From: Matt Caswell <matt@openssl.org>
Date: Thu, 6 Feb 2025 15:17:23 +0000 (+0000)
Subject: Drop the session and PSK test from the clienthellotest
X-Git-Tag: openssl-3.5.0-alpha1~558
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cc699ace927acf2e05cefff4f50e4f0a6c5d0a8d;p=thirdparty%2Fopenssl.git

Drop the session and PSK test from the clienthellotest

This test doesn't really give us much that the other tests don't already
achieve. Added to that the ClientHello is nearly too long for it to work
reliably. Small changes in the ClientHello length make this test break.
So this test is too brittle with little value - so we drop it.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26654)
---

diff --git a/test/clienthellotest.c b/test/clienthellotest.c
index 664d1bdd3c5..b4f2c20bdb9 100644
--- a/test/clienthellotest.c
+++ b/test/clienthellotest.c
@@ -23,7 +23,7 @@
 
 #define CLIENT_VERSION_LEN      2
 
-#define TOTAL_NUM_TESTS                         4
+#define TOTAL_NUM_TESTS                         3
 
 /*
  * Test that explicitly setting ticket data results in it appearing in the
@@ -34,16 +34,10 @@
 #define TEST_ADD_PADDING                        1
 /* Enable padding and make sure ClientHello is short enough to not need it */
 #define TEST_PADDING_NOT_NEEDED                 2
-/*
- * Enable padding and add a PSK to the ClientHello (this will also ensure the
- * ClientHello is long enough to need padding)
- */
-#define TEST_ADD_PADDING_AND_PSK                3
 
 #define F5_WORKAROUND_MIN_MSG_LEN   0x7f
 #define F5_WORKAROUND_MAX_MSG_LEN   0x200
 
-static const char *sessionfile = NULL;
 /* Dummy ALPN protocols used to pad out the size of the ClientHello */
 /* ASCII 'O' = 79 = 0x4F = EBCDIC '|'*/
 #ifdef CHARSET_EBCDIC
@@ -72,11 +66,6 @@ static int test_client_hello(int currtest)
     BIO *sessbio = NULL;
     SSL_SESSION *sess = NULL;
 
-#ifdef OPENSSL_NO_TLS1_3
-    if (currtest == TEST_ADD_PADDING_AND_PSK)
-        return 1;
-#endif
-
     memset(&pkt, 0, sizeof(pkt));
     memset(&pkt2, 0, sizeof(pkt2));
     memset(&pkt3, 0, sizeof(pkt3));
@@ -104,16 +93,6 @@ static int test_client_hello(int currtest)
 #endif
         break;
 
-    case TEST_ADD_PADDING_AND_PSK:
-        /*
-         * In this case we're doing TLSv1.3 and we're sending a PSK so the
-         * ClientHello is already going to be quite long. To avoid getting one
-         * that is too long for this test we use a restricted ciphersuite list
-         */
-        if (!TEST_false(SSL_CTX_set_cipher_list(ctx, "")))
-            goto end;
-        ERR_clear_error();
-         /* Fall through */
     case TEST_ADD_PADDING:
     case TEST_PADDING_NOT_NEEDED:
         SSL_CTX_set_options(ctx, SSL_OP_TLSEXT_PADDING);
@@ -149,26 +128,6 @@ static int test_client_hello(int currtest)
     if (!TEST_ptr(con))
         goto end;
 
-    if (currtest == TEST_ADD_PADDING_AND_PSK) {
-        sessbio = BIO_new_file(sessionfile, "r");
-        if (!TEST_ptr(sessbio)) {
-            TEST_info("Unable to open session.pem");
-            goto end;
-        }
-        sess = PEM_read_bio_SSL_SESSION(sessbio, NULL, NULL, NULL);
-        if (!TEST_ptr(sess)) {
-            TEST_info("Unable to load SSL_SESSION");
-            goto end;
-        }
-        /*
-         * We reset the creation time so that we don't discard the session as
-         * too old.
-         */
-        if (!TEST_true(SSL_SESSION_set_time_ex(sess, time(NULL)))
-                || !TEST_true(SSL_set_session(con, sess)))
-            goto end;
-    }
-
     rbio = BIO_new(BIO_s_mem());
     wbio = BIO_new(BIO_s_mem());
     if (!TEST_ptr(rbio)|| !TEST_ptr(wbio)) {
@@ -234,8 +193,7 @@ static int test_client_hello(int currtest)
         if (type == TLSEXT_TYPE_padding) {
             if (!TEST_false(currtest == TEST_PADDING_NOT_NEEDED))
                 goto end;
-            else if (TEST_true(currtest == TEST_ADD_PADDING
-                    || currtest == TEST_ADD_PADDING_AND_PSK))
+            else if (TEST_true(currtest == TEST_ADD_PADDING))
                 testresult = TEST_true(msglen == F5_WORKAROUND_MAX_MSG_LEN);
         }
     }
@@ -252,8 +210,6 @@ end:
     return testresult;
 }
 
-OPT_TEST_DECLARE_USAGE("sessionfile\n")
-
 int setup_tests(void)
 {
     if (!test_skip_common_options()) {
@@ -261,9 +217,6 @@ int setup_tests(void)
         return 0;
     }
 
-    if (!TEST_ptr(sessionfile = test_get_argument(0)))
-        return 0;
-
     ADD_ALL_TESTS(test_client_hello, TOTAL_NUM_TESTS);
     return 1;
 }
diff --git a/test/recipes/70-test_clienthello.t b/test/recipes/70-test_clienthello.t
index 0ccbc8ef560..5e49bf8ea90 100644
--- a/test/recipes/70-test_clienthello.t
+++ b/test/recipes/70-test_clienthello.t
@@ -21,5 +21,5 @@ plan skip_all => "No EC with TLSv1.3 is not supported by this test"
 
 plan tests => 1;
 
-ok(run(test(["clienthellotest", srctop_file("test", "session.pem")])),
+ok(run(test(["clienthellotest"])),
    "running clienthellotest");
diff --git a/test/session.pem b/test/session.pem
deleted file mode 100644
index ea0b0bcec23..00000000000
--- a/test/session.pem
+++ /dev/null
@@ -1,31 +0,0 @@
------BEGIN SSL SESSION PARAMETERS-----
-MIIFSgIBAQICAwQEAhMCBCAUv8MKab5ruWM6I8xtEH++u+bb2B1OznYnDrRcpLll
-6AQwzwJoGXOQ3uCa7bCy07owBiH4Bf13MiDtwaHSnNTEyfLEZBy3SgCE06wa5TJk
-Fx8aoQYCBFsWdRqiBAICHCCjggPrMIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0G
-CSqGSIb3DQEBBQUAMHAxCzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdy
-b3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQD
-DBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoX
-DTIxMTAxNjE0MDE0OFowZDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wg
-R3JvdXAxIjAgBgNVBAsMGUZPUiBURVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNV
-BAMMEFRlc3QgU2VydmVyIENlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQDzhPOSNtyyRspmeuUpxfNJKCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF
-9XqFXcIP0y4pWDbMSGuiorUmzmfiR7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5T
-S5Dq/er5ODUr9OaaDva7EquHIcMvvPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnG
-kwwiAud05yUAq/gPXBC1hTtmlPD7TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZ
-xrrf7Foc2EP+51LJzwLQx3/JfrCU41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQ
-jeGiE0olr+YcsSW/tJmiU9OiAr8RAgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAO
-BgNVHQ8BAf8EBAMCBeAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVk
-IENlcnRpZmljYXRlMB0GA1UdDgQWBBSCvM8AABPR9zklmifnr9LvIBturDAfBgNV
-HSMEGDAWgBQ2w2yI55X+sL3szj49hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEA
-qb1NV0B0/pbpK9Z4/bNjzPQLTRLKWnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpq
-Wz9qoeoFZax+QBpIZYjROU3TS3fpyLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCp
-W2Uoy8sAA4JjN9OtsZY7dvUXFgJ7vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZ
-J1z1cbbwGDDzfvGFPzJ+Sq+zEPdsxoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxz
-A7mNGv73JoZJA6nFgj+ADSlJsY/tJBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+Al
-tvHTANdAq0t/K3o+pplMVKQCBAClAwIBFakEAgIcIKqB0wSB0EMQ5938LY/ASVsV
-0kStjTVOps9p3VT071bTjD3RR211+gLzBwGCk8gWNH1glJXjLAenh9E2ivDK1tYQ
-3ODRdB3V46t9E78r0uAmSG/WMJ9OvkFlXyIhseYwvWW0P1cAYPI/j3Evgcyu9GIs
-HSDVEKbBy9CJYCkW/SrT+2A3ouqp+wSW0XgDLFFB+mBte2Hg7wv2uILrYZ4Y0fNe
-CUcTq8B+0EFEiq7p0KRGXwpSKYxNw7qZgg/Us3W85BYMnzYjfDzN0KHf+BI28VRT
-Rjxuud2uBwIFANHVD/k=
------END SSL SESSION PARAMETERS-----