]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/sslapitest.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Create provider errors and use them
[thirdparty/openssl.git] / test / sslapitest.c
CommitLineData
2cb4b5f6 1/*
6738bf14 2 * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
2cb4b5f6 3 *
909f1a2e 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
2cb4b5f6
MC		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
ba881d3b
MC		 10#include <string.h>
11
2cb4b5f6
MC		 12#include <openssl/opensslconf.h>
13#include <openssl/bio.h>
14#include <openssl/crypto.h>
15#include <openssl/ssl.h>
ba881d3b 16#include <openssl/ocsp.h>
76fd7a1d
MC		 17#include <openssl/srp.h>
18#include <openssl/txt_db.h>
d0191fe0 19#include <openssl/aes.h>
2cb4b5f6
MC		 20
21#include "ssltestlib.h"
c887104f 22#include "testutil.h"
f297e4ec 23#include "testutil/output.h"
176db6dc 24#include "internal/nelem.h"
fe5d9450 25#include "internal/ktls.h"
ca0413ae 26#include "../ssl/ssl_locl.h"
2cb4b5f6 27
8614a4eb
MC		 28#ifndef OPENSSL_NO_TLS1_3
29
30static SSL_SESSION *clientpsk = NULL;
31static SSL_SESSION *serverpsk = NULL;
32static const char *pskid = "Identity";
33static const char *srvid;
34
35static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id,
36 size_t *idlen, SSL_SESSION **sess);
37static int find_session_cb(SSL *ssl, const unsigned char *identity,
38 size_t identity_len, SSL_SESSION **sess);
39
40static int use_session_cb_cnt = 0;
41static int find_session_cb_cnt = 0;
42
43static SSL_SESSION *create_a_psk(SSL *ssl);
44#endif
45
2cb4b5f6
MC		 46static char *cert = NULL;
47static char *privkey = NULL;
76fd7a1d
MC		 48static char *srpvfile = NULL;
49static char *tmpfilename = NULL;
2cb4b5f6 50
cffe973c 51#define LOG_BUFFER_SIZE 2048
6acdd3e5 52static char server_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
710756a9 53static size_t server_log_buffer_index = 0;
6acdd3e5 54static char client_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
710756a9 55static size_t client_log_buffer_index = 0;
6acdd3e5
CB		 56static int error_writing_log = 0;
57
8f8c11d8 58#ifndef OPENSSL_NO_OCSP
ba881d3b
MC		 59static const unsigned char orespder[] = "Dummy OCSP Response";
60static int ocsp_server_called = 0;
61static int ocsp_client_called = 0;
62
63static int cdummyarg = 1;
64static X509 *ocspcert = NULL;
8f8c11d8 65#endif
ba881d3b 66
84d5549e 67#define NUM_EXTRA_CERTS 40
cf72c757 68#define CLIENT_VERSION_LEN 2
84d5549e 69
f1a5939f
CB		 70/*
71 * This structure is used to validate that the correct number of log messages
72 * of various types are emitted when emitting secret logs.
73 */
74struct sslapitest_log_counts {
75 unsigned int rsa_key_exchange_count;
76 unsigned int master_secret_count;
cffe973c 77 unsigned int client_early_secret_count;
f1a5939f
CB		 78 unsigned int client_handshake_secret_count;
79 unsigned int server_handshake_secret_count;
80 unsigned int client_application_secret_count;
81 unsigned int server_application_secret_count;
01a2a654 82 unsigned int early_exporter_secret_count;
6329ce8f 83 unsigned int exporter_secret_count;
f1a5939f
CB		 84};
85
16afd71c
MC		 86
87static unsigned char serverinfov1[] = {
88 0xff, 0xff, /* Dummy extension type */
89 0x00, 0x01, /* Extension length is 1 byte */
90 0xff /* Dummy extension data */
91};
92
93static unsigned char serverinfov2[] = {
94 0x00, 0x00, 0x00,
95 (unsigned char)(SSL_EXT_CLIENT_HELLO & 0xff), /* Dummy context - 4 bytes */
96 0xff, 0xff, /* Dummy extension type */
97 0x00, 0x01, /* Extension length is 1 byte */
98 0xff /* Dummy extension data */
99};
100
710756a9
RS		 101static void client_keylog_callback(const SSL *ssl, const char *line)
102{
6acdd3e5
CB		 103 int line_length = strlen(line);
104
105 /* If the log doesn't fit, error out. */
710756a9
RS		 106 if (client_log_buffer_index + line_length > sizeof(client_log_buffer) - 1) {
107 TEST_info("Client log too full");
6acdd3e5
CB		 108 error_writing_log = 1;
109 return;
110 }
111
112 strcat(client_log_buffer, line);
113 client_log_buffer_index += line_length;
710756a9 114 client_log_buffer[client_log_buffer_index++] = '\n';
6acdd3e5
CB		 115}
116
710756a9
RS		 117static void server_keylog_callback(const SSL *ssl, const char *line)
118{
6acdd3e5
CB		 119 int line_length = strlen(line);
120
121 /* If the log doesn't fit, error out. */
710756a9 122 if (server_log_buffer_index + line_length > sizeof(server_log_buffer) - 1) {
bdcacd93 123 TEST_info("Server log too full");
6acdd3e5
CB		 124 error_writing_log = 1;
125 return;
126 }
127
128 strcat(server_log_buffer, line);
129 server_log_buffer_index += line_length;
710756a9 130 server_log_buffer[server_log_buffer_index++] = '\n';
6acdd3e5
CB		 131}
132
133static int compare_hex_encoded_buffer(const char *hex_encoded,
134 size_t hex_length,
135 const uint8_t *raw,
710756a9
RS		 136 size_t raw_length)
137{
138 size_t i, j;
139 char hexed[3];
6acdd3e5 140
710756a9 141 if (!TEST_size_t_eq(raw_length * 2, hex_length))
6acdd3e5 142 return 1;
6acdd3e5 143
710756a9 144 for (i = j = 0; i < raw_length && j + 1 < hex_length; i++, j += 2) {
6acdd3e5 145 sprintf(hexed, "%02x", raw[i]);
710756a9
RS		 146 if (!TEST_int_eq(hexed[0], hex_encoded[j])
147 || !TEST_int_eq(hexed[1], hex_encoded[j + 1]))
6acdd3e5 148 return 1;
6acdd3e5
CB		 149 }
150
151 return 0;
152}
153
154static int test_keylog_output(char *buffer, const SSL *ssl,
f1a5939f 155 const SSL_SESSION *session,
710756a9
RS		 156 struct sslapitest_log_counts *expected)
157{
6acdd3e5
CB		 158 char *token = NULL;
159 unsigned char actual_client_random[SSL3_RANDOM_SIZE] = {0};
160 size_t client_random_size = SSL3_RANDOM_SIZE;
161 unsigned char actual_master_key[SSL_MAX_MASTER_KEY_LENGTH] = {0};
162 size_t master_key_size = SSL_MAX_MASTER_KEY_LENGTH;
f1a5939f
CB		 163 unsigned int rsa_key_exchange_count = 0;
164 unsigned int master_secret_count = 0;
cffe973c 165 unsigned int client_early_secret_count = 0;
f1a5939f
CB		 166 unsigned int client_handshake_secret_count = 0;
167 unsigned int server_handshake_secret_count = 0;
168 unsigned int client_application_secret_count = 0;
169 unsigned int server_application_secret_count = 0;
01a2a654 170 unsigned int early_exporter_secret_count = 0;
6329ce8f 171 unsigned int exporter_secret_count = 0;
6acdd3e5 172
710756a9
RS		 173 for (token = strtok(buffer, " \n"); token != NULL;
174 token = strtok(NULL, " \n")) {
6acdd3e5 175 if (strcmp(token, "RSA") == 0) {
f1a5939f
CB		 176 /*
177 * Premaster secret. Tokens should be: 16 ASCII bytes of
6acdd3e5
CB		 178 * hex-encoded encrypted secret, then the hex-encoded pre-master
179 * secret.
180 */
710756a9 181 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 182 return 0;
710756a9 183 if (!TEST_size_t_eq(strlen(token), 16))
f1a5939f 184 return 0;
710756a9 185 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 186 return 0;
f1a5939f
CB		 187 /*
188 * We can't sensibly check the log because the premaster secret is
189 * transient, and OpenSSL doesn't keep hold of it once the master
190 * secret is generated.
191 */
192 rsa_key_exchange_count++;
6acdd3e5 193 } else if (strcmp(token, "CLIENT_RANDOM") == 0) {
f1a5939f
CB		 194 /*
195 * Master secret. Tokens should be: 64 ASCII bytes of hex-encoded
6acdd3e5
CB		 196 * client random, then the hex-encoded master secret.
197 */
198 client_random_size = SSL_get_client_random(ssl,
199 actual_client_random,
200 SSL3_RANDOM_SIZE);
710756a9 201 if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE))
f1a5939f 202 return 0;
6acdd3e5 203
710756a9 204 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 205 return 0;
710756a9 206 if (!TEST_size_t_eq(strlen(token), 64))
f1a5939f 207 return 0;
710756a9
RS		 208 if (!TEST_false(compare_hex_encoded_buffer(token, 64,
209 actual_client_random,
210 client_random_size)))
f1a5939f 211 return 0;
6acdd3e5 212
710756a9 213 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 214 return 0;
6acdd3e5
CB		 215 master_key_size = SSL_SESSION_get_master_key(session,
216 actual_master_key,
217 master_key_size);
710756a9 218 if (!TEST_size_t_ne(master_key_size, 0))
f1a5939f 219 return 0;
710756a9
RS		 220 if (!TEST_false(compare_hex_encoded_buffer(token, strlen(token),
221 actual_master_key,
222 master_key_size)))
f1a5939f 223 return 0;
f1a5939f 224 master_secret_count++;
cffe973c
PW		 225 } else if (strcmp(token, "CLIENT_EARLY_TRAFFIC_SECRET") == 0
226 || strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0
710756a9
RS		 227 || strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0
228 || strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0
6329ce8f 229 || strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0
01a2a654 230 || strcmp(token, "EARLY_EXPORTER_SECRET") == 0
6329ce8f 231 || strcmp(token, "EXPORTER_SECRET") == 0) {
f1a5939f
CB		 232 /*
233 * TLSv1.3 secret. Tokens should be: 64 ASCII bytes of hex-encoded
234 * client random, and then the hex-encoded secret. In this case,
235 * we treat all of these secrets identically and then just
236 * distinguish between them when counting what we saw.
237 */
cffe973c
PW		 238 if (strcmp(token, "CLIENT_EARLY_TRAFFIC_SECRET") == 0)
239 client_early_secret_count++;
240 else if (strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0)
f1a5939f
CB		 241 client_handshake_secret_count++;
242 else if (strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0)
243 server_handshake_secret_count++;
244 else if (strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0)
245 client_application_secret_count++;
246 else if (strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0)
247 server_application_secret_count++;
01a2a654
PW		 248 else if (strcmp(token, "EARLY_EXPORTER_SECRET") == 0)
249 early_exporter_secret_count++;
6329ce8f
PW		 250 else if (strcmp(token, "EXPORTER_SECRET") == 0)
251 exporter_secret_count++;
f1a5939f
CB		 252
253 client_random_size = SSL_get_client_random(ssl,
254 actual_client_random,
255 SSL3_RANDOM_SIZE);
710756a9 256 if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE))
f1a5939f 257 return 0;
f1a5939f 258
710756a9 259 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 260 return 0;
710756a9 261 if (!TEST_size_t_eq(strlen(token), 64))
f1a5939f 262 return 0;
710756a9
RS		 263 if (!TEST_false(compare_hex_encoded_buffer(token, 64,
264 actual_client_random,
265 client_random_size)))
f1a5939f 266 return 0;
6acdd3e5 267
710756a9 268 if (!TEST_ptr(token = strtok(NULL, " \n")))
f1a5939f 269 return 0;
f1a5939f
CB		 270
271 /*
272 * TODO(TLS1.3): test that application traffic secrets are what
273 * we expect */
6acdd3e5 274 } else {
710756a9 275 TEST_info("Unexpected token %s\n", token);
f1a5939f 276 return 0;
6acdd3e5 277 }
6acdd3e5
CB		 278 }
279
710756a9
RS		 280 /* Got what we expected? */
281 if (!TEST_size_t_eq(rsa_key_exchange_count,
282 expected->rsa_key_exchange_count)
283 || !TEST_size_t_eq(master_secret_count,
284 expected->master_secret_count)
cffe973c
PW		 285 || !TEST_size_t_eq(client_early_secret_count,
286 expected->client_early_secret_count)
710756a9
RS		 287 || !TEST_size_t_eq(client_handshake_secret_count,
288 expected->client_handshake_secret_count)
289 || !TEST_size_t_eq(server_handshake_secret_count,
290 expected->server_handshake_secret_count)
291 || !TEST_size_t_eq(client_application_secret_count,
292 expected->client_application_secret_count)
293 || !TEST_size_t_eq(server_application_secret_count,
6329ce8f 294 expected->server_application_secret_count)
01a2a654
PW		 295 || !TEST_size_t_eq(early_exporter_secret_count,
296 expected->early_exporter_secret_count)
6329ce8f
PW		 297 || !TEST_size_t_eq(exporter_secret_count,
298 expected->exporter_secret_count))
710756a9
RS		 299 return 0;
300 return 1;
6acdd3e5
CB		 301}
302
c423ecaa 303#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
710756a9
RS		 304static int test_keylog(void)
305{
6acdd3e5
CB		 306 SSL_CTX *cctx = NULL, *sctx = NULL;
307 SSL *clientssl = NULL, *serverssl = NULL;
308 int testresult = 0;
6fc1e624 309 struct sslapitest_log_counts expected;
6acdd3e5
CB		 310
311 /* Clean up logging space */
6fc1e624 312 memset(&expected, 0, sizeof(expected));
710756a9
RS		 313 memset(client_log_buffer, 0, sizeof(client_log_buffer));
314 memset(server_log_buffer, 0, sizeof(server_log_buffer));
6acdd3e5
CB		 315 client_log_buffer_index = 0;
316 server_log_buffer_index = 0;
317 error_writing_log = 0;
318
710756a9
RS		 319 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
320 TLS_client_method(),
5c587fb6 321 TLS1_VERSION, 0,
710756a9 322 &sctx, &cctx, cert, privkey)))
6acdd3e5 323 return 0;
6acdd3e5
CB		 324
325 /* We cannot log the master secret for TLSv1.3, so we should forbid it. */
326 SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
327 SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
328
f0deb4d3 329 /* We also want to ensure that we use RSA-based key exchange. */
710756a9 330 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "RSA")))
f0deb4d3 331 goto end;
f0deb4d3 332
cf10df81
RS		 333 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL)
334 || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL))
6acdd3e5 335 goto end;
6acdd3e5 336 SSL_CTX_set_keylog_callback(cctx, client_keylog_callback);
cf10df81
RS		 337 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx)
338 == client_keylog_callback))
6acdd3e5 339 goto end;
710756a9 340 SSL_CTX_set_keylog_callback(sctx, server_keylog_callback);
cf10df81
RS		 341 if (!TEST_true(SSL_CTX_get_keylog_callback(sctx)
342 == server_keylog_callback))
6acdd3e5 343 goto end;
6acdd3e5 344
710756a9
RS		 345 /* Now do a handshake and check that the logs have been written to. */
346 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
347 &clientssl, NULL, NULL))
348 || !TEST_true(create_ssl_connection(serverssl, clientssl,
349 SSL_ERROR_NONE))
350 || !TEST_false(error_writing_log)
351 || !TEST_int_gt(client_log_buffer_index, 0)
352 || !TEST_int_gt(server_log_buffer_index, 0))
6acdd3e5 353 goto end;
6acdd3e5 354
f1a5939f
CB		 355 /*
356 * Now we want to test that our output data was vaguely sensible. We
6acdd3e5 357 * do that by using strtok and confirming that we have more or less the
f1a5939f
CB		 358 * data we expect. For both client and server, we expect to see one master
359 * secret. The client should also see a RSA key exchange.
6acdd3e5 360 */
f1a5939f
CB		 361 expected.rsa_key_exchange_count = 1;
362 expected.master_secret_count = 1;
710756a9
RS		 363 if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
364 SSL_get_session(clientssl), &expected)))
6acdd3e5 365 goto end;
f1a5939f
CB		 366
367 expected.rsa_key_exchange_count = 0;
710756a9
RS		 368 if (!TEST_true(test_keylog_output(server_log_buffer, serverssl,
369 SSL_get_session(serverssl), &expected)))
6acdd3e5 370 goto end;
6acdd3e5
CB		 371
372 testresult = 1;
373
374end:
375 SSL_free(serverssl);
376 SSL_free(clientssl);
377 SSL_CTX_free(sctx);
378 SSL_CTX_free(cctx);
379
380 return testresult;
381}
c423ecaa 382#endif
6acdd3e5
CB		 383
384#ifndef OPENSSL_NO_TLS1_3
710756a9
RS		 385static int test_keylog_no_master_key(void)
386{
6acdd3e5
CB		 387 SSL_CTX *cctx = NULL, *sctx = NULL;
388 SSL *clientssl = NULL, *serverssl = NULL;
cffe973c 389 SSL_SESSION *sess = NULL;
6acdd3e5 390 int testresult = 0;
6fc1e624 391 struct sslapitest_log_counts expected;
cffe973c
PW		 392 unsigned char buf[1];
393 size_t readbytes, written;
6acdd3e5
CB		 394
395 /* Clean up logging space */
6fc1e624 396 memset(&expected, 0, sizeof(expected));
710756a9
RS		 397 memset(client_log_buffer, 0, sizeof(client_log_buffer));
398 memset(server_log_buffer, 0, sizeof(server_log_buffer));
6acdd3e5
CB		 399 client_log_buffer_index = 0;
400 server_log_buffer_index = 0;
401 error_writing_log = 0;
402
7d7f6834 403 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
5c587fb6 404 TLS1_VERSION, 0,
cffe973c
PW		 405 &sctx, &cctx, cert, privkey))
406 || !TEST_true(SSL_CTX_set_max_early_data(sctx,
cffe973c 407 SSL3_RT_MAX_PLAIN_LENGTH)))
6acdd3e5 408 return 0;
6acdd3e5 409
cf10df81
RS		 410 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL)
411 || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL))
6acdd3e5 412 goto end;
6acdd3e5
CB		 413
414 SSL_CTX_set_keylog_callback(cctx, client_keylog_callback);
cf10df81
RS		 415 if (!TEST_true(SSL_CTX_get_keylog_callback(cctx)
416 == client_keylog_callback))
6acdd3e5 417 goto end;
6acdd3e5 418
710756a9 419 SSL_CTX_set_keylog_callback(sctx, server_keylog_callback);
cf10df81
RS		 420 if (!TEST_true(SSL_CTX_get_keylog_callback(sctx)
421 == server_keylog_callback))
6acdd3e5 422 goto end;
6acdd3e5 423
710756a9
RS		 424 /* Now do a handshake and check that the logs have been written to. */
425 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
426 &clientssl, NULL, NULL))
427 || !TEST_true(create_ssl_connection(serverssl, clientssl,
428 SSL_ERROR_NONE))
429 || !TEST_false(error_writing_log))
6acdd3e5 430 goto end;
6acdd3e5 431
f1a5939f
CB		 432 /*
433 * Now we want to test that our output data was vaguely sensible. For this
69687aa8 434 * test, we expect no CLIENT_RANDOM entry because it doesn't make sense for
f1a5939f 435 * TLSv1.3, but we do expect both client and server to emit keys.
6acdd3e5 436 */
f1a5939f
CB		 437 expected.client_handshake_secret_count = 1;
438 expected.server_handshake_secret_count = 1;
439 expected.client_application_secret_count = 1;
440 expected.server_application_secret_count = 1;
6329ce8f 441 expected.exporter_secret_count = 1;
710756a9
RS		 442 if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
443 SSL_get_session(clientssl), &expected))
444 || !TEST_true(test_keylog_output(server_log_buffer, serverssl,
445 SSL_get_session(serverssl),
446 &expected)))
6acdd3e5 447 goto end;
6acdd3e5 448
cffe973c
PW		 449 /* Terminate old session and resume with early data. */
450 sess = SSL_get1_session(clientssl);
451 SSL_shutdown(clientssl);
452 SSL_shutdown(serverssl);
453 SSL_free(serverssl);
454 SSL_free(clientssl);
455 serverssl = clientssl = NULL;
456
457 /* Reset key log */
458 memset(client_log_buffer, 0, sizeof(client_log_buffer));
459 memset(server_log_buffer, 0, sizeof(server_log_buffer));
460 client_log_buffer_index = 0;
461 server_log_buffer_index = 0;
462
463 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
464 &clientssl, NULL, NULL))
465 || !TEST_true(SSL_set_session(clientssl, sess))
466 /* Here writing 0 length early data is enough. */
467 || !TEST_true(SSL_write_early_data(clientssl, NULL, 0, &written))
468 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
469 &readbytes),
470 SSL_READ_EARLY_DATA_ERROR)
471 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
472 SSL_EARLY_DATA_ACCEPTED)
473 || !TEST_true(create_ssl_connection(serverssl, clientssl,
474 SSL_ERROR_NONE))
475 || !TEST_true(SSL_session_reused(clientssl)))
476 goto end;
477
478 /* In addition to the previous entries, expect early secrets. */
479 expected.client_early_secret_count = 1;
01a2a654 480 expected.early_exporter_secret_count = 1;
cffe973c
PW		 481 if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
482 SSL_get_session(clientssl), &expected))
483 || !TEST_true(test_keylog_output(server_log_buffer, serverssl,
484 SSL_get_session(serverssl),
485 &expected)))
486 goto end;
487
6acdd3e5
CB		 488 testresult = 1;
489
490end:
cffe973c 491 SSL_SESSION_free(sess);
6acdd3e5
CB		 492 SSL_free(serverssl);
493 SSL_free(clientssl);
494 SSL_CTX_free(sctx);
495 SSL_CTX_free(cctx);
496
497 return testresult;
498}
499#endif
500
e9ee6536 501#ifndef OPENSSL_NO_TLS1_2
a9c0d8be 502static int full_client_hello_callback(SSL *s, int *al, void *arg)
2afaee51
BK		 503{
504 int *ctr = arg;
505 const unsigned char *p;
8ea404fb 506 int *exts;
2afaee51
BK		 507 /* We only configure two ciphers, but the SCSV is added automatically. */
508#ifdef OPENSSL_NO_EC
509 const unsigned char expected_ciphers[] = {0x00, 0x9d, 0x00, 0xff};
510#else
511 const unsigned char expected_ciphers[] = {0x00, 0x9d, 0xc0,
512 0x2c, 0x00, 0xff};
513#endif
8ea404fb
BK		 514 const int expected_extensions[] = {
515#ifndef OPENSSL_NO_EC
516 11, 10,
517#endif
10ed1b72 518 35, 22, 23, 13};
2afaee51
BK		 519 size_t len;
520
521 /* Make sure we can defer processing and get called back. */
522 if ((*ctr)++ == 0)
f1b97da1 523 return SSL_CLIENT_HELLO_RETRY;
2afaee51 524
a9c0d8be 525 len = SSL_client_hello_get0_ciphers(s, &p);
710756a9 526 if (!TEST_mem_eq(p, len, expected_ciphers, sizeof(expected_ciphers))
a9c0d8be
DB		 527 || !TEST_size_t_eq(
528 SSL_client_hello_get0_compression_methods(s, &p), 1)
710756a9 529 || !TEST_int_eq(*p, 0))
f1b97da1 530 return SSL_CLIENT_HELLO_ERROR;
a9c0d8be 531 if (!SSL_client_hello_get1_extensions_present(s, &exts, &len))
f1b97da1 532 return SSL_CLIENT_HELLO_ERROR;
8ea404fb
BK		 533 if (len != OSSL_NELEM(expected_extensions) ||
534 memcmp(exts, expected_extensions, len * sizeof(*exts)) != 0) {
a9c0d8be 535 printf("ClientHello callback expected extensions mismatch\n");
8ea404fb 536 OPENSSL_free(exts);
f1b97da1 537 return SSL_CLIENT_HELLO_ERROR;
8ea404fb
BK		 538 }
539 OPENSSL_free(exts);
f1b97da1 540 return SSL_CLIENT_HELLO_SUCCESS;
2afaee51
BK		 541}
542
a9c0d8be 543static int test_client_hello_cb(void)
710756a9 544{
2afaee51
BK		 545 SSL_CTX *cctx = NULL, *sctx = NULL;
546 SSL *clientssl = NULL, *serverssl = NULL;
547 int testctr = 0, testresult = 0;
548
7d7f6834 549 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
5c587fb6 550 TLS1_VERSION, 0,
7d7f6834 551 &sctx, &cctx, cert, privkey)))
2afaee51 552 goto end;
a9c0d8be 553 SSL_CTX_set_client_hello_cb(sctx, full_client_hello_callback, &testctr);
710756a9 554
2afaee51
BK		 555 /* The gimpy cipher list we configure can't do TLS 1.3. */
556 SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
2afaee51 557
710756a9
RS		 558 if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
559 "AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384"))
560 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
561 &clientssl, NULL, NULL))
562 || !TEST_false(create_ssl_connection(serverssl, clientssl,
a9c0d8be 563 SSL_ERROR_WANT_CLIENT_HELLO_CB))
710756a9
RS		 564 /*
565 * Passing a -1 literal is a hack since
566 * the real value was lost.
567 * */
a9c0d8be
DB		 568 || !TEST_int_eq(SSL_get_error(serverssl, -1),
569 SSL_ERROR_WANT_CLIENT_HELLO_CB)
710756a9
RS		 570 || !TEST_true(create_ssl_connection(serverssl, clientssl,
571 SSL_ERROR_NONE)))
2afaee51 572 goto end;
2afaee51
BK		 573
574 testresult = 1;
575
088dfa13
TS		 576end:
577 SSL_free(serverssl);
578 SSL_free(clientssl);
579 SSL_CTX_free(sctx);
580 SSL_CTX_free(cctx);
581
582 return testresult;
583}
584
585static int test_no_ems(void)
586{
587 SSL_CTX *cctx = NULL, *sctx = NULL;
588 SSL *clientssl = NULL, *serverssl = NULL;
589 int testresult = 0;
590
591 if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
592 TLS1_VERSION, TLS1_2_VERSION,
593 &sctx, &cctx, cert, privkey)) {
594 printf("Unable to create SSL_CTX pair\n");
595 goto end;
596 }
597
598 SSL_CTX_set_options(sctx, SSL_OP_NO_EXTENDED_MASTER_SECRET);
599
600 if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) {
601 printf("Unable to create SSL objects\n");
602 goto end;
603 }
604
605 if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) {
606 printf("Creating SSL connection failed\n");
607 goto end;
608 }
609
610 if (SSL_get_extms_support(serverssl)) {
611 printf("Server reports Extended Master Secret support\n");
612 goto end;
613 }
614
615 if (SSL_get_extms_support(clientssl)) {
616 printf("Client reports Extended Master Secret support\n");
617 goto end;
618 }
619 testresult = 1;
620
2afaee51
BK		 621end:
622 SSL_free(serverssl);
623 SSL_free(clientssl);
624 SSL_CTX_free(sctx);
625 SSL_CTX_free(cctx);
626
627 return testresult;
628}
e9ee6536 629#endif
2afaee51 630
84d5549e 631static int execute_test_large_message(const SSL_METHOD *smeth,
7d7f6834
RL		 632 const SSL_METHOD *cmeth,
633 int min_version, int max_version,
634 int read_ahead)
84d5549e
MC		 635{
636 SSL_CTX *cctx = NULL, *sctx = NULL;
637 SSL *clientssl = NULL, *serverssl = NULL;
638 int testresult = 0;
639 int i;
710756a9 640 BIO *certbio = NULL;
84d5549e
MC		 641 X509 *chaincert = NULL;
642 int certlen;
643
710756a9 644 if (!TEST_ptr(certbio = BIO_new_file(cert, "r")))
84d5549e 645 goto end;
84d5549e 646 chaincert = PEM_read_bio_X509(certbio, NULL, NULL, NULL);
fa454945
MC		 647 BIO_free(certbio);
648 certbio = NULL;
710756a9 649 if (!TEST_ptr(chaincert))
fa454945 650 goto end;
84d5549e 651
7d7f6834
RL		 652 if (!TEST_true(create_ssl_ctx_pair(smeth, cmeth, min_version, max_version,
653 &sctx, &cctx, cert, privkey)))
84d5549e 654 goto end;
84d5549e 655
710756a9 656 if (read_ahead) {
7856332e
MC		 657 /*
658 * Test that read_ahead works correctly when dealing with large
659 * records
660 */
661 SSL_CTX_set_read_ahead(cctx, 1);
662 }
663
84d5549e
MC		 664 /*
665 * We assume the supplied certificate is big enough so that if we add
666 * NUM_EXTRA_CERTS it will make the overall message large enough. The
667 * default buffer size is requested to be 16k, but due to the way BUF_MEM
710756a9
RS		 668 * works, it ends up allocating a little over 21k (16 * 4/3). So, in this
669 * test we need to have a message larger than that.
84d5549e
MC		 670 */
671 certlen = i2d_X509(chaincert, NULL);
710756a9
RS		 672 OPENSSL_assert(certlen * NUM_EXTRA_CERTS >
673 (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3);
84d5549e 674 for (i = 0; i < NUM_EXTRA_CERTS; i++) {
710756a9 675 if (!X509_up_ref(chaincert))
84d5549e 676 goto end;
84d5549e 677 if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) {
84d5549e
MC		 678 X509_free(chaincert);
679 goto end;
680 }
681 }
682
710756a9
RS		 683 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
684 NULL, NULL))
685 || !TEST_true(create_ssl_connection(serverssl, clientssl,
686 SSL_ERROR_NONE)))
84d5549e 687 goto end;
84d5549e 688
4bf08600
MC		 689 /*
690 * Calling SSL_clear() first is not required but this tests that SSL_clear()
691 * doesn't leak (when using enable-crypto-mdebug).
692 */
710756a9 693 if (!TEST_true(SSL_clear(serverssl)))
4bf08600 694 goto end;
84d5549e 695
4bf08600 696 testresult = 1;
84d5549e
MC		 697 end:
698 X509_free(chaincert);
699 SSL_free(serverssl);
700 SSL_free(clientssl);
701 SSL_CTX_free(sctx);
702 SSL_CTX_free(cctx);
703
704 return testresult;
705}
706
5e9072ed
MC		 707#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS) \
708 && !defined(OPENSSL_NO_SOCK)
fe5d9450
BP		 709
710/* sock must be connected */
711static int ktls_chk_platform(int sock)
712{
713 if (!ktls_enable(sock))
714 return 0;
715 return 1;
716}
717
718static int ping_pong_query(SSL *clientssl, SSL *serverssl, int cfd, int sfd)
719{
720 static char count = 1;
721 unsigned char cbuf[16000] = {0};
722 unsigned char sbuf[16000];
723 size_t err = 0;
724 char crec_wseq_before[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
725 char crec_wseq_after[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
2fab79af
BP		 726 char crec_rseq_before[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
727 char crec_rseq_after[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
fe5d9450
BP		 728 char srec_wseq_before[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
729 char srec_wseq_after[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
730 char srec_rseq_before[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
731 char srec_rseq_after[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
732
733 cbuf[0] = count++;
734 memcpy(crec_wseq_before, &clientssl->rlayer.write_sequence,
735 TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
2fab79af
BP		 736 memcpy(crec_rseq_before, &clientssl->rlayer.read_sequence,
737 TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
fe5d9450
BP		 738 memcpy(srec_wseq_before, &serverssl->rlayer.write_sequence,
739 TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
740 memcpy(srec_rseq_before, &serverssl->rlayer.read_sequence,
741 TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
742
743 if (!TEST_true(SSL_write(clientssl, cbuf, sizeof(cbuf)) == sizeof(cbuf)))
744 goto end;
745
746 while ((err = SSL_read(serverssl, &sbuf, sizeof(sbuf))) != sizeof(sbuf)) {
747 if (SSL_get_error(serverssl, err) != SSL_ERROR_WANT_READ) {
748 goto end;
749 }
750 }
751
752 if (!TEST_true(SSL_write(serverssl, sbuf, sizeof(sbuf)) == sizeof(sbuf)))
753 goto end;
754
755 while ((err = SSL_read(clientssl, &cbuf, sizeof(cbuf))) != sizeof(cbuf)) {
756 if (SSL_get_error(clientssl, err) != SSL_ERROR_WANT_READ) {
757 goto end;
758 }
759 }
760
761 memcpy(crec_wseq_after, &clientssl->rlayer.write_sequence,
762 TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
2fab79af
BP		 763 memcpy(crec_rseq_after, &clientssl->rlayer.read_sequence,
764 TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
fe5d9450
BP		 765 memcpy(srec_wseq_after, &serverssl->rlayer.write_sequence,
766 TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
767 memcpy(srec_rseq_after, &serverssl->rlayer.read_sequence,
768 TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
769
770 /* verify the payload */
771 if (!TEST_mem_eq(cbuf, sizeof(cbuf), sbuf, sizeof(sbuf)))
772 goto end;
773
774 /* ktls is used then kernel sequences are used instead of OpenSSL sequences */
775 if (clientssl->mode & SSL_MODE_NO_KTLS_TX) {
776 if (!TEST_mem_ne(crec_wseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE,
777 crec_wseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE))
778 goto end;
779 } else {
780 if (!TEST_mem_eq(crec_wseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE,
781 crec_wseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE))
782 goto end;
783 }
784
785 if (serverssl->mode & SSL_MODE_NO_KTLS_TX) {
786 if (!TEST_mem_ne(srec_wseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE,
787 srec_wseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE))
788 goto end;
789 } else {
790 if (!TEST_mem_eq(srec_wseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE,
791 srec_wseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE))
792 goto end;
793 }
794
2fab79af
BP		 795 if (clientssl->mode & SSL_MODE_NO_KTLS_RX) {
796 if (!TEST_mem_ne(crec_rseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE,
797 crec_rseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE))
798 goto end;
799 } else {
800 if (!TEST_mem_eq(crec_rseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE,
801 crec_rseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE))
802 goto end;
803 }
804
805 if (serverssl->mode & SSL_MODE_NO_KTLS_RX) {
806 if (!TEST_mem_ne(srec_rseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE,
807 srec_rseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE))
808 goto end;
809 } else {
810 if (!TEST_mem_eq(srec_rseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE,
811 srec_rseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE))
812 goto end;
813 }
fe5d9450
BP		 814
815 return 1;
816end:
817 return 0;
818}
819
2fab79af
BP		 820static int execute_test_ktls(int cis_ktls_tx, int cis_ktls_rx,
821 int sis_ktls_tx, int sis_ktls_rx)
fe5d9450
BP		 822{
823 SSL_CTX *cctx = NULL, *sctx = NULL;
824 SSL *clientssl = NULL, *serverssl = NULL;
825 int testresult = 0;
826 int cfd, sfd;
827
828 if (!TEST_true(create_test_sockets(&cfd, &sfd)))
829 goto end;
830
831 /* Skip this test if the platform does not support ktls */
832 if (!ktls_chk_platform(cfd))
833 return 1;
834
835 /* Create a session based on SHA-256 */
836 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
837 TLS_client_method(),
838 TLS1_2_VERSION, TLS1_2_VERSION,
839 &sctx, &cctx, cert, privkey))
840 || !TEST_true(SSL_CTX_set_cipher_list(cctx,
841 "AES128-GCM-SHA256"))
842 || !TEST_true(create_ssl_objects2(sctx, cctx, &serverssl,
843 &clientssl, sfd, cfd)))
844 goto end;
845
846 if (!cis_ktls_tx) {
847 if (!TEST_true(SSL_set_mode(clientssl, SSL_MODE_NO_KTLS_TX)))
848 goto end;
849 }
850
851 if (!sis_ktls_tx) {
852 if (!TEST_true(SSL_set_mode(serverssl, SSL_MODE_NO_KTLS_TX)))
853 goto end;
854 }
855
2fab79af
BP		 856 if (!cis_ktls_rx) {
857 if (!TEST_true(SSL_set_mode(clientssl, SSL_MODE_NO_KTLS_RX)))
858 goto end;
859 }
860
861 if (!sis_ktls_rx) {
862 if (!TEST_true(SSL_set_mode(serverssl, SSL_MODE_NO_KTLS_RX)))
863 goto end;
864 }
865
fe5d9450
BP		 866 if (!TEST_true(create_ssl_connection(serverssl, clientssl,
867 SSL_ERROR_NONE)))
868 goto end;
869
870 if (!cis_ktls_tx) {
871 if (!TEST_false(BIO_get_ktls_send(clientssl->wbio)))
872 goto end;
873 } else {
874 if (!TEST_true(BIO_get_ktls_send(clientssl->wbio)))
875 goto end;
876 }
877
878 if (!sis_ktls_tx) {
879 if (!TEST_false(BIO_get_ktls_send(serverssl->wbio)))
880 goto end;
881 } else {
882 if (!TEST_true(BIO_get_ktls_send(serverssl->wbio)))
883 goto end;
884 }
885
2fab79af
BP		 886 if (!cis_ktls_rx) {
887 if (!TEST_false(BIO_get_ktls_recv(clientssl->rbio)))
888 goto end;
889 } else {
890 if (!TEST_true(BIO_get_ktls_recv(clientssl->rbio)))
891 goto end;
892 }
893
894 if (!sis_ktls_rx) {
895 if (!TEST_false(BIO_get_ktls_recv(serverssl->rbio)))
896 goto end;
897 } else {
898 if (!TEST_true(BIO_get_ktls_recv(serverssl->rbio)))
899 goto end;
900 }
901
fe5d9450
BP		 902 if (!TEST_true(ping_pong_query(clientssl, serverssl, cfd, sfd)))
903 goto end;
904
905 testresult = 1;
906end:
907 if (clientssl) {
908 SSL_shutdown(clientssl);
909 SSL_free(clientssl);
910 }
911 if (serverssl) {
912 SSL_shutdown(serverssl);
913 SSL_free(serverssl);
914 }
915 SSL_CTX_free(sctx);
916 SSL_CTX_free(cctx);
917 serverssl = clientssl = NULL;
918 return testresult;
919}
920
2fab79af
BP		 921static int test_ktls_no_txrx_client_no_txrx_server(void)
922{
923 return execute_test_ktls(0, 0, 0, 0);
924}
925
926static int test_ktls_no_rx_client_no_txrx_server(void)
927{
928 return execute_test_ktls(1, 0, 0, 0);
929}
930
931static int test_ktls_no_tx_client_no_txrx_server(void)
932{
933 return execute_test_ktls(0, 1, 0, 0);
934}
935
936static int test_ktls_client_no_txrx_server(void)
937{
938 return execute_test_ktls(1, 1, 0, 0);
939}
940
941static int test_ktls_no_txrx_client_no_rx_server(void)
942{
943 return execute_test_ktls(0, 0, 1, 0);
944}
945
946static int test_ktls_no_rx_client_no_rx_server(void)
947{
948 return execute_test_ktls(1, 0, 1, 0);
949}
950
951static int test_ktls_no_tx_client_no_rx_server(void)
952{
953 return execute_test_ktls(0, 1, 1, 0);
954}
955
956static int test_ktls_client_no_rx_server(void)
fe5d9450 957{
2fab79af 958 return execute_test_ktls(1, 1, 1, 0);
fe5d9450
BP		 959}
960
2fab79af 961static int test_ktls_no_txrx_client_no_tx_server(void)
fe5d9450 962{
2fab79af 963 return execute_test_ktls(0, 0, 0, 1);
fe5d9450
BP		 964}
965
2fab79af 966static int test_ktls_no_rx_client_no_tx_server(void)
fe5d9450 967{
2fab79af 968 return execute_test_ktls(1, 0, 0, 1);
fe5d9450
BP		 969}
970
2fab79af
BP		 971static int test_ktls_no_tx_client_no_tx_server(void)
972{
973 return execute_test_ktls(0, 1, 0, 1);
974}
975
976static int test_ktls_client_no_tx_server(void)
977{
978 return execute_test_ktls(1, 1, 0, 1);
979}
980
981static int test_ktls_no_txrx_client_server(void)
982{
983 return execute_test_ktls(0, 0, 1, 1);
984}
985
986static int test_ktls_no_rx_client_server(void)
987{
988 return execute_test_ktls(1, 0, 1, 1);
989}
990
991static int test_ktls_no_tx_client_server(void)
992{
993 return execute_test_ktls(0, 1, 1, 1);
994}
995
996static int test_ktls_client_server(void)
fe5d9450 997{
2fab79af 998 return execute_test_ktls(1, 1, 1, 1);
fe5d9450
BP		 999}
1000
1001#endif
1002
84d5549e
MC		 1003static int test_large_message_tls(void)
1004{
7856332e 1005 return execute_test_large_message(TLS_server_method(), TLS_client_method(),
5c587fb6 1006 TLS1_VERSION, 0, 0);
7856332e
MC		 1007}
1008
1009static int test_large_message_tls_read_ahead(void)
1010{
1011 return execute_test_large_message(TLS_server_method(), TLS_client_method(),
5c587fb6 1012 TLS1_VERSION, 0, 1);
84d5549e
MC		 1013}
1014
55386bef 1015#ifndef OPENSSL_NO_DTLS
84d5549e
MC		 1016static int test_large_message_dtls(void)
1017{
7856332e
MC		 1018 /*
1019 * read_ahead is not relevant to DTLS because DTLS always acts as if
1020 * read_ahead is set.
1021 */
84d5549e 1022 return execute_test_large_message(DTLS_server_method(),
7d7f6834 1023 DTLS_client_method(),
5c587fb6 1024 DTLS1_VERSION, 0, 0);
84d5549e 1025}
55386bef 1026#endif
84d5549e 1027
8f8c11d8 1028#ifndef OPENSSL_NO_OCSP
ba881d3b
MC		 1029static int ocsp_server_cb(SSL *s, void *arg)
1030{
1031 int *argi = (int *)arg;
710756a9 1032 unsigned char *copy = NULL;
ba881d3b
MC		 1033 STACK_OF(OCSP_RESPID) *ids = NULL;
1034 OCSP_RESPID *id = NULL;
1035
1036 if (*argi == 2) {
1037 /* In this test we are expecting exactly 1 OCSP_RESPID */
1038 SSL_get_tlsext_status_ids(s, &ids);
1039 if (ids == NULL || sk_OCSP_RESPID_num(ids) != 1)
1040 return SSL_TLSEXT_ERR_ALERT_FATAL;
1041
1042 id = sk_OCSP_RESPID_value(ids, 0);
1043 if (id == NULL || !OCSP_RESPID_match(id, ocspcert))
1044 return SSL_TLSEXT_ERR_ALERT_FATAL;
1045 } else if (*argi != 1) {
1046 return SSL_TLSEXT_ERR_ALERT_FATAL;
1047 }
1048
710756a9 1049 if (!TEST_ptr(copy = OPENSSL_memdup(orespder, sizeof(orespder))))
ba881d3b
MC		 1050 return SSL_TLSEXT_ERR_ALERT_FATAL;
1051
710756a9 1052 SSL_set_tlsext_status_ocsp_resp(s, copy, sizeof(orespder));
ba881d3b 1053 ocsp_server_called = 1;
ba881d3b
MC		 1054 return SSL_TLSEXT_ERR_OK;
1055}
1056
1057static int ocsp_client_cb(SSL *s, void *arg)
1058{
1059 int *argi = (int *)arg;
1060 const unsigned char *respderin;
1061 size_t len;
1062
1063 if (*argi != 1 && *argi != 2)
1064 return 0;
1065
1066 len = SSL_get_tlsext_status_ocsp_resp(s, &respderin);
710756a9 1067 if (!TEST_mem_eq(orespder, len, respderin, len))
ba881d3b
MC		 1068 return 0;
1069
1070 ocsp_client_called = 1;
ba881d3b
MC		 1071 return 1;
1072}
1073
2cb4b5f6
MC		 1074static int test_tlsext_status_type(void)
1075{
ba881d3b
MC		 1076 SSL_CTX *cctx = NULL, *sctx = NULL;
1077 SSL *clientssl = NULL, *serverssl = NULL;
2cb4b5f6 1078 int testresult = 0;
ba881d3b
MC		 1079 STACK_OF(OCSP_RESPID) *ids = NULL;
1080 OCSP_RESPID *id = NULL;
1081 BIO *certbio = NULL;
2cb4b5f6 1082
7d7f6834 1083 if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
5c587fb6 1084 TLS1_VERSION, 0,
7d7f6834 1085 &sctx, &cctx, cert, privkey))
ba881d3b 1086 return 0;
2cb4b5f6 1087
710756a9 1088 if (SSL_CTX_get_tlsext_status_type(cctx) != -1)
2cb4b5f6 1089 goto end;
2cb4b5f6 1090
ba881d3b 1091 /* First just do various checks getting and setting tlsext_status_type */
2cb4b5f6 1092
ba881d3b 1093 clientssl = SSL_new(cctx);
710756a9
RS		 1094 if (!TEST_int_eq(SSL_get_tlsext_status_type(clientssl), -1)
1095 || !TEST_true(SSL_set_tlsext_status_type(clientssl,
1096 TLSEXT_STATUSTYPE_ocsp))
1097 || !TEST_int_eq(SSL_get_tlsext_status_type(clientssl),
1098 TLSEXT_STATUSTYPE_ocsp))
2cb4b5f6 1099 goto end;
2cb4b5f6 1100
ba881d3b
MC		 1101 SSL_free(clientssl);
1102 clientssl = NULL;
2cb4b5f6 1103
710756a9
RS		 1104 if (!SSL_CTX_set_tlsext_status_type(cctx, TLSEXT_STATUSTYPE_ocsp)
1105 || SSL_CTX_get_tlsext_status_type(cctx) != TLSEXT_STATUSTYPE_ocsp)
2cb4b5f6 1106 goto end;
2cb4b5f6 1107
ba881d3b 1108 clientssl = SSL_new(cctx);
710756a9 1109 if (SSL_get_tlsext_status_type(clientssl) != TLSEXT_STATUSTYPE_ocsp)
2cb4b5f6 1110 goto end;
ba881d3b
MC		 1111 SSL_free(clientssl);
1112 clientssl = NULL;
1113
1114 /*
1115 * Now actually do a handshake and check OCSP information is exchanged and
1116 * the callbacks get called
1117 */
ba881d3b
MC		 1118 SSL_CTX_set_tlsext_status_cb(cctx, ocsp_client_cb);
1119 SSL_CTX_set_tlsext_status_arg(cctx, &cdummyarg);
1120 SSL_CTX_set_tlsext_status_cb(sctx, ocsp_server_cb);
1121 SSL_CTX_set_tlsext_status_arg(sctx, &cdummyarg);
710756a9
RS		 1122 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1123 &clientssl, NULL, NULL))
1124 || !TEST_true(create_ssl_connection(serverssl, clientssl,
1125 SSL_ERROR_NONE))
1126 || !TEST_true(ocsp_client_called)
1127 || !TEST_true(ocsp_server_called))
ba881d3b 1128 goto end;
ba881d3b
MC		 1129 SSL_free(serverssl);
1130 SSL_free(clientssl);
1131 serverssl = NULL;
1132 clientssl = NULL;
1133
1134 /* Try again but this time force the server side callback to fail */
1135 ocsp_client_called = 0;
1136 ocsp_server_called = 0;
1137 cdummyarg = 0;
710756a9
RS		 1138 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1139 &clientssl, NULL, NULL))
1140 /* This should fail because the callback will fail */
1141 || !TEST_false(create_ssl_connection(serverssl, clientssl,
1142 SSL_ERROR_NONE))
1143 || !TEST_false(ocsp_client_called)
1144 || !TEST_false(ocsp_server_called))
ba881d3b 1145 goto end;
ba881d3b
MC		 1146 SSL_free(serverssl);
1147 SSL_free(clientssl);
1148 serverssl = NULL;
1149 clientssl = NULL;
1150
1151 /*
1152 * This time we'll get the client to send an OCSP_RESPID that it will
1153 * accept.
1154 */
1155 ocsp_client_called = 0;
1156 ocsp_server_called = 0;
1157 cdummyarg = 2;
710756a9
RS		 1158 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1159 &clientssl, NULL, NULL)))
ba881d3b 1160 goto end;
ba881d3b
MC		 1161
1162 /*
1163 * We'll just use any old cert for this test - it doesn't have to be an OCSP
69687aa8 1164 * specific one. We'll use the server cert.
ba881d3b 1165 */
710756a9
RS		 1166 if (!TEST_ptr(certbio = BIO_new_file(cert, "r"))
1167 || !TEST_ptr(id = OCSP_RESPID_new())
1168 || !TEST_ptr(ids = sk_OCSP_RESPID_new_null())
1169 || !TEST_ptr(ocspcert = PEM_read_bio_X509(certbio,
1170 NULL, NULL, NULL))
1171 || !TEST_true(OCSP_RESPID_set_by_key(id, ocspcert))
1172 || !TEST_true(sk_OCSP_RESPID_push(ids, id)))
ba881d3b 1173 goto end;
ba881d3b
MC		 1174 id = NULL;
1175 SSL_set_tlsext_status_ids(clientssl, ids);
1176 /* Control has been transferred */
1177 ids = NULL;
1178
1179 BIO_free(certbio);
1180 certbio = NULL;
1181
710756a9
RS		 1182 if (!TEST_true(create_ssl_connection(serverssl, clientssl,
1183 SSL_ERROR_NONE))
1184 || !TEST_true(ocsp_client_called)
1185 || !TEST_true(ocsp_server_called))
ba881d3b 1186 goto end;
ba881d3b 1187
2cb4b5f6
MC		 1188 testresult = 1;
1189
1190 end:
ba881d3b
MC		 1191 SSL_free(serverssl);
1192 SSL_free(clientssl);
1193 SSL_CTX_free(sctx);
1194 SSL_CTX_free(cctx);
1195 sk_OCSP_RESPID_pop_free(ids, OCSP_RESPID_free);
1196 OCSP_RESPID_free(id);
1197 BIO_free(certbio);
1198 X509_free(ocspcert);
1199 ocspcert = NULL;
2cb4b5f6
MC		 1200
1201 return testresult;
1202}
8f8c11d8 1203#endif
2cb4b5f6 1204
bf208d95 1205#if !defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)
0afca811 1206static int new_called, remove_called, get_called;
eaa776da 1207
eaa776da
MC		 1208static int new_session_cb(SSL *ssl, SSL_SESSION *sess)
1209{
1210 new_called++;
c0537ebd
MC		 1211 /*
1212 * sess has been up-refed for us, but we don't actually need it so free it
1213 * immediately.
1214 */
1215 SSL_SESSION_free(sess);
eaa776da
MC		 1216 return 1;
1217}
1218
1219static void remove_session_cb(SSL_CTX *ctx, SSL_SESSION *sess)
1220{
1221 remove_called++;
1222}
1223
7a301f08
MC		 1224static SSL_SESSION *get_sess_val = NULL;
1225
1226static SSL_SESSION *get_session_cb(SSL *ssl, const unsigned char *id, int len,
1227 int *copy)
1228{
0afca811 1229 get_called++;
7a301f08
MC		 1230 *copy = 1;
1231 return get_sess_val;
1232}
1233
7a301f08
MC		 1234static int execute_test_session(int maxprot, int use_int_cache,
1235 int use_ext_cache)
2cb4b5f6
MC		 1236{
1237 SSL_CTX *sctx = NULL, *cctx = NULL;
1238 SSL *serverssl1 = NULL, *clientssl1 = NULL;
1239 SSL *serverssl2 = NULL, *clientssl2 = NULL;
bf208d95 1240# ifndef OPENSSL_NO_TLS1_1
eaa776da 1241 SSL *serverssl3 = NULL, *clientssl3 = NULL;
bf208d95 1242# endif
2cb4b5f6 1243 SSL_SESSION *sess1 = NULL, *sess2 = NULL;
36ff232c 1244 int testresult = 0, numnewsesstick = 1;
2cb4b5f6 1245
7e885b7b
P		 1246 new_called = remove_called = 0;
1247
36ff232c
MC		 1248 /* TLSv1.3 sends 2 NewSessionTickets */
1249 if (maxprot == TLS1_3_VERSION)
1250 numnewsesstick = 2;
1251
7d7f6834 1252 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
5c587fb6 1253 TLS1_VERSION, 0,
7d7f6834 1254 &sctx, &cctx, cert, privkey)))
2cb4b5f6 1255 return 0;
2cb4b5f6 1256
7a301f08
MC		 1257 /*
1258 * Only allow the max protocol version so we can force a connection failure
1259 * later
1260 */
1261 SSL_CTX_set_min_proto_version(cctx, maxprot);
1262 SSL_CTX_set_max_proto_version(cctx, maxprot);
eaa776da
MC		 1263
1264 /* Set up session cache */
7e885b7b 1265 if (use_ext_cache) {
eaa776da
MC		 1266 SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
1267 SSL_CTX_sess_set_remove_cb(cctx, remove_session_cb);
1268 }
7e885b7b 1269 if (use_int_cache) {
eaa776da
MC		 1270 /* Also covers instance where both are set */
1271 SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT);
1272 } else {
1273 SSL_CTX_set_session_cache_mode(cctx,
1274 SSL_SESS_CACHE_CLIENT
1275 | SSL_SESS_CACHE_NO_INTERNAL_STORE);
1276 }
2cb4b5f6 1277
710756a9
RS		 1278 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
1279 NULL, NULL))
1280 || !TEST_true(create_ssl_connection(serverssl1, clientssl1,
1281 SSL_ERROR_NONE))
1282 || !TEST_ptr(sess1 = SSL_get1_session(clientssl1)))
2cb4b5f6 1283 goto end;
2cb4b5f6 1284
710756a9 1285 /* Should fail because it should already be in the cache */
7e885b7b 1286 if (use_int_cache && !TEST_false(SSL_CTX_add_session(cctx, sess1)))
eaa776da 1287 goto end;
7a301f08 1288 if (use_ext_cache
36ff232c
MC		 1289 && (!TEST_int_eq(new_called, numnewsesstick)
1290
1291 || !TEST_int_eq(remove_called, 0)))
b4982125 1292 goto end;
b4982125 1293
c0537ebd
MC		 1294 new_called = remove_called = 0;
1295 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
1296 &clientssl2, NULL, NULL))
1297 || !TEST_true(SSL_set_session(clientssl2, sess1))
1298 || !TEST_true(create_ssl_connection(serverssl2, clientssl2,
1299 SSL_ERROR_NONE))
1300 || !TEST_true(SSL_session_reused(clientssl2)))
1301 goto end;
1302
7a301f08
MC		 1303 if (maxprot == TLS1_3_VERSION) {
1304 /*
1305 * In TLSv1.3 we should have created a new session even though we have
4cb00457
MC		 1306 * resumed. Since we attempted a resume we should also have removed the
1307 * old ticket from the cache so that we try to only use tickets once.
7a301f08
MC		 1308 */
1309 if (use_ext_cache
1310 && (!TEST_int_eq(new_called, 1)
4cb00457 1311 || !TEST_int_eq(remove_called, 1)))
7a301f08
MC		 1312 goto end;
1313 } else {
1314 /*
1315 * In TLSv1.2 we expect to have resumed so no sessions added or
1316 * removed.
1317 */
1318 if (use_ext_cache
1319 && (!TEST_int_eq(new_called, 0)
1320 || !TEST_int_eq(remove_called, 0)))
1321 goto end;
1322 }
c0537ebd
MC		 1323
1324 SSL_SESSION_free(sess1);
1325 if (!TEST_ptr(sess1 = SSL_get1_session(clientssl2)))
1326 goto end;
1327 shutdown_ssl_connection(serverssl2, clientssl2);
1328 serverssl2 = clientssl2 = NULL;
c0537ebd
MC		 1329
1330 new_called = remove_called = 0;
710756a9
RS		 1331 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
1332 &clientssl2, NULL, NULL))
1333 || !TEST_true(create_ssl_connection(serverssl2, clientssl2,
1334 SSL_ERROR_NONE)))
2cb4b5f6 1335 goto end;
2cb4b5f6 1336
710756a9 1337 if (!TEST_ptr(sess2 = SSL_get1_session(clientssl2)))
2cb4b5f6 1338 goto end;
2cb4b5f6 1339
7a301f08 1340 if (use_ext_cache
36ff232c
MC		 1341 && (!TEST_int_eq(new_called, numnewsesstick)
1342 || !TEST_int_eq(remove_called, 0)))
eaa776da 1343 goto end;
eaa776da 1344
c0537ebd 1345 new_called = remove_called = 0;
2cb4b5f6 1346 /*
710756a9
RS		 1347 * This should clear sess2 from the cache because it is a "bad" session.
1348 * See SSL_set_session() documentation.
2cb4b5f6 1349 */
710756a9 1350 if (!TEST_true(SSL_set_session(clientssl2, sess1)))
2cb4b5f6 1351 goto end;
7a301f08
MC		 1352 if (use_ext_cache
1353 && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1)))
eaa776da 1354 goto end;
710756a9 1355 if (!TEST_ptr_eq(SSL_get_session(clientssl2), sess1))
2cb4b5f6 1356 goto end;
2cb4b5f6 1357
7e885b7b 1358 if (use_int_cache) {
710756a9
RS		 1359 /* Should succeeded because it should not already be in the cache */
1360 if (!TEST_true(SSL_CTX_add_session(cctx, sess2))
1361 || !TEST_true(SSL_CTX_remove_session(cctx, sess2)))
eaa776da 1362 goto end;
eaa776da
MC		 1363 }
1364
c0537ebd 1365 new_called = remove_called = 0;
eaa776da 1366 /* This shouldn't be in the cache so should fail */
710756a9 1367 if (!TEST_false(SSL_CTX_remove_session(cctx, sess2)))
2cb4b5f6 1368 goto end;
2cb4b5f6 1369
7a301f08
MC		 1370 if (use_ext_cache
1371 && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1)))
2cb4b5f6 1372 goto end;
2cb4b5f6 1373
bf208d95 1374# if !defined(OPENSSL_NO_TLS1_1)
c0537ebd 1375 new_called = remove_called = 0;
eaa776da
MC		 1376 /* Force a connection failure */
1377 SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION);
710756a9
RS		 1378 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl3,
1379 &clientssl3, NULL, NULL))
1380 || !TEST_true(SSL_set_session(clientssl3, sess1))
c0537ebd 1381 /* This should fail because of the mismatched protocol versions */
710756a9
RS		 1382 || !TEST_false(create_ssl_connection(serverssl3, clientssl3,
1383 SSL_ERROR_NONE)))
eaa776da 1384 goto end;
b4982125 1385
eaa776da 1386 /* We should have automatically removed the session from the cache */
7a301f08
MC		 1387 if (use_ext_cache
1388 && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1)))
2cb4b5f6 1389 goto end;
2cb4b5f6 1390
710756a9 1391 /* Should succeed because it should not already be in the cache */
7e885b7b 1392 if (use_int_cache && !TEST_true(SSL_CTX_add_session(cctx, sess2)))
eaa776da 1393 goto end;
bf208d95 1394# endif
eaa776da 1395
7a301f08
MC		 1396 /* Now do some tests for server side caching */
1397 if (use_ext_cache) {
1398 SSL_CTX_sess_set_new_cb(cctx, NULL);
1399 SSL_CTX_sess_set_remove_cb(cctx, NULL);
1400 SSL_CTX_sess_set_new_cb(sctx, new_session_cb);
1401 SSL_CTX_sess_set_remove_cb(sctx, remove_session_cb);
1402 SSL_CTX_sess_set_get_cb(sctx, get_session_cb);
1403 get_sess_val = NULL;
1404 }
1405
1406 SSL_CTX_set_session_cache_mode(cctx, 0);
1407 /* Internal caching is the default on the server side */
1408 if (!use_int_cache)
1409 SSL_CTX_set_session_cache_mode(sctx,
1410 SSL_SESS_CACHE_SERVER
1411 | SSL_SESS_CACHE_NO_INTERNAL_STORE);
1412
1413 SSL_free(serverssl1);
1414 SSL_free(clientssl1);
1415 serverssl1 = clientssl1 = NULL;
1416 SSL_free(serverssl2);
1417 SSL_free(clientssl2);
1418 serverssl2 = clientssl2 = NULL;
1419 SSL_SESSION_free(sess1);
1420 sess1 = NULL;
1421 SSL_SESSION_free(sess2);
1422 sess2 = NULL;
1423
1424 SSL_CTX_set_max_proto_version(sctx, maxprot);
6cc0b3c2
MC		 1425 if (maxprot == TLS1_2_VERSION)
1426 SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET);
0afca811 1427 new_called = remove_called = get_called = 0;
7a301f08
MC		 1428 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
1429 NULL, NULL))
1430 || !TEST_true(create_ssl_connection(serverssl1, clientssl1,
1431 SSL_ERROR_NONE))
1432 || !TEST_ptr(sess1 = SSL_get1_session(clientssl1))
1433 || !TEST_ptr(sess2 = SSL_get1_session(serverssl1)))
1434 goto end;
1435
ee94ec2e
MC		 1436 if (use_int_cache) {
1437 if (maxprot == TLS1_3_VERSION && !use_ext_cache) {
1438 /*
1439 * In TLSv1.3 it should not have been added to the internal cache,
1440 * except in the case where we also have an external cache (in that
1441 * case it gets added to the cache in order to generate remove
1442 * events after timeout).
1443 */
1444 if (!TEST_false(SSL_CTX_remove_session(sctx, sess2)))
1445 goto end;
1446 } else {
1447 /* Should fail because it should already be in the cache */
1448 if (!TEST_false(SSL_CTX_add_session(sctx, sess2)))
1449 goto end;
1450 }
1451 }
7a301f08
MC		 1452
1453 if (use_ext_cache) {
1454 SSL_SESSION *tmp = sess2;
1455
36ff232c 1456 if (!TEST_int_eq(new_called, numnewsesstick)
0afca811
KY		 1457 || !TEST_int_eq(remove_called, 0)
1458 || !TEST_int_eq(get_called, 0))
7a301f08
MC		 1459 goto end;
1460 /*
1461 * Delete the session from the internal cache to force a lookup from
1462 * the external cache. We take a copy first because
1463 * SSL_CTX_remove_session() also marks the session as non-resumable.
1464 */
ee94ec2e 1465 if (use_int_cache && maxprot != TLS1_3_VERSION) {
3cb6a4d6
BK		 1466 if (!TEST_ptr(tmp = SSL_SESSION_dup(sess2))
1467 || !TEST_true(SSL_CTX_remove_session(sctx, sess2)))
1468 goto end;
1469 SSL_SESSION_free(sess2);
1470 }
7a301f08
MC		 1471 sess2 = tmp;
1472 }
1473
0afca811 1474 new_called = remove_called = get_called = 0;
7a301f08
MC		 1475 get_sess_val = sess2;
1476 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
1477 &clientssl2, NULL, NULL))
1478 || !TEST_true(SSL_set_session(clientssl2, sess1))
1479 || !TEST_true(create_ssl_connection(serverssl2, clientssl2,
1480 SSL_ERROR_NONE))
1481 || !TEST_true(SSL_session_reused(clientssl2)))
1482 goto end;
1483
0afca811 1484 if (use_ext_cache) {
32305f88 1485 if (!TEST_int_eq(remove_called, 0))
0afca811
KY		 1486 goto end;
1487
1488 if (maxprot == TLS1_3_VERSION) {
32305f88
MC		 1489 if (!TEST_int_eq(new_called, 1)
1490 || !TEST_int_eq(get_called, 0))
0afca811
KY		 1491 goto end;
1492 } else {
32305f88
MC		 1493 if (!TEST_int_eq(new_called, 0)
1494 || !TEST_int_eq(get_called, 1))
0afca811
KY		 1495 goto end;
1496 }
1497 }
7a301f08 1498
2cb4b5f6 1499 testresult = 1;
eaa776da 1500
2cb4b5f6
MC		 1501 end:
1502 SSL_free(serverssl1);
1503 SSL_free(clientssl1);
1504 SSL_free(serverssl2);
1505 SSL_free(clientssl2);
bf208d95 1506# ifndef OPENSSL_NO_TLS1_1
eaa776da
MC		 1507 SSL_free(serverssl3);
1508 SSL_free(clientssl3);
bf208d95 1509# endif
2cb4b5f6
MC		 1510 SSL_SESSION_free(sess1);
1511 SSL_SESSION_free(sess2);
1512 SSL_CTX_free(sctx);
1513 SSL_CTX_free(cctx);
1514
1515 return testresult;
1516}
bf208d95 1517#endif /* !defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) */
2cb4b5f6 1518
7fb4c820
MC		 1519static int test_session_with_only_int_cache(void)
1520{
7a301f08
MC		 1521#ifndef OPENSSL_NO_TLS1_3
1522 if (!execute_test_session(TLS1_3_VERSION, 1, 0))
1523 return 0;
1524#endif
1525
1526#ifndef OPENSSL_NO_TLS1_2
1527 return execute_test_session(TLS1_2_VERSION, 1, 0);
1528#else
1529 return 1;
1530#endif
eaa776da
MC		 1531}
1532
7fb4c820
MC		 1533static int test_session_with_only_ext_cache(void)
1534{
7a301f08
MC		 1535#ifndef OPENSSL_NO_TLS1_3
1536 if (!execute_test_session(TLS1_3_VERSION, 0, 1))
1537 return 0;
1538#endif
1539
1540#ifndef OPENSSL_NO_TLS1_2
1541 return execute_test_session(TLS1_2_VERSION, 0, 1);
1542#else
1543 return 1;
1544#endif
eaa776da
MC		 1545}
1546
7fb4c820
MC		 1547static int test_session_with_both_cache(void)
1548{
7a301f08
MC		 1549#ifndef OPENSSL_NO_TLS1_3
1550 if (!execute_test_session(TLS1_3_VERSION, 1, 1))
1551 return 0;
1552#endif
1553
1554#ifndef OPENSSL_NO_TLS1_2
1555 return execute_test_session(TLS1_2_VERSION, 1, 1);
1556#else
1557 return 1;
1558#endif
eaa776da
MC		 1559}
1560
04225915 1561#ifndef OPENSSL_NO_TLS1_3
c22365b3
MC		 1562static SSL_SESSION *sesscache[6];
1563static int do_cache;
36ff232c
MC		 1564
1565static int new_cachesession_cb(SSL *ssl, SSL_SESSION *sess)
1566{
c22365b3
MC		 1567 if (do_cache) {
1568 sesscache[new_called] = sess;
1569 } else {
1570 /* We don't need the reference to the session, so free it */
1571 SSL_SESSION_free(sess);
1572 }
1573 new_called++;
1574
1575 return 1;
1576}
1577
1578static int post_handshake_verify(SSL *sssl, SSL *cssl)
1579{
1580 SSL_set_verify(sssl, SSL_VERIFY_PEER, NULL);
1581 if (!TEST_true(SSL_verify_client_post_handshake(sssl)))
1582 return 0;
1583
1584 /* Start handshake on the server and client */
1585 if (!TEST_int_eq(SSL_do_handshake(sssl), 1)
1586 || !TEST_int_le(SSL_read(cssl, NULL, 0), 0)
1587 || !TEST_int_le(SSL_read(sssl, NULL, 0), 0)
1588 || !TEST_true(create_ssl_connection(sssl, cssl,
1589 SSL_ERROR_NONE)))
1590 return 0;
36ff232c
MC		 1591
1592 return 1;
1593}
1594
fbe9dafd 1595static int setup_ticket_test(int stateful, int idx, SSL_CTX **sctx,
03cdf559
MC		 1596 SSL_CTX **cctx)
1597{
1598 int sess_id_ctx = 1;
1599
1600 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
5c587fb6 1601 TLS1_VERSION, 0, sctx,
03cdf559
MC		 1602 cctx, cert, privkey))
1603 || !TEST_true(SSL_CTX_set_num_tickets(*sctx, idx))
1604 || !TEST_true(SSL_CTX_set_session_id_context(*sctx,
1605 (void *)&sess_id_ctx,
1606 sizeof(sess_id_ctx))))
1607 return 0;
1608
1609 if (stateful)
1610 SSL_CTX_set_options(*sctx, SSL_OP_NO_TICKET);
1611
1612 SSL_CTX_set_session_cache_mode(*cctx, SSL_SESS_CACHE_CLIENT
1613 | SSL_SESS_CACHE_NO_INTERNAL_STORE);
1614 SSL_CTX_sess_set_new_cb(*cctx, new_cachesession_cb);
1615
1616 return 1;
1617}
1618
1619static int check_resumption(int idx, SSL_CTX *sctx, SSL_CTX *cctx, int succ)
1620{
1621 SSL *serverssl = NULL, *clientssl = NULL;
1622 int i;
1623
1624 /* Test that we can resume with all the tickets we got given */
1625 for (i = 0; i < idx * 2; i++) {
1626 new_called = 0;
1627 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1628 &clientssl, NULL, NULL))
1629 || !TEST_true(SSL_set_session(clientssl, sesscache[i])))
1630 goto end;
1631
32097b33 1632 SSL_set_post_handshake_auth(clientssl, 1);
03cdf559
MC		 1633
1634 if (!TEST_true(create_ssl_connection(serverssl, clientssl,
1635 SSL_ERROR_NONE)))
1636 goto end;
1637
1638 /*
1639 * Following a successful resumption we only get 1 ticket. After a
1640 * failed one we should get idx tickets.
1641 */
1642 if (succ) {
1643 if (!TEST_true(SSL_session_reused(clientssl))
1644 || !TEST_int_eq(new_called, 1))
1645 goto end;
1646 } else {
1647 if (!TEST_false(SSL_session_reused(clientssl))
1648 || !TEST_int_eq(new_called, idx))
1649 goto end;
1650 }
1651
1652 new_called = 0;
1653 /* After a post-handshake authentication we should get 1 new ticket */
1654 if (succ
1655 && (!post_handshake_verify(serverssl, clientssl)
1656 || !TEST_int_eq(new_called, 1)))
1657 goto end;
1658
1659 SSL_shutdown(clientssl);
1660 SSL_shutdown(serverssl);
1661 SSL_free(serverssl);
1662 SSL_free(clientssl);
1663 serverssl = clientssl = NULL;
1664 SSL_SESSION_free(sesscache[i]);
1665 sesscache[i] = NULL;
1666 }
1667
1668 return 1;
1669
1670 end:
1671 SSL_free(clientssl);
1672 SSL_free(serverssl);
1673 return 0;
1674}
1675
04d7814a 1676static int test_tickets(int stateful, int idx)
36ff232c
MC		 1677{
1678 SSL_CTX *sctx = NULL, *cctx = NULL;
1679 SSL *serverssl = NULL, *clientssl = NULL;
03cdf559 1680 int testresult = 0;
36ff232c
MC		 1681 size_t j;
1682
1683 /* idx is the test number, but also the number of tickets we want */
1684
1685 new_called = 0;
c22365b3 1686 do_cache = 1;
36ff232c 1687
fbe9dafd 1688 if (!setup_ticket_test(stateful, idx, &sctx, &cctx))
36ff232c
MC		 1689 goto end;
1690
03cdf559
MC		 1691 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1692 &clientssl, NULL, NULL)))
1693 goto end;
1694
1695 if (!TEST_true(create_ssl_connection(serverssl, clientssl,
1696 SSL_ERROR_NONE))
1697 /* Check we got the number of tickets we were expecting */
1698 || !TEST_int_eq(idx, new_called))
1699 goto end;
04d7814a 1700
03cdf559
MC		 1701 SSL_shutdown(clientssl);
1702 SSL_shutdown(serverssl);
1703 SSL_free(serverssl);
1704 SSL_free(clientssl);
1705 SSL_CTX_free(sctx);
1706 SSL_CTX_free(cctx);
1707 clientssl = serverssl = NULL;
1708 sctx = cctx = NULL;
1709
1710 /*
1711 * Now we try to resume with the tickets we previously created. The
1712 * resumption attempt is expected to fail (because we're now using a new
1713 * SSL_CTX). We should see idx number of tickets issued again.
1714 */
1715
1716 /* Stop caching sessions - just count them */
1717 do_cache = 0;
1718
fbe9dafd 1719 if (!setup_ticket_test(stateful, idx, &sctx, &cctx))
03cdf559
MC		 1720 goto end;
1721
1722 if (!check_resumption(idx, sctx, cctx, 0))
1723 goto end;
1724
1725 /* Start again with caching sessions */
1726 new_called = 0;
1727 do_cache = 1;
fbe9dafd
MC		 1728 SSL_CTX_free(sctx);
1729 SSL_CTX_free(cctx);
1730 sctx = cctx = NULL;
03cdf559 1731
fbe9dafd 1732 if (!setup_ticket_test(stateful, idx, &sctx, &cctx))
03cdf559 1733 goto end;
36ff232c
MC		 1734
1735 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
1736 &clientssl, NULL, NULL)))
1737 goto end;
1738
32097b33 1739 SSL_set_post_handshake_auth(clientssl, 1);
36ff232c
MC		 1740
1741 if (!TEST_true(create_ssl_connection(serverssl, clientssl,
1742 SSL_ERROR_NONE))
1743 /* Check we got the number of tickets we were expecting */
1744 || !TEST_int_eq(idx, new_called))
1745 goto end;
1746
1747 /* After a post-handshake authentication we should get new tickets issued */
c22365b3 1748 if (!post_handshake_verify(serverssl, clientssl)
36ff232c
MC		 1749 || !TEST_int_eq(idx * 2, new_called))
1750 goto end;
1751
36ff232c
MC		 1752 SSL_shutdown(clientssl);
1753 SSL_shutdown(serverssl);
1754 SSL_free(serverssl);
1755 SSL_free(clientssl);
1756 serverssl = clientssl = NULL;
1757
c22365b3
MC		 1758 /* Stop caching sessions - just count them */
1759 do_cache = 0;
1760
03cdf559
MC		 1761 /*
1762 * Check we can resume with all the tickets we created. This time around the
1763 * resumptions should all be successful.
1764 */
1765 if (!check_resumption(idx, sctx, cctx, 1))
1766 goto end;
36ff232c
MC		 1767
1768 testresult = 1;
1769
1770 end:
1771 SSL_free(serverssl);
1772 SSL_free(clientssl);
c22365b3 1773 for (j = 0; j < OSSL_NELEM(sesscache); j++) {
36ff232c 1774 SSL_SESSION_free(sesscache[j]);
c22365b3
MC		 1775 sesscache[j] = NULL;
1776 }
36ff232c
MC		 1777 SSL_CTX_free(sctx);
1778 SSL_CTX_free(cctx);
1779
1780 return testresult;
1781}
04d7814a
MC		 1782
1783static int test_stateless_tickets(int idx)
1784{
1785 return test_tickets(0, idx);
1786}
1787
1788static int test_stateful_tickets(int idx)
1789{
1790 return test_tickets(1, idx);
1791}
8614a4eb
MC		 1792
1793static int test_psk_tickets(void)
1794{
1795 SSL_CTX *sctx = NULL, *cctx = NULL;
1796 SSL *serverssl = NULL, *clientssl = NULL;
1797 int testresult = 0;
1798 int sess_id_ctx = 1;
1799
1800 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
5c587fb6 1801 TLS1_VERSION, 0, &sctx,
8614a4eb
MC		 1802 &cctx, NULL, NULL))
1803 || !TEST_true(SSL_CTX_set_session_id_context(sctx,
1804 (void *)&sess_id_ctx,
1805 sizeof(sess_id_ctx))))
1806 goto end;
1807
1808 SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT
1809 | SSL_SESS_CACHE_NO_INTERNAL_STORE);
1810 SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb);
1811 SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb);
1812 SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
1813 use_session_cb_cnt = 0;
1814 find_session_cb_cnt = 0;
1815 srvid = pskid;
1816 new_called = 0;
1817
1818 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
1819 NULL, NULL)))
1820 goto end;
1821 clientpsk = serverpsk = create_a_psk(clientssl);
1822 if (!TEST_ptr(clientpsk))
1823 goto end;
1824 SSL_SESSION_up_ref(clientpsk);
1825
1826 if (!TEST_true(create_ssl_connection(serverssl, clientssl,
1827 SSL_ERROR_NONE))
1828 || !TEST_int_eq(1, find_session_cb_cnt)
1829 || !TEST_int_eq(1, use_session_cb_cnt)
1830 /* We should always get 1 ticket when using external PSK */
1831 || !TEST_int_eq(1, new_called))
1832 goto end;
1833
1834 testresult = 1;
1835
1836 end:
1837 SSL_free(serverssl);
1838 SSL_free(clientssl);
1839 SSL_CTX_free(sctx);
1840 SSL_CTX_free(cctx);
1841 SSL_SESSION_free(clientpsk);
1842 SSL_SESSION_free(serverpsk);
1843 clientpsk = serverpsk = NULL;
1844
1845 return testresult;
1846}
04225915 1847#endif
36ff232c 1848
7d4488bb
MC		 1849#define USE_NULL 0
1850#define USE_BIO_1 1
1851#define USE_BIO_2 2
1852#define USE_DEFAULT 3
1853
1854#define CONNTYPE_CONNECTION_SUCCESS 0
1855#define CONNTYPE_CONNECTION_FAIL 1
1856#define CONNTYPE_NO_CONNECTION 2
1857
1858#define TOTAL_NO_CONN_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3)
1859#define TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS (2 * 2)
1860#if !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_2)
1861# define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS (2 * 2)
1862#else
1863# define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS 0
1864#endif
1865
7d4488bb
MC		 1866#define TOTAL_SSL_SET_BIO_TESTS TOTAL_NO_CONN_SSL_SET_BIO_TESTS \
1867 + TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS \
1868 + TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS
7fb4c820
MC		 1869
1870static void setupbio(BIO **res, BIO *bio1, BIO *bio2, int type)
1871{
1872 switch (type) {
1873 case USE_NULL:
1874 *res = NULL;
1875 break;
1876 case USE_BIO_1:
1877 *res = bio1;
1878 break;
1879 case USE_BIO_2:
1880 *res = bio2;
1881 break;
1882 }
1883}
1884
7d4488bb
MC		 1885
1886/*
1887 * Tests calls to SSL_set_bio() under various conditions.
1888 *
1889 * For the first 3 * 3 * 3 * 3 = 81 tests we do 2 calls to SSL_set_bio() with
1890 * various combinations of valid BIOs or NULL being set for the rbio/wbio. We
1891 * then do more tests where we create a successful connection first using our
1892 * standard connection setup functions, and then call SSL_set_bio() with
1893 * various combinations of valid BIOs or NULL. We then repeat these tests
1894 * following a failed connection. In this last case we are looking to check that
1895 * SSL_set_bio() functions correctly in the case where s->bbio is not NULL.
1896 */
7fb4c820
MC		 1897static int test_ssl_set_bio(int idx)
1898{
7d4488bb 1899 SSL_CTX *sctx = NULL, *cctx = NULL;
7fb4c820
MC		 1900 BIO *bio1 = NULL;
1901 BIO *bio2 = NULL;
0fae8150 1902 BIO *irbio = NULL, *iwbio = NULL, *nrbio = NULL, *nwbio = NULL;
7d4488bb
MC		 1903 SSL *serverssl = NULL, *clientssl = NULL;
1904 int initrbio, initwbio, newrbio, newwbio, conntype;
7fb4c820
MC		 1905 int testresult = 0;
1906
7d4488bb
MC		 1907 if (idx < TOTAL_NO_CONN_SSL_SET_BIO_TESTS) {
1908 initrbio = idx % 3;
1909 idx /= 3;
1910 initwbio = idx % 3;
1911 idx /= 3;
1912 newrbio = idx % 3;
1913 idx /= 3;
1914 newwbio = idx % 3;
1915 conntype = CONNTYPE_NO_CONNECTION;
1916 } else {
1917 idx -= TOTAL_NO_CONN_SSL_SET_BIO_TESTS;
1918 initrbio = initwbio = USE_DEFAULT;
1919 newrbio = idx % 2;
1920 idx /= 2;
1921 newwbio = idx % 2;
1922 idx /= 2;
1923 conntype = idx % 2;
1924 }
710756a9 1925
7d4488bb 1926 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
5c587fb6 1927 TLS1_VERSION, 0,
7d4488bb
MC		 1928 &sctx, &cctx, cert, privkey)))
1929 goto end;
1930
1931 if (conntype == CONNTYPE_CONNECTION_FAIL) {
1932 /*
1933 * We won't ever get here if either TLSv1.3 or TLSv1.2 is disabled
1934 * because we reduced the number of tests in the definition of
1935 * TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS to avoid this scenario. By setting
1936 * mismatched protocol versions we will force a connection failure.
1937 */
1938 SSL_CTX_set_min_proto_version(sctx, TLS1_3_VERSION);
1939 SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
1940 }
1941
1942 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
1943 NULL, NULL)))
710756a9 1944 goto end;
7fb4c820 1945
710756a9
RS		 1946 if (initrbio == USE_BIO_1
1947 || initwbio == USE_BIO_1
1948 || newrbio == USE_BIO_1
7fb4c820 1949 || newwbio == USE_BIO_1) {
710756a9 1950 if (!TEST_ptr(bio1 = BIO_new(BIO_s_mem())))
7fb4c820 1951 goto end;
7fb4c820
MC		 1952 }
1953
710756a9
RS		 1954 if (initrbio == USE_BIO_2
1955 || initwbio == USE_BIO_2
1956 || newrbio == USE_BIO_2
7fb4c820 1957 || newwbio == USE_BIO_2) {
710756a9 1958 if (!TEST_ptr(bio2 = BIO_new(BIO_s_mem())))
7fb4c820 1959 goto end;
7fb4c820
MC		 1960 }
1961
7d4488bb
MC		 1962 if (initrbio != USE_DEFAULT) {
1963 setupbio(&irbio, bio1, bio2, initrbio);
1964 setupbio(&iwbio, bio1, bio2, initwbio);
1965 SSL_set_bio(clientssl, irbio, iwbio);
7fb4c820 1966
7d4488bb
MC		 1967 /*
1968 * We want to maintain our own refs to these BIO, so do an up ref for
1969 * each BIO that will have ownership transferred in the SSL_set_bio()
1970 * call
1971 */
1972 if (irbio != NULL)
1973 BIO_up_ref(irbio);
1974 if (iwbio != NULL && iwbio != irbio)
1975 BIO_up_ref(iwbio);
1976 }
7fb4c820 1977
7d4488bb
MC		 1978 if (conntype != CONNTYPE_NO_CONNECTION
1979 && !TEST_true(create_ssl_connection(serverssl, clientssl,
1980 SSL_ERROR_NONE)
1981 == (conntype == CONNTYPE_CONNECTION_SUCCESS)))
1982 goto end;
7fb4c820
MC		 1983
1984 setupbio(&nrbio, bio1, bio2, newrbio);
1985 setupbio(&nwbio, bio1, bio2, newwbio);
1986
1987 /*
1988 * We will (maybe) transfer ownership again so do more up refs.
1989 * SSL_set_bio() has some really complicated ownership rules where BIOs have
1990 * already been set!
1991 */
710756a9
RS		 1992 if (nrbio != NULL
1993 && nrbio != irbio
1994 && (nwbio != iwbio || nrbio != nwbio))
7fb4c820 1995 BIO_up_ref(nrbio);
710756a9
RS		 1996 if (nwbio != NULL
1997 && nwbio != nrbio
1998 && (nwbio != iwbio || (nwbio == iwbio && irbio == iwbio)))
7fb4c820
MC		 1999 BIO_up_ref(nwbio);
2000
7d4488bb 2001 SSL_set_bio(clientssl, nrbio, nwbio);
7fb4c820
MC		 2002
2003 testresult = 1;
2004
2005 end:
7fb4c820
MC		 2006 BIO_free(bio1);
2007 BIO_free(bio2);
710756a9 2008
7fb4c820
MC		 2009 /*
2010 * This test is checking that the ref counting for SSL_set_bio is correct.
2011 * If we get here and we did too many frees then we will fail in the above
2012 * functions. If we haven't done enough then this will only be detected in
2013 * a crypto-mdebug build
2014 */
7d4488bb
MC		 2015 SSL_free(serverssl);
2016 SSL_free(clientssl);
2017 SSL_CTX_free(sctx);
2018 SSL_CTX_free(cctx);
7fb4c820
MC		 2019 return testresult;
2020}
2021
7e885b7b 2022typedef enum { NO_BIO_CHANGE, CHANGE_RBIO, CHANGE_WBIO } bio_change_t;
9a716987 2023
7e885b7b 2024static int execute_test_ssl_bio(int pop_ssl, bio_change_t change_bio)
9a716987
MC		 2025{
2026 BIO *sslbio = NULL, *membio1 = NULL, *membio2 = NULL;
710756a9 2027 SSL_CTX *ctx;
9a716987
MC		 2028 SSL *ssl = NULL;
2029 int testresult = 0;
2030
710756a9
RS		 2031 if (!TEST_ptr(ctx = SSL_CTX_new(TLS_method()))
2032 || !TEST_ptr(ssl = SSL_new(ctx))
2033 || !TEST_ptr(sslbio = BIO_new(BIO_f_ssl()))
2034 || !TEST_ptr(membio1 = BIO_new(BIO_s_mem())))
9a716987 2035 goto end;
9a716987
MC		 2036
2037 BIO_set_ssl(sslbio, ssl, BIO_CLOSE);
2038
2039 /*
2040 * If anything goes wrong here then we could leak memory, so this will
2041 * be caught in a crypto-mdebug build
2042 */
2043 BIO_push(sslbio, membio1);
2044
69687aa8 2045 /* Verify changing the rbio/wbio directly does not cause leaks */
7e885b7b 2046 if (change_bio != NO_BIO_CHANGE) {
710756a9 2047 if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem())))
9a716987 2048 goto end;
7e885b7b 2049 if (change_bio == CHANGE_RBIO)
65e2d672 2050 SSL_set0_rbio(ssl, membio2);
9a716987 2051 else
65e2d672 2052 SSL_set0_wbio(ssl, membio2);
9a716987
MC		 2053 }
2054 ssl = NULL;
2055
7e885b7b 2056 if (pop_ssl)
9a716987
MC		 2057 BIO_pop(sslbio);
2058 else
2059 BIO_pop(membio1);
2060
2061 testresult = 1;
2062 end:
2063 BIO_free(membio1);
2064 BIO_free(sslbio);
2065 SSL_free(ssl);
2066 SSL_CTX_free(ctx);
2067
2068 return testresult;
2069}
2070
2071static int test_ssl_bio_pop_next_bio(void)
2072{
7e885b7b 2073 return execute_test_ssl_bio(0, NO_BIO_CHANGE);
9a716987
MC		 2074}
2075
2076static int test_ssl_bio_pop_ssl_bio(void)
2077{
7e885b7b 2078 return execute_test_ssl_bio(1, NO_BIO_CHANGE);
9a716987
MC		 2079}
2080
2081static int test_ssl_bio_change_rbio(void)
2082{
7e885b7b 2083 return execute_test_ssl_bio(0, CHANGE_RBIO);
9a716987
MC		 2084}
2085
2086static int test_ssl_bio_change_wbio(void)
2087{
7e885b7b 2088 return execute_test_ssl_bio(0, CHANGE_WBIO);
9a716987
MC		 2089}
2090
c423ecaa 2091#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
f1b25aae
MC		 2092typedef struct {
2093 /* The list of sig algs */
2094 const int *list;
2095 /* The length of the list */
2096 size_t listlen;
2097 /* A sigalgs list in string format */
2098 const char *liststr;
2099 /* Whether setting the list should succeed */
2100 int valid;
2101 /* Whether creating a connection with the list should succeed */
2102 int connsuccess;
2103} sigalgs_list;
2104
2105static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA};
c423ecaa 2106# ifndef OPENSSL_NO_EC
f1b25aae
MC		 2107static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC};
2108static const int validlist3[] = {NID_sha512, EVP_PKEY_EC};
c423ecaa 2109# endif
f1b25aae
MC		 2110static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA};
2111static const int invalidlist2[] = {NID_sha256, NID_undef};
2112static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256};
2113static const int invalidlist4[] = {NID_sha256};
2114static const sigalgs_list testsigalgs[] = {
2115 {validlist1, OSSL_NELEM(validlist1), NULL, 1, 1},
c423ecaa 2116# ifndef OPENSSL_NO_EC
f1b25aae
MC		 2117 {validlist2, OSSL_NELEM(validlist2), NULL, 1, 1},
2118 {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0},
c423ecaa 2119# endif
f1b25aae 2120 {NULL, 0, "RSA+SHA256", 1, 1},
c423ecaa 2121# ifndef OPENSSL_NO_EC
f1b25aae
MC		 2122 {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
2123 {NULL, 0, "ECDSA+SHA512", 1, 0},
c423ecaa 2124# endif
f1b25aae
MC		 2125 {invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0},
2126 {invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0},
2127 {invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0},
2128 {invalidlist4, OSSL_NELEM(invalidlist4), NULL, 0, 0},
2129 {NULL, 0, "RSA", 0, 0},
2130 {NULL, 0, "SHA256", 0, 0},
2131 {NULL, 0, "RSA+SHA256:SHA256", 0, 0},
710756a9
RS		 2132 {NULL, 0, "Invalid", 0, 0}
2133};
f1b25aae
MC		 2134
2135static int test_set_sigalgs(int idx)
2136{
2137 SSL_CTX *cctx = NULL, *sctx = NULL;
2138 SSL *clientssl = NULL, *serverssl = NULL;
2139 int testresult = 0;
2140 const sigalgs_list *curr;
2141 int testctx;
2142
2143 /* Should never happen */
710756a9 2144 if (!TEST_size_t_le((size_t)idx, OSSL_NELEM(testsigalgs) * 2))
f1b25aae
MC		 2145 return 0;
2146
2147 testctx = ((size_t)idx < OSSL_NELEM(testsigalgs));
2148 curr = testctx ? &testsigalgs[idx]
2149 : &testsigalgs[idx - OSSL_NELEM(testsigalgs)];
2150
7d7f6834 2151 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
5c587fb6 2152 TLS1_VERSION, 0,
7d7f6834 2153 &sctx, &cctx, cert, privkey)))
f1b25aae 2154 return 0;
f1b25aae 2155
d2e491f2
MC		 2156 /*
2157 * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test it
2158 * for TLSv1.2 for now until we add a new API.
2159 */
2160 SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
2161
f1b25aae
MC		 2162 if (testctx) {
2163 int ret;
710756a9 2164
f1b25aae
MC		 2165 if (curr->list != NULL)
2166 ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen);
2167 else
2168 ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr);
2169
2170 if (!ret) {
2171 if (curr->valid)
710756a9 2172 TEST_info("Failure setting sigalgs in SSL_CTX (%d)\n", idx);
f1b25aae
MC		 2173 else
2174 testresult = 1;
2175 goto end;
2176 }
2177 if (!curr->valid) {
710756a9 2178 TEST_info("Not-failed setting sigalgs in SSL_CTX (%d)\n", idx);
f1b25aae
MC		 2179 goto end;
2180 }
2181 }
2182
710756a9
RS		 2183 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
2184 &clientssl, NULL, NULL)))
f1b25aae 2185 goto end;
f1b25aae
MC		 2186
2187 if (!testctx) {
2188 int ret;
2189
2190 if (curr->list != NULL)
2191 ret = SSL_set1_sigalgs(clientssl, curr->list, curr->listlen);
2192 else
2193 ret = SSL_set1_sigalgs_list(clientssl, curr->liststr);
2194 if (!ret) {
2195 if (curr->valid)
710756a9 2196 TEST_info("Failure setting sigalgs in SSL (%d)\n", idx);
f1b25aae
MC		 2197 else
2198 testresult = 1;
2199 goto end;
2200 }
710756a9 2201 if (!curr->valid)
f1b25aae 2202 goto end;
f1b25aae
MC		 2203 }
2204
710756a9
RS		 2205 if (!TEST_int_eq(create_ssl_connection(serverssl, clientssl,
2206 SSL_ERROR_NONE),
2207 curr->connsuccess))
f1b25aae 2208 goto end;
f1b25aae
MC		 2209
2210 testresult = 1;
2211
2212 end:
2213 SSL_free(serverssl);
2214 SSL_free(clientssl);
2215 SSL_CTX_free(sctx);
2216 SSL_CTX_free(cctx);
2217
2218 return testresult;
2219}
c423ecaa 2220#endif
f1b25aae 2221
fff202e5 2222#ifndef OPENSSL_NO_TLS1_3
532f9578
MC		 2223static int psk_client_cb_cnt = 0;
2224static int psk_server_cb_cnt = 0;
02a3ed5a
MC		 2225
2226static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id,
2227 size_t *idlen, SSL_SESSION **sess)
2228{
2229 switch (++use_session_cb_cnt) {
2230 case 1:
2231 /* The first call should always have a NULL md */
2232 if (md != NULL)
2233 return 0;
2234 break;
2235
2236 case 2:
2237 /* The second call should always have an md */
2238 if (md == NULL)
2239 return 0;
2240 break;
2241
2242 default:
2243 /* We should only be called a maximum of twice */
2244 return 0;
2245 }
2246
57dee9bb
MC		 2247 if (clientpsk != NULL)
2248 SSL_SESSION_up_ref(clientpsk);
02a3ed5a 2249
57dee9bb 2250 *sess = clientpsk;
02a3ed5a
MC		 2251 *id = (const unsigned char *)pskid;
2252 *idlen = strlen(pskid);
2253
2254 return 1;
2255}
2256
c2b290c3 2257#ifndef OPENSSL_NO_PSK
532f9578
MC		 2258static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *id,
2259 unsigned int max_id_len,
2260 unsigned char *psk,
2261 unsigned int max_psk_len)
2262{
2263 unsigned int psklen = 0;
2264
2265 psk_client_cb_cnt++;
2266
2267 if (strlen(pskid) + 1 > max_id_len)
2268 return 0;
2269
2270 /* We should only ever be called a maximum of twice per connection */
2271 if (psk_client_cb_cnt > 2)
2272 return 0;
2273
2274 if (clientpsk == NULL)
2275 return 0;
2276
2277 /* We'll reuse the PSK we set up for TLSv1.3 */
2278 if (SSL_SESSION_get_master_key(clientpsk, NULL, 0) > max_psk_len)
2279 return 0;
2280 psklen = SSL_SESSION_get_master_key(clientpsk, psk, max_psk_len);
2281 strncpy(id, pskid, max_id_len);
2282
2283 return psklen;
2284}
c2b290c3 2285#endif /* OPENSSL_NO_PSK */
532f9578 2286
02a3ed5a
MC		 2287static int find_session_cb(SSL *ssl, const unsigned char *identity,
2288 size_t identity_len, SSL_SESSION **sess)
2289{
2290 find_session_cb_cnt++;
2291
2292 /* We should only ever be called a maximum of twice per connection */
2293 if (find_session_cb_cnt > 2)
2294 return 0;
2295
57dee9bb 2296 if (serverpsk == NULL)
02a3ed5a
MC		 2297 return 0;
2298
2299 /* Identity should match that set by the client */
2300 if (strlen(srvid) != identity_len
2301 || strncmp(srvid, (const char *)identity, identity_len) != 0) {
2302 /* No PSK found, continue but without a PSK */
2303 *sess = NULL;
2304 return 1;
2305 }
2306
57dee9bb
MC		 2307 SSL_SESSION_up_ref(serverpsk);
2308 *sess = serverpsk;
02a3ed5a
MC		 2309
2310 return 1;
2311}
2312
c2b290c3 2313#ifndef OPENSSL_NO_PSK
532f9578
MC		 2314static unsigned int psk_server_cb(SSL *ssl, const char *identity,
2315 unsigned char *psk, unsigned int max_psk_len)
2316{
2317 unsigned int psklen = 0;
2318
2319 psk_server_cb_cnt++;
2320
2321 /* We should only ever be called a maximum of twice per connection */
2322 if (find_session_cb_cnt > 2)
2323 return 0;
2324
2325 if (serverpsk == NULL)
2326 return 0;
2327
2328 /* Identity should match that set by the client */
2329 if (strcmp(srvid, identity) != 0) {
2330 return 0;
2331 }
2332
2333 /* We'll reuse the PSK we set up for TLSv1.3 */
2334 if (SSL_SESSION_get_master_key(serverpsk, NULL, 0) > max_psk_len)
2335 return 0;
2336 psklen = SSL_SESSION_get_master_key(serverpsk, psk, max_psk_len);
2337
2338 return psklen;
2339}
c2b290c3 2340#endif /* OPENSSL_NO_PSK */
532f9578 2341
5f982038
MC		 2342#define MSG1 "Hello"
2343#define MSG2 "World."
2344#define MSG3 "This"
2345#define MSG4 "is"
2346#define MSG5 "a"
90049cea
MC		 2347#define MSG6 "test"
2348#define MSG7 "message."
5f982038 2349
02a3ed5a 2350#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02")
532f9578 2351#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01")
02a3ed5a 2352
8614a4eb
MC		 2353
2354static SSL_SESSION *create_a_psk(SSL *ssl)
2355{
2356 const SSL_CIPHER *cipher = NULL;
2357 const unsigned char key[] = {
2358 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
2359 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
2360 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
2361 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
2362 0x2c, 0x2d, 0x2e, 0x2f
2363 };
2364 SSL_SESSION *sess = NULL;
2365
2366 cipher = SSL_CIPHER_find(ssl, TLS13_AES_256_GCM_SHA384_BYTES);
2367 sess = SSL_SESSION_new();
2368 if (!TEST_ptr(sess)
2369 || !TEST_ptr(cipher)
2370 || !TEST_true(SSL_SESSION_set1_master_key(sess, key,
2371 sizeof(key)))
2372 || !TEST_true(SSL_SESSION_set_cipher(sess, cipher))
2373 || !TEST_true(
2374 SSL_SESSION_set_protocol_version(sess,
2375 TLS1_3_VERSION))) {
2376 SSL_SESSION_free(sess);
2377 return NULL;
2378 }
2379 return sess;
2380}
2381
5f982038
MC		 2382/*
2383 * Helper method to setup objects for early data test. Caller frees objects on
2384 * error.
2385 */
2386static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl,
3cb47b4e 2387 SSL **serverssl, SSL_SESSION **sess, int idx)
5f982038 2388{
5a421415
MC		 2389 if (*sctx == NULL
2390 && !TEST_true(create_ssl_ctx_pair(TLS_server_method(),
2391 TLS_client_method(),
5c587fb6 2392 TLS1_VERSION, 0,
5a421415
MC		 2393 sctx, cctx, cert, privkey)))
2394 return 0;
2395
2396 if (!TEST_true(SSL_CTX_set_max_early_data(*sctx, SSL3_RT_MAX_PLAIN_LENGTH)))
5f982038 2397 return 0;
5f982038 2398
02a3ed5a
MC		 2399 if (idx == 1) {
2400 /* When idx == 1 we repeat the tests with read_ahead set */
3cb47b4e
MC		 2401 SSL_CTX_set_read_ahead(*cctx, 1);
2402 SSL_CTX_set_read_ahead(*sctx, 1);
02a3ed5a
MC		 2403 } else if (idx == 2) {
2404 /* When idx == 2 we are doing early_data with a PSK. Set up callbacks */
2405 SSL_CTX_set_psk_use_session_callback(*cctx, use_session_cb);
2406 SSL_CTX_set_psk_find_session_callback(*sctx, find_session_cb);
2407 use_session_cb_cnt = 0;
2408 find_session_cb_cnt = 0;
2409 srvid = pskid;
3cb47b4e
MC		 2410 }
2411
710756a9 2412 if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl, clientssl,
02a3ed5a
MC		 2413 NULL, NULL)))
2414 return 0;
2415
141e4709
MC		 2416 /*
2417 * For one of the run throughs (doesn't matter which one), we'll try sending
2418 * some SNI data in the initial ClientHello. This will be ignored (because
2419 * there is no SNI cb set up by the server), so it should not impact
2420 * early_data.
2421 */
2422 if (idx == 1
2423 && !TEST_true(SSL_set_tlsext_host_name(*clientssl, "localhost")))
2424 return 0;
2425
02a3ed5a 2426 if (idx == 2) {
8614a4eb 2427 clientpsk = create_a_psk(*clientssl);
57dee9bb 2428 if (!TEST_ptr(clientpsk)
02a3ed5a
MC		 2429 /*
2430 * We just choose an arbitrary value for max_early_data which
2431 * should be big enough for testing purposes.
2432 */
57dee9bb
MC		 2433 || !TEST_true(SSL_SESSION_set_max_early_data(clientpsk,
2434 0x100))
2435 || !TEST_true(SSL_SESSION_up_ref(clientpsk))) {
2436 SSL_SESSION_free(clientpsk);
2437 clientpsk = NULL;
02a3ed5a
MC		 2438 return 0;
2439 }
57dee9bb 2440 serverpsk = clientpsk;
02a3ed5a 2441
c20e3b28
MC		 2442 if (sess != NULL) {
2443 if (!TEST_true(SSL_SESSION_up_ref(clientpsk))) {
2444 SSL_SESSION_free(clientpsk);
2445 SSL_SESSION_free(serverpsk);
2446 clientpsk = serverpsk = NULL;
2447 return 0;
2448 }
57dee9bb 2449 *sess = clientpsk;
c20e3b28 2450 }
02a3ed5a
MC		 2451 return 1;
2452 }
2453
2454 if (sess == NULL)
2455 return 1;
2456
2457 if (!TEST_true(create_ssl_connection(*serverssl, *clientssl,
2458 SSL_ERROR_NONE)))
5f982038 2459 return 0;
5f982038
MC		 2460
2461 *sess = SSL_get1_session(*clientssl);
5f982038
MC		 2462 SSL_shutdown(*clientssl);
2463 SSL_shutdown(*serverssl);
5f982038
MC		 2464 SSL_free(*serverssl);
2465 SSL_free(*clientssl);
2466 *serverssl = *clientssl = NULL;
2467
710756a9
RS		 2468 if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl,
2469 clientssl, NULL, NULL))
2470 || !TEST_true(SSL_set_session(*clientssl, *sess)))
5f982038 2471 return 0;
5f982038
MC		 2472
2473 return 1;
2474}
2475
3cb47b4e 2476static int test_early_data_read_write(int idx)
5f982038
MC		 2477{
2478 SSL_CTX *cctx = NULL, *sctx = NULL;
2479 SSL *clientssl = NULL, *serverssl = NULL;
2480 int testresult = 0;
2481 SSL_SESSION *sess = NULL;
9b5c865d
MC		 2482 unsigned char buf[20], data[1024];
2483 size_t readbytes, written, eoedlen, rawread, rawwritten;
2484 BIO *rbio;
5f982038 2485
710756a9
RS		 2486 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
2487 &serverssl, &sess, idx)))
5f982038
MC		 2488 goto end;
2489
2490 /* Write and read some early data */
710756a9
RS		 2491 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
2492 &written))
2493 || !TEST_size_t_eq(written, strlen(MSG1))
2494 || !TEST_int_eq(SSL_read_early_data(serverssl, buf,
2495 sizeof(buf), &readbytes),
2496 SSL_READ_EARLY_DATA_SUCCESS)
2497 || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
2498 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
2499 SSL_EARLY_DATA_ACCEPTED))
5f982038 2500 goto end;
5f982038
MC		 2501
2502 /*
09f28874 2503 * Server should be able to write data, and client should be able to
5f982038
MC		 2504 * read it.
2505 */
710756a9
RS		 2506 if (!TEST_true(SSL_write_early_data(serverssl, MSG2, strlen(MSG2),
2507 &written))
2508 || !TEST_size_t_eq(written, strlen(MSG2))
2509 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
2510 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 2511 goto end;
5f982038
MC		 2512
2513 /* Even after reading normal data, client should be able write early data */
710756a9
RS		 2514 if (!TEST_true(SSL_write_early_data(clientssl, MSG3, strlen(MSG3),
2515 &written))
2516 || !TEST_size_t_eq(written, strlen(MSG3)))
5f982038 2517 goto end;
5f982038 2518
09f28874 2519 /* Server should still be able read early data after writing data */
710756a9
RS		 2520 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
2521 &readbytes),
2522 SSL_READ_EARLY_DATA_SUCCESS)
2523 || !TEST_mem_eq(buf, readbytes, MSG3, strlen(MSG3)))
5f982038 2524 goto end;
5f982038 2525
09f28874 2526 /* Write more data from server and read it from client */
710756a9
RS		 2527 if (!TEST_true(SSL_write_early_data(serverssl, MSG4, strlen(MSG4),
2528 &written))
2529 || !TEST_size_t_eq(written, strlen(MSG4))
2530 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
2531 || !TEST_mem_eq(buf, readbytes, MSG4, strlen(MSG4)))
5f982038 2532 goto end;
5f982038
MC		 2533
2534 /*
2535 * If client writes normal data it should mean writing early data is no
2536 * longer possible.
2537 */
710756a9
RS		 2538 if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written))
2539 || !TEST_size_t_eq(written, strlen(MSG5))
2540 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
2541 SSL_EARLY_DATA_ACCEPTED))
5f982038 2542 goto end;
5f982038 2543
9b5c865d
MC		 2544 /*
2545 * At this point the client has written EndOfEarlyData, ClientFinished and
2546 * normal (fully protected) data. We are going to cause a delay between the
2547 * arrival of EndOfEarlyData and ClientFinished. We read out all the data
2548 * in the read BIO, and then just put back the EndOfEarlyData message.
2549 */
2550 rbio = SSL_get_rbio(serverssl);
710756a9
RS		 2551 if (!TEST_true(BIO_read_ex(rbio, data, sizeof(data), &rawread))
2552 || !TEST_size_t_lt(rawread, sizeof(data))
2553 || !TEST_size_t_gt(rawread, SSL3_RT_HEADER_LENGTH))
9b5c865d 2554 goto end;
710756a9 2555
9b5c865d
MC		 2556 /* Record length is in the 4th and 5th bytes of the record header */
2557 eoedlen = SSL3_RT_HEADER_LENGTH + (data[3] << 8 | data[4]);
710756a9
RS		 2558 if (!TEST_true(BIO_write_ex(rbio, data, eoedlen, &rawwritten))
2559 || !TEST_size_t_eq(rawwritten, eoedlen))
9b5c865d 2560 goto end;
9b5c865d 2561
5f982038 2562 /* Server should be told that there is no more early data */
710756a9
RS		 2563 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
2564 &readbytes),
2565 SSL_READ_EARLY_DATA_FINISH)
2566 || !TEST_size_t_eq(readbytes, 0))
5f982038 2567 goto end;
5f982038 2568
9b5c865d
MC		 2569 /*
2570 * Server has not finished init yet, so should still be able to write early
2571 * data.
2572 */
710756a9
RS		 2573 if (!TEST_true(SSL_write_early_data(serverssl, MSG6, strlen(MSG6),
2574 &written))
2575 || !TEST_size_t_eq(written, strlen(MSG6)))
9b5c865d 2576 goto end;
9b5c865d 2577
f8a303fa 2578 /* Push the ClientFinished and the normal data back into the server rbio */
710756a9
RS		 2579 if (!TEST_true(BIO_write_ex(rbio, data + eoedlen, rawread - eoedlen,
2580 &rawwritten))
2581 || !TEST_size_t_eq(rawwritten, rawread - eoedlen))
f8a303fa 2582 goto end;
f8a303fa 2583
5f982038 2584 /* Server should be able to read normal data */
710756a9
RS		 2585 if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
2586 || !TEST_size_t_eq(readbytes, strlen(MSG5)))
5f982038 2587 goto end;
5f982038 2588
09f28874 2589 /* Client and server should not be able to write/read early data now */
710756a9
RS		 2590 if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6),
2591 &written)))
5f982038 2592 goto end;
5f982038 2593 ERR_clear_error();
710756a9
RS		 2594 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
2595 &readbytes),
2596 SSL_READ_EARLY_DATA_ERROR))
5f982038 2597 goto end;
5f982038
MC		 2598 ERR_clear_error();
2599
9b5c865d 2600 /* Client should be able to read the data sent by the server */
710756a9
RS		 2601 if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
2602 || !TEST_mem_eq(buf, readbytes, MSG6, strlen(MSG6)))
9b5c865d 2603 goto end;
710756a9 2604
f8a303fa 2605 /*
36ff232c
MC		 2606 * Make sure we process the two NewSessionTickets. These arrive
2607 * post-handshake. We attempt reads which we do not expect to return any
2608 * data.
f8a303fa 2609 */
36ff232c
MC		 2610 if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
2611 || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf),
2612 &readbytes)))
f8a303fa 2613 goto end;
5f982038 2614
90049cea 2615 /* Server should be able to write normal data */
710756a9
RS		 2616 if (!TEST_true(SSL_write_ex(serverssl, MSG7, strlen(MSG7), &written))
2617 || !TEST_size_t_eq(written, strlen(MSG7))
2618 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
2619 || !TEST_mem_eq(buf, readbytes, MSG7, strlen(MSG7)))
90049cea 2620 goto end;
90049cea 2621
c20e3b28 2622 SSL_SESSION_free(sess);
5f982038 2623 sess = SSL_get1_session(clientssl);
02a3ed5a
MC		 2624 use_session_cb_cnt = 0;
2625 find_session_cb_cnt = 0;
5f982038
MC		 2626
2627 SSL_shutdown(clientssl);
2628 SSL_shutdown(serverssl);
5f982038
MC		 2629 SSL_free(serverssl);
2630 SSL_free(clientssl);
2631 serverssl = clientssl = NULL;
710756a9
RS		 2632 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
2633 &clientssl, NULL, NULL))
2634 || !TEST_true(SSL_set_session(clientssl, sess)))
5f982038 2635 goto end;
5f982038
MC		 2636
2637 /* Write and read some early data */
710756a9
RS		 2638 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
2639 &written))
2640 || !TEST_size_t_eq(written, strlen(MSG1))
2641 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
2642 &readbytes),
2643 SSL_READ_EARLY_DATA_SUCCESS)
2644 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)))
5f982038 2645 goto end;
5f982038 2646
710756a9
RS		 2647 if (!TEST_int_gt(SSL_connect(clientssl), 0)
2648 || !TEST_int_gt(SSL_accept(serverssl), 0))
5f982038 2649 goto end;
5f982038 2650
09f28874 2651 /* Client and server should not be able to write/read early data now */
710756a9
RS		 2652 if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6),
2653 &written)))
5f982038 2654 goto end;
5f982038 2655 ERR_clear_error();
710756a9
RS		 2656 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
2657 &readbytes),
2658 SSL_READ_EARLY_DATA_ERROR))
5f982038 2659 goto end;
5f982038
MC		 2660 ERR_clear_error();
2661
2662 /* Client and server should be able to write/read normal data */
710756a9
RS		 2663 if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written))
2664 || !TEST_size_t_eq(written, strlen(MSG5))
2665 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
2666 || !TEST_size_t_eq(readbytes, strlen(MSG5)))
5f982038 2667 goto end;
5f982038
MC		 2668
2669 testresult = 1;
2670
2671 end:
c20e3b28 2672 SSL_SESSION_free(sess);
57dee9bb
MC		 2673 SSL_SESSION_free(clientpsk);
2674 SSL_SESSION_free(serverpsk);
2675 clientpsk = serverpsk = NULL;
5f982038
MC		 2676 SSL_free(serverssl);
2677 SSL_free(clientssl);
2678 SSL_CTX_free(sctx);
2679 SSL_CTX_free(cctx);
5f982038
MC		 2680 return testresult;
2681}
2682
5a421415
MC		 2683static int allow_ed_cb_called = 0;
2684
2685static int allow_early_data_cb(SSL *s, void *arg)
2686{
2687 int *usecb = (int *)arg;
2688
2689 allow_ed_cb_called++;
2690
2691 if (*usecb == 1)
2692 return 0;
2693
2694 return 1;
2695}
2696
2697/*
2698 * idx == 0: Standard early_data setup
2699 * idx == 1: early_data setup using read_ahead
2700 * usecb == 0: Don't use a custom early data callback
2701 * usecb == 1: Use a custom early data callback and reject the early data
2702 * usecb == 2: Use a custom early data callback and accept the early data
3bb5e5b0
MC		 2703 * confopt == 0: Configure anti-replay directly
2704 * confopt == 1: Configure anti-replay using SSL_CONF
5a421415 2705 */
3bb5e5b0 2706static int test_early_data_replay_int(int idx, int usecb, int confopt)
78fb5374
MC		 2707{
2708 SSL_CTX *cctx = NULL, *sctx = NULL;
2709 SSL *clientssl = NULL, *serverssl = NULL;
2710 int testresult = 0;
2711 SSL_SESSION *sess = NULL;
5a421415
MC		 2712 size_t readbytes, written;
2713 unsigned char buf[20];
2714
2715 allow_ed_cb_called = 0;
2716
2717 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
5c587fb6 2718 TLS1_VERSION, 0, &sctx,
5a421415
MC		 2719 &cctx, cert, privkey)))
2720 return 0;
2721
2722 if (usecb > 0) {
3bb5e5b0
MC		 2723 if (confopt == 0) {
2724 SSL_CTX_set_options(sctx, SSL_OP_NO_ANTI_REPLAY);
2725 } else {
2726 SSL_CONF_CTX *confctx = SSL_CONF_CTX_new();
2727
2728 if (!TEST_ptr(confctx))
2729 goto end;
2730 SSL_CONF_CTX_set_flags(confctx, SSL_CONF_FLAG_FILE
2731 | SSL_CONF_FLAG_SERVER);
2732 SSL_CONF_CTX_set_ssl_ctx(confctx, sctx);
2733 if (!TEST_int_eq(SSL_CONF_cmd(confctx, "Options", "-AntiReplay"),
2734 2)) {
2735 SSL_CONF_CTX_free(confctx);
2736 goto end;
2737 }
2738 SSL_CONF_CTX_free(confctx);
2739 }
5a421415
MC		 2740 SSL_CTX_set_allow_early_data_cb(sctx, allow_early_data_cb, &usecb);
2741 }
78fb5374
MC		 2742
2743 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
2744 &serverssl, &sess, idx)))
2745 goto end;
2746
2747 /*
2748 * The server is configured to accept early data. Create a connection to
2749 * "use up" the ticket
2750 */
2751 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
2752 || !TEST_true(SSL_session_reused(clientssl)))
2753 goto end;
2754
2755 SSL_shutdown(clientssl);
2756 SSL_shutdown(serverssl);
2757 SSL_free(serverssl);
2758 SSL_free(clientssl);
2759 serverssl = clientssl = NULL;
2760
2761 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
2762 &clientssl, NULL, NULL))
5a421415
MC		 2763 || !TEST_true(SSL_set_session(clientssl, sess)))
2764 goto end;
2765
2766 /* Write and read some early data */
2767 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
2768 &written))
2769 || !TEST_size_t_eq(written, strlen(MSG1)))
2770 goto end;
2771
2772 if (usecb <= 1) {
2773 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
2774 &readbytes),
2775 SSL_READ_EARLY_DATA_FINISH)
2776 /*
2777 * The ticket was reused, so the we should have rejected the
2778 * early data
2779 */
2780 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
2781 SSL_EARLY_DATA_REJECTED))
2782 goto end;
2783 } else {
2784 /* In this case the callback decides to accept the early data */
2785 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
2786 &readbytes),
2787 SSL_READ_EARLY_DATA_SUCCESS)
2788 || !TEST_mem_eq(MSG1, strlen(MSG1), buf, readbytes)
2789 /*
2790 * Server will have sent its flight so client can now send
2791 * end of early data and complete its half of the handshake
2792 */
2793 || !TEST_int_gt(SSL_connect(clientssl), 0)
2794 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
2795 &readbytes),
2796 SSL_READ_EARLY_DATA_FINISH)
2797 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
2798 SSL_EARLY_DATA_ACCEPTED))
2799 goto end;
2800 }
2801
2802 /* Complete the connection */
2803 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
2804 || !TEST_int_eq(SSL_session_reused(clientssl), (usecb > 0) ? 1 : 0)
2805 || !TEST_int_eq(allow_ed_cb_called, usecb > 0 ? 1 : 0))
78fb5374
MC		 2806 goto end;
2807
2808 testresult = 1;
2809
2810 end:
c20e3b28 2811 SSL_SESSION_free(sess);
78fb5374
MC		 2812 SSL_SESSION_free(clientpsk);
2813 SSL_SESSION_free(serverpsk);
2814 clientpsk = serverpsk = NULL;
2815 SSL_free(serverssl);
2816 SSL_free(clientssl);
2817 SSL_CTX_free(sctx);
2818 SSL_CTX_free(cctx);
2819 return testresult;
2820}
2821
5a421415
MC		 2822static int test_early_data_replay(int idx)
2823{
3bb5e5b0 2824 int ret = 1, usecb, confopt;
5a421415 2825
3bb5e5b0
MC		 2826 for (usecb = 0; usecb < 3; usecb++) {
2827 for (confopt = 0; confopt < 2; confopt++)
2828 ret &= test_early_data_replay_int(idx, usecb, confopt);
2829 }
5a421415
MC		 2830
2831 return ret;
2832}
2833
710756a9 2834/*
6b84e6bf
MC		 2835 * Helper function to test that a server attempting to read early data can
2836 * handle a connection from a client where the early data should be skipped.
0d1b7789
MC		 2837 * testtype: 0 == No HRR
2838 * testtype: 1 == HRR
0efa0ba4
MC		 2839 * testtype: 2 == HRR, invalid early_data sent after HRR
2840 * testtype: 3 == recv_max_early_data set to 0
710756a9 2841 */
0d1b7789 2842static int early_data_skip_helper(int testtype, int idx)
5f982038
MC		 2843{
2844 SSL_CTX *cctx = NULL, *sctx = NULL;
2845 SSL *clientssl = NULL, *serverssl = NULL;
2846 int testresult = 0;
018fcbec 2847 SSL_SESSION *sess = NULL;
5f982038
MC		 2848 unsigned char buf[20];
2849 size_t readbytes, written;
2850
710756a9
RS		 2851 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
2852 &serverssl, &sess, idx)))
5f982038
MC		 2853 goto end;
2854
0efa0ba4 2855 if (testtype == 1 || testtype == 2) {
6b84e6bf
MC		 2856 /* Force an HRR to occur */
2857 if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
2858 goto end;
02a3ed5a
MC		 2859 } else if (idx == 2) {
2860 /*
2861 * We force early_data rejection by ensuring the PSK identity is
2862 * unrecognised
2863 */
2864 srvid = "Dummy Identity";
6b84e6bf
MC		 2865 } else {
2866 /*
2867 * Deliberately corrupt the creation time. We take 20 seconds off the
2868 * time. It could be any value as long as it is not within tolerance.
2869 * This should mean the ticket is rejected.
2870 */
5d99881e 2871 if (!TEST_true(SSL_SESSION_set_time(sess, (long)(time(NULL) - 20))))
6b84e6bf
MC		 2872 goto end;
2873 }
5f982038 2874
0efa0ba4 2875 if (testtype == 3
0d1b7789
MC		 2876 && !TEST_true(SSL_set_recv_max_early_data(serverssl, 0)))
2877 goto end;
2878
5f982038 2879 /* Write some early data */
710756a9
RS		 2880 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
2881 &written))
2882 || !TEST_size_t_eq(written, strlen(MSG1)))
5f982038 2883 goto end;
5f982038 2884
0d1b7789 2885 /* Server should reject the early data */
710756a9
RS		 2886 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
2887 &readbytes),
2888 SSL_READ_EARLY_DATA_FINISH)
2889 || !TEST_size_t_eq(readbytes, 0)
2890 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
2891 SSL_EARLY_DATA_REJECTED))
5f982038 2892 goto end;
5f982038 2893
0efa0ba4
MC		 2894 switch (testtype) {
2895 case 0:
2896 /* Nothing to do */
2897 break;
2898
2899 case 1:
6b84e6bf
MC		 2900 /*
2901 * Finish off the handshake. We perform the same writes and reads as
2902 * further down but we expect them to fail due to the incomplete
2903 * handshake.
2904 */
2905 if (!TEST_false(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
2906 || !TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf),
2907 &readbytes)))
2908 goto end;
0efa0ba4
MC		 2909 break;
2910
2911 case 2:
2912 {
2913 BIO *wbio = SSL_get_wbio(clientssl);
2914 /* A record that will appear as bad early_data */
2915 const unsigned char bad_early_data[] = {
2916 0x17, 0x03, 0x03, 0x00, 0x01, 0x00
2917 };
2918
2919 /*
2920 * We force the client to attempt a write. This will fail because
2921 * we're still in the handshake. It will cause the second
2922 * ClientHello to be sent.
2923 */
2924 if (!TEST_false(SSL_write_ex(clientssl, MSG2, strlen(MSG2),
2925 &written)))
2926 goto end;
2927
2928 /*
2929 * Inject some early_data after the second ClientHello. This should
2930 * cause the server to fail
2931 */
2932 if (!TEST_true(BIO_write_ex(wbio, bad_early_data,
2933 sizeof(bad_early_data), &written)))
2934 goto end;
2935 }
2936 /* fallthrough */
2937
2938 case 3:
0d1b7789 2939 /*
0efa0ba4
MC		 2940 * This client has sent more early_data than we are willing to skip
2941 * (case 3) or sent invalid early_data (case 2) so the connection should
2942 * abort.
0d1b7789
MC		 2943 */
2944 if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
2945 || !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_SSL))
2946 goto end;
2947
2948 /* Connection has failed - nothing more to do */
2949 testresult = 1;
2950 goto end;
0efa0ba4
MC		 2951
2952 default:
2953 TEST_error("Invalid test type");
2954 goto end;
6b84e6bf
MC		 2955 }
2956
0d1b7789
MC		 2957 /*
2958 * Should be able to send normal data despite rejection of early data. The
2959 * early_data should be skipped.
2960 */
710756a9
RS		 2961 if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
2962 || !TEST_size_t_eq(written, strlen(MSG2))
2963 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
2964 SSL_EARLY_DATA_REJECTED)
2965 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
2966 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 2967 goto end;
5f982038
MC		 2968
2969 testresult = 1;
2970
2971 end:
c20e3b28 2972 SSL_SESSION_free(clientpsk);
57dee9bb
MC		 2973 SSL_SESSION_free(serverpsk);
2974 clientpsk = serverpsk = NULL;
5f982038
MC		 2975 SSL_SESSION_free(sess);
2976 SSL_free(serverssl);
2977 SSL_free(clientssl);
2978 SSL_CTX_free(sctx);
2979 SSL_CTX_free(cctx);
5f982038
MC		 2980 return testresult;
2981}
2982
6b84e6bf
MC		 2983/*
2984 * Test that a server attempting to read early data can handle a connection
2985 * from a client where the early data is not acceptable.
2986 */
2987static int test_early_data_skip(int idx)
2988{
2989 return early_data_skip_helper(0, idx);
2990}
2991
2992/*
2993 * Test that a server attempting to read early data can handle a connection
2994 * from a client where an HRR occurs.
2995 */
2996static int test_early_data_skip_hrr(int idx)
2997{
2998 return early_data_skip_helper(1, idx);
2999}
3000
0efa0ba4
MC		 3001/*
3002 * Test that a server attempting to read early data can handle a connection
3003 * from a client where an HRR occurs and correctly fails if early_data is sent
3004 * after the HRR
3005 */
3006static int test_early_data_skip_hrr_fail(int idx)
3007{
3008 return early_data_skip_helper(2, idx);
3009}
3010
0d1b7789
MC		 3011/*
3012 * Test that a server attempting to read early data will abort if it tries to
3013 * skip over too much.
3014 */
3015static int test_early_data_skip_abort(int idx)
3016{
0efa0ba4 3017 return early_data_skip_helper(3, idx);
0d1b7789
MC		 3018}
3019
710756a9
RS		 3020/*
3021 * Test that a server attempting to read early data can handle a connection
3022 * from a client that doesn't send any.
3023 */
3cb47b4e 3024static int test_early_data_not_sent(int idx)
5f982038
MC		 3025{
3026 SSL_CTX *cctx = NULL, *sctx = NULL;
3027 SSL *clientssl = NULL, *serverssl = NULL;
3028 int testresult = 0;
018fcbec 3029 SSL_SESSION *sess = NULL;
5f982038
MC		 3030 unsigned char buf[20];
3031 size_t readbytes, written;
3032
710756a9
RS		 3033 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
3034 &serverssl, &sess, idx)))
5f982038
MC		 3035 goto end;
3036
3037 /* Write some data - should block due to handshake with server */
3038 SSL_set_connect_state(clientssl);
710756a9 3039 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)))
5f982038 3040 goto end;
5f982038
MC		 3041
3042 /* Server should detect that early data has not been sent */
710756a9
RS		 3043 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
3044 &readbytes),
3045 SSL_READ_EARLY_DATA_FINISH)
3046 || !TEST_size_t_eq(readbytes, 0)
3047 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
3048 SSL_EARLY_DATA_NOT_SENT)
3049 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
3050 SSL_EARLY_DATA_NOT_SENT))
5f982038 3051 goto end;
5f982038
MC		 3052
3053 /* Continue writing the message we started earlier */
710756a9
RS		 3054 if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
3055 || !TEST_size_t_eq(written, strlen(MSG1))
3056 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
3057 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
3058 || !SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written)
3059 || !TEST_size_t_eq(written, strlen(MSG2)))
5f982038 3060 goto end;
5f982038 3061
710756a9
RS		 3062 if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
3063 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 3064 goto end;
5f982038
MC		 3065
3066 testresult = 1;
3067
3068 end:
5f982038 3069 SSL_SESSION_free(sess);
c20e3b28 3070 SSL_SESSION_free(clientpsk);
57dee9bb
MC		 3071 SSL_SESSION_free(serverpsk);
3072 clientpsk = serverpsk = NULL;
5f982038
MC		 3073 SSL_free(serverssl);
3074 SSL_free(clientssl);
3075 SSL_CTX_free(sctx);
3076 SSL_CTX_free(cctx);
5f982038
MC		 3077 return testresult;
3078}
3079
976e5323
MC		 3080static int hostname_cb(SSL *s, int *al, void *arg)
3081{
3082 const char *hostname = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
3083
281bf233 3084 if (hostname != NULL && strcmp(hostname, "goodhost") == 0)
976e5323
MC		 3085 return SSL_TLSEXT_ERR_OK;
3086
3087 return SSL_TLSEXT_ERR_NOACK;
3088}
3089
3090static const char *servalpn;
3091
c7558d5b
PY		 3092static int alpn_select_cb(SSL *ssl, const unsigned char **out,
3093 unsigned char *outlen, const unsigned char *in,
3094 unsigned int inlen, void *arg)
976e5323 3095{
c7558d5b 3096 unsigned int protlen = 0;
976e5323
MC		 3097 const unsigned char *prot;
3098
c7558d5b
PY		 3099 for (prot = in; prot < in + inlen; prot += protlen) {
3100 protlen = *prot++;
5d99881e 3101 if (in + inlen < prot + protlen)
976e5323
MC		 3102 return SSL_TLSEXT_ERR_NOACK;
3103
3104 if (protlen == strlen(servalpn)
0bd42fde 3105 && memcmp(prot, servalpn, protlen) == 0) {
976e5323
MC		 3106 *out = prot;
3107 *outlen = protlen;
3108 return SSL_TLSEXT_ERR_OK;
3109 }
3110 }
3111
3112 return SSL_TLSEXT_ERR_NOACK;
3113}
3114
57dee9bb 3115/* Test that a PSK can be used to send early_data */
976e5323
MC		 3116static int test_early_data_psk(int idx)
3117{
3118 SSL_CTX *cctx = NULL, *sctx = NULL;
3119 SSL *clientssl = NULL, *serverssl = NULL;
3120 int testresult = 0;
3121 SSL_SESSION *sess = NULL;
57dee9bb
MC		 3122 unsigned char alpnlist[] = {
3123 0x08, 'g', 'o', 'o', 'd', 'a', 'l', 'p', 'n', 0x07, 'b', 'a', 'd', 'a',
3124 'l', 'p', 'n'
3125 };
3126#define GOODALPNLEN 9
3127#define BADALPNLEN 8
3128#define GOODALPN (alpnlist)
3129#define BADALPN (alpnlist + GOODALPNLEN)
3130 int err = 0;
976e5323
MC		 3131 unsigned char buf[20];
3132 size_t readbytes, written;
57dee9bb 3133 int readearlyres = SSL_READ_EARLY_DATA_SUCCESS, connectres = 1;
976e5323
MC		 3134 int edstatus = SSL_EARLY_DATA_ACCEPTED;
3135
3136 /* We always set this up with a final parameter of "2" for PSK */
3137 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
3138 &serverssl, &sess, 2)))
3139 goto end;
3140
976e5323
MC		 3141 servalpn = "goodalpn";
3142
57dee9bb
MC		 3143 /*
3144 * Note: There is no test for inconsistent SNI with late client detection.
3145 * This is because servers do not acknowledge SNI even if they are using
3146 * it in a resumption handshake - so it is not actually possible for a
3147 * client to detect a problem.
3148 */
976e5323
MC		 3149 switch (idx) {
3150 case 0:
57dee9bb 3151 /* Set inconsistent SNI (early client detection) */
976e5323
MC		 3152 err = SSL_R_INCONSISTENT_EARLY_DATA_SNI;
3153 if (!TEST_true(SSL_SESSION_set1_hostname(sess, "goodhost"))
3154 || !TEST_true(SSL_set_tlsext_host_name(clientssl, "badhost")))
3155 goto end;
3156 break;
3157
3158 case 1:
57dee9bb 3159 /* Set inconsistent ALPN (early client detection) */
976e5323
MC		 3160 err = SSL_R_INCONSISTENT_EARLY_DATA_ALPN;
3161 /* SSL_set_alpn_protos returns 0 for success and 1 for failure */
57dee9bb
MC		 3162 if (!TEST_true(SSL_SESSION_set1_alpn_selected(sess, GOODALPN,
3163 GOODALPNLEN))
3164 || !TEST_false(SSL_set_alpn_protos(clientssl, BADALPN,
3165 BADALPNLEN)))
976e5323
MC		 3166 goto end;
3167 break;
3168
3169 case 2:
3170 /*
3171 * Set invalid protocol version. Technically this affects PSKs without
3172 * early_data too, but we test it here because it is similar to the
3173 * SNI/ALPN consistency tests.
3174 */
3175 err = SSL_R_BAD_PSK;
3176 if (!TEST_true(SSL_SESSION_set_protocol_version(sess, TLS1_2_VERSION)))
3177 goto end;
3178 break;
3179
3180 case 3:
3181 /*
3182 * Set inconsistent SNI (server detected). In this case the connection
3183 * will succeed but reject early_data.
3184 */
281bf233
MC		 3185 SSL_SESSION_free(serverpsk);
3186 serverpsk = SSL_SESSION_dup(clientpsk);
3187 if (!TEST_ptr(serverpsk)
3188 || !TEST_true(SSL_SESSION_set1_hostname(serverpsk, "badhost")))
3189 goto end;
976e5323
MC		 3190 edstatus = SSL_EARLY_DATA_REJECTED;
3191 readearlyres = SSL_READ_EARLY_DATA_FINISH;
3192 /* Fall through */
3193 case 4:
3194 /* Set consistent SNI */
976e5323
MC		 3195 if (!TEST_true(SSL_SESSION_set1_hostname(sess, "goodhost"))
3196 || !TEST_true(SSL_set_tlsext_host_name(clientssl, "goodhost"))
3197 || !TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx,
3198 hostname_cb)))
3199 goto end;
3200 break;
3201
3202 case 5:
3203 /*
3204 * Set inconsistent ALPN (server detected). In this case the connection
3205 * will succeed but reject early_data.
3206 */
3207 servalpn = "badalpn";
3208 edstatus = SSL_EARLY_DATA_REJECTED;
3209 readearlyres = SSL_READ_EARLY_DATA_FINISH;
3210 /* Fall through */
3211 case 6:
976e5323 3212 /*
57dee9bb 3213 * Set consistent ALPN.
976e5323
MC		 3214 * SSL_set_alpn_protos returns 0 for success and 1 for failure. It
3215 * accepts a list of protos (each one length prefixed).
3216 * SSL_set1_alpn_selected accepts a single protocol (not length
3217 * prefixed)
3218 */
57dee9bb
MC		 3219 if (!TEST_true(SSL_SESSION_set1_alpn_selected(sess, GOODALPN + 1,
3220 GOODALPNLEN - 1))
3221 || !TEST_false(SSL_set_alpn_protos(clientssl, GOODALPN,
3222 GOODALPNLEN)))
976e5323
MC		 3223 goto end;
3224
3225 SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb, NULL);
3226 break;
3227
57dee9bb
MC		 3228 case 7:
3229 /* Set inconsistent ALPN (late client detection) */
3230 SSL_SESSION_free(serverpsk);
3231 serverpsk = SSL_SESSION_dup(clientpsk);
3232 if (!TEST_ptr(serverpsk)
3233 || !TEST_true(SSL_SESSION_set1_alpn_selected(clientpsk,
3234 BADALPN + 1,
3235 BADALPNLEN - 1))
3236 || !TEST_true(SSL_SESSION_set1_alpn_selected(serverpsk,
3237 GOODALPN + 1,
3238 GOODALPNLEN - 1))
3239 || !TEST_false(SSL_set_alpn_protos(clientssl, alpnlist,
3240 sizeof(alpnlist))))
3241 goto end;
3242 SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb, NULL);
3243 edstatus = SSL_EARLY_DATA_ACCEPTED;
3244 readearlyres = SSL_READ_EARLY_DATA_SUCCESS;
3245 /* SSL_connect() call should fail */
3246 connectres = -1;
3247 break;
3248
976e5323
MC		 3249 default:
3250 TEST_error("Bad test index");
3251 goto end;
3252 }
3253
3254 SSL_set_connect_state(clientssl);
3255 if (err != 0) {
3256 if (!TEST_false(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
3257 &written))
3258 || !TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_SSL)
3259 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), err))
3260 goto end;
3261 } else {
3262 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
57dee9bb
MC		 3263 &written)))
3264 goto end;
3265
3266 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
3267 &readbytes), readearlyres)
976e5323
MC		 3268 || (readearlyres == SSL_READ_EARLY_DATA_SUCCESS
3269 && !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)))
57dee9bb
MC		 3270 || !TEST_int_eq(SSL_get_early_data_status(serverssl), edstatus)
3271 || !TEST_int_eq(SSL_connect(clientssl), connectres))
976e5323
MC		 3272 goto end;
3273 }
3274
3275 testresult = 1;
3276
3277 end:
c20e3b28 3278 SSL_SESSION_free(sess);
57dee9bb
MC		 3279 SSL_SESSION_free(clientpsk);
3280 SSL_SESSION_free(serverpsk);
3281 clientpsk = serverpsk = NULL;
976e5323
MC		 3282 SSL_free(serverssl);
3283 SSL_free(clientssl);
3284 SSL_CTX_free(sctx);
3285 SSL_CTX_free(cctx);
3286 return testresult;
3287}
3288
710756a9
RS		 3289/*
3290 * Test that a server that doesn't try to read early data can handle a
3291 * client sending some.
3292 */
3cb47b4e 3293static int test_early_data_not_expected(int idx)
5f982038
MC		 3294{
3295 SSL_CTX *cctx = NULL, *sctx = NULL;
3296 SSL *clientssl = NULL, *serverssl = NULL;
3297 int testresult = 0;
018fcbec 3298 SSL_SESSION *sess = NULL;
5f982038
MC		 3299 unsigned char buf[20];
3300 size_t readbytes, written;
3301
710756a9
RS		 3302 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
3303 &serverssl, &sess, idx)))
5f982038
MC		 3304 goto end;
3305
3306 /* Write some early data */
710756a9
RS		 3307 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
3308 &written)))
5f982038 3309 goto end;
5f982038
MC		 3310
3311 /*
3312 * Server should skip over early data and then block waiting for client to
3313 * continue handshake
3314 */
710756a9
RS		 3315 if (!TEST_int_le(SSL_accept(serverssl), 0)
3316 || !TEST_int_gt(SSL_connect(clientssl), 0)
3317 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
3318 SSL_EARLY_DATA_REJECTED)
3319 || !TEST_int_gt(SSL_accept(serverssl), 0)
3320 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
3321 SSL_EARLY_DATA_REJECTED))
5f982038 3322 goto end;
5f982038
MC		 3323
3324 /* Send some normal data from client to server */
710756a9
RS		 3325 if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
3326 || !TEST_size_t_eq(written, strlen(MSG2)))
5f982038 3327 goto end;
5f982038 3328
710756a9
RS		 3329 if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
3330 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 3331 goto end;
5f982038
MC		 3332
3333 testresult = 1;
3334
3335 end:
5f982038 3336 SSL_SESSION_free(sess);
c20e3b28 3337 SSL_SESSION_free(clientpsk);
57dee9bb
MC		 3338 SSL_SESSION_free(serverpsk);
3339 clientpsk = serverpsk = NULL;
5f982038
MC		 3340 SSL_free(serverssl);
3341 SSL_free(clientssl);
3342 SSL_CTX_free(sctx);
3343 SSL_CTX_free(cctx);
5f982038
MC		 3344 return testresult;
3345}
3346
3347
3348# ifndef OPENSSL_NO_TLS1_2
710756a9
RS		 3349/*
3350 * Test that a server attempting to read early data can handle a connection
3351 * from a TLSv1.2 client.
3352 */
3cb47b4e 3353static int test_early_data_tls1_2(int idx)
5f982038
MC		 3354{
3355 SSL_CTX *cctx = NULL, *sctx = NULL;
3356 SSL *clientssl = NULL, *serverssl = NULL;
3357 int testresult = 0;
3358 unsigned char buf[20];
3359 size_t readbytes, written;
3360
02a3ed5a
MC		 3361 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
3362 &serverssl, NULL, idx)))
5f982038 3363 goto end;
5f982038
MC		 3364
3365 /* Write some data - should block due to handshake with server */
3366 SSL_set_max_proto_version(clientssl, TLS1_2_VERSION);
3367 SSL_set_connect_state(clientssl);
710756a9 3368 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)))
5f982038 3369 goto end;
5f982038
MC		 3370
3371 /*
3372 * Server should do TLSv1.2 handshake. First it will block waiting for more
f533fbd4
MC		 3373 * messages from client after ServerDone. Then SSL_read_early_data should
3374 * finish and detect that early data has not been sent
5f982038 3375 */
710756a9
RS		 3376 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
3377 &readbytes),
3378 SSL_READ_EARLY_DATA_ERROR))
5f982038 3379 goto end;
5f982038
MC		 3380
3381 /*
3382 * Continue writing the message we started earlier. Will still block waiting
3383 * for the CCS/Finished from server
3384 */
710756a9
RS		 3385 if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
3386 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
3387 &readbytes),
3388 SSL_READ_EARLY_DATA_FINISH)
3389 || !TEST_size_t_eq(readbytes, 0)
3390 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
3391 SSL_EARLY_DATA_NOT_SENT))
5f982038 3392 goto end;
5f982038
MC		 3393
3394 /* Continue writing the message we started earlier */
710756a9
RS		 3395 if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
3396 || !TEST_size_t_eq(written, strlen(MSG1))
3397 || !TEST_int_eq(SSL_get_early_data_status(clientssl),
3398 SSL_EARLY_DATA_NOT_SENT)
3399 || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
3400 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
3401 || !TEST_true(SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written))
3402 || !TEST_size_t_eq(written, strlen(MSG2))
3403 || !SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)
3404 || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
5f982038 3405 goto end;
5f982038
MC		 3406
3407 testresult = 1;
3408
3409 end:
57dee9bb
MC		 3410 SSL_SESSION_free(clientpsk);
3411 SSL_SESSION_free(serverpsk);
3412 clientpsk = serverpsk = NULL;
5f982038
MC		 3413 SSL_free(serverssl);
3414 SSL_free(clientssl);
3415 SSL_CTX_free(sctx);
3416 SSL_CTX_free(cctx);
3417
3418 return testresult;
3419}
ca0413ae
MC		 3420# endif /* OPENSSL_NO_TLS1_2 */
3421
034cb87b
MC		 3422/*
3423 * Test configuring the TLSv1.3 ciphersuites
3424 *
3425 * Test 0: Set a default ciphersuite in the SSL_CTX (no explicit cipher_list)
3426 * Test 1: Set a non-default ciphersuite in the SSL_CTX (no explicit cipher_list)
3427 * Test 2: Set a default ciphersuite in the SSL (no explicit cipher_list)
3428 * Test 3: Set a non-default ciphersuite in the SSL (no explicit cipher_list)
3429 * Test 4: Set a default ciphersuite in the SSL_CTX (SSL_CTX cipher_list)
3430 * Test 5: Set a non-default ciphersuite in the SSL_CTX (SSL_CTX cipher_list)
3431 * Test 6: Set a default ciphersuite in the SSL (SSL_CTX cipher_list)
3432 * Test 7: Set a non-default ciphersuite in the SSL (SSL_CTX cipher_list)
3433 * Test 8: Set a default ciphersuite in the SSL (SSL cipher_list)
3434 * Test 9: Set a non-default ciphersuite in the SSL (SSL cipher_list)
3435 */
3436static int test_set_ciphersuite(int idx)
3437{
3438 SSL_CTX *cctx = NULL, *sctx = NULL;
3439 SSL *clientssl = NULL, *serverssl = NULL;
3440 int testresult = 0;
3441
3442 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
5c587fb6 3443 TLS1_VERSION, 0,
034cb87b
MC		 3444 &sctx, &cctx, cert, privkey))
3445 || !TEST_true(SSL_CTX_set_ciphersuites(sctx,
3446 "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256")))
3447 goto end;
3448
3449 if (idx >=4 && idx <= 7) {
3450 /* SSL_CTX explicit cipher list */
3451 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES256-GCM-SHA384")))
3452 goto end;
3453 }
3454
3455 if (idx == 0 || idx == 4) {
3456 /* Default ciphersuite */
3457 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
3458 "TLS_AES_128_GCM_SHA256")))
3459 goto end;
3460 } else if (idx == 1 || idx == 5) {
3461 /* Non default ciphersuite */
3462 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
3463 "TLS_AES_128_CCM_SHA256")))
3464 goto end;
3465 }
3466
3467 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
3468 &clientssl, NULL, NULL)))
3469 goto end;
3470
3471 if (idx == 8 || idx == 9) {
3472 /* SSL explicit cipher list */
3473 if (!TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384")))
3474 goto end;
3475 }
3476
3477 if (idx == 2 || idx == 6 || idx == 8) {
3478 /* Default ciphersuite */
3479 if (!TEST_true(SSL_set_ciphersuites(clientssl,
3480 "TLS_AES_128_GCM_SHA256")))
3481 goto end;
3482 } else if (idx == 3 || idx == 7 || idx == 9) {
3483 /* Non default ciphersuite */
3484 if (!TEST_true(SSL_set_ciphersuites(clientssl,
3485 "TLS_AES_128_CCM_SHA256")))
3486 goto end;
3487 }
3488
3489 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
3490 goto end;
3491
3492 testresult = 1;
3493
3494 end:
3495 SSL_free(serverssl);
3496 SSL_free(clientssl);
3497 SSL_CTX_free(sctx);
3498 SSL_CTX_free(cctx);
3499
3500 return testresult;
3501}
3502
ca0413ae
MC		 3503static int test_ciphersuite_change(void)
3504{
3505 SSL_CTX *cctx = NULL, *sctx = NULL;
3506 SSL *clientssl = NULL, *serverssl = NULL;
3507 SSL_SESSION *clntsess = NULL;
3508 int testresult = 0;
3509 const SSL_CIPHER *aes_128_gcm_sha256 = NULL;
3510
3511 /* Create a session based on SHA-256 */
7d7f6834 3512 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
5c587fb6 3513 TLS1_VERSION, 0,
7d7f6834 3514 &sctx, &cctx, cert, privkey))
f865b081
MC		 3515 || !TEST_true(SSL_CTX_set_ciphersuites(cctx,
3516 "TLS_AES_128_GCM_SHA256"))
ca0413ae
MC		 3517 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
3518 &clientssl, NULL, NULL))
3519 || !TEST_true(create_ssl_connection(serverssl, clientssl,
3520 SSL_ERROR_NONE)))
3521 goto end;
3522
3523 clntsess = SSL_get1_session(clientssl);
3524 /* Save for later */
3525 aes_128_gcm_sha256 = SSL_SESSION_get0_cipher(clntsess);
3526 SSL_shutdown(clientssl);
3527 SSL_shutdown(serverssl);
3528 SSL_free(serverssl);
3529 SSL_free(clientssl);
3530 serverssl = clientssl = NULL;
3531
71cff963 3532# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
ca0413ae 3533 /* Check we can resume a session with a different SHA-256 ciphersuite */
f865b081
MC		 3534 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
3535 "TLS_CHACHA20_POLY1305_SHA256"))
ca0413ae
MC		 3536 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
3537 NULL, NULL))
3538 || !TEST_true(SSL_set_session(clientssl, clntsess))
3539 || !TEST_true(create_ssl_connection(serverssl, clientssl,
3540 SSL_ERROR_NONE))
3541 || !TEST_true(SSL_session_reused(clientssl)))
3542 goto end;
3543
3544 SSL_SESSION_free(clntsess);
3545 clntsess = SSL_get1_session(clientssl);
3546 SSL_shutdown(clientssl);
3547 SSL_shutdown(serverssl);
3548 SSL_free(serverssl);
3549 SSL_free(clientssl);
3550 serverssl = clientssl = NULL;
71cff963 3551# endif
ca0413ae
MC		 3552
3553 /*
3554 * Check attempting to resume a SHA-256 session with no SHA-256 ciphersuites
0de6d66d 3555 * succeeds but does not resume.
ca0413ae 3556 */
f865b081 3557 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_256_GCM_SHA384"))
ca0413ae
MC		 3558 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
3559 NULL, NULL))
3560 || !TEST_true(SSL_set_session(clientssl, clntsess))
0de6d66d 3561 || !TEST_true(create_ssl_connection(serverssl, clientssl,
ca0413ae 3562 SSL_ERROR_SSL))
0de6d66d 3563 || !TEST_false(SSL_session_reused(clientssl)))
ca0413ae
MC		 3564 goto end;
3565
3566 SSL_SESSION_free(clntsess);
3567 clntsess = NULL;
3568 SSL_shutdown(clientssl);
3569 SSL_shutdown(serverssl);
3570 SSL_free(serverssl);
3571 SSL_free(clientssl);
3572 serverssl = clientssl = NULL;
3573
3574 /* Create a session based on SHA384 */
f865b081 3575 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_256_GCM_SHA384"))
ca0413ae
MC		 3576 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
3577 &clientssl, NULL, NULL))
3578 || !TEST_true(create_ssl_connection(serverssl, clientssl,
3579 SSL_ERROR_NONE)))
3580 goto end;
3581
3582 clntsess = SSL_get1_session(clientssl);
3583 SSL_shutdown(clientssl);
3584 SSL_shutdown(serverssl);
3585 SSL_free(serverssl);
3586 SSL_free(clientssl);
3587 serverssl = clientssl = NULL;
3588
f865b081
MC		 3589 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
3590 "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384"))
3591 || !TEST_true(SSL_CTX_set_ciphersuites(sctx,
3592 "TLS_AES_256_GCM_SHA384"))
ca0413ae
MC		 3593 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
3594 NULL, NULL))
3595 || !TEST_true(SSL_set_session(clientssl, clntsess))
3b0e88d3
MC		 3596 /*
3597 * We use SSL_ERROR_WANT_READ below so that we can pause the
3598 * connection after the initial ClientHello has been sent to
3599 * enable us to make some session changes.
3600 */
ca0413ae
MC		 3601 || !TEST_false(create_ssl_connection(serverssl, clientssl,
3602 SSL_ERROR_WANT_READ)))
3603 goto end;
3604
3605 /* Trick the client into thinking this session is for a different digest */
3606 clntsess->cipher = aes_128_gcm_sha256;
3607 clntsess->cipher_id = clntsess->cipher->id;
3608
3609 /*
3b0e88d3
MC		 3610 * Continue the previously started connection. Server has selected a SHA-384
3611 * ciphersuite, but client thinks the session is for SHA-256, so it should
3612 * bail out.
ca0413ae
MC		 3613 */
3614 if (!TEST_false(create_ssl_connection(serverssl, clientssl,
3615 SSL_ERROR_SSL))
3616 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()),
3617 SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED))
3618 goto end;
3619
3620 testresult = 1;
3621
3622 end:
3623 SSL_SESSION_free(clntsess);
3624 SSL_free(serverssl);
3625 SSL_free(clientssl);
3626 SSL_CTX_free(sctx);
3627 SSL_CTX_free(cctx);
3628
3629 return testresult;
3630}
3631
0d8da779
MC		 3632/*
3633 * Test TLSv1.3 PSKs
3634 * Test 0 = Test new style callbacks
3635 * Test 1 = Test both new and old style callbacks
3636 * Test 2 = Test old style callbacks
3637 * Test 3 = Test old style callbacks with no certificate
3638 */
532f9578 3639static int test_tls13_psk(int idx)
ca8c71ba
MC		 3640{
3641 SSL_CTX *sctx = NULL, *cctx = NULL;
3642 SSL *serverssl = NULL, *clientssl = NULL;
3643 const SSL_CIPHER *cipher = NULL;
3644 const unsigned char key[] = {
3645 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3646 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
de2f409e
MC		 3647 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
3648 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f
ca8c71ba
MC		 3649 };
3650 int testresult = 0;
3651
7d7f6834 3652 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
5c587fb6 3653 TLS1_VERSION, 0,
0d8da779
MC		 3654 &sctx, &cctx, idx == 3 ? NULL : cert,
3655 idx == 3 ? NULL : privkey)))
ca8c71ba
MC		 3656 goto end;
3657
0d8da779
MC		 3658 if (idx != 3) {
3659 /*
3660 * We use a ciphersuite with SHA256 to ease testing old style PSK
3661 * callbacks which will always default to SHA256. This should not be
3662 * necessary if we have no cert/priv key. In that case the server should
3663 * prefer SHA256 automatically.
3664 */
3665 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
3666 "TLS_AES_128_GCM_SHA256")))
3667 goto end;
3668 }
532f9578
MC		 3669
3670 /*
3671 * Test 0: New style callbacks only
3672 * Test 1: New and old style callbacks (only the new ones should be used)
3673 * Test 2: Old style callbacks only
3674 */
3675 if (idx == 0 || idx == 1) {
3676 SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb);
3677 SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb);
3678 }
c2b290c3 3679#ifndef OPENSSL_NO_PSK
0d8da779 3680 if (idx >= 1) {
532f9578
MC		 3681 SSL_CTX_set_psk_client_callback(cctx, psk_client_cb);
3682 SSL_CTX_set_psk_server_callback(sctx, psk_server_cb);
3683 }
c2b290c3 3684#endif
ca8c71ba 3685 srvid = pskid;
02a3ed5a
MC		 3686 use_session_cb_cnt = 0;
3687 find_session_cb_cnt = 0;
532f9578
MC		 3688 psk_client_cb_cnt = 0;
3689 psk_server_cb_cnt = 0;
ca8c71ba 3690
0d8da779
MC		 3691 if (idx != 3) {
3692 /*
3693 * Check we can create a connection if callback decides not to send a
3694 * PSK
3695 */
3696 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
3697 NULL, NULL))
3698 || !TEST_true(create_ssl_connection(serverssl, clientssl,
3699 SSL_ERROR_NONE))
3700 || !TEST_false(SSL_session_reused(clientssl))
3701 || !TEST_false(SSL_session_reused(serverssl)))
532f9578 3702 goto end;
532f9578 3703
0d8da779
MC		 3704 if (idx == 0 || idx == 1) {
3705 if (!TEST_true(use_session_cb_cnt == 1)
3706 || !TEST_true(find_session_cb_cnt == 0)
3707 /*
3708 * If no old style callback then below should be 0
3709 * otherwise 1
3710 */
3711 || !TEST_true(psk_client_cb_cnt == idx)
3712 || !TEST_true(psk_server_cb_cnt == 0))
3713 goto end;
3714 } else {
3715 if (!TEST_true(use_session_cb_cnt == 0)
3716 || !TEST_true(find_session_cb_cnt == 0)
3717 || !TEST_true(psk_client_cb_cnt == 1)
3718 || !TEST_true(psk_server_cb_cnt == 0))
3719 goto end;
3720 }
3721
3722 shutdown_ssl_connection(serverssl, clientssl);
3723 serverssl = clientssl = NULL;
3724 use_session_cb_cnt = psk_client_cb_cnt = 0;
3725 }
ca8c71ba
MC		 3726
3727 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
3728 NULL, NULL)))
3729 goto end;
3730
3731 /* Create the PSK */
532f9578 3732 cipher = SSL_CIPHER_find(clientssl, TLS13_AES_128_GCM_SHA256_BYTES);
57dee9bb
MC		 3733 clientpsk = SSL_SESSION_new();
3734 if (!TEST_ptr(clientpsk)
ca8c71ba 3735 || !TEST_ptr(cipher)
57dee9bb
MC		 3736 || !TEST_true(SSL_SESSION_set1_master_key(clientpsk, key,
3737 sizeof(key)))
3738 || !TEST_true(SSL_SESSION_set_cipher(clientpsk, cipher))
3739 || !TEST_true(SSL_SESSION_set_protocol_version(clientpsk,
3740 TLS1_3_VERSION))
3741 || !TEST_true(SSL_SESSION_up_ref(clientpsk)))
ca8c71ba 3742 goto end;
57dee9bb 3743 serverpsk = clientpsk;
ca8c71ba
MC		 3744
3745 /* Check we can create a connection and the PSK is used */
3746 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
3747 || !TEST_true(SSL_session_reused(clientssl))
532f9578 3748 || !TEST_true(SSL_session_reused(serverssl)))
ca8c71ba
MC		 3749 goto end;
3750
532f9578
MC		 3751 if (idx == 0 || idx == 1) {
3752 if (!TEST_true(use_session_cb_cnt == 1)
3753 || !TEST_true(find_session_cb_cnt == 1)
3754 || !TEST_true(psk_client_cb_cnt == 0)
3755 || !TEST_true(psk_server_cb_cnt == 0))
3756 goto end;
3757 } else {
3758 if (!TEST_true(use_session_cb_cnt == 0)
3759 || !TEST_true(find_session_cb_cnt == 0)
3760 || !TEST_true(psk_client_cb_cnt == 1)
3761 || !TEST_true(psk_server_cb_cnt == 1))
3762 goto end;
3763 }
3764
ca8c71ba
MC		 3765 shutdown_ssl_connection(serverssl, clientssl);
3766 serverssl = clientssl = NULL;
3767 use_session_cb_cnt = find_session_cb_cnt = 0;
532f9578 3768 psk_client_cb_cnt = psk_server_cb_cnt = 0;
ca8c71ba
MC		 3769
3770 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
3771 NULL, NULL)))
3772 goto end;
3773
3774 /* Force an HRR */
3775 if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
3776 goto end;
3777
3778 /*
3779 * Check we can create a connection, the PSK is used and the callbacks are
3780 * called twice.
3781 */
3782 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
3783 || !TEST_true(SSL_session_reused(clientssl))
532f9578 3784 || !TEST_true(SSL_session_reused(serverssl)))
ca8c71ba
MC		 3785 goto end;
3786
532f9578
MC		 3787 if (idx == 0 || idx == 1) {
3788 if (!TEST_true(use_session_cb_cnt == 2)
3789 || !TEST_true(find_session_cb_cnt == 2)
3790 || !TEST_true(psk_client_cb_cnt == 0)
3791 || !TEST_true(psk_server_cb_cnt == 0))
3792 goto end;
3793 } else {
3794 if (!TEST_true(use_session_cb_cnt == 0)
3795 || !TEST_true(find_session_cb_cnt == 0)
3796 || !TEST_true(psk_client_cb_cnt == 2)
3797 || !TEST_true(psk_server_cb_cnt == 2))
3798 goto end;
3799 }
3800
ca8c71ba
MC		 3801 shutdown_ssl_connection(serverssl, clientssl);
3802 serverssl = clientssl = NULL;
3803 use_session_cb_cnt = find_session_cb_cnt = 0;
532f9578 3804 psk_client_cb_cnt = psk_server_cb_cnt = 0;
ca8c71ba 3805
0d8da779
MC		 3806 if (idx != 3) {
3807 /*
3808 * Check that if the server rejects the PSK we can still connect, but with
3809 * a full handshake
3810 */
3811 srvid = "Dummy Identity";
3812 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
3813 NULL, NULL))
3814 || !TEST_true(create_ssl_connection(serverssl, clientssl,
3815 SSL_ERROR_NONE))
3816 || !TEST_false(SSL_session_reused(clientssl))
3817 || !TEST_false(SSL_session_reused(serverssl)))
532f9578 3818 goto end;
532f9578 3819
0d8da779
MC		 3820 if (idx == 0 || idx == 1) {
3821 if (!TEST_true(use_session_cb_cnt == 1)
3822 || !TEST_true(find_session_cb_cnt == 1)
3823 || !TEST_true(psk_client_cb_cnt == 0)
3824 /*
3825 * If no old style callback then below should be 0
3826 * otherwise 1
3827 */
3828 || !TEST_true(psk_server_cb_cnt == idx))
3829 goto end;
3830 } else {
3831 if (!TEST_true(use_session_cb_cnt == 0)
3832 || !TEST_true(find_session_cb_cnt == 0)
3833 || !TEST_true(psk_client_cb_cnt == 1)
3834 || !TEST_true(psk_server_cb_cnt == 1))
3835 goto end;
3836 }
3837
3838 shutdown_ssl_connection(serverssl, clientssl);
3839 serverssl = clientssl = NULL;
3840 }
ca8c71ba
MC		 3841 testresult = 1;
3842
3843 end:
57dee9bb
MC		 3844 SSL_SESSION_free(clientpsk);
3845 SSL_SESSION_free(serverpsk);
3846 clientpsk = serverpsk = NULL;
ca8c71ba
MC		 3847 SSL_free(serverssl);
3848 SSL_free(clientssl);
3849 SSL_CTX_free(sctx);
3850 SSL_CTX_free(cctx);
3851 return testresult;
3852}
3853
c7b8ff25
MC		 3854static unsigned char cookie_magic_value[] = "cookie magic";
3855
3856static int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
3857 unsigned int *cookie_len)
3858{
3859 /*
3860 * Not suitable as a real cookie generation function but good enough for
3861 * testing!
3862 */
97ea1e7f
MC		 3863 memcpy(cookie, cookie_magic_value, sizeof(cookie_magic_value) - 1);
3864 *cookie_len = sizeof(cookie_magic_value) - 1;
c7b8ff25
MC		 3865
3866 return 1;
3867}
3868
3869static int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
3870 unsigned int cookie_len)
3871{
97ea1e7f 3872 if (cookie_len == sizeof(cookie_magic_value) - 1
c7b8ff25
MC		 3873 && memcmp(cookie, cookie_magic_value, cookie_len) == 0)
3874 return 1;
3875
3876 return 0;
3877}
3878
3fa2812f
BS		 3879static int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
3880 size_t *cookie_len)
3881{
3882 unsigned int temp;
3883 int res = generate_cookie_callback(ssl, cookie, &temp);
3884 *cookie_len = temp;
3885 return res;
3886}
3887
3888static int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
3889 size_t cookie_len)
3890{
3891 return verify_cookie_callback(ssl, cookie, cookie_len);
3892}
3893
c7b8ff25
MC		 3894static int test_stateless(void)
3895{
3896 SSL_CTX *sctx = NULL, *cctx = NULL;
3897 SSL *serverssl = NULL, *clientssl = NULL;
3898 int testresult = 0;
3899
7d7f6834 3900 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
5c587fb6 3901 TLS1_VERSION, 0,
7d7f6834 3902 &sctx, &cctx, cert, privkey)))
c7b8ff25
MC		 3903 goto end;
3904
e440f513
MC		 3905 /* The arrival of CCS messages can confuse the test */
3906 SSL_CTX_clear_options(cctx, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
3907
3908 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
3909 NULL, NULL))
3910 /* Send the first ClientHello */
3911 || !TEST_false(create_ssl_connection(serverssl, clientssl,
3912 SSL_ERROR_WANT_READ))
3913 /*
3914 * This should fail with a -1 return because we have no callbacks
3915 * set up
3916 */
3917 || !TEST_int_eq(SSL_stateless(serverssl), -1))
3918 goto end;
3919
3920 /* Fatal error so abandon the connection from this client */
3921 SSL_free(clientssl);
3922 clientssl = NULL;
3923
c7b8ff25 3924 /* Set up the cookie generation and verification callbacks */
3fa2812f
BS		 3925 SSL_CTX_set_stateless_cookie_generate_cb(sctx, generate_stateless_cookie_callback);
3926 SSL_CTX_set_stateless_cookie_verify_cb(sctx, verify_stateless_cookie_callback);
c7b8ff25 3927
e440f513
MC		 3928 /*
3929 * Create a new connection from the client (we can reuse the server SSL
3930 * object).
3931 */
c7b8ff25
MC		 3932 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
3933 NULL, NULL))
3934 /* Send the first ClientHello */
3935 || !TEST_false(create_ssl_connection(serverssl, clientssl,
3936 SSL_ERROR_WANT_READ))
3937 /* This should fail because there is no cookie */
e440f513 3938 || !TEST_int_eq(SSL_stateless(serverssl), 0))
c7b8ff25
MC		 3939 goto end;
3940
3941 /* Abandon the connection from this client */
3942 SSL_free(clientssl);
3943 clientssl = NULL;
3944
3945 /*
3946 * Now create a connection from a new client but with the same server SSL
3947 * object
3948 */
3949 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
3950 NULL, NULL))
3951 /* Send the first ClientHello */
3952 || !TEST_false(create_ssl_connection(serverssl, clientssl,
3953 SSL_ERROR_WANT_READ))
3954 /* This should fail because there is no cookie */
e440f513 3955 || !TEST_int_eq(SSL_stateless(serverssl), 0)
c7b8ff25
MC		 3956 /* Send the second ClientHello */
3957 || !TEST_false(create_ssl_connection(serverssl, clientssl,
3958 SSL_ERROR_WANT_READ))
3959 /* This should succeed because a cookie is now present */
e440f513 3960 || !TEST_int_eq(SSL_stateless(serverssl), 1)
c7b8ff25
MC		 3961 /* Complete the connection */
3962 || !TEST_true(create_ssl_connection(serverssl, clientssl,
3963 SSL_ERROR_NONE)))
3964 goto end;
3965
3966 shutdown_ssl_connection(serverssl, clientssl);
3967 serverssl = clientssl = NULL;
3968 testresult = 1;
3969
3970 end:
3971 SSL_free(serverssl);
3972 SSL_free(clientssl);
3973 SSL_CTX_free(sctx);
3974 SSL_CTX_free(cctx);
3975 return testresult;
3976
3977}
ca0413ae 3978#endif /* OPENSSL_NO_TLS1_3 */
5f982038 3979
a37008d9
MC		 3980static int clntaddoldcb = 0;
3981static int clntparseoldcb = 0;
3982static int srvaddoldcb = 0;
3983static int srvparseoldcb = 0;
3984static int clntaddnewcb = 0;
3985static int clntparsenewcb = 0;
3986static int srvaddnewcb = 0;
3987static int srvparsenewcb = 0;
bb01ef3f 3988static int snicb = 0;
a37008d9
MC		 3989
3990#define TEST_EXT_TYPE1 0xff00
3991
3992static int old_add_cb(SSL *s, unsigned int ext_type, const unsigned char **out,
3993 size_t *outlen, int *al, void *add_arg)
3994{
3995 int *server = (int *)add_arg;
3996 unsigned char *data;
3997
3998 if (SSL_is_server(s))
3999 srvaddoldcb++;
4000 else
4001 clntaddoldcb++;
4002
710756a9
RS		 4003 if (*server != SSL_is_server(s)
4004 || (data = OPENSSL_malloc(sizeof(*data))) == NULL)
a37008d9
MC		 4005 return -1;
4006
4007 *data = 1;
4008 *out = data;
4009 *outlen = sizeof(char);
a37008d9
MC		 4010 return 1;
4011}
4012
4013static void old_free_cb(SSL *s, unsigned int ext_type, const unsigned char *out,
4014 void *add_arg)
4015{
4016 OPENSSL_free((unsigned char *)out);
4017}
4018
4019static int old_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in,
4020 size_t inlen, int *al, void *parse_arg)
4021{
4022 int *server = (int *)parse_arg;
4023
4024 if (SSL_is_server(s))
4025 srvparseoldcb++;
4026 else
4027 clntparseoldcb++;
4028
710756a9
RS		 4029 if (*server != SSL_is_server(s)
4030 || inlen != sizeof(char)
4031 || *in != 1)
a37008d9
MC		 4032 return -1;
4033
4034 return 1;
4035}
4036
4037static int new_add_cb(SSL *s, unsigned int ext_type, unsigned int context,
4038 const unsigned char **out, size_t *outlen, X509 *x,
4039 size_t chainidx, int *al, void *add_arg)
4040{
4041 int *server = (int *)add_arg;
4042 unsigned char *data;
4043
4044 if (SSL_is_server(s))
4045 srvaddnewcb++;
4046 else
4047 clntaddnewcb++;
4048
710756a9
RS		 4049 if (*server != SSL_is_server(s)
4050 || (data = OPENSSL_malloc(sizeof(*data))) == NULL)
a37008d9
MC		 4051 return -1;
4052
4053 *data = 1;
4054 *out = data;
710756a9 4055 *outlen = sizeof(*data);
a37008d9
MC		 4056 return 1;
4057}
4058
4059static void new_free_cb(SSL *s, unsigned int ext_type, unsigned int context,
4060 const unsigned char *out, void *add_arg)
4061{
4062 OPENSSL_free((unsigned char *)out);
4063}
4064
4065static int new_parse_cb(SSL *s, unsigned int ext_type, unsigned int context,
4066 const unsigned char *in, size_t inlen, X509 *x,
4067 size_t chainidx, int *al, void *parse_arg)
4068{
4069 int *server = (int *)parse_arg;
4070
4071 if (SSL_is_server(s))
4072 srvparsenewcb++;
4073 else
4074 clntparsenewcb++;
4075
710756a9
RS		 4076 if (*server != SSL_is_server(s)
4077 || inlen != sizeof(char) || *in != 1)
a37008d9
MC		 4078 return -1;
4079
4080 return 1;
4081}
bb01ef3f
MC		 4082
4083static int sni_cb(SSL *s, int *al, void *arg)
4084{
4085 SSL_CTX *ctx = (SSL_CTX *)arg;
4086
4087 if (SSL_set_SSL_CTX(s, ctx) == NULL) {
4088 *al = SSL_AD_INTERNAL_ERROR;
4089 return SSL_TLSEXT_ERR_ALERT_FATAL;
4090 }
4091 snicb++;
4092 return SSL_TLSEXT_ERR_OK;
4093}
4094
a37008d9
MC		 4095/*
4096 * Custom call back tests.
4097 * Test 0: Old style callbacks in TLSv1.2
4098 * Test 1: New style callbacks in TLSv1.2
bb01ef3f
MC		 4099 * Test 2: New style callbacks in TLSv1.2 with SNI
4100 * Test 3: New style callbacks in TLSv1.3. Extensions in CH and EE
4101 * Test 4: New style callbacks in TLSv1.3. Extensions in CH, SH, EE, Cert + NST
a37008d9 4102 */
710756a9
RS		 4103static int test_custom_exts(int tst)
4104{
bb01ef3f 4105 SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
a37008d9
MC		 4106 SSL *clientssl = NULL, *serverssl = NULL;
4107 int testresult = 0;
4108 static int server = 1;
4109 static int client = 0;
4110 SSL_SESSION *sess = NULL;
4111 unsigned int context;
4112
c423ecaa
MC		 4113#if defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_3)
4114 /* Skip tests for TLSv1.2 and below in this case */
4115 if (tst < 3)
4116 return 1;
4117#endif
4118
a37008d9
MC		 4119 /* Reset callback counters */
4120 clntaddoldcb = clntparseoldcb = srvaddoldcb = srvparseoldcb = 0;
4121 clntaddnewcb = clntparsenewcb = srvaddnewcb = srvparsenewcb = 0;
bb01ef3f 4122 snicb = 0;
a37008d9 4123
7d7f6834 4124 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
5c587fb6 4125 TLS1_VERSION, 0,
7d7f6834 4126 &sctx, &cctx, cert, privkey)))
710756a9 4127 goto end;
a37008d9 4128
bb01ef3f 4129 if (tst == 2
7d7f6834 4130 && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL,
5c587fb6 4131 TLS1_VERSION, 0,
7d7f6834 4132 &sctx2, NULL, cert, privkey)))
bb01ef3f
MC		 4133 goto end;
4134
4135
4136 if (tst < 3) {
a37008d9
MC		 4137 SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
4138 SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
bb01ef3f
MC		 4139 if (sctx2 != NULL)
4140 SSL_CTX_set_options(sctx2, SSL_OP_NO_TLSv1_3);
a37008d9
MC		 4141 }
4142
bb01ef3f 4143 if (tst == 4) {
710756a9
RS		 4144 context = SSL_EXT_CLIENT_HELLO
4145 | SSL_EXT_TLS1_2_SERVER_HELLO
a37008d9
MC		 4146 | SSL_EXT_TLS1_3_SERVER_HELLO
4147 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
4148 | SSL_EXT_TLS1_3_CERTIFICATE
4149 | SSL_EXT_TLS1_3_NEW_SESSION_TICKET;
4150 } else {
710756a9
RS		 4151 context = SSL_EXT_CLIENT_HELLO
4152 | SSL_EXT_TLS1_2_SERVER_HELLO
a37008d9
MC		 4153 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS;
4154 }
4155
4156 /* Create a client side custom extension */
4157 if (tst == 0) {
710756a9
RS		 4158 if (!TEST_true(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1,
4159 old_add_cb, old_free_cb,
4160 &client, old_parse_cb,
4161 &client)))
4162 goto end;
a37008d9 4163 } else {
710756a9
RS		 4164 if (!TEST_true(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1, context,
4165 new_add_cb, new_free_cb,
4166 &client, new_parse_cb, &client)))
4167 goto end;
a37008d9
MC		 4168 }
4169
4170 /* Should not be able to add duplicates */
710756a9
RS		 4171 if (!TEST_false(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1,
4172 old_add_cb, old_free_cb,
4173 &client, old_parse_cb,
4174 &client))
4175 || !TEST_false(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1,
4176 context, new_add_cb,
4177 new_free_cb, &client,
4178 new_parse_cb, &client)))
4179 goto end;
a37008d9
MC		 4180
4181 /* Create a server side custom extension */
4182 if (tst == 0) {
710756a9
RS		 4183 if (!TEST_true(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1,
4184 old_add_cb, old_free_cb,
4185 &server, old_parse_cb,
4186 &server)))
4187 goto end;
a37008d9 4188 } else {
710756a9
RS		 4189 if (!TEST_true(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1, context,
4190 new_add_cb, new_free_cb,
4191 &server, new_parse_cb, &server)))
4192 goto end;
bb01ef3f
MC		 4193 if (sctx2 != NULL
4194 && !TEST_true(SSL_CTX_add_custom_ext(sctx2, TEST_EXT_TYPE1,
4195 context, new_add_cb,
4196 new_free_cb, &server,
4197 new_parse_cb, &server)))
4198 goto end;
a37008d9
MC		 4199 }
4200
4201 /* Should not be able to add duplicates */
710756a9
RS		 4202 if (!TEST_false(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1,
4203 old_add_cb, old_free_cb,
4204 &server, old_parse_cb,
4205 &server))
4206 || !TEST_false(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1,
4207 context, new_add_cb,
4208 new_free_cb, &server,
4209 new_parse_cb, &server)))
a37008d9 4210 goto end;
a37008d9 4211
bb01ef3f
MC		 4212 if (tst == 2) {
4213 /* Set up SNI */
4214 if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb))
4215 || !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2)))
4216 goto end;
4217 }
4218
710756a9
RS		 4219 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
4220 &clientssl, NULL, NULL))
4221 || !TEST_true(create_ssl_connection(serverssl, clientssl,
4222 SSL_ERROR_NONE)))
a37008d9 4223 goto end;
a37008d9
MC		 4224
4225 if (tst == 0) {
710756a9
RS		 4226 if (clntaddoldcb != 1
4227 || clntparseoldcb != 1
4228 || srvaddoldcb != 1
4229 || srvparseoldcb != 1)
a37008d9 4230 goto end;
bb01ef3f 4231 } else if (tst == 1 || tst == 2 || tst == 3) {
710756a9
RS		 4232 if (clntaddnewcb != 1
4233 || clntparsenewcb != 1
4234 || srvaddnewcb != 1
bb01ef3f
MC		 4235 || srvparsenewcb != 1
4236 || (tst != 2 && snicb != 0)
4237 || (tst == 2 && snicb != 1))
a37008d9 4238 goto end;
a37008d9 4239 } else {
36ff232c 4240 /* In this case there 2 NewSessionTicket messages created */
710756a9 4241 if (clntaddnewcb != 1
36ff232c
MC		 4242 || clntparsenewcb != 5
4243 || srvaddnewcb != 5
710756a9 4244 || srvparsenewcb != 1)
a37008d9 4245 goto end;
a37008d9
MC		 4246 }
4247
4248 sess = SSL_get1_session(clientssl);
a37008d9
MC		 4249 SSL_shutdown(clientssl);
4250 SSL_shutdown(serverssl);
a37008d9
MC		 4251 SSL_free(serverssl);
4252 SSL_free(clientssl);
4253 serverssl = clientssl = NULL;
4254
bb01ef3f
MC		 4255 if (tst == 3) {
4256 /* We don't bother with the resumption aspects for this test */
4257 testresult = 1;
4258 goto end;
4259 }
4260
710756a9
RS		 4261 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
4262 NULL, NULL))
4263 || !TEST_true(SSL_set_session(clientssl, sess))
4264 || !TEST_true(create_ssl_connection(serverssl, clientssl,
4265 SSL_ERROR_NONE)))
a37008d9 4266 goto end;
a37008d9
MC		 4267
4268 /*
4269 * For a resumed session we expect to add the ClientHello extension. For the
4270 * old style callbacks we ignore it on the server side because they set
4271 * SSL_EXT_IGNORE_ON_RESUMPTION. The new style callbacks do not ignore
4272 * them.
4273 */
4274 if (tst == 0) {
710756a9
RS		 4275 if (clntaddoldcb != 2
4276 || clntparseoldcb != 1
4277 || srvaddoldcb != 1
4278 || srvparseoldcb != 1)
a37008d9 4279 goto end;
bb01ef3f 4280 } else if (tst == 1 || tst == 2 || tst == 3) {
710756a9
RS		 4281 if (clntaddnewcb != 2
4282 || clntparsenewcb != 2
4283 || srvaddnewcb != 2
4284 || srvparsenewcb != 2)
a37008d9 4285 goto end;
a37008d9 4286 } else {
36ff232c
MC		 4287 /*
4288 * No Certificate message extensions in the resumption handshake,
4289 * 2 NewSessionTickets in the initial handshake, 1 in the resumption
4290 */
710756a9 4291 if (clntaddnewcb != 2
36ff232c
MC		 4292 || clntparsenewcb != 8
4293 || srvaddnewcb != 8
710756a9 4294 || srvparsenewcb != 2)
a37008d9 4295 goto end;
a37008d9
MC		 4296 }
4297
4298 testresult = 1;
4299
4300end:
4301 SSL_SESSION_free(sess);
4302 SSL_free(serverssl);
4303 SSL_free(clientssl);
bb01ef3f 4304 SSL_CTX_free(sctx2);
a37008d9
MC		 4305 SSL_CTX_free(sctx);
4306 SSL_CTX_free(cctx);
a37008d9
MC		 4307 return testresult;
4308}
4309
16afd71c
MC		 4310/*
4311 * Test loading of serverinfo data in various formats. test_sslmessages actually
4312 * tests to make sure the extensions appear in the handshake
4313 */
4314static int test_serverinfo(int tst)
4315{
4316 unsigned int version;
4317 unsigned char *sibuf;
4318 size_t sibuflen;
4319 int ret, expected, testresult = 0;
4320 SSL_CTX *ctx;
4321
4322 ctx = SSL_CTX_new(TLS_method());
4323 if (!TEST_ptr(ctx))
4324 goto end;
4325
4326 if ((tst & 0x01) == 0x01)
4327 version = SSL_SERVERINFOV2;
4328 else
4329 version = SSL_SERVERINFOV1;
4330
4331 if ((tst & 0x02) == 0x02) {
4332 sibuf = serverinfov2;
4333 sibuflen = sizeof(serverinfov2);
4334 expected = (version == SSL_SERVERINFOV2);
4335 } else {
4336 sibuf = serverinfov1;
4337 sibuflen = sizeof(serverinfov1);
4338 expected = (version == SSL_SERVERINFOV1);
4339 }
4340
4341 if ((tst & 0x04) == 0x04) {
4342 ret = SSL_CTX_use_serverinfo_ex(ctx, version, sibuf, sibuflen);
4343 } else {
4344 ret = SSL_CTX_use_serverinfo(ctx, sibuf, sibuflen);
4345
4346 /*
4347 * The version variable is irrelevant in this case - it's what is in the
4348 * buffer that matters
4349 */
4350 if ((tst & 0x02) == 0x02)
4351 expected = 0;
4352 else
4353 expected = 1;
4354 }
4355
4356 if (!TEST_true(ret == expected))
4357 goto end;
4358
4359 testresult = 1;
4360
4361 end:
4362 SSL_CTX_free(ctx);
4363
4364 return testresult;
4365}
4366
2197d1df
MC		 4367/*
4368 * Test that SSL_export_keying_material() produces expected results. There are
4369 * no test vectors so all we do is test that both sides of the communication
4370 * produce the same results for different protocol versions.
4371 */
0fb2815b
MC		 4372#define SMALL_LABEL_LEN 10
4373#define LONG_LABEL_LEN 249
2197d1df
MC		 4374static int test_export_key_mat(int tst)
4375{
a599574b 4376 int testresult = 0;
2197d1df
MC		 4377 SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
4378 SSL *clientssl = NULL, *serverssl = NULL;
0fb2815b 4379 const char label[LONG_LABEL_LEN + 1] = "test label";
2197d1df
MC		 4380 const unsigned char context[] = "context";
4381 const unsigned char *emptycontext = NULL;
4382 unsigned char ckeymat1[80], ckeymat2[80], ckeymat3[80];
4383 unsigned char skeymat1[80], skeymat2[80], skeymat3[80];
0fb2815b 4384 size_t labellen;
a599574b
MC		 4385 const int protocols[] = {
4386 TLS1_VERSION,
4387 TLS1_1_VERSION,
4388 TLS1_2_VERSION,
0fb2815b
MC		 4389 TLS1_3_VERSION,
4390 TLS1_3_VERSION,
a599574b
MC		 4391 TLS1_3_VERSION
4392 };
2197d1df
MC		 4393
4394#ifdef OPENSSL_NO_TLS1
4395 if (tst == 0)
4396 return 1;
4397#endif
4398#ifdef OPENSSL_NO_TLS1_1
4399 if (tst == 1)
4400 return 1;
4401#endif
4402#ifdef OPENSSL_NO_TLS1_2
4403 if (tst == 2)
4404 return 1;
4405#endif
4406#ifdef OPENSSL_NO_TLS1_3
0fb2815b 4407 if (tst >= 3)
2197d1df
MC		 4408 return 1;
4409#endif
7d7f6834 4410 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
5c587fb6 4411 TLS1_VERSION, 0,
7d7f6834 4412 &sctx, &cctx, cert, privkey)))
2197d1df
MC		 4413 goto end;
4414
a599574b
MC		 4415 OPENSSL_assert(tst >= 0 && (size_t)tst < OSSL_NELEM(protocols));
4416 SSL_CTX_set_max_proto_version(cctx, protocols[tst]);
4417 SSL_CTX_set_min_proto_version(cctx, protocols[tst]);
2197d1df
MC		 4418
4419 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
4420 NULL))
4421 || !TEST_true(create_ssl_connection(serverssl, clientssl,
4422 SSL_ERROR_NONE)))
4423 goto end;
4424
0fb2815b
MC		 4425 if (tst == 5) {
4426 /*
4427 * TLSv1.3 imposes a maximum label len of 249 bytes. Check we fail if we
4428 * go over that.
4429 */
4430 if (!TEST_int_le(SSL_export_keying_material(clientssl, ckeymat1,
4431 sizeof(ckeymat1), label,
4432 LONG_LABEL_LEN + 1, context,
4433 sizeof(context) - 1, 1), 0))
4434 goto end;
4435
4436 testresult = 1;
4437 goto end;
4438 } else if (tst == 4) {
4439 labellen = LONG_LABEL_LEN;
4440 } else {
4441 labellen = SMALL_LABEL_LEN;
4442 }
4443
2197d1df
MC		 4444 if (!TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat1,
4445 sizeof(ckeymat1), label,
0fb2815b 4446 labellen, context,
2197d1df
MC		 4447 sizeof(context) - 1, 1), 1)
4448 || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat2,
4449 sizeof(ckeymat2), label,
0fb2815b 4450 labellen,
2197d1df
MC		 4451 emptycontext,
4452 0, 1), 1)
4453 || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat3,
4454 sizeof(ckeymat3), label,
0fb2815b 4455 labellen,
2197d1df
MC		 4456 NULL, 0, 0), 1)
4457 || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat1,
4458 sizeof(skeymat1), label,
0fb2815b 4459 labellen,
2197d1df
MC		 4460 context,
4461 sizeof(context) -1, 1),
4462 1)
4463 || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat2,
4464 sizeof(skeymat2), label,
0fb2815b 4465 labellen,
2197d1df
MC		 4466 emptycontext,
4467 0, 1), 1)
4468 || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat3,
4469 sizeof(skeymat3), label,
0fb2815b 4470 labellen,
2197d1df
MC		 4471 NULL, 0, 0), 1)
4472 /*
4473 * Check that both sides created the same key material with the
4474 * same context.
4475 */
4476 || !TEST_mem_eq(ckeymat1, sizeof(ckeymat1), skeymat1,
4477 sizeof(skeymat1))
4478 /*
4479 * Check that both sides created the same key material with an
4480 * empty context.
4481 */
4482 || !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), skeymat2,
4483 sizeof(skeymat2))
4484 /*
4485 * Check that both sides created the same key material without a
4486 * context.
4487 */
4488 || !TEST_mem_eq(ckeymat3, sizeof(ckeymat3), skeymat3,
4489 sizeof(skeymat3))
4490 /* Different contexts should produce different results */
4491 || !TEST_mem_ne(ckeymat1, sizeof(ckeymat1), ckeymat2,
4492 sizeof(ckeymat2)))
4493 goto end;
4494
4495 /*
4496 * Check that an empty context and no context produce different results in
4497 * protocols less than TLSv1.3. In TLSv1.3 they should be the same.
4498 */
0fb2815b 4499 if ((tst < 3 && !TEST_mem_ne(ckeymat2, sizeof(ckeymat2), ckeymat3,
2197d1df 4500 sizeof(ckeymat3)))
0fb2815b
MC		 4501 || (tst >= 3 && !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), ckeymat3,
4502 sizeof(ckeymat3))))
2197d1df
MC		 4503 goto end;
4504
4505 testresult = 1;
4506
4507 end:
4508 SSL_free(serverssl);
4509 SSL_free(clientssl);
4510 SSL_CTX_free(sctx2);
4511 SSL_CTX_free(sctx);
4512 SSL_CTX_free(cctx);
4513
4514 return testresult;
4515}
4516
b38ede80
TT		 4517#ifndef OPENSSL_NO_TLS1_3
4518/*
4519 * Test that SSL_export_keying_material_early() produces expected
4520 * results. There are no test vectors so all we do is test that both
4521 * sides of the communication produce the same results for different
4522 * protocol versions.
4523 */
4524static int test_export_key_mat_early(int idx)
4525{
4526 static const char label[] = "test label";
4527 static const unsigned char context[] = "context";
4528 int testresult = 0;
4529 SSL_CTX *cctx = NULL, *sctx = NULL;
4530 SSL *clientssl = NULL, *serverssl = NULL;
4531 SSL_SESSION *sess = NULL;
4532 const unsigned char *emptycontext = NULL;
4533 unsigned char ckeymat1[80], ckeymat2[80];
4534 unsigned char skeymat1[80], skeymat2[80];
4535 unsigned char buf[1];
4536 size_t readbytes, written;
4537
4538 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, &serverssl,
4539 &sess, idx)))
4540 goto end;
4541
4542 /* Here writing 0 length early data is enough. */
4543 if (!TEST_true(SSL_write_early_data(clientssl, NULL, 0, &written))
4544 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
4545 &readbytes),
4546 SSL_READ_EARLY_DATA_ERROR)
4547 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
4548 SSL_EARLY_DATA_ACCEPTED))
4549 goto end;
4550
4551 if (!TEST_int_eq(SSL_export_keying_material_early(
4552 clientssl, ckeymat1, sizeof(ckeymat1), label,
4553 sizeof(label) - 1, context, sizeof(context) - 1), 1)
4554 || !TEST_int_eq(SSL_export_keying_material_early(
4555 clientssl, ckeymat2, sizeof(ckeymat2), label,
4556 sizeof(label) - 1, emptycontext, 0), 1)
4557 || !TEST_int_eq(SSL_export_keying_material_early(
4558 serverssl, skeymat1, sizeof(skeymat1), label,
4559 sizeof(label) - 1, context, sizeof(context) - 1), 1)
4560 || !TEST_int_eq(SSL_export_keying_material_early(
4561 serverssl, skeymat2, sizeof(skeymat2), label,
4562 sizeof(label) - 1, emptycontext, 0), 1)
4563 /*
4564 * Check that both sides created the same key material with the
4565 * same context.
4566 */
4567 || !TEST_mem_eq(ckeymat1, sizeof(ckeymat1), skeymat1,
4568 sizeof(skeymat1))
4569 /*
4570 * Check that both sides created the same key material with an
4571 * empty context.
4572 */
4573 || !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), skeymat2,
4574 sizeof(skeymat2))
4575 /* Different contexts should produce different results */
4576 || !TEST_mem_ne(ckeymat1, sizeof(ckeymat1), ckeymat2,
4577 sizeof(ckeymat2)))
4578 goto end;
4579
4580 testresult = 1;
4581
4582 end:
c20e3b28 4583 SSL_SESSION_free(sess);
b38ede80
TT		 4584 SSL_SESSION_free(clientpsk);
4585 SSL_SESSION_free(serverpsk);
34ff74eb 4586 clientpsk = serverpsk = NULL;
b38ede80
TT		 4587 SSL_free(serverssl);
4588 SSL_free(clientssl);
4589 SSL_CTX_free(sctx);
4590 SSL_CTX_free(cctx);
4591
4592 return testresult;
4593}
3409a5ff
MC		 4594
4595#define NUM_KEY_UPDATE_MESSAGES 40
4596/*
4597 * Test KeyUpdate.
4598 */
4599static int test_key_update(void)
4600{
4601 SSL_CTX *cctx = NULL, *sctx = NULL;
4602 SSL *clientssl = NULL, *serverssl = NULL;
4603 int testresult = 0, i, j;
4604 char buf[20];
4605 static char *mess = "A test message";
4606
4607 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
4608 TLS_client_method(),
4609 TLS1_3_VERSION,
4610 0,
4611 &sctx, &cctx, cert, privkey))
4612 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
4613 NULL, NULL))
4614 || !TEST_true(create_ssl_connection(serverssl, clientssl,
4615 SSL_ERROR_NONE)))
4616 goto end;
4617
4618 for (j = 0; j < 2; j++) {
4619 /* Send lots of KeyUpdate messages */
4620 for (i = 0; i < NUM_KEY_UPDATE_MESSAGES; i++) {
4621 if (!TEST_true(SSL_key_update(clientssl,
4622 (j == 0)
4623 ? SSL_KEY_UPDATE_NOT_REQUESTED
4624 : SSL_KEY_UPDATE_REQUESTED))
4625 || !TEST_true(SSL_do_handshake(clientssl)))
4626 goto end;
4627 }
4628
4629 /* Check that sending and receiving app data is ok */
4630 if (!TEST_int_eq(SSL_write(clientssl, mess, strlen(mess)), strlen(mess))
4631 || !TEST_int_eq(SSL_read(serverssl, buf, sizeof(buf)),
4632 strlen(mess)))
4633 goto end;
4634 }
4635
4636 testresult = 1;
4637
4638 end:
4639 SSL_free(serverssl);
4640 SSL_free(clientssl);
4641 SSL_CTX_free(sctx);
4642 SSL_CTX_free(cctx);
4643
4644 return testresult;
4645}
b38ede80
TT		 4646#endif /* OPENSSL_NO_TLS1_3 */
4647
e11b6aa4
MC		 4648static int test_ssl_clear(int idx)
4649{
4650 SSL_CTX *cctx = NULL, *sctx = NULL;
4651 SSL *clientssl = NULL, *serverssl = NULL;
4652 int testresult = 0;
4653
4654#ifdef OPENSSL_NO_TLS1_2
4655 if (idx == 1)
4656 return 1;
4657#endif
4658
4659 /* Create an initial connection */
7d7f6834 4660 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
5c587fb6 4661 TLS1_VERSION, 0,
7d7f6834 4662 &sctx, &cctx, cert, privkey))
e11b6aa4
MC		 4663 || (idx == 1
4664 && !TEST_true(SSL_CTX_set_max_proto_version(cctx,
4665 TLS1_2_VERSION)))
4666 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
4667 &clientssl, NULL, NULL))
4668 || !TEST_true(create_ssl_connection(serverssl, clientssl,
4669 SSL_ERROR_NONE)))
4670 goto end;
4671
4672 SSL_shutdown(clientssl);
4673 SSL_shutdown(serverssl);
4674 SSL_free(serverssl);
4675 serverssl = NULL;
4676
4677 /* Clear clientssl - we're going to reuse the object */
4678 if (!TEST_true(SSL_clear(clientssl)))
4679 goto end;
4680
4681 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
4682 NULL, NULL))
4683 || !TEST_true(create_ssl_connection(serverssl, clientssl,
4684 SSL_ERROR_NONE))
4685 || !TEST_true(SSL_session_reused(clientssl)))
4686 goto end;
4687
4688 SSL_shutdown(clientssl);
4689 SSL_shutdown(serverssl);
4690
4691 testresult = 1;
4692
4693 end:
4694 SSL_free(serverssl);
4695 SSL_free(clientssl);
4696 SSL_CTX_free(sctx);
4697 SSL_CTX_free(cctx);
4698
4699 return testresult;
4700}
4701
cf72c757
F		 4702/* Parse CH and retrieve any MFL extension value if present */
4703static int get_MFL_from_client_hello(BIO *bio, int *mfl_codemfl_code)
4704{
4705 long len;
4706 unsigned char *data;
72962d02 4707 PACKET pkt, pkt2, pkt3;
cf72c757
F		 4708 unsigned int MFL_code = 0, type = 0;
4709
4710 if (!TEST_uint_gt( len = BIO_get_mem_data( bio, (char **) &data ), 0 ) )
4711 goto end;
4712
72962d02
P		 4713 memset(&pkt, 0, sizeof(pkt));
4714 memset(&pkt2, 0, sizeof(pkt2));
4715 memset(&pkt3, 0, sizeof(pkt3));
4716
cf72c757
F		 4717 if (!TEST_true( PACKET_buf_init( &pkt, data, len ) )
4718 /* Skip the record header */
4719 || !PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH)
4720 /* Skip the handshake message header */
4721 || !TEST_true(PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH))
4722 /* Skip client version and random */
4723 || !TEST_true(PACKET_forward(&pkt, CLIENT_VERSION_LEN
4724 + SSL3_RANDOM_SIZE))
4725 /* Skip session id */
4726 || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2))
4727 /* Skip ciphers */
4728 || !TEST_true(PACKET_get_length_prefixed_2(&pkt, &pkt2))
4729 /* Skip compression */
4730 || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2))
4731 /* Extensions len */
4732 || !TEST_true(PACKET_as_length_prefixed_2(&pkt, &pkt2)))
4733 goto end;
4734
4735 /* Loop through all extensions */
4736 while (PACKET_remaining(&pkt2)) {
4737 if (!TEST_true(PACKET_get_net_2(&pkt2, &type))
4738 || !TEST_true(PACKET_get_length_prefixed_2(&pkt2, &pkt3)))
4739 goto end;
4740
4741 if (type == TLSEXT_TYPE_max_fragment_length) {
4742 if (!TEST_uint_ne(PACKET_remaining(&pkt3), 0)
4743 || !TEST_true(PACKET_get_1(&pkt3, &MFL_code)))
4744 goto end;
4745
4746 *mfl_codemfl_code = MFL_code;
4747 return 1;
4748 }
4749 }
4750
4751 end:
4752 return 0;
4753}
4754
4755/* Maximum-Fragment-Length TLS extension mode to test */
4756static const unsigned char max_fragment_len_test[] = {
4757 TLSEXT_max_fragment_length_512,
4758 TLSEXT_max_fragment_length_1024,
4759 TLSEXT_max_fragment_length_2048,
4760 TLSEXT_max_fragment_length_4096
4761};
4762
4763static int test_max_fragment_len_ext(int idx_tst)
4764{
4765 SSL_CTX *ctx;
4766 SSL *con = NULL;
4767 int testresult = 0, MFL_mode = 0;
4768 BIO *rbio, *wbio;
4769
4770 ctx = SSL_CTX_new(TLS_method());
4771 if (!TEST_ptr(ctx))
4772 goto end;
4773
4774 if (!TEST_true(SSL_CTX_set_tlsext_max_fragment_length(
4775 ctx, max_fragment_len_test[idx_tst])))
4776 goto end;
4777
4778 con = SSL_new(ctx);
4779 if (!TEST_ptr(con))
4780 goto end;
4781
4782 rbio = BIO_new(BIO_s_mem());
4783 wbio = BIO_new(BIO_s_mem());
4784 if (!TEST_ptr(rbio)|| !TEST_ptr(wbio)) {
4785 BIO_free(rbio);
4786 BIO_free(wbio);
4787 goto end;
4788 }
4789
4790 SSL_set_bio(con, rbio, wbio);
4791 SSL_set_connect_state(con);
4792
4793 if (!TEST_int_le(SSL_connect(con), 0)) {
4794 /* This shouldn't succeed because we don't have a server! */
4795 goto end;
4796 }
4797
4798 if (!TEST_true(get_MFL_from_client_hello(wbio, &MFL_mode)))
4799 /* no MFL in client hello */
4800 goto end;
4801 if (!TEST_true(max_fragment_len_test[idx_tst] == MFL_mode))
4802 goto end;
4803
4804 testresult = 1;
4805
4806end:
4807 SSL_free(con);
4808 SSL_CTX_free(ctx);
4809
4810 return testresult;
4811}
4812
9d75dce3
TS		 4813#ifndef OPENSSL_NO_TLS1_3
4814static int test_pha_key_update(void)
4815{
4816 SSL_CTX *cctx = NULL, *sctx = NULL;
4817 SSL *clientssl = NULL, *serverssl = NULL;
4818 int testresult = 0;
4819
7d7f6834 4820 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
5c587fb6 4821 TLS1_VERSION, 0,
9d75dce3
TS		 4822 &sctx, &cctx, cert, privkey)))
4823 return 0;
4824
4825 if (!TEST_true(SSL_CTX_set_min_proto_version(sctx, TLS1_3_VERSION))
4826 || !TEST_true(SSL_CTX_set_max_proto_version(sctx, TLS1_3_VERSION))
4827 || !TEST_true(SSL_CTX_set_min_proto_version(cctx, TLS1_3_VERSION))
4828 || !TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_3_VERSION)))
4829 goto end;
4830
e97be718 4831 SSL_CTX_set_post_handshake_auth(cctx, 1);
9d75dce3
TS		 4832
4833 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
4834 NULL, NULL)))
4835 goto end;
4836
9d75dce3
TS		 4837 if (!TEST_true(create_ssl_connection(serverssl, clientssl,
4838 SSL_ERROR_NONE)))
4839 goto end;
4840
4841 SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL);
4842 if (!TEST_true(SSL_verify_client_post_handshake(serverssl)))
4843 goto end;
4844
4845 if (!TEST_true(SSL_key_update(clientssl, SSL_KEY_UPDATE_NOT_REQUESTED)))
4846 goto end;
4847
4848 /* Start handshake on the server */
4849 if (!TEST_int_eq(SSL_do_handshake(serverssl), 1))
4850 goto end;
4851
4852 /* Starts with SSL_connect(), but it's really just SSL_do_handshake() */
4853 if (!TEST_true(create_ssl_connection(serverssl, clientssl,
4854 SSL_ERROR_NONE)))
4855 goto end;
4856
4857 SSL_shutdown(clientssl);
4858 SSL_shutdown(serverssl);
4859
4860 testresult = 1;
4861
4862 end:
4863 SSL_free(serverssl);
4864 SSL_free(clientssl);
4865 SSL_CTX_free(sctx);
4866 SSL_CTX_free(cctx);
4867 return testresult;
4868}
4869#endif
4870
76fd7a1d
MC		 4871#if !defined(OPENSSL_NO_SRP) && !defined(OPENSSL_NO_TLS1_2)
4872
4873static SRP_VBASE *vbase = NULL;
4874
4875static int ssl_srp_cb(SSL *s, int *ad, void *arg)
4876{
4877 int ret = SSL3_AL_FATAL;
4878 char *username;
4879 SRP_user_pwd *user = NULL;
4880
4881 username = SSL_get_srp_username(s);
4882 if (username == NULL) {
4883 *ad = SSL_AD_INTERNAL_ERROR;
4884 goto err;
4885 }
4886
4887 user = SRP_VBASE_get1_by_user(vbase, username);
4888 if (user == NULL) {
4889 *ad = SSL_AD_INTERNAL_ERROR;
4890 goto err;
4891 }
4892
4893 if (SSL_set_srp_server_param(s, user->N, user->g, user->s, user->v,
4894 user->info) <= 0) {
4895 *ad = SSL_AD_INTERNAL_ERROR;
4896 goto err;
4897 }
4898
4899 ret = 0;
4900
4901 err:
4902 SRP_user_pwd_free(user);
4903 return ret;
4904}
4905
4906static int create_new_vfile(char *userid, char *password, const char *filename)
4907{
4908 char *gNid = NULL;
4909 OPENSSL_STRING *row = OPENSSL_zalloc(sizeof(row) * (DB_NUMBER + 1));
4910 TXT_DB *db = NULL;
4911 int ret = 0;
4912 BIO *out = NULL, *dummy = BIO_new_mem_buf("", 0);
4913 size_t i;
4914
4915 if (!TEST_ptr(dummy) || !TEST_ptr(row))
4916 goto end;
4917
4918 gNid = SRP_create_verifier(userid, password, &row[DB_srpsalt],
4919 &row[DB_srpverifier], NULL, NULL);
4920 if (!TEST_ptr(gNid))
4921 goto end;
4922
4923 /*
4924 * The only way to create an empty TXT_DB is to provide a BIO with no data
4925 * in it!
4926 */
4927 db = TXT_DB_read(dummy, DB_NUMBER);
4928 if (!TEST_ptr(db))
4929 goto end;
4930
4931 out = BIO_new_file(filename, "w");
4932 if (!TEST_ptr(out))
4933 goto end;
4934
4935 row[DB_srpid] = OPENSSL_strdup(userid);
4936 row[DB_srptype] = OPENSSL_strdup("V");
4937 row[DB_srpgN] = OPENSSL_strdup(gNid);
4938
4939 if (!TEST_ptr(row[DB_srpid])
4940 || !TEST_ptr(row[DB_srptype])
4941 || !TEST_ptr(row[DB_srpgN])
4942 || !TEST_true(TXT_DB_insert(db, row)))
4943 goto end;
4944
4945 row = NULL;
4946
4947 if (!TXT_DB_write(out, db))
4948 goto end;
4949
4950 ret = 1;
4951 end:
4952 if (row != NULL) {
4953 for (i = 0; i < DB_NUMBER; i++)
4954 OPENSSL_free(row[i]);
4955 }
4956 OPENSSL_free(row);
4957 BIO_free(dummy);
4958 BIO_free(out);
4959 TXT_DB_free(db);
4960
4961 return ret;
4962}
4963
4964static int create_new_vbase(char *userid, char *password)
4965{
4966 BIGNUM *verifier = NULL, *salt = NULL;
4967 const SRP_gN *lgN = NULL;
4968 SRP_user_pwd *user_pwd = NULL;
4969 int ret = 0;
4970
4971 lgN = SRP_get_default_gN(NULL);
4972 if (!TEST_ptr(lgN))
4973 goto end;
4974
4975 if (!TEST_true(SRP_create_verifier_BN(userid, password, &salt, &verifier,
4976 lgN->N, lgN->g)))
4977 goto end;
4978
4979 user_pwd = OPENSSL_zalloc(sizeof(*user_pwd));
4980 if (!TEST_ptr(user_pwd))
4981 goto end;
4982
4983 user_pwd->N = lgN->N;
4984 user_pwd->g = lgN->g;
4985 user_pwd->id = OPENSSL_strdup(userid);
4986 if (!TEST_ptr(user_pwd->id))
4987 goto end;
4988
4989 user_pwd->v = verifier;
4990 user_pwd->s = salt;
4991 verifier = salt = NULL;
4992
4993 if (sk_SRP_user_pwd_insert(vbase->users_pwd, user_pwd, 0) == 0)
4994 goto end;
4995 user_pwd = NULL;
4996
4997 ret = 1;
4998end:
4999 SRP_user_pwd_free(user_pwd);
5000 BN_free(salt);
5001 BN_free(verifier);
5002
5003 return ret;
5004}
5005
5006/*
5007 * SRP tests
5008 *
5009 * Test 0: Simple successful SRP connection, new vbase
5010 * Test 1: Connection failure due to bad password, new vbase
5011 * Test 2: Simple successful SRP connection, vbase loaded from existing file
5012 * Test 3: Connection failure due to bad password, vbase loaded from existing
5013 * file
5014 * Test 4: Simple successful SRP connection, vbase loaded from new file
5015 * Test 5: Connection failure due to bad password, vbase loaded from new file
5016 */
5017static int test_srp(int tst)
5018{
5019 char *userid = "test", *password = "password", *tstsrpfile;
5020 SSL_CTX *cctx = NULL, *sctx = NULL;
5021 SSL *clientssl = NULL, *serverssl = NULL;
5022 int ret, testresult = 0;
5023
5024 vbase = SRP_VBASE_new(NULL);
5025 if (!TEST_ptr(vbase))
5026 goto end;
5027
5028 if (tst == 0 || tst == 1) {
5029 if (!TEST_true(create_new_vbase(userid, password)))
5030 goto end;
5031 } else {
5032 if (tst == 4 || tst == 5) {
5033 if (!TEST_true(create_new_vfile(userid, password, tmpfilename)))
5034 goto end;
5035 tstsrpfile = tmpfilename;
5036 } else {
5037 tstsrpfile = srpvfile;
5038 }
5039 if (!TEST_int_eq(SRP_VBASE_init(vbase, tstsrpfile), SRP_NO_ERROR))
5040 goto end;
5041 }
5042
5043 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
5c587fb6 5044 TLS1_VERSION, 0,
76fd7a1d
MC		 5045 &sctx, &cctx, cert, privkey)))
5046 goto end;
5047
5048 if (!TEST_int_gt(SSL_CTX_set_srp_username_callback(sctx, ssl_srp_cb), 0)
5049 || !TEST_true(SSL_CTX_set_cipher_list(cctx, "SRP-AES-128-CBC-SHA"))
5050 || !TEST_true(SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION))
5051 || !TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION))
5052 || !TEST_int_gt(SSL_CTX_set_srp_username(cctx, userid), 0))
5053 goto end;
5054
5055 if (tst % 2 == 1) {
5056 if (!TEST_int_gt(SSL_CTX_set_srp_password(cctx, "badpass"), 0))
5057 goto end;
5058 } else {
5059 if (!TEST_int_gt(SSL_CTX_set_srp_password(cctx, password), 0))
5060 goto end;
5061 }
5062
5063 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
5064 NULL, NULL)))
5065 goto end;
5066
5067 ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE);
5068 if (ret) {
5069 if (!TEST_true(tst % 2 == 0))
5070 goto end;
5071 } else {
5072 if (!TEST_true(tst % 2 == 1))
5073 goto end;
5074 }
5075
5076 testresult = 1;
5077
5078 end:
5079 SRP_VBASE_free(vbase);
5080 vbase = NULL;
5081 SSL_free(serverssl);
5082 SSL_free(clientssl);
5083 SSL_CTX_free(sctx);
5084 SSL_CTX_free(cctx);
5085
5086 return testresult;
5087}
5088#endif
5089
5718fe45
MC		 5090static int info_cb_failed = 0;
5091static int info_cb_offset = 0;
5092static int info_cb_this_state = -1;
5093
5094static struct info_cb_states_st {
5095 int where;
5096 const char *statestr;
5097} info_cb_states[][60] = {
5098 {
5099 /* TLSv1.2 server followed by resumption */
5100 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
5101 {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
5102 {SSL_CB_LOOP, "TWSC"}, {SSL_CB_LOOP, "TWSKE"}, {SSL_CB_LOOP, "TWSD"},
5103 {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWSD"}, {SSL_CB_LOOP, "TRCKE"},
5104 {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWST"},
5105 {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
5106 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
5107 {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
5108 {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"},
5109 {SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
5110 {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TRCCS"},
5111 {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
5112 {SSL_CB_EXIT, NULL}, {0, NULL},
5113 }, {
5114 /* TLSv1.2 client followed by resumption */
5115 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
5116 {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"},
5117 {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRSC"}, {SSL_CB_LOOP, "TRSKE"},
5118 {SSL_CB_LOOP, "TRSD"}, {SSL_CB_LOOP, "TWCKE"}, {SSL_CB_LOOP, "TWCCS"},
5119 {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"},
5120 {SSL_CB_LOOP, "TRST"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"},
5121 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL},
5122 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
5123 {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"},
5124 {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"},
5125 {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
5126 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL},
5127 }, {
5128 /* TLSv1.3 server followed by resumption */
5129 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
5130 {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
5131 {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWSC"},
5132 {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"},
5133 {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"},
4af5836b
MC		 5134 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_LOOP, "TWST"},
5135 {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL},
5136 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
5137 {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
5138 {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"},
5139 {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"},
5140 {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
5141 {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {0, NULL},
5718fe45
MC		 5142 }, {
5143 /* TLSv1.3 client followed by resumption */
5144 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
5145 {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"},
5146 {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRSC"},
5147 {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"},
5148 {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
4af5836b
MC		 5149 {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "},
5150 {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "},
5151 {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL},
5718fe45
MC		 5152 {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
5153 {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL},
5154 {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"},
5155 {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
5156 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
4af5836b
MC		 5157 {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
5158 {SSL_CB_EXIT, NULL}, {0, NULL},
5718fe45
MC		 5159 }, {
5160 /* TLSv1.3 server, early_data */
5161 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
5162 {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
5163 {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"},
5164 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
5165 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"},
5166 {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TWEOED"}, {SSL_CB_LOOP, "TRFIN"},
4af5836b 5167 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_LOOP, "TWST"},
5718fe45
MC		 5168 {SSL_CB_EXIT, NULL}, {0, NULL},
5169 }, {
5170 /* TLSv1.3 client, early_data */
5171 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
5172 {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TWCCS"},
5173 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
5174 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"},
5175 {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"},
5176 {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TPEDE"}, {SSL_CB_LOOP, "TWEOED"},
5177 {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
4af5836b
MC		 5178 {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "},
5179 {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {0, NULL},
5718fe45
MC		 5180 }, {
5181 {0, NULL},
5182 }
5183};
5184
5185static void sslapi_info_callback(const SSL *s, int where, int ret)
5186{
5187 struct info_cb_states_st *state = info_cb_states[info_cb_offset];
5188
5189 /* We do not ever expect a connection to fail in this test */
5190 if (!TEST_false(ret == 0)) {
5191 info_cb_failed = 1;
5192 return;
5193 }
5194
5195 /*
5196 * Do some sanity checks. We never expect these things to happen in this
5197 * test
5198 */
5199 if (!TEST_false((SSL_is_server(s) && (where & SSL_ST_CONNECT) != 0))
5200 || !TEST_false(!SSL_is_server(s) && (where & SSL_ST_ACCEPT) != 0)
5201 || !TEST_int_ne(state[++info_cb_this_state].where, 0)) {
5202 info_cb_failed = 1;
5203 return;
5204 }
5205
5206 /* Now check we're in the right state */
5207 if (!TEST_true((where & state[info_cb_this_state].where) != 0)) {
5208 info_cb_failed = 1;
5209 return;
5210 }
5211 if ((where & SSL_CB_LOOP) != 0
5212 && !TEST_int_eq(strcmp(SSL_state_string(s),
5213 state[info_cb_this_state].statestr), 0)) {
5214 info_cb_failed = 1;
5215 return;
5216 }
033c181b 5217
4af5836b
MC		 5218 /*
5219 * Check that, if we've got SSL_CB_HANDSHAKE_DONE we are not in init
5220 */
5221 if ((where & SSL_CB_HANDSHAKE_DONE)
5222 && SSL_in_init((SSL *)s) != 0) {
033c181b
MC		 5223 info_cb_failed = 1;
5224 return;
5225 }
5718fe45
MC		 5226}
5227
5228/*
5229 * Test the info callback gets called when we expect it to.
5230 *
5231 * Test 0: TLSv1.2, server
5232 * Test 1: TLSv1.2, client
5233 * Test 2: TLSv1.3, server
5234 * Test 3: TLSv1.3, client
5235 * Test 4: TLSv1.3, server, early_data
5236 * Test 5: TLSv1.3, client, early_data
5237 */
5238static int test_info_callback(int tst)
5239{
5240 SSL_CTX *cctx = NULL, *sctx = NULL;
5241 SSL *clientssl = NULL, *serverssl = NULL;
5242 SSL_SESSION *clntsess = NULL;
5243 int testresult = 0;
5244 int tlsvers;
5245
5246 if (tst < 2) {
1aac20f5
MC		 5247/* We need either ECDHE or DHE for the TLSv1.2 test to work */
5248#if !defined(OPENSSL_NO_TLS1_2) && (!defined(OPENSSL_NO_EC) \
5249 || !defined(OPENSSL_NO_DH))
5718fe45
MC		 5250 tlsvers = TLS1_2_VERSION;
5251#else
5252 return 1;
5253#endif
5254 } else {
5255#ifndef OPENSSL_NO_TLS1_3
5256 tlsvers = TLS1_3_VERSION;
5257#else
5258 return 1;
5259#endif
5260 }
5261
5262 /* Reset globals */
5263 info_cb_failed = 0;
5264 info_cb_this_state = -1;
5265 info_cb_offset = tst;
5266
6e07834c 5267#ifndef OPENSSL_NO_TLS1_3
5718fe45
MC		 5268 if (tst >= 4) {
5269 SSL_SESSION *sess = NULL;
5270 size_t written, readbytes;
5271 unsigned char buf[80];
5272
5273 /* early_data tests */
5274 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
5275 &serverssl, &sess, 0)))
5276 goto end;
5277
5278 /* We don't actually need this reference */
5279 SSL_SESSION_free(sess);
5280
5281 SSL_set_info_callback((tst % 2) == 0 ? serverssl : clientssl,
5282 sslapi_info_callback);
5283
5284 /* Write and read some early data and then complete the connection */
5285 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
5286 &written))
5287 || !TEST_size_t_eq(written, strlen(MSG1))
5288 || !TEST_int_eq(SSL_read_early_data(serverssl, buf,
5289 sizeof(buf), &readbytes),
5290 SSL_READ_EARLY_DATA_SUCCESS)
5291 || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
5292 || !TEST_int_eq(SSL_get_early_data_status(serverssl),
5293 SSL_EARLY_DATA_ACCEPTED)
5294 || !TEST_true(create_ssl_connection(serverssl, clientssl,
5295 SSL_ERROR_NONE))
5296 || !TEST_false(info_cb_failed))
5297 goto end;
5298
5299 testresult = 1;
5300 goto end;
5301 }
6e07834c 5302#endif
5718fe45
MC		 5303
5304 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
5305 TLS_client_method(),
5306 tlsvers, tlsvers, &sctx, &cctx, cert,
5307 privkey)))
5308 goto end;
5309
5310 /*
5311 * For even numbered tests we check the server callbacks. For odd numbers we
5312 * check the client.
5313 */
5314 SSL_CTX_set_info_callback((tst % 2) == 0 ? sctx : cctx,
5315 sslapi_info_callback);
5316
5317 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
5318 &clientssl, NULL, NULL))
5319 || !TEST_true(create_ssl_connection(serverssl, clientssl,
5320 SSL_ERROR_NONE))
5321 || !TEST_false(info_cb_failed))
5322 goto end;
5323
5324
5325
5326 clntsess = SSL_get1_session(clientssl);
5327 SSL_shutdown(clientssl);
5328 SSL_shutdown(serverssl);
5329 SSL_free(serverssl);
5330 SSL_free(clientssl);
5331 serverssl = clientssl = NULL;
5332
5333 /* Now do a resumption */
5334 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
5335 NULL))
5336 || !TEST_true(SSL_set_session(clientssl, clntsess))
5337 || !TEST_true(create_ssl_connection(serverssl, clientssl,
5338 SSL_ERROR_NONE))
5339 || !TEST_true(SSL_session_reused(clientssl))
5340 || !TEST_false(info_cb_failed))
5341 goto end;
5342
5343 testresult = 1;
5344
5345 end:
5346 SSL_free(serverssl);
5347 SSL_free(clientssl);
5348 SSL_SESSION_free(clntsess);
5349 SSL_CTX_free(sctx);
5350 SSL_CTX_free(cctx);
5351 return testresult;
5352}
5353
4a432af8
MC		 5354static int test_ssl_pending(int tst)
5355{
5356 SSL_CTX *cctx = NULL, *sctx = NULL;
5357 SSL *clientssl = NULL, *serverssl = NULL;
5358 int testresult = 0;
5359 char msg[] = "A test message";
5360 char buf[5];
5361 size_t written, readbytes;
5362
5363 if (tst == 0) {
5364 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
5365 TLS_client_method(),
5c587fb6 5366 TLS1_VERSION, 0,
4a432af8
MC		 5367 &sctx, &cctx, cert, privkey)))
5368 goto end;
5369 } else {
5370#ifndef OPENSSL_NO_DTLS
5371 if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
5372 DTLS_client_method(),
5c587fb6 5373 DTLS1_VERSION, 0,
4a432af8
MC		 5374 &sctx, &cctx, cert, privkey)))
5375 goto end;
5376#else
5377 return 1;
5378#endif
5379 }
5380
5381 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
5382 NULL, NULL))
5383 || !TEST_true(create_ssl_connection(serverssl, clientssl,
5384 SSL_ERROR_NONE)))
5385 goto end;
5386
e8251092
MC		 5387 if (!TEST_int_eq(SSL_pending(clientssl), 0)
5388 || !TEST_false(SSL_has_pending(clientssl))
5389 || !TEST_int_eq(SSL_pending(serverssl), 0)
5390 || !TEST_false(SSL_has_pending(serverssl))
5391 || !TEST_true(SSL_write_ex(serverssl, msg, sizeof(msg), &written))
4a432af8
MC		 5392 || !TEST_size_t_eq(written, sizeof(msg))
5393 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
5394 || !TEST_size_t_eq(readbytes, sizeof(buf))
e8251092
MC		 5395 || !TEST_int_eq(SSL_pending(clientssl), (int)(written - readbytes))
5396 || !TEST_true(SSL_has_pending(clientssl)))
4a432af8
MC		 5397 goto end;
5398
5399 testresult = 1;
5400
5401 end:
5402 SSL_free(serverssl);
5403 SSL_free(clientssl);
5404 SSL_CTX_free(sctx);
5405 SSL_CTX_free(cctx);
5406
5407 return testresult;
5408}
5409
e401389a
MC		 5410static struct {
5411 unsigned int maxprot;
5412 const char *clntciphers;
5413 const char *clnttls13ciphers;
5414 const char *srvrciphers;
5415 const char *srvrtls13ciphers;
5416 const char *shared;
5417} shared_ciphers_data[] = {
60155b9a
MC		 5418/*
5419 * We can't establish a connection (even in TLSv1.1) with these ciphersuites if
5420 * TLSv1.3 is enabled but TLSv1.2 is disabled.
5421 */
5422#if defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)
e401389a
MC		 5423 {
5424 TLS1_2_VERSION,
5425 "AES128-SHA:AES256-SHA",
5426 NULL,
5427 "AES256-SHA:DHE-RSA-AES128-SHA",
5428 NULL,
5429 "AES256-SHA"
5430 },
5431 {
5432 TLS1_2_VERSION,
5433 "AES128-SHA:DHE-RSA-AES128-SHA:AES256-SHA",
5434 NULL,
5435 "AES128-SHA:DHE-RSA-AES256-SHA:AES256-SHA",
5436 NULL,
5437 "AES128-SHA:AES256-SHA"
5438 },
5439 {
5440 TLS1_2_VERSION,
5441 "AES128-SHA:AES256-SHA",
5442 NULL,
5443 "AES128-SHA:DHE-RSA-AES128-SHA",
5444 NULL,
5445 "AES128-SHA"
5446 },
60155b9a
MC		 5447#endif
5448/*
5449 * This test combines TLSv1.3 and TLSv1.2 ciphersuites so they must both be
5450 * enabled.
5451 */
5452#if !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_2) \
5453 && !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
e401389a
MC		 5454 {
5455 TLS1_3_VERSION,
5456 "AES128-SHA:AES256-SHA",
5457 NULL,
5458 "AES256-SHA:AES128-SHA256",
5459 NULL,
5460 "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:"
5461 "TLS_AES_128_GCM_SHA256:AES256-SHA"
5462 },
60155b9a
MC		 5463#endif
5464#ifndef OPENSSL_NO_TLS1_3
e401389a
MC		 5465 {
5466 TLS1_3_VERSION,
5467 "AES128-SHA",
5468 "TLS_AES_256_GCM_SHA384",
5469 "AES256-SHA",
5470 "TLS_AES_256_GCM_SHA384",
5471 "TLS_AES_256_GCM_SHA384"
5472 },
5473#endif
5474};
5475
5476static int test_ssl_get_shared_ciphers(int tst)
5477{
5478 SSL_CTX *cctx = NULL, *sctx = NULL;
5479 SSL *clientssl = NULL, *serverssl = NULL;
5480 int testresult = 0;
5481 char buf[1024];
5482
5483 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
5484 TLS_client_method(),
5485 TLS1_VERSION,
5486 shared_ciphers_data[tst].maxprot,
5487 &sctx, &cctx, cert, privkey)))
5488 goto end;
5489
5490 if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
5491 shared_ciphers_data[tst].clntciphers))
5492 || (shared_ciphers_data[tst].clnttls13ciphers != NULL
5493 && !TEST_true(SSL_CTX_set_ciphersuites(cctx,
5494 shared_ciphers_data[tst].clnttls13ciphers)))
5495 || !TEST_true(SSL_CTX_set_cipher_list(sctx,
5496 shared_ciphers_data[tst].srvrciphers))
5497 || (shared_ciphers_data[tst].srvrtls13ciphers != NULL
5498 && !TEST_true(SSL_CTX_set_ciphersuites(sctx,
5499 shared_ciphers_data[tst].srvrtls13ciphers))))
5500 goto end;
5501
5502
5503 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
5504 NULL, NULL))
5505 || !TEST_true(create_ssl_connection(serverssl, clientssl,
5506 SSL_ERROR_NONE)))
5507 goto end;
5508
5509 if (!TEST_ptr(SSL_get_shared_ciphers(serverssl, buf, sizeof(buf)))
5510 || !TEST_int_eq(strcmp(buf, shared_ciphers_data[tst].shared), 0)) {
5511 TEST_info("Shared ciphers are: %s\n", buf);
5512 goto end;
5513 }
5514
5515 testresult = 1;
5516
5517 end:
5518 SSL_free(serverssl);
5519 SSL_free(clientssl);
5520 SSL_CTX_free(sctx);
5521 SSL_CTX_free(cctx);
5522
5523 return testresult;
5524}
5525
d0191fe0 5526static const char *appdata = "Hello World";
61fb5923
MC		 5527static int gen_tick_called, dec_tick_called, tick_key_cb_called;
5528static int tick_key_renew = 0;
5529static SSL_TICKET_RETURN tick_dec_ret = SSL_TICKET_RETURN_ABORT;
d0191fe0
MC		 5530
5531static int gen_tick_cb(SSL *s, void *arg)
5532{
5533 gen_tick_called = 1;
5534
5535 return SSL_SESSION_set1_ticket_appdata(SSL_get_session(s), appdata,
5536 strlen(appdata));
5537}
5538
5539static SSL_TICKET_RETURN dec_tick_cb(SSL *s, SSL_SESSION *ss,
5540 const unsigned char *keyname,
5541 size_t keyname_length,
61fb5923
MC		 5542 SSL_TICKET_STATUS status,
5543 void *arg)
d0191fe0
MC		 5544{
5545 void *tickdata;
5546 size_t tickdlen;
5547
5548 dec_tick_called = 1;
5549
61fb5923
MC		 5550 if (status == SSL_TICKET_EMPTY)
5551 return SSL_TICKET_RETURN_IGNORE_RENEW;
d0191fe0 5552
61fb5923
MC		 5553 if (!TEST_true(status == SSL_TICKET_SUCCESS
5554 || status == SSL_TICKET_SUCCESS_RENEW))
5555 return SSL_TICKET_RETURN_ABORT;
5556
5557 if (!TEST_true(SSL_SESSION_get0_ticket_appdata(ss, &tickdata,
5558 &tickdlen))
d0191fe0
MC		 5559 || !TEST_size_t_eq(tickdlen, strlen(appdata))
5560 || !TEST_int_eq(memcmp(tickdata, appdata, tickdlen), 0))
61fb5923 5561 return SSL_TICKET_RETURN_ABORT;
d0191fe0 5562
61fb5923
MC		 5563 if (tick_key_cb_called) {
5564 /* Don't change what the ticket key callback wanted to do */
5565 switch (status) {
5566 case SSL_TICKET_NO_DECRYPT:
5567 return SSL_TICKET_RETURN_IGNORE_RENEW;
5568
5569 case SSL_TICKET_SUCCESS:
5570 return SSL_TICKET_RETURN_USE;
d0191fe0 5571
61fb5923
MC		 5572 case SSL_TICKET_SUCCESS_RENEW:
5573 return SSL_TICKET_RETURN_USE_RENEW;
5574
5575 default:
5576 return SSL_TICKET_RETURN_ABORT;
5577 }
5578 }
5579 return tick_dec_ret;
5580
5581}
d0191fe0
MC		 5582
5583static int tick_key_cb(SSL *s, unsigned char key_name[16],
5584 unsigned char iv[EVP_MAX_IV_LENGTH], EVP_CIPHER_CTX *ctx,
5585 HMAC_CTX *hctx, int enc)
5586{
5587 const unsigned char tick_aes_key[16] = "0123456789abcdef";
5588 const unsigned char tick_hmac_key[16] = "0123456789abcdef";
5589
61fb5923 5590 tick_key_cb_called = 1;
d0191fe0
MC		 5591 memset(iv, 0, AES_BLOCK_SIZE);
5592 memset(key_name, 0, 16);
5593 if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, tick_aes_key, iv, enc)
5594 || !HMAC_Init_ex(hctx, tick_hmac_key, sizeof(tick_hmac_key),
5595 EVP_sha256(), NULL))
5596 return -1;
5597
61fb5923 5598 return tick_key_renew ? 2 : 1;
d0191fe0
MC		 5599}
5600
5601/*
5602 * Test the various ticket callbacks
61fb5923
MC		 5603 * Test 0: TLSv1.2, no ticket key callback, no ticket, no renewal
5604 * Test 1: TLSv1.3, no ticket key callback, no ticket, no renewal
5605 * Test 2: TLSv1.2, no ticket key callback, no ticket, renewal
5606 * Test 3: TLSv1.3, no ticket key callback, no ticket, renewal
5607 * Test 4: TLSv1.2, no ticket key callback, ticket, no renewal
5608 * Test 5: TLSv1.3, no ticket key callback, ticket, no renewal
5609 * Test 6: TLSv1.2, no ticket key callback, ticket, renewal
5610 * Test 7: TLSv1.3, no ticket key callback, ticket, renewal
5611 * Test 8: TLSv1.2, ticket key callback, ticket, no renewal
5612 * Test 9: TLSv1.3, ticket key callback, ticket, no renewal
5613 * Test 10: TLSv1.2, ticket key callback, ticket, renewal
5614 * Test 11: TLSv1.3, ticket key callback, ticket, renewal
d0191fe0
MC		 5615 */
5616static int test_ticket_callbacks(int tst)
5617{
5618 SSL_CTX *cctx = NULL, *sctx = NULL;
5619 SSL *clientssl = NULL, *serverssl = NULL;
5620 SSL_SESSION *clntsess = NULL;
5621 int testresult = 0;
5622
5623#ifdef OPENSSL_NO_TLS1_2
ba8b48e9 5624 if (tst % 2 == 0)
d0191fe0
MC		 5625 return 1;
5626#endif
5627#ifdef OPENSSL_NO_TLS1_3
ba8b48e9 5628 if (tst % 2 == 1)
d0191fe0
MC		 5629 return 1;
5630#endif
5631
61fb5923 5632 gen_tick_called = dec_tick_called = tick_key_cb_called = 0;
d0191fe0
MC		 5633
5634 /* Which tests the ticket key callback should request renewal for */
61fb5923
MC		 5635 if (tst == 10 || tst == 11)
5636 tick_key_renew = 1;
d0191fe0 5637 else
61fb5923
MC		 5638 tick_key_renew = 0;
5639
5640 /* Which tests the decrypt ticket callback should request renewal for */
5641 switch (tst) {
5642 case 0:
5643 case 1:
5644 tick_dec_ret = SSL_TICKET_RETURN_IGNORE;
5645 break;
5646
5647 case 2:
5648 case 3:
5649 tick_dec_ret = SSL_TICKET_RETURN_IGNORE_RENEW;
5650 break;
5651
5652 case 4:
5653 case 5:
5654 tick_dec_ret = SSL_TICKET_RETURN_USE;
5655 break;
5656
5657 case 6:
5658 case 7:
5659 tick_dec_ret = SSL_TICKET_RETURN_USE_RENEW;
5660 break;
5661
5662 default:
5663 tick_dec_ret = SSL_TICKET_RETURN_ABORT;
5664 }
d0191fe0
MC		 5665
5666 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
5667 TLS_client_method(),
5668 TLS1_VERSION,
61fb5923
MC		 5669 ((tst % 2) == 0) ? TLS1_2_VERSION
5670 : TLS1_3_VERSION,
d0191fe0
MC		 5671 &sctx, &cctx, cert, privkey)))
5672 goto end;
5673
61fb5923
MC		 5674 /*
5675 * We only want sessions to resume from tickets - not the session cache. So
5676 * switch the cache off.
5677 */
5678 if (!TEST_true(SSL_CTX_set_session_cache_mode(sctx, SSL_SESS_CACHE_OFF)))
5679 goto end;
5680
d0191fe0
MC		 5681 if (!TEST_true(SSL_CTX_set_session_ticket_cb(sctx, gen_tick_cb, dec_tick_cb,
5682 NULL)))
5683 goto end;
5684
61fb5923 5685 if (tst >= 8
d0191fe0
MC		 5686 && !TEST_true(SSL_CTX_set_tlsext_ticket_key_cb(sctx, tick_key_cb)))
5687 goto end;
5688
5689 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
5690 NULL, NULL))
5691 || !TEST_true(create_ssl_connection(serverssl, clientssl,
5692 SSL_ERROR_NONE)))
5693 goto end;
5694
61fb5923
MC		 5695 /*
5696 * The decrypt ticket key callback in TLSv1.2 should be called even though
5697 * we have no ticket yet, because it gets called with a status of
5698 * SSL_TICKET_EMPTY (the client indicates support for tickets but does not
5699 * actually send any ticket data). This does not happen in TLSv1.3 because
5700 * it is not valid to send empty ticket data in TLSv1.3.
5701 */
d0191fe0 5702 if (!TEST_int_eq(gen_tick_called, 1)
61fb5923 5703 || !TEST_int_eq(dec_tick_called, ((tst % 2) == 0) ? 1 : 0))
d0191fe0
MC		 5704 goto end;
5705
5706 gen_tick_called = dec_tick_called = 0;
5707
5708 clntsess = SSL_get1_session(clientssl);
5709 SSL_shutdown(clientssl);
5710 SSL_shutdown(serverssl);
5711 SSL_free(serverssl);
5712 SSL_free(clientssl);
5713 serverssl = clientssl = NULL;
5714
5715 /* Now do a resumption */
5716 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
5717 NULL))
5718 || !TEST_true(SSL_set_session(clientssl, clntsess))
5719 || !TEST_true(create_ssl_connection(serverssl, clientssl,
61fb5923 5720 SSL_ERROR_NONE)))
d0191fe0
MC		 5721 goto end;
5722
61fb5923
MC		 5723 if (tick_dec_ret == SSL_TICKET_RETURN_IGNORE
5724 || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW) {
5725 if (!TEST_false(SSL_session_reused(clientssl)))
5726 goto end;
5727 } else {
5728 if (!TEST_true(SSL_session_reused(clientssl)))
5729 goto end;
5730 }
5731
d0191fe0 5732 if (!TEST_int_eq(gen_tick_called,
61fb5923
MC		 5733 (tick_key_renew
5734 || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW
5735 || tick_dec_ret == SSL_TICKET_RETURN_USE_RENEW)
5736 ? 1 : 0)
d0191fe0
MC		 5737 || !TEST_int_eq(dec_tick_called, 1))
5738 goto end;
5739
5740 testresult = 1;
5741
5742 end:
5743 SSL_SESSION_free(clntsess);
5744 SSL_free(serverssl);
5745 SSL_free(clientssl);
5746 SSL_CTX_free(sctx);
5747 SSL_CTX_free(cctx);
5748
5749 return testresult;
5750}
5751
c748834f
MC		 5752/*
5753 * Test bi-directional shutdown.
5754 * Test 0: TLSv1.2
5755 * Test 1: TLSv1.2, server continues to read/write after client shutdown
5756 * Test 2: TLSv1.3, no pending NewSessionTicket messages
5757 * Test 3: TLSv1.3, pending NewSessionTicket messages
80eff008
KR		 5758 * Test 4: TLSv1.3, server continues to read/write after client shutdown, server
5759 * sends key update, client reads it
57d7b988
MC		 5760 * Test 5: TLSv1.3, server continues to read/write after client shutdown, server
5761 * sends CertificateRequest, client reads and ignores it
5762 * Test 6: TLSv1.3, server continues to read/write after client shutdown, client
c748834f
MC		 5763 * doesn't read it
5764 */
5765static int test_shutdown(int tst)
5766{
5767 SSL_CTX *cctx = NULL, *sctx = NULL;
5768 SSL *clientssl = NULL, *serverssl = NULL;
5769 int testresult = 0;
5770 char msg[] = "A test message";
5771 char buf[80];
5772 size_t written, readbytes;
80eff008 5773 SSL_SESSION *sess;
c748834f
MC		 5774
5775#ifdef OPENSSL_NO_TLS1_2
a97d19f7 5776 if (tst <= 1)
c748834f
MC		 5777 return 1;
5778#endif
5779#ifdef OPENSSL_NO_TLS1_3
a97d19f7 5780 if (tst >= 2)
c748834f
MC		 5781 return 1;
5782#endif
5783
5784 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
5785 TLS_client_method(),
5786 TLS1_VERSION,
5787 (tst <= 1) ? TLS1_2_VERSION
5788 : TLS1_3_VERSION,
57d7b988
MC		 5789 &sctx, &cctx, cert, privkey)))
5790 goto end;
5791
5792 if (tst == 5)
5793 SSL_CTX_set_post_handshake_auth(cctx, 1);
5794
5795 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
c748834f
MC		 5796 NULL, NULL)))
5797 goto end;
5798
5799 if (tst == 3) {
5800 if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
80c455d5 5801 SSL_ERROR_NONE, 1))
80eff008
KR		 5802 || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
5803 || !TEST_false(SSL_SESSION_is_resumable(sess)))
c748834f
MC		 5804 goto end;
5805 } else if (!TEST_true(create_ssl_connection(serverssl, clientssl,
80eff008
KR		 5806 SSL_ERROR_NONE))
5807 || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
5808 || !TEST_true(SSL_SESSION_is_resumable(sess))) {
c748834f
MC		 5809 goto end;
5810 }
5811
5812 if (!TEST_int_eq(SSL_shutdown(clientssl), 0))
5813 goto end;
5814
5815 if (tst >= 4) {
5816 /*
5817 * Reading on the server after the client has sent close_notify should
5818 * fail and provide SSL_ERROR_ZERO_RETURN
5819 */
5820 if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
5821 || !TEST_int_eq(SSL_get_error(serverssl, 0),
5822 SSL_ERROR_ZERO_RETURN)
5823 || !TEST_int_eq(SSL_get_shutdown(serverssl),
5824 SSL_RECEIVED_SHUTDOWN)
5825 /*
5826 * Even though we're shutdown on receive we should still be
5827 * able to write.
5828 */
80eff008
KR		 5829 || !TEST_true(SSL_write(serverssl, msg, sizeof(msg))))
5830 goto end;
57d7b988
MC		 5831 if (tst == 4
5832 && !TEST_true(SSL_key_update(serverssl,
5833 SSL_KEY_UPDATE_REQUESTED)))
5834 goto end;
5835 if (tst == 5) {
5836 SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL);
5837 if (!TEST_true(SSL_verify_client_post_handshake(serverssl)))
5838 goto end;
5839 }
5840 if ((tst == 4 || tst == 5)
5841 && !TEST_true(SSL_write(serverssl, msg, sizeof(msg))))
80eff008
KR		 5842 goto end;
5843 if (!TEST_int_eq(SSL_shutdown(serverssl), 1))
c748834f 5844 goto end;
57d7b988 5845 if (tst == 4 || tst == 5) {
80eff008 5846 /* Should still be able to read data from server */
c748834f 5847 if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf),
80eff008
KR		 5848 &readbytes))
5849 || !TEST_size_t_eq(readbytes, sizeof(msg))
5850 || !TEST_int_eq(memcmp(msg, buf, readbytes), 0)
5851 || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf),
5852 &readbytes))
c748834f
MC		 5853 || !TEST_size_t_eq(readbytes, sizeof(msg))
5854 || !TEST_int_eq(memcmp(msg, buf, readbytes), 0))
5855 goto end;
5856 }
5857 }
5858
5859 /* Writing on the client after sending close_notify shouldn't be possible */
ba709049 5860 if (!TEST_false(SSL_write_ex(clientssl, msg, sizeof(msg), &written)))
c748834f
MC		 5861 goto end;
5862
5863 if (tst < 4) {
5864 /*
5865 * For these tests the client has sent close_notify but it has not yet
5866 * been received by the server. The server has not sent close_notify
5867 * yet.
5868 */
5869 if (!TEST_int_eq(SSL_shutdown(serverssl), 0)
ba709049
MC		 5870 /*
5871 * Writing on the server after sending close_notify shouldn't
5872 * be possible.
5873 */
5874 || !TEST_false(SSL_write_ex(serverssl, msg, sizeof(msg), &written))
c748834f 5875 || !TEST_int_eq(SSL_shutdown(clientssl), 1)
80eff008
KR		 5876 || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
5877 || !TEST_true(SSL_SESSION_is_resumable(sess))
c748834f
MC		 5878 || !TEST_int_eq(SSL_shutdown(serverssl), 1))
5879 goto end;
57d7b988 5880 } else if (tst == 4 || tst == 5) {
c748834f
MC		 5881 /*
5882 * In this test the client has sent close_notify and it has been
5883 * received by the server which has responded with a close_notify. The
358ffa05 5884 * client needs to read the close_notify sent by the server.
c748834f 5885 */
80eff008
KR		 5886 if (!TEST_int_eq(SSL_shutdown(clientssl), 1)
5887 || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
5888 || !TEST_true(SSL_SESSION_is_resumable(sess)))
c748834f 5889 goto end;
358ffa05
MC		 5890 } else {
5891 /*
57d7b988 5892 * tst == 6
358ffa05
MC		 5893 *
5894 * The client has sent close_notify and is expecting a close_notify
5895 * back, but instead there is application data first. The shutdown
5896 * should fail with a fatal error.
5897 */
5898 if (!TEST_int_eq(SSL_shutdown(clientssl), -1)
5899 || !TEST_int_eq(SSL_get_error(clientssl, -1), SSL_ERROR_SSL))
5900 goto end;
c748834f
MC		 5901 }
5902
5903 testresult = 1;
5904
5905 end:
5906 SSL_free(serverssl);
5907 SSL_free(clientssl);
5908 SSL_CTX_free(sctx);
5909 SSL_CTX_free(cctx);
5910
5911 return testresult;
5912}
5913
7f1d923a 5914#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3)
cd6fe29f
MC		 5915static int cert_cb_cnt;
5916
5917static int cert_cb(SSL *s, void *arg)
5918{
5919 SSL_CTX *ctx = (SSL_CTX *)arg;
5920
5921 if (cert_cb_cnt == 0) {
5922 /* Suspend the handshake */
5923 cert_cb_cnt++;
5924 return -1;
5925 } else if (cert_cb_cnt == 1) {
5926 /*
5927 * Update the SSL_CTX, set the certificate and private key and then
5928 * continue the handshake normally.
5929 */
5930 if (ctx != NULL && !TEST_ptr(SSL_set_SSL_CTX(s, ctx)))
5931 return 0;
5932
5933 if (!TEST_true(SSL_use_certificate_file(s, cert, SSL_FILETYPE_PEM))
5934 || !TEST_true(SSL_use_PrivateKey_file(s, privkey,
5935 SSL_FILETYPE_PEM))
5936 || !TEST_true(SSL_check_private_key(s)))
5937 return 0;
5938 cert_cb_cnt++;
5939 return 1;
5940 }
5941
5942 /* Abort the handshake */
5943 return 0;
5944}
5945
5946/*
5947 * Test the certificate callback.
5948 * Test 0: Callback fails
5949 * Test 1: Success - no SSL_set_SSL_CTX() in the callback
5950 * Test 2: Success - SSL_set_SSL_CTX() in the callback
5951 */
5952static int test_cert_cb_int(int prot, int tst)
5953{
5954 SSL_CTX *cctx = NULL, *sctx = NULL, *snictx = NULL;
5955 SSL *clientssl = NULL, *serverssl = NULL;
5956 int testresult = 0, ret;
5957
5958 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
5959 TLS_client_method(),
5960 TLS1_VERSION,
5961 prot,
5962 &sctx, &cctx, NULL, NULL)))
5963 goto end;
5964
5965 if (tst == 0)
5966 cert_cb_cnt = -1;
5967 else
5968 cert_cb_cnt = 0;
5969 if (tst == 2)
5970 snictx = SSL_CTX_new(TLS_server_method());
5971 SSL_CTX_set_cert_cb(sctx, cert_cb, snictx);
5972
5973 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
5974 NULL, NULL)))
5975 goto end;
5976
5977 ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE);
5978 if (!TEST_true(tst == 0 ? !ret : ret)
5979 || (tst > 0 && !TEST_int_eq(cert_cb_cnt, 2))) {
5980 goto end;
5981 }
5982
5983 testresult = 1;
5984
5985 end:
5986 SSL_free(serverssl);
5987 SSL_free(clientssl);
5988 SSL_CTX_free(sctx);
5989 SSL_CTX_free(cctx);
5990 SSL_CTX_free(snictx);
5991
5992 return testresult;
5993}
7f1d923a 5994#endif
cd6fe29f
MC		 5995
5996static int test_cert_cb(int tst)
5997{
5998 int testresult = 1;
5999
6000#ifndef OPENSSL_NO_TLS1_2
6001 testresult &= test_cert_cb_int(TLS1_2_VERSION, tst);
6002#endif
7f1d923a 6003#ifndef OPENSSL_NO_TLS1_3
cd6fe29f
MC		 6004 testresult &= test_cert_cb_int(TLS1_3_VERSION, tst);
6005#endif
6006
6007 return testresult;
6008}
6009
6e46c065
MC		 6010static int client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
6011{
6012 X509 *xcert, *peer;
6013 EVP_PKEY *privpkey;
6014 BIO *in = NULL;
6015
6016 /* Check that SSL_get_peer_certificate() returns something sensible */
6017 peer = SSL_get_peer_certificate(ssl);
6018 if (!TEST_ptr(peer))
6019 return 0;
6020 X509_free(peer);
6021
6022 in = BIO_new_file(cert, "r");
6023 if (!TEST_ptr(in))
6024 return 0;
6025
6026 xcert = PEM_read_bio_X509(in, NULL, NULL, NULL);
6027 BIO_free(in);
6028 if (!TEST_ptr(xcert))
6029 return 0;
6030
6031 in = BIO_new_file(privkey, "r");
6032 if (!TEST_ptr(in)) {
6033 X509_free(xcert);
6034 return 0;
6035 }
6036
6037 privpkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
6038 BIO_free(in);
6039 if (!TEST_ptr(privpkey)) {
6040 X509_free(xcert);
6041 return 0;
6042 }
6043
6044 *x509 = xcert;
6045 *pkey = privpkey;
6046
6047 return 1;
6048}
6049
6050static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
6051{
6052 return 1;
6053}
6054
6055static int test_client_cert_cb(int tst)
6056{
6057 SSL_CTX *cctx = NULL, *sctx = NULL;
6058 SSL *clientssl = NULL, *serverssl = NULL;
6059 int testresult = 0;
6060
6061#ifdef OPENSSL_NO_TLS1_2
6062 if (tst == 0)
6063 return 1;
6064#endif
6065#ifdef OPENSSL_NO_TLS1_3
6066 if (tst == 1)
6067 return 1;
6068#endif
6069
6070 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
6071 TLS_client_method(),
6072 TLS1_VERSION,
6073 tst == 0 ? TLS1_2_VERSION
6074 : TLS1_3_VERSION,
6075 &sctx, &cctx, cert, privkey)))
6076 goto end;
6077
6078 /*
6079 * Test that setting a client_cert_cb results in a client certificate being
6080 * sent.
6081 */
6082 SSL_CTX_set_client_cert_cb(cctx, client_cert_cb);
6083 SSL_CTX_set_verify(sctx,
6084 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
6085 verify_cb);
fb8c8359
MC		 6086
6087 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
6088 NULL, NULL))
6089 || !TEST_true(create_ssl_connection(serverssl, clientssl,
6090 SSL_ERROR_NONE)))
6091 goto end;
6092
6093 testresult = 1;
6094
6095 end:
6096 SSL_free(serverssl);
6097 SSL_free(clientssl);
6098 SSL_CTX_free(sctx);
6099 SSL_CTX_free(cctx);
6100
6101 return testresult;
6102}
6103
6104#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3)
6105/*
6106 * Test setting certificate authorities on both client and server.
6107 *
6108 * Test 0: SSL_CTX_set0_CA_list() only
6109 * Test 1: Both SSL_CTX_set0_CA_list() and SSL_CTX_set_client_CA_list()
6110 * Test 2: Only SSL_CTX_set_client_CA_list()
6111 */
6112static int test_ca_names_int(int prot, int tst)
6113{
6114 SSL_CTX *cctx = NULL, *sctx = NULL;
6115 SSL *clientssl = NULL, *serverssl = NULL;
6116 int testresult = 0;
6117 size_t i;
6118 X509_NAME *name[] = { NULL, NULL, NULL, NULL };
6119 char *strnames[] = { "Jack", "Jill", "John", "Joanne" };
6120 STACK_OF(X509_NAME) *sk1 = NULL, *sk2 = NULL;
6121 const STACK_OF(X509_NAME) *sktmp = NULL;
6122
6123 for (i = 0; i < OSSL_NELEM(name); i++) {
6124 name[i] = X509_NAME_new();
6125 if (!TEST_ptr(name[i])
6126 || !TEST_true(X509_NAME_add_entry_by_txt(name[i], "CN",
6127 MBSTRING_ASC,
6128 (unsigned char *)
6129 strnames[i],
6130 -1, -1, 0)))
6131 goto end;
6132 }
6133
6134 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
6135 TLS_client_method(),
6136 TLS1_VERSION,
6137 prot,
6138 &sctx, &cctx, cert, privkey)))
6139 goto end;
6140
6141 SSL_CTX_set_verify(sctx, SSL_VERIFY_PEER, NULL);
6142
6143 if (tst == 0 || tst == 1) {
6144 if (!TEST_ptr(sk1 = sk_X509_NAME_new_null())
6145 || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[0])))
6146 || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[1])))
6147 || !TEST_ptr(sk2 = sk_X509_NAME_new_null())
6148 || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[0])))
6149 || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[1]))))
6150 goto end;
6151
6152 SSL_CTX_set0_CA_list(sctx, sk1);
6153 SSL_CTX_set0_CA_list(cctx, sk2);
6154 sk1 = sk2 = NULL;
6155 }
6156 if (tst == 1 || tst == 2) {
6157 if (!TEST_ptr(sk1 = sk_X509_NAME_new_null())
6158 || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[2])))
6159 || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[3])))
6160 || !TEST_ptr(sk2 = sk_X509_NAME_new_null())
6161 || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[2])))
6162 || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[3]))))
6163 goto end;
6164
6165 SSL_CTX_set_client_CA_list(sctx, sk1);
6166 SSL_CTX_set_client_CA_list(cctx, sk2);
6167 sk1 = sk2 = NULL;
6168 }
6169
6e46c065
MC		 6170 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
6171 NULL, NULL))
6172 || !TEST_true(create_ssl_connection(serverssl, clientssl,
6173 SSL_ERROR_NONE)))
6174 goto end;
6175
fb8c8359
MC		 6176 /*
6177 * We only expect certificate authorities to have been sent to the server
6178 * if we are using TLSv1.3 and SSL_set0_CA_list() was used
6179 */
6180 sktmp = SSL_get0_peer_CA_list(serverssl);
6181 if (prot == TLS1_3_VERSION
6182 && (tst == 0 || tst == 1)) {
6183 if (!TEST_ptr(sktmp)
6184 || !TEST_int_eq(sk_X509_NAME_num(sktmp), 2)
6185 || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 0),
6186 name[0]), 0)
6187 || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 1),
6188 name[1]), 0))
6189 goto end;
6190 } else if (!TEST_ptr_null(sktmp)) {
6191 goto end;
6192 }
6193
6194 /*
6195 * In all tests we expect certificate authorities to have been sent to the
6196 * client. However, SSL_set_client_CA_list() should override
6197 * SSL_set0_CA_list()
6198 */
6199 sktmp = SSL_get0_peer_CA_list(clientssl);
6200 if (!TEST_ptr(sktmp)
6201 || !TEST_int_eq(sk_X509_NAME_num(sktmp), 2)
6202 || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 0),
6203 name[tst == 0 ? 0 : 2]), 0)
6204 || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 1),
6205 name[tst == 0 ? 1 : 3]), 0))
6206 goto end;
6207
6e46c065
MC		 6208 testresult = 1;
6209
6210 end:
6211 SSL_free(serverssl);
6212 SSL_free(clientssl);
6213 SSL_CTX_free(sctx);
6214 SSL_CTX_free(cctx);
fb8c8359
MC		 6215 for (i = 0; i < OSSL_NELEM(name); i++)
6216 X509_NAME_free(name[i]);
6217 sk_X509_NAME_pop_free(sk1, X509_NAME_free);
6218 sk_X509_NAME_pop_free(sk2, X509_NAME_free);
6219
6220 return testresult;
6221}
6222#endif
6223
6224static int test_ca_names(int tst)
6225{
6226 int testresult = 1;
6227
6228#ifndef OPENSSL_NO_TLS1_2
6229 testresult &= test_ca_names_int(TLS1_2_VERSION, tst);
6230#endif
6231#ifndef OPENSSL_NO_TLS1_3
6232 testresult &= test_ca_names_int(TLS1_3_VERSION, tst);
6233#endif
6e46c065
MC		 6234
6235 return testresult;
6236}
6237
a43ce58f
SL		 6238
6239OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile\n")
6240
ad887416 6241int setup_tests(void)
2cb4b5f6 6242{
ad887416 6243 if (!TEST_ptr(cert = test_get_argument(0))
76fd7a1d
MC		 6244 || !TEST_ptr(privkey = test_get_argument(1))
6245 || !TEST_ptr(srpvfile = test_get_argument(2))
6246 || !TEST_ptr(tmpfilename = test_get_argument(3)))
710756a9 6247 return 0;
2cb4b5f6 6248
f297e4ec
RS		 6249 if (getenv("OPENSSL_TEST_GETCOUNTS") != NULL) {
6250#ifdef OPENSSL_NO_CRYPTO_MDEBUG
6251 TEST_error("not supported in this build");
6252 return 0;
6253#else
6254 int i, mcount, rcount, fcount;
6255
6256 for (i = 0; i < 4; i++)
6257 test_export_key_mat(i);
6258 CRYPTO_get_alloc_counts(&mcount, &rcount, &fcount);
6259 test_printf_stdout("malloc %d realloc %d free %d\n",
6260 mcount, rcount, fcount);
6261 return 1;
6262#endif
6263 }
6264
5e9072ed
MC		 6265#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS) \
6266 && !defined(OPENSSL_NO_SOCK)
2fab79af
BP		 6267 ADD_TEST(test_ktls_no_txrx_client_no_txrx_server);
6268 ADD_TEST(test_ktls_no_rx_client_no_txrx_server);
6269 ADD_TEST(test_ktls_no_tx_client_no_txrx_server);
6270 ADD_TEST(test_ktls_client_no_txrx_server);
6271 ADD_TEST(test_ktls_no_txrx_client_no_rx_server);
6272 ADD_TEST(test_ktls_no_rx_client_no_rx_server);
6273 ADD_TEST(test_ktls_no_tx_client_no_rx_server);
6274 ADD_TEST(test_ktls_client_no_rx_server);
6275 ADD_TEST(test_ktls_no_txrx_client_no_tx_server);
6276 ADD_TEST(test_ktls_no_rx_client_no_tx_server);
6277 ADD_TEST(test_ktls_no_tx_client_no_tx_server);
6278 ADD_TEST(test_ktls_client_no_tx_server);
6279 ADD_TEST(test_ktls_no_txrx_client_server);
6280 ADD_TEST(test_ktls_no_rx_client_server);
6281 ADD_TEST(test_ktls_no_tx_client_server);
fe5d9450 6282 ADD_TEST(test_ktls_client_server);
fe5d9450 6283#endif
84d5549e 6284 ADD_TEST(test_large_message_tls);
7856332e 6285 ADD_TEST(test_large_message_tls_read_ahead);
55386bef 6286#ifndef OPENSSL_NO_DTLS
84d5549e 6287 ADD_TEST(test_large_message_dtls);
55386bef 6288#endif
8f8c11d8 6289#ifndef OPENSSL_NO_OCSP
c887104f 6290 ADD_TEST(test_tlsext_status_type);
8f8c11d8 6291#endif
eaa776da
MC		 6292 ADD_TEST(test_session_with_only_int_cache);
6293 ADD_TEST(test_session_with_only_ext_cache);
6294 ADD_TEST(test_session_with_both_cache);
36ff232c 6295#ifndef OPENSSL_NO_TLS1_3
04d7814a
MC		 6296 ADD_ALL_TESTS(test_stateful_tickets, 3);
6297 ADD_ALL_TESTS(test_stateless_tickets, 3);
8614a4eb 6298 ADD_TEST(test_psk_tickets);
36ff232c 6299#endif
7fb4c820 6300 ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS);
9a716987
MC		 6301 ADD_TEST(test_ssl_bio_pop_next_bio);
6302 ADD_TEST(test_ssl_bio_pop_ssl_bio);
6303 ADD_TEST(test_ssl_bio_change_rbio);
6304 ADD_TEST(test_ssl_bio_change_wbio);
c423ecaa 6305#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
f1b25aae 6306 ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2);
6acdd3e5 6307 ADD_TEST(test_keylog);
c423ecaa 6308#endif
6acdd3e5
CB		 6309#ifndef OPENSSL_NO_TLS1_3
6310 ADD_TEST(test_keylog_no_master_key);
6311#endif
e9ee6536 6312#ifndef OPENSSL_NO_TLS1_2
a9c0d8be 6313 ADD_TEST(test_client_hello_cb);
088dfa13 6314 ADD_TEST(test_no_ems);
5f982038
MC		 6315#endif
6316#ifndef OPENSSL_NO_TLS1_3
02a3ed5a 6317 ADD_ALL_TESTS(test_early_data_read_write, 3);
78fb5374
MC		 6318 /*
6319 * We don't do replay tests for external PSK. Replay protection isn't used
6320 * in that scenario.
6321 */
6322 ADD_ALL_TESTS(test_early_data_replay, 2);
02a3ed5a
MC		 6323 ADD_ALL_TESTS(test_early_data_skip, 3);
6324 ADD_ALL_TESTS(test_early_data_skip_hrr, 3);
0efa0ba4 6325 ADD_ALL_TESTS(test_early_data_skip_hrr_fail, 3);
0d1b7789 6326 ADD_ALL_TESTS(test_early_data_skip_abort, 3);
02a3ed5a 6327 ADD_ALL_TESTS(test_early_data_not_sent, 3);
57dee9bb 6328 ADD_ALL_TESTS(test_early_data_psk, 8);
02a3ed5a 6329 ADD_ALL_TESTS(test_early_data_not_expected, 3);
5f982038 6330# ifndef OPENSSL_NO_TLS1_2
02a3ed5a 6331 ADD_ALL_TESTS(test_early_data_tls1_2, 3);
5f982038 6332# endif
e9ee6536 6333#endif
a273157a 6334#ifndef OPENSSL_NO_TLS1_3
034cb87b 6335 ADD_ALL_TESTS(test_set_ciphersuite, 10);
ca0413ae 6336 ADD_TEST(test_ciphersuite_change);
c2b290c3
MC		 6337#ifdef OPENSSL_NO_PSK
6338 ADD_ALL_TESTS(test_tls13_psk, 1);
6339#else
0d8da779 6340 ADD_ALL_TESTS(test_tls13_psk, 4);
c2b290c3 6341#endif /* OPENSSL_NO_PSK */
bb01ef3f 6342 ADD_ALL_TESTS(test_custom_exts, 5);
c7b8ff25 6343 ADD_TEST(test_stateless);
9d75dce3 6344 ADD_TEST(test_pha_key_update);
a273157a 6345#else
bb01ef3f 6346 ADD_ALL_TESTS(test_custom_exts, 3);
a273157a 6347#endif
16afd71c 6348 ADD_ALL_TESTS(test_serverinfo, 8);
0fb2815b 6349 ADD_ALL_TESTS(test_export_key_mat, 6);
b38ede80
TT		 6350#ifndef OPENSSL_NO_TLS1_3
6351 ADD_ALL_TESTS(test_export_key_mat_early, 3);
3409a5ff 6352 ADD_TEST(test_key_update);
b38ede80 6353#endif
e11b6aa4 6354 ADD_ALL_TESTS(test_ssl_clear, 2);
cf72c757 6355 ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test));
76fd7a1d
MC		 6356#if !defined(OPENSSL_NO_SRP) && !defined(OPENSSL_NO_TLS1_2)
6357 ADD_ALL_TESTS(test_srp, 6);
6358#endif
5718fe45 6359 ADD_ALL_TESTS(test_info_callback, 6);
4a432af8 6360 ADD_ALL_TESTS(test_ssl_pending, 2);
e401389a 6361 ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data));
61fb5923 6362 ADD_ALL_TESTS(test_ticket_callbacks, 12);
57d7b988 6363 ADD_ALL_TESTS(test_shutdown, 7);
cd6fe29f 6364 ADD_ALL_TESTS(test_cert_cb, 3);
6e46c065 6365 ADD_ALL_TESTS(test_client_cert_cb, 2);
fb8c8359 6366 ADD_ALL_TESTS(test_ca_names, 3);
ad887416
P		 6367 return 1;
6368}
2cb4b5f6 6369
ad887416
P		 6370void cleanup_tests(void)
6371{
fa454945 6372 bio_s_mempacket_test_free();
2cb4b5f6 6373}
A mirror of the official openssl repository