ? numpipes + 1
+ : (idx == 3 ? numpipes - 1 : numpipes);
+ if (!TEST_mem_eq(msg, msglen, buf, offset)
+ || !TEST_int_eq(numreads, expectedreads))
+ goto end;
+
+ /*
+ * Write some data from peerb to peera. We do this in up to |numpipes + 1|
+ * chunks to exercise the read pipelining code on peera.
+ */
+ for (offset = 0; offset < msglen; offset += fragsize) {
+ size_t sendlen = msglen - offset;
+
+ if (sendlen > fragsize)
+ sendlen = fragsize;
+ if (!TEST_true(SSL_write_ex(peerb, msg + offset, sendlen, &written))
+ || !TEST_size_t_eq(written, sendlen))
+ goto end;
+ }
+
+ /*
+ * The data was written in |numpipes|, |numpipes - 1| or |numpipes + 1|
+ * separate chunks (depending on which test we are running). If the
+ * pipelining is working then we expect peera to read up to numpipes chunks
+ * and process them in parallel, giving back the complete result in a single
+ * call to SSL_read_ex
+ */
+ if (!TEST_true(SSL_read_ex(peera, buf, msglen, &readbytes))
+ || !TEST_size_t_le(readbytes, msglen))
+ goto end;
+
+ if (idx == 4) {
+ size_t readbytes2;
+
+ if (!TEST_true(SSL_read_ex(peera, buf + readbytes,
+ msglen - readbytes, &readbytes2)))
+ goto end;
+ readbytes += readbytes2;
+ if (!TEST_size_t_le(readbytes, msglen))
+ goto end;
+ }
+
+ if (!TEST_mem_eq(msg, msglen, buf, readbytes))
+ goto end;
+
+ testresult = 1;
+end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ ENGINE_unregister_ciphers(e);
+ ENGINE_finish(e);
+ ENGINE_free(e);
+ OPENSSL_free(buf);
+ if (idx == 5)
+ OPENSSL_free(msg);
+ return testresult;
+}
+#endif /* !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) */
+
+OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n")
+
+int setup_tests(void)
+{
+ char *modulename;
+ char *configfile;
+
+ libctx = OSSL_LIB_CTX_new();
+ if (!TEST_ptr(libctx))
+ return 0;
+
+ defctxnull = OSSL_PROVIDER_load(NULL, "null");
+
+ /*
+ * Verify that the default and fips providers in the default libctx are not
+ * available
+ */
+ if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))
+ || !TEST_false(OSSL_PROVIDER_available(NULL, "fips")))
+ return 0;
+
+ if (!test_skip_common_options()) {
+ TEST_error("Error parsing test options\n");
+ return 0;
+ }
+
+ if (!TEST_ptr(certsdir = test_get_argument(0))
+ || !TEST_ptr(srpvfile = test_get_argument(1))
+ || !TEST_ptr(tmpfilename = test_get_argument(2))
+ || !TEST_ptr(modulename = test_get_argument(3))
+ || !TEST_ptr(configfile = test_get_argument(4))
+ || !TEST_ptr(dhfile = test_get_argument(5)))
+ return 0;
+
+ if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile)))
+ return 0;
/* Check we have the expected provider available */
if (!TEST_true(OSSL_PROVIDER_available(libctx, modulename)))
if (privkey2 == NULL)
goto err;
+ cert1024 = test_mk_file_path(certsdir, "ee-cert-1024.pem");
+ if (cert1024 == NULL)
+ goto err;
+
+ privkey1024 = test_mk_file_path(certsdir, "ee-key-1024.pem");
+ if (privkey1024 == NULL)
+ goto err;
+
+ cert3072 = test_mk_file_path(certsdir, "ee-cert-3072.pem");
+ if (cert3072 == NULL)
+ goto err;
+
+ privkey3072 = test_mk_file_path(certsdir, "ee-key-3072.pem");
+ if (privkey3072 == NULL)
+ goto err;
+
+ cert4096 = test_mk_file_path(certsdir, "ee-cert-4096.pem");
+ if (cert4096 == NULL)
+ goto err;
+
+ privkey4096 = test_mk_file_path(certsdir, "ee-key-4096.pem");
+ if (privkey4096 == NULL)
+ goto err;
+
+ cert8192 = test_mk_file_path(certsdir, "ee-cert-8192.pem");
+ if (cert8192 == NULL)
+ goto err;
+
+ privkey8192 = test_mk_file_path(certsdir, "ee-key-8192.pem");
+ if (privkey8192 == NULL)
+ goto err;
+
#if !defined(OPENSSL_NO_KTLS) && !defined(OPENSSL_NO_SOCK)
-# if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3)
- ADD_ALL_TESTS(test_ktls, 32);
- ADD_ALL_TESTS(test_ktls_sendfile_anytls, 6);
+# if !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3)
+ ADD_ALL_TESTS(test_ktls, NUM_KTLS_TEST_CIPHERS * 4);
+ ADD_ALL_TESTS(test_ktls_sendfile, NUM_KTLS_TEST_CIPHERS * 2);
# endif
#endif
ADD_TEST(test_large_message_tls);
#ifndef OPENSSL_NO_DTLS
ADD_TEST(test_large_message_dtls);
#endif
+ ADD_ALL_TESTS(test_large_app_data, 28);
ADD_TEST(test_cleanse_plaintext);
#ifndef OPENSSL_NO_OCSP
ADD_TEST(test_tlsext_status_type);
ADD_TEST(test_session_with_only_ext_cache);
ADD_TEST(test_session_with_both_cache);
ADD_TEST(test_session_wo_ca_names);
-#ifndef OPENSSL_NO_TLS1_3
+#ifndef OSSL_NO_USABLE_TLS1_3
ADD_ALL_TESTS(test_stateful_tickets, 3);
ADD_ALL_TESTS(test_stateless_tickets, 3);
ADD_TEST(test_psk_tickets);
ADD_TEST(test_ssl_bio_pop_ssl_bio);
ADD_TEST(test_ssl_bio_change_rbio);
ADD_TEST(test_ssl_bio_change_wbio);
-#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
+#if !defined(OPENSSL_NO_TLS1_2) || defined(OSSL_NO_USABLE_TLS1_3)
ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2);
ADD_TEST(test_keylog);
#endif
-#ifndef OPENSSL_NO_TLS1_3
+#ifndef OSSL_NO_USABLE_TLS1_3
ADD_TEST(test_keylog_no_master_key);
#endif
+ ADD_TEST(test_client_cert_verify_cb);
+ ADD_TEST(test_ssl_build_cert_chain);
+ ADD_TEST(test_ssl_ctx_build_cert_chain);
#ifndef OPENSSL_NO_TLS1_2
ADD_TEST(test_client_hello_cb);
ADD_TEST(test_no_ems);
ADD_TEST(test_ccs_change_cipher);
#endif
-#ifndef OPENSSL_NO_TLS1_3
- ADD_ALL_TESTS(test_early_data_read_write, 3);
+#ifndef OSSL_NO_USABLE_TLS1_3
+ ADD_ALL_TESTS(test_early_data_read_write, 6);
/*
* We don't do replay tests for external PSK. Replay protection isn't used
* in that scenario.
*/
ADD_ALL_TESTS(test_early_data_replay, 2);
- ADD_ALL_TESTS(test_early_data_skip, 3);
- ADD_ALL_TESTS(test_early_data_skip_hrr, 3);
- ADD_ALL_TESTS(test_early_data_skip_hrr_fail, 3);
- ADD_ALL_TESTS(test_early_data_skip_abort, 3);
+ ADD_ALL_TESTS(test_early_data_skip, OSSL_NELEM(ciphersuites) * 3);
+ ADD_ALL_TESTS(test_early_data_skip_hrr, OSSL_NELEM(ciphersuites) * 3);
+ ADD_ALL_TESTS(test_early_data_skip_hrr_fail, OSSL_NELEM(ciphersuites) * 3);
+ ADD_ALL_TESTS(test_early_data_skip_abort, OSSL_NELEM(ciphersuites) * 3);
ADD_ALL_TESTS(test_early_data_not_sent, 3);
ADD_ALL_TESTS(test_early_data_psk, 8);
ADD_ALL_TESTS(test_early_data_psk_with_all_ciphers, 5);
ADD_ALL_TESTS(test_early_data_tls1_2, 3);
# endif
#endif
-#ifndef OPENSSL_NO_TLS1_3
+#ifndef OSSL_NO_USABLE_TLS1_3
ADD_ALL_TESTS(test_set_ciphersuite, 10);
ADD_TEST(test_ciphersuite_change);
ADD_ALL_TESTS(test_tls13_ciphersuite, 4);
# ifndef OPENSSL_NO_TLS1_2
/* Test with both TLSv1.3 and 1.2 versions */
ADD_ALL_TESTS(test_key_exchange, 14);
+# if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DH)
+ ADD_ALL_TESTS(test_negotiated_group,
+ 4 * (OSSL_NELEM(ecdhe_kexch_groups)
+ + OSSL_NELEM(ffdhe_kexch_groups)));
+# endif
# else
/* Test with only TLSv1.3 versions */
ADD_ALL_TESTS(test_key_exchange, 12);
# endif
- ADD_ALL_TESTS(test_custom_exts, 5);
+ ADD_ALL_TESTS(test_custom_exts, 6);
ADD_TEST(test_stateless);
ADD_TEST(test_pha_key_update);
#else
ADD_ALL_TESTS(test_custom_exts, 3);
#endif
- ADD_ALL_TESTS(test_serverinfo, 8);
ADD_ALL_TESTS(test_export_key_mat, 6);
-#ifndef OPENSSL_NO_TLS1_3
+#ifndef OSSL_NO_USABLE_TLS1_3
ADD_ALL_TESTS(test_export_key_mat_early, 3);
ADD_TEST(test_key_update);
- ADD_ALL_TESTS(test_key_update_in_write, 2);
+ ADD_ALL_TESTS(test_key_update_peer_in_write, 2);
+ ADD_ALL_TESTS(test_key_update_peer_in_read, 2);
+ ADD_ALL_TESTS(test_key_update_local_in_write, 2);
+ ADD_ALL_TESTS(test_key_update_local_in_read, 2);
#endif
ADD_ALL_TESTS(test_ssl_clear, 2);
ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test));
#if !defined(OPENSSL_NO_SRP) && !defined(OPENSSL_NO_TLS1_2)
ADD_ALL_TESTS(test_srp, 6);
#endif
+#if !defined(OPENSSL_NO_COMP_ALG)
+ /* Add compression case */
+ ADD_ALL_TESTS(test_info_callback, 8);
+#else
ADD_ALL_TESTS(test_info_callback, 6);
+#endif
ADD_ALL_TESTS(test_ssl_pending, 2);
ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data));
- ADD_ALL_TESTS(test_ticket_callbacks, 16);
+ ADD_ALL_TESTS(test_ticket_callbacks, 20);
ADD_ALL_TESTS(test_shutdown, 7);
+ ADD_TEST(test_async_shutdown);
ADD_ALL_TESTS(test_incorrect_shutdown, 2);
ADD_ALL_TESTS(test_cert_cb, 6);
ADD_ALL_TESTS(test_client_cert_cb, 2);
ADD_ALL_TESTS(test_multiblock_write, OSSL_NELEM(multiblock_cipherlist_data));
#endif
ADD_ALL_TESTS(test_servername, 10);
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) \
+ && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2))
ADD_ALL_TESTS(test_sigalgs_available, 6);
#endif
#ifndef OPENSSL_NO_TLS1_3
ADD_ALL_TESTS(test_pluggable_group, 2);
+ ADD_ALL_TESTS(test_pluggable_signature, 2);
#endif
#ifndef OPENSSL_NO_TLS1_2
ADD_TEST(test_ssl_dup);
+# ifndef OPENSSL_NO_DH
+ ADD_ALL_TESTS(test_set_tmp_dh, 11);
+ ADD_ALL_TESTS(test_dh_auto, 7);
+# endif
+#endif
+#ifndef OSSL_NO_USABLE_TLS1_3
+ ADD_TEST(test_sni_tls13);
+ ADD_ALL_TESTS(test_ticket_lifetime, 2);
+#endif
+ ADD_TEST(test_inherit_verify_param);
+ ADD_TEST(test_set_alpn);
+ ADD_TEST(test_set_verify_cert_store_ssl_ctx);
+ ADD_TEST(test_set_verify_cert_store_ssl);
+ ADD_ALL_TESTS(test_session_timeout, 1);
+ ADD_TEST(test_load_dhfile);
+#ifndef OSSL_NO_USABLE_TLS1_3
+ ADD_TEST(test_read_ahead_key_change);
+ ADD_ALL_TESTS(test_tls13_record_padding, 4);
+#endif
+#if !defined(OPENSSL_NO_TLS1_2) && !defined(OSSL_NO_USABLE_TLS1_3)
+ ADD_ALL_TESTS(test_serverinfo_custom, 4);
+#endif
+#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
+ ADD_ALL_TESTS(test_pipelining, 6);
#endif
return 1;
void cleanup_tests(void)
{
+# if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DH)
+ EVP_PKEY_free(tmp_dh_params);
+#endif
OPENSSL_free(cert);
OPENSSL_free(privkey);
OPENSSL_free(cert2);
OPENSSL_free(privkey2);
+ OPENSSL_free(cert1024);
+ OPENSSL_free(privkey1024);
+ OPENSSL_free(cert3072);
+ OPENSSL_free(privkey3072);
+ OPENSSL_free(cert4096);
+ OPENSSL_free(privkey4096);
+ OPENSSL_free(cert8192);
+ OPENSSL_free(privkey8192);
bio_s_mempacket_test_free();
bio_s_always_retry_free();
OSSL_PROVIDER_unload(defctxnull);