/*
- * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include <openssl/param_build.h>
#include <openssl/x509v3.h>
#include <openssl/dh.h>
+#include <openssl/engine.h>
#include "helpers/ssltestlib.h"
#include "testutil.h"
#include "testutil/output.h"
#include "internal/nelem.h"
+#include "internal/tlsgroups.h"
#include "internal/ktls.h"
#include "../ssl/ssl_local.h"
#include "../ssl/record/methods/recmethod_local.h"
static int use_session_cb_cnt = 0;
static int find_session_cb_cnt = 0;
-
-static SSL_SESSION *create_a_psk(SSL *ssl);
#endif
static char *certsdir = NULL;
static char *dhfile = NULL;
static int is_fips = 0;
+static int fips_ems_check = 0;
#define LOG_BUFFER_SIZE 2048
static char server_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
static X509 *ocspcert = NULL;
#endif
-#define NUM_EXTRA_CERTS 40
#define CLIENT_VERSION_LEN 2
/*
* Now we want to test that our output data was vaguely sensible. We
* do that by using strtok and confirming that we have more or less the
* data we expect. For both client and server, we expect to see one master
- * secret. The client should also see a RSA key exchange.
+ * secret. The client should also see an RSA key exchange.
*/
expected.rsa_key_exchange_count = 1;
expected.master_secret_count = 1;
int *ctr = arg;
const unsigned char *p;
int *exts;
- /* We only configure two ciphers, but the SCSV is added automatically. */
#ifdef OPENSSL_NO_EC
- const unsigned char expected_ciphers[] = {0x00, 0x9d, 0x00, 0xff};
+ const unsigned char expected_ciphers[] = {0x00, 0x9d};
#else
const unsigned char expected_ciphers[] = {0x00, 0x9d, 0xc0,
- 0x2c, 0x00, 0xff};
+ 0x2c};
#endif
const int expected_extensions[] = {
+ 65281,
#ifndef OPENSSL_NO_EC
11, 10,
#endif
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
- int testresult = 0;
+ int testresult = 0, status;
if (!create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS1_2_VERSION,
goto end;
}
- if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) {
- printf("Creating SSL connection failed\n");
- goto end;
- }
-
- if (SSL_get_extms_support(serverssl)) {
- printf("Server reports Extended Master Secret support\n");
- goto end;
- }
-
- if (SSL_get_extms_support(clientssl)) {
- printf("Client reports Extended Master Secret support\n");
- goto end;
+ status = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE);
+ if (fips_ems_check) {
+ if (status == 1) {
+ printf("When FIPS uses the EMS check a connection that doesn't use EMS should fail\n");
+ goto end;
+ }
+ } else {
+ if (!status) {
+ printf("Creating SSL connection failed\n");
+ goto end;
+ }
+ if (SSL_get_extms_support(serverssl)) {
+ printf("Server reports Extended Master Secret support\n");
+ goto end;
+ }
+ if (SSL_get_extms_support(clientssl)) {
+ printf("Client reports Extended Master Secret support\n");
+ goto end;
+ }
}
testresult = 1;
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
- int i;
- BIO *certbio = NULL;
- X509 *chaincert = NULL;
- int certlen;
-
- if (!TEST_ptr(certbio = BIO_new_file(cert, "r")))
- goto end;
-
- if (!TEST_ptr(chaincert = X509_new_ex(libctx, NULL)))
- goto end;
-
- if (PEM_read_bio_X509(certbio, &chaincert, NULL, NULL) == NULL)
- goto end;
- BIO_free(certbio);
- certbio = NULL;
if (!TEST_true(create_ssl_ctx_pair(libctx, smeth, cmeth, min_version,
max_version, &sctx, &cctx, cert,
SSL_CTX_set_read_ahead(cctx, 1);
}
- /*
- * We assume the supplied certificate is big enough so that if we add
- * NUM_EXTRA_CERTS it will make the overall message large enough. The
- * default buffer size is requested to be 16k, but due to the way BUF_MEM
- * works, it ends up allocating a little over 21k (16 * 4/3). So, in this
- * test we need to have a message larger than that.
- */
- certlen = i2d_X509(chaincert, NULL);
- OPENSSL_assert(certlen * NUM_EXTRA_CERTS >
- (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3);
- for (i = 0; i < NUM_EXTRA_CERTS; i++) {
- if (!X509_up_ref(chaincert))
- goto end;
- if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) {
- X509_free(chaincert);
- goto end;
- }
- }
+ if (!ssl_ctx_add_large_cert_chain(libctx, sctx, cert))
+ goto end;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
testresult = 1;
end:
- BIO_free(certbio);
- X509_free(chaincert);
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
goto end;
cbuf[0] = count++;
- memcpy(crec_wseq_before, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE);
+ memcpy(crec_wseq_before, &clientsc->rlayer.wrl->sequence, SEQ_NUM_SIZE);
+ memcpy(srec_wseq_before, &serversc->rlayer.wrl->sequence, SEQ_NUM_SIZE);
memcpy(crec_rseq_before, &clientsc->rlayer.rrl->sequence, SEQ_NUM_SIZE);
- memcpy(srec_wseq_before, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(srec_rseq_before, &serversc->rlayer.rrl->sequence, SEQ_NUM_SIZE);
if (!TEST_true(SSL_write(clientssl, cbuf, sizeof(cbuf)) == sizeof(cbuf)))
}
}
- memcpy(crec_wseq_after, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE);
+ memcpy(crec_wseq_after, &clientsc->rlayer.wrl->sequence, SEQ_NUM_SIZE);
+ memcpy(srec_wseq_after, &serversc->rlayer.wrl->sequence, SEQ_NUM_SIZE);
memcpy(crec_rseq_after, &clientsc->rlayer.rrl->sequence, SEQ_NUM_SIZE);
- memcpy(srec_wseq_after, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(srec_rseq_after, &serversc->rlayer.rrl->sequence, SEQ_NUM_SIZE);
/* verify the payload */
int cfd = -1, sfd = -1;
int rx_supported;
SSL_CONNECTION *clientsc, *serversc;
+ unsigned char *buf = NULL;
+ const size_t bufsz = SSL3_RT_MAX_PLAIN_LENGTH + 16;
+ int ret;
+ size_t offset = 0, i;
- if (!TEST_true(create_test_sockets(&cfd, &sfd)))
+ if (!TEST_true(create_test_sockets(&cfd, &sfd, SOCK_STREAM, NULL)))
goto end;
/* Skip this test if the platform does not support ktls */
if (!TEST_true(ping_pong_query(clientssl, serverssl)))
goto end;
+ buf = OPENSSL_zalloc(bufsz);
+ if (!TEST_ptr(buf))
+ goto end;
+
+ /*
+ * Write some data that exceeds the maximum record length. KTLS may choose
+ * to coalesce this data into a single buffer when we read it again.
+ */
+ while ((ret = SSL_write(clientssl, buf, bufsz)) != (int)bufsz) {
+ if (!TEST_true(SSL_get_error(clientssl, ret) == SSL_ERROR_WANT_WRITE))
+ goto end;
+ }
+
+ /* Now check that we can read all the data we wrote */
+ do {
+ ret = SSL_read(serverssl, buf + offset, bufsz - offset);
+ if (ret <= 0) {
+ if (!TEST_true(SSL_get_error(serverssl, ret) == SSL_ERROR_WANT_READ))
+ goto end;
+ } else {
+ offset += ret;
+ }
+ } while (offset < bufsz);
+
+ if (!TEST_true(offset == bufsz))
+ goto end;
+ for (i = 0; i < bufsz; i++)
+ if (!TEST_true(buf[i] == 0))
+ goto end;
+
testresult = 1;
end:
+ OPENSSL_free(buf);
if (clientssl) {
SSL_shutdown(clientssl);
SSL_free(clientssl);
#define SENDFILE_CHUNK (4 * 4096)
#define min(a,b) ((a) > (b) ? (b) : (a))
-static int execute_test_ktls_sendfile(int tls_version, const char *cipher)
+static int execute_test_ktls_sendfile(int tls_version, const char *cipher,
+ int zerocopy)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
buf = OPENSSL_zalloc(SENDFILE_SZ);
buf_dst = OPENSSL_zalloc(SENDFILE_SZ);
if (!TEST_ptr(buf) || !TEST_ptr(buf_dst)
- || !TEST_true(create_test_sockets(&cfd, &sfd)))
+ || !TEST_true(create_test_sockets(&cfd, &sfd, SOCK_STREAM, NULL)))
goto end;
/* Skip this test if the platform does not support ktls */
if (!TEST_true(SSL_set_options(serverssl, SSL_OP_ENABLE_KTLS)))
goto end;
+ if (zerocopy) {
+ if (!TEST_true(SSL_set_options(serverssl,
+ SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE)))
+ goto end;
+ }
+
if (!TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
{ TLS1_2_VERSION, "AES256-GCM-SHA384"},
# endif
# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+# ifndef OPENSSL_NO_EC
{ TLS1_2_VERSION, "ECDHE-RSA-CHACHA20-POLY1305"},
+# endif
# endif
# endif
# if !defined(OSSL_NO_USABLE_TLS1_3)
cipher->cipher);
}
-static int test_ktls_sendfile(int tst)
+static int test_ktls_sendfile(int test)
{
struct ktls_test_cipher *cipher;
+ int tst = test >> 1;
OPENSSL_assert(tst < (int)NUM_KTLS_TEST_CIPHERS);
cipher = &ktls_test_ciphers[tst];
- return execute_test_ktls_sendfile(cipher->tls_version, cipher->cipher);
+ return execute_test_ktls_sendfile(cipher->tls_version, cipher->cipher,
+ test & 1);
}
#endif
}
#endif
+/*
+ * Test we can successfully send the maximum amount of application data. We
+ * test each protocol version individually, each with and without EtM enabled.
+ * TLSv1.3 doesn't use EtM so technically it is redundant to test both but it is
+ * simpler this way. We also test all combinations with and without the
+ * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option which affects the size of the
+ * underlying buffer.
+ */
+static int test_large_app_data(int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0, prot;
+ unsigned char *msg, *buf = NULL;
+ size_t written, readbytes;
+ const SSL_METHOD *smeth = TLS_server_method();
+ const SSL_METHOD *cmeth = TLS_client_method();
+
+ switch (tst >> 2) {
+ case 0:
+#ifndef OSSL_NO_USABLE_TLS1_3
+ prot = TLS1_3_VERSION;
+ break;
+#else
+ return 1;
+#endif
+
+ case 1:
+#ifndef OPENSSL_NO_TLS1_2
+ prot = TLS1_2_VERSION;
+ break;
+#else
+ return 1;
+#endif
+
+ case 2:
+#ifndef OPENSSL_NO_TLS1_1
+ prot = TLS1_1_VERSION;
+ break;
+#else
+ return 1;
+#endif
+
+ case 3:
+#ifndef OPENSSL_NO_TLS1
+ prot = TLS1_VERSION;
+ break;
+#else
+ return 1;
+#endif
+
+ case 4:
+#ifndef OPENSSL_NO_SSL3
+ prot = SSL3_VERSION;
+ break;
+#else
+ return 1;
+#endif
+
+ case 5:
+#ifndef OPENSSL_NO_DTLS1_2
+ prot = DTLS1_2_VERSION;
+ smeth = DTLS_server_method();
+ cmeth = DTLS_client_method();
+ break;
+#else
+ return 1;
+#endif
+
+ case 6:
+#ifndef OPENSSL_NO_DTLS1
+ prot = DTLS1_VERSION;
+ smeth = DTLS_server_method();
+ cmeth = DTLS_client_method();
+ break;
+#else
+ return 1;
+#endif
+
+ default:
+ /* Shouldn't happen */
+ return 0;
+ }
+
+ if ((prot < TLS1_2_VERSION || prot == DTLS1_VERSION) && is_fips)
+ return 1;
+
+ /* Maximal sized message of zeros */
+ msg = OPENSSL_zalloc(SSL3_RT_MAX_PLAIN_LENGTH);
+ if (!TEST_ptr(msg))
+ goto end;
+
+ buf = OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH + 1);
+ if (!TEST_ptr(buf))
+ goto end;
+ /* Set whole buffer to all bits set */
+ memset(buf, 0xff, SSL3_RT_MAX_PLAIN_LENGTH + 1);
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, smeth, cmeth, prot, prot,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (prot < TLS1_2_VERSION || prot == DTLS1_VERSION) {
+ /* Older protocol versions need SECLEVEL=0 due to SHA1 usage */
+ if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "DEFAULT:@SECLEVEL=0"))
+ || !TEST_true(SSL_CTX_set_cipher_list(sctx,
+ "DEFAULT:@SECLEVEL=0")))
+ goto end;
+ }
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL)))
+ goto end;
+
+ if ((tst & 1) != 0) {
+ /* Setting this option gives us a minimally sized underlying buffer */
+ if (!TEST_true(SSL_set_options(serverssl,
+ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+ || !TEST_true(SSL_set_options(clientssl,
+ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)))
+ goto end;
+ }
+
+ if ((tst & 2) != 0) {
+ /*
+ * Setting this option means the MAC is added before encryption
+ * giving us a larger record for the encryption process
+ */
+ if (!TEST_true(SSL_set_options(serverssl, SSL_OP_NO_ENCRYPT_THEN_MAC))
+ || !TEST_true(SSL_set_options(clientssl,
+ SSL_OP_NO_ENCRYPT_THEN_MAC)))
+ goto end;
+ }
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ if (!TEST_true(SSL_write_ex(clientssl, msg, SSL3_RT_MAX_PLAIN_LENGTH,
+ &written))
+ || !TEST_size_t_eq(written, SSL3_RT_MAX_PLAIN_LENGTH))
+ goto end;
+
+ /* We provide a buffer slightly larger than what we are actually expecting */
+ if (!TEST_true(SSL_read_ex(serverssl, buf, SSL3_RT_MAX_PLAIN_LENGTH + 1,
+ &readbytes)))
+ goto end;
+
+ if (!TEST_mem_eq(msg, written, buf, readbytes))
+ goto end;
+
+ testresult = 1;
+end:
+ OPENSSL_free(msg);
+ OPENSSL_free(buf);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ return testresult;
+}
+
+#if !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3) \
+ || !defined(OPENSSL_NO_DTLS)
static int execute_cleanse_plaintext(const SSL_METHOD *smeth,
const SSL_METHOD *cmeth,
int min_version, int max_version)
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
- void *zbuf;
+ const unsigned char *zbuf;
SSL_CONNECTION *serversc;
TLS_RECORD *rr;
privkey)))
goto end;
-#ifdef OPENSSL_NO_DTLS1_2
- if (smeth == DTLS_server_method()) {
# ifdef OPENSSL_NO_DTLS1_2
+ if (smeth == DTLS_server_method()) {
/* Not supported in the FIPS provider */
if (is_fips) {
testresult = 1;
goto end;
};
-# endif
/*
* Default sigalgs are SHA1 based in <DTLS1.2 which is in security
* level 0
"DEFAULT:@SECLEVEL=0")))
goto end;
}
-#endif
+# endif
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
return testresult;
}
+#endif /*
+ * !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3)
+ * || !defined(OPENSSL_NO_DTLS)
+ */
static int test_cleanse_plaintext(void)
{
*/
if (use_int_cache && maxprot != TLS1_3_VERSION) {
if (!TEST_ptr(tmp = SSL_SESSION_dup(sess2))
- || !TEST_true(SSL_CTX_remove_session(sctx, sess2)))
+ || !TEST_true(sess2->owner != NULL)
+ || !TEST_true(tmp->owner == NULL)
+ || !TEST_true(SSL_CTX_remove_session(sctx, sess2)))
goto end;
SSL_SESSION_free(sess2);
}
#endif
}
-
#ifndef OSSL_NO_USABLE_TLS1_3
static SSL_SESSION *sesscache[6];
static int do_cache;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
goto end;
- clientpsk = serverpsk = create_a_psk(clientssl);
+ clientpsk = serverpsk = create_a_psk(clientssl, SHA384_DIGEST_LENGTH);
if (!TEST_ptr(clientpsk))
goto end;
SSL_SESSION_up_ref(clientpsk);
{validlist3, OSSL_NELEM(validlist3), NULL, 1, 0},
# endif
{NULL, 0, "RSA+SHA256", 1, 1},
+ {NULL, 0, "RSA+SHA256:?Invalid", 1, 1},
# ifndef OPENSSL_NO_EC
{NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
{NULL, 0, "ECDSA+SHA512", 1, 0},
#define MSG6 "test"
#define MSG7 "message."
-#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01")
-#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02")
-#define TLS13_CHACHA20_POLY1305_SHA256_BYTES ((const unsigned char *)"\x13\x03")
-#define TLS13_AES_128_CCM_SHA256_BYTES ((const unsigned char *)"\x13\x04")
-#define TLS13_AES_128_CCM_8_SHA256_BYTES ((const unsigned char *)"\x13\05")
+static int artificial_ticket_time = 0;
+
+static int sub_session_time(SSL_SESSION *sess)
+{
+ OSSL_TIME tick_time;
+
+ tick_time = ossl_time_from_time_t(SSL_SESSION_get_time_ex(sess));
+ tick_time = ossl_time_subtract(tick_time, ossl_seconds2time(10));
+ return SSL_SESSION_set_time_ex(sess, ossl_time_to_time_t(tick_time)) != 0;
+}
-static SSL_SESSION *create_a_psk(SSL *ssl)
+static int ed_gen_cb(SSL *s, void *arg)
{
- const SSL_CIPHER *cipher = NULL;
- const unsigned char key[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
- 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
- 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
- 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
- 0x2c, 0x2d, 0x2e, 0x2f
- };
- SSL_SESSION *sess = NULL;
+ SSL_SESSION *sess = SSL_get0_session(s);
- cipher = SSL_CIPHER_find(ssl, TLS13_AES_256_GCM_SHA384_BYTES);
- sess = SSL_SESSION_new();
- if (!TEST_ptr(sess)
- || !TEST_ptr(cipher)
- || !TEST_true(SSL_SESSION_set1_master_key(sess, key,
- sizeof(key)))
- || !TEST_true(SSL_SESSION_set_cipher(sess, cipher))
- || !TEST_true(
- SSL_SESSION_set_protocol_version(sess,
- TLS1_3_VERSION))) {
- SSL_SESSION_free(sess);
- return NULL;
- }
- return sess;
+ if (sess == NULL)
+ return 0;
+
+ /*
+ * Artificially give the ticket some age. Just do it for the number of
+ * tickets we've been told to do.
+ */
+ if (artificial_ticket_time == 0)
+ return 1;
+ artificial_ticket_time--;
+
+ return sub_session_time(sess);
}
/*
* error.
*/
static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl,
- SSL **serverssl, SSL_SESSION **sess, int idx)
+ SSL **serverssl, SSL_SESSION **sess, int idx,
+ size_t mdsize)
{
+ int artificial = (artificial_ticket_time > 0);
+
if (*sctx == NULL
&& !TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
sctx, cctx, cert, privkey)))
return 0;
+ if (artificial)
+ SSL_CTX_set_session_ticket_cb(*sctx, ed_gen_cb, NULL, NULL);
+
if (!TEST_true(SSL_CTX_set_max_early_data(*sctx, SSL3_RT_MAX_PLAIN_LENGTH)))
return 0;
return 0;
if (idx == 2) {
- clientpsk = create_a_psk(*clientssl);
+ clientpsk = create_a_psk(*clientssl, mdsize);
if (!TEST_ptr(clientpsk)
/*
* We just choose an arbitrary value for max_early_data which
SSL_free(*clientssl);
*serverssl = *clientssl = NULL;
+ /*
+ * Artificially give the ticket some age to match the artificial age we
+ * gave it on the server side
+ */
+ if (artificial
+ && !TEST_true(sub_session_time(*sess)))
+ return 0;
+
if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl,
clientssl, NULL, NULL))
|| !TEST_true(SSL_set_session(*clientssl, *sess)))
return 1;
}
+static int check_early_data_timeout(OSSL_TIME timer)
+{
+ int res = 0;
+
+ /*
+ * Early data is time sensitive. We have an approx 8 second allowance
+ * between writing the early data and reading it. If we exceed that time
+ * then this test will fail. This can sometimes (rarely) occur in normal CI
+ * operation. We can try and detect this and just ignore the result of this
+ * test if it has taken too long. We assume anything over 7 seconds is too
+ * long
+ */
+ timer = ossl_time_subtract(ossl_time_now(), timer);
+ if (ossl_time_compare(timer, ossl_seconds2time(7)) >= 0)
+ res = TEST_skip("Test took too long, ignoring result");
+
+ return res;
+}
+
static int test_early_data_read_write(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
unsigned char buf[20], data[1024];
size_t readbytes, written, eoedlen, rawread, rawwritten;
BIO *rbio;
+ OSSL_TIME timer;
+ /* Artificially give the next 2 tickets some age for non PSK sessions */
+ if (idx != 2)
+ artificial_ticket_time = 2;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, idx)))
+ &serverssl, &sess, idx,
+ SHA384_DIGEST_LENGTH))) {
+ artificial_ticket_time = 0;
goto end;
+ }
+ artificial_ticket_time = 0;
/* Write and read some early data */
+ timer = ossl_time_now();
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written))
- || !TEST_size_t_eq(written, strlen(MSG1))
- || !TEST_int_eq(SSL_read_early_data(serverssl, buf,
- sizeof(buf), &readbytes),
- SSL_READ_EARLY_DATA_SUCCESS)
- || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
+ || !TEST_size_t_eq(written, strlen(MSG1)))
+ goto end;
+
+ if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
+ &readbytes),
+ SSL_READ_EARLY_DATA_SUCCESS)) {
+ testresult = check_early_data_timeout(timer);
+ goto end;
+ }
+
+ if (!TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_ACCEPTED))
goto end;
SSL_SESSION *sess = NULL;
size_t readbytes, written;
unsigned char buf[20];
+ OSSL_TIME timer;
allow_ed_cb_called = 0;
}
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, idx)))
+ &serverssl, &sess, idx,
+ SHA384_DIGEST_LENGTH)))
goto end;
/*
goto end;
/* Write and read some early data */
+ timer = ossl_time_now();
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written))
|| !TEST_size_t_eq(written, strlen(MSG1)))
/* In this case the callback decides to accept the early data */
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
- SSL_READ_EARLY_DATA_SUCCESS)
- || !TEST_mem_eq(MSG1, strlen(MSG1), buf, readbytes)
+ SSL_READ_EARLY_DATA_SUCCESS)) {
+ testresult = check_early_data_timeout(timer);
+ goto end;
+ }
+ if (!TEST_mem_eq(MSG1, strlen(MSG1), buf, readbytes)
/*
* Server will have sent its flight so client can now send
* end of early data and complete its half of the handshake
return ret;
}
+static const char *ciphersuites[] = {
+ "TLS_AES_128_CCM_8_SHA256",
+ "TLS_AES_128_GCM_SHA256",
+ "TLS_AES_256_GCM_SHA384",
+ "TLS_AES_128_CCM_SHA256",
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+ "TLS_CHACHA20_POLY1305_SHA256",
+#else
+ NULL,
+#endif
+#if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS)
+ "TLS_SHA256_SHA256",
+ "TLS_SHA384_SHA384"
+#endif
+};
+
/*
* Helper function to test that a server attempting to read early data can
* handle a connection from a client where the early data should be skipped.
* testtype: 2 == HRR, invalid early_data sent after HRR
* testtype: 3 == recv_max_early_data set to 0
*/
-static int early_data_skip_helper(int testtype, int idx)
+static int early_data_skip_helper(int testtype, int cipher, int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
unsigned char buf[20];
size_t readbytes, written;
+ if (is_fips && cipher >= 4)
+ return 1;
+
+ if (ciphersuites[cipher] == NULL)
+ return TEST_skip("Cipher not supported");
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION, 0,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (cipher == 0 || cipher == 5 || cipher == 6) {
+ SSL_CTX_set_security_level(sctx, 0);
+ SSL_CTX_set_security_level(cctx, 0);
+ }
+
+ if (!TEST_true(SSL_CTX_set_ciphersuites(sctx, ciphersuites[cipher]))
+ || !TEST_true(SSL_CTX_set_ciphersuites(cctx, ciphersuites[cipher])))
+ goto end;
+
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, idx)))
+ &serverssl, &sess, idx,
+ (cipher == 2 || cipher == 6)
+ ? SHA384_DIGEST_LENGTH
+ : SHA256_DIGEST_LENGTH)))
goto end;
if (testtype == 1 || testtype == 2) {
if (!TEST_true(SSL_set1_groups_list(serverssl, "ffdhe3072")))
goto end;
#else
- if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
+ if (!TEST_true(SSL_set1_groups_list(serverssl, "P-384")))
goto end;
#endif
} else if (idx == 2) {
goto end;
}
+ ERR_clear_error();
/*
* Should be able to send normal data despite rejection of early data. The
* early_data should be skipped.
|| !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
goto end;
+ /*
+ * Failure to decrypt early data records should not leave spurious errors
+ * on the error stack
+ */
+ if (!TEST_long_eq(ERR_peek_error(), 0))
+ goto end;
+
testresult = 1;
end:
*/
static int test_early_data_skip(int idx)
{
- return early_data_skip_helper(0, idx);
+ return early_data_skip_helper(0,
+ idx % OSSL_NELEM(ciphersuites),
+ idx / OSSL_NELEM(ciphersuites));
}
/*
*/
static int test_early_data_skip_hrr(int idx)
{
- return early_data_skip_helper(1, idx);
+ return early_data_skip_helper(1,
+ idx % OSSL_NELEM(ciphersuites),
+ idx / OSSL_NELEM(ciphersuites));
}
/*
*/
static int test_early_data_skip_hrr_fail(int idx)
{
- return early_data_skip_helper(2, idx);
+ return early_data_skip_helper(2,
+ idx % OSSL_NELEM(ciphersuites),
+ idx / OSSL_NELEM(ciphersuites));
}
/*
*/
static int test_early_data_skip_abort(int idx)
{
- return early_data_skip_helper(3, idx);
+ return early_data_skip_helper(3,
+ idx % OSSL_NELEM(ciphersuites),
+ idx / OSSL_NELEM(ciphersuites));
}
/*
size_t readbytes, written;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, idx)))
+ &serverssl, &sess, idx,
+ SHA384_DIGEST_LENGTH)))
goto end;
/* Write some data - should block due to handshake with server */
/* We always set this up with a final parameter of "2" for PSK */
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, 2)))
+ &serverssl, &sess, 2,
+ SHA384_DIGEST_LENGTH)))
goto end;
servalpn = "goodalpn";
|| !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), err))
goto end;
} else {
+ OSSL_TIME timer = ossl_time_now();
+
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written)))
goto end;
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
- &readbytes), readearlyres)
- || (readearlyres == SSL_READ_EARLY_DATA_SUCCESS
+ &readbytes), readearlyres)) {
+ testresult = check_early_data_timeout(timer);
+ goto end;
+ }
+
+ if ((readearlyres == SSL_READ_EARLY_DATA_SUCCESS
&& !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)))
|| !TEST_int_eq(SSL_get_early_data_status(serverssl), edstatus)
|| !TEST_int_eq(SSL_connect(clientssl), connectres))
}
/*
- * Test TLSv1.3 PSK can be used to send early_data with all 5 ciphersuites
+ * Test TLSv1.3 PSK can be used to send early_data with all 7 ciphersuites
* idx == 0: Test with TLS1_3_RFC_AES_128_GCM_SHA256
* idx == 1: Test with TLS1_3_RFC_AES_256_GCM_SHA384
* idx == 2: Test with TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
* idx == 3: Test with TLS1_3_RFC_AES_128_CCM_SHA256
* idx == 4: Test with TLS1_3_RFC_AES_128_CCM_8_SHA256
+ * idx == 5: Test with TLS1_3_RFC_SHA256_SHA256
+ * idx == 6: Test with TLS1_3_RFC_SHA384_SHA384
*/
static int test_early_data_psk_with_all_ciphers(int idx)
{
unsigned char buf[20];
size_t readbytes, written;
const SSL_CIPHER *cipher;
+ OSSL_TIME timer;
const char *cipher_str[] = {
TLS1_3_RFC_AES_128_GCM_SHA256,
TLS1_3_RFC_AES_256_GCM_SHA384,
NULL,
# endif
TLS1_3_RFC_AES_128_CCM_SHA256,
- TLS1_3_RFC_AES_128_CCM_8_SHA256
+ TLS1_3_RFC_AES_128_CCM_8_SHA256,
+# if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS)
+ TLS1_3_RFC_SHA256_SHA256,
+ TLS1_3_RFC_SHA384_SHA384
+#else
+ NULL,
+ NULL
+#endif
};
const unsigned char *cipher_bytes[] = {
TLS13_AES_128_GCM_SHA256_BYTES,
NULL,
# endif
TLS13_AES_128_CCM_SHA256_BYTES,
- TLS13_AES_128_CCM_8_SHA256_BYTES
+ TLS13_AES_128_CCM_8_SHA256_BYTES,
+# if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS)
+ TLS13_SHA256_SHA256_BYTES,
+ TLS13_SHA384_SHA384_BYTES
+#else
+ NULL,
+ NULL
+#endif
};
if (cipher_str[idx] == NULL)
return 1;
- /* Skip ChaCha20Poly1305 as currently FIPS module does not support it */
- if (idx == 2 && is_fips == 1)
+ /*
+ * Skip ChaCha20Poly1305 and TLS_SHA{256,384}_SHA{256,384} ciphers
+ * as currently FIPS module does not support them.
+ */
+ if ((idx == 2 || idx == 5 || idx == 6) && is_fips == 1)
return 1;
/* We always set this up with a final parameter of "2" for PSK */
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, 2)))
+ &serverssl, &sess, 2,
+ SHA384_DIGEST_LENGTH)))
goto end;
- if (idx == 4) {
- /* CCM8 ciphers are considered low security due to their short tag */
+ if (idx == 4 || idx == 5 || idx == 6) {
+ /*
+ * CCM8 ciphers are considered low security due to their short tag.
+ * Integrity-only cipher do not provide any confidentiality.
+ */
SSL_set_security_level(clientssl, 0);
SSL_set_security_level(serverssl, 0);
}
goto end;
SSL_set_connect_state(clientssl);
+ timer = ossl_time_now();
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written)))
goto end;
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
- SSL_READ_EARLY_DATA_SUCCESS)
- || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
+ SSL_READ_EARLY_DATA_SUCCESS)) {
+ testresult = check_early_data_timeout(timer);
+ goto end;
+ }
+
+ if (!TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_ACCEPTED)
|| !TEST_int_eq(SSL_connect(clientssl), 1)
size_t readbytes, written;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, idx)))
+ &serverssl, &sess, idx,
+ SHA384_DIGEST_LENGTH)))
goto end;
/* Write some early data */
size_t readbytes, written;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, NULL, idx)))
+ &serverssl, NULL, idx,
+ SHA384_DIGEST_LENGTH)))
goto end;
/* Write some data - should block due to handshake with server */
*/
# ifndef OPENSSL_NO_EC
static int ecdhe_kexch_groups[] = {NID_X9_62_prime256v1, NID_secp384r1,
- NID_secp521r1, NID_X25519, NID_X448};
+ NID_secp521r1,
+# ifndef OPENSSL_NO_ECX
+ NID_X25519, NID_X448
+# endif
+ };
# endif
# ifndef OPENSSL_NO_DH
static int ffdhe_kexch_groups[] = {NID_ffdhe2048, NID_ffdhe3072, NID_ffdhe4096,
kexch_alg = NID_secp521r1;
kexch_name0 = "secp521r1";
break;
+# ifndef OPENSSL_NO_ECX
case 4:
+ if (is_fips)
+ return TEST_skip("X25519 might not be supported by fips provider.");
kexch_alg = NID_X25519;
kexch_name0 = "x25519";
break;
case 5:
+ if (is_fips)
+ return TEST_skip("X448 might not be supported by fips provider.");
kexch_alg = NID_X448;
kexch_name0 = "x448";
break;
+# endif
# endif
# ifndef OPENSSL_NO_DH
# ifndef OPENSSL_NO_TLS1_2
/* We don't implement RFC 7919 named groups for TLS 1.2. */
if (idx != 13) {
+ if (!TEST_str_eq(SSL_get0_group_name(serverssl), kexch_name0)
+ || !TEST_str_eq(SSL_get0_group_name(clientssl), kexch_name0))
+ goto end;
if (!TEST_int_eq(SSL_get_negotiated_group(serverssl), kexch_groups[0]))
goto end;
if (!TEST_int_eq(SSL_get_negotiated_group(clientssl), kexch_groups[0]))
else
expectednid = kexch_alg;
+ if (is_fips && (kexch_alg == NID_X25519 || kexch_alg == NID_X448))
+ return TEST_skip("X25519 and X448 might not be available in fips provider.");
+
if (!istls13)
max_version = TLS1_2_VERSION;
# endif
/* CCM8 ciphers are considered low security due to their short tag */
{ TLS1_3_RFC_AES_128_CCM_8_SHA256
- ":" TLS1_3_RFC_AES_128_CCM_SHA256, 1, 1 }
+ ":" TLS1_3_RFC_AES_128_CCM_SHA256, 1, 1 },
+# if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS)
+ /* Integrity-only cipher do not provide any confidentiality */
+ { TLS1_3_RFC_SHA256_SHA256, 0, 1 },
+ { TLS1_3_RFC_SHA384_SHA384, 0, 1 }
+# endif
};
const char *t13_cipher = NULL;
const char *t12_cipher = NULL;
if (!TEST_true(SSL_set1_groups_list(serverssl, "ffdhe3072")))
goto end;
#else
- if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
+ if (!TEST_true(SSL_set1_groups_list(serverssl, "P-384")))
goto end;
#endif
return testresult;
}
+#ifndef OSSL_NO_USABLE_TLS1_3
+/*
+ * Test TLS1.3 connection establishment succeeds with various configurations of
+ * the options `SSL_OP_ALLOW_NO_DHE_KEX` and `SSL_OP_PREFER_NO_DHE_KEX`.
+ * The verification of whether the right KEX mode is chosen is not covered by
+ * this test but by `test_tls13kexmodes`.
+ *
+ * Tests (idx & 1): Server has `SSL_OP_ALLOW_NO_DHE_KEX` set.
+ * Tests (idx & 2): Server has `SSL_OP_PREFER_NO_DHE_KEX` set.
+ * Tests (idx & 4): Client has `SSL_OP_ALLOW_NO_DHE_KEX` set.
+ */
+static int test_tls13_no_dhe_kex(const int idx)
+{
+ SSL_CTX *sctx = NULL, *cctx = NULL;
+ SSL *serverssl = NULL, *clientssl = NULL;
+ int testresult = 0;
+ size_t j;
+ SSL_SESSION *saved_session;
+
+ int server_allow_no_dhe = (idx & 1) != 0;
+ int server_prefer_no_dhe = (idx & 2) != 0;
+ int client_allow_no_dhe = (idx & 4) != 0;
+
+ uint64_t server_options = 0
+ | (server_allow_no_dhe ? SSL_OP_ALLOW_NO_DHE_KEX : 0)
+ | (server_prefer_no_dhe ? SSL_OP_PREFER_NO_DHE_KEX : 0);
+
+ uint64_t client_options = 0
+ | (client_allow_no_dhe ? SSL_OP_ALLOW_NO_DHE_KEX : 0);
+
+ new_called = 0;
+ do_cache = 1;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_3_VERSION, 0,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT
+ | SSL_SESS_CACHE_NO_INTERNAL_STORE);
+
+ SSL_CTX_set_options(sctx, server_options);
+ SSL_CTX_set_options(cctx, client_options);
+
+ SSL_CTX_sess_set_new_cb(cctx, new_cachesession_cb);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE))
+ /* Check we got the number of tickets we were expecting */
+ || !TEST_int_eq(2, new_called))
+ goto end;
+
+ /* We'll reuse the last ticket. */
+ saved_session = sesscache[new_called - 1];
+
+ SSL_shutdown(clientssl);
+ SSL_shutdown(serverssl);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(cctx);
+ clientssl = serverssl = NULL;
+ cctx = NULL;
+
+ /*
+ * Now we resume with the last ticket we created.
+ */
+
+ /* The server context already exists, so we only create the client. */
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_3_VERSION, 0,
+ NULL, &cctx, cert, privkey)))
+ goto end;
+
+ SSL_CTX_set_options(cctx, client_options);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL))
+ || !TEST_true(SSL_set_session(clientssl, saved_session)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ /*
+ * Make sure, the session was resumed.
+ */
+ if (!TEST_true(SSL_session_reused(clientssl)))
+ goto end;
+
+ SSL_shutdown(clientssl);
+ SSL_shutdown(serverssl);
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ for (j = 0; j < OSSL_NELEM(sesscache); j++) {
+ SSL_SESSION_free(sesscache[j]);
+ sesscache[j] = NULL;
+ }
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+#endif /* OSSL_NO_USABLE_TLS1_3 */
+
static unsigned char cookie_magic_value[] = "cookie magic";
static int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
const char label[LONG_LABEL_LEN + 1] = "test label";
const unsigned char context[] = "context";
const unsigned char *emptycontext = NULL;
- unsigned char ckeymat1[80], ckeymat2[80], ckeymat3[80];
- unsigned char skeymat1[80], skeymat2[80], skeymat3[80];
+ unsigned char longcontext[1280];
+ int test_longcontext = fips_provider_version_ge(libctx, 3, 3, 0);
+ unsigned char ckeymat1[80], ckeymat2[80], ckeymat3[80], ckeymat4[80];
+ unsigned char skeymat1[80], skeymat2[80], skeymat3[80], skeymat4[80];
size_t labellen;
const int protocols[] = {
TLS1_VERSION,
labellen = SMALL_LABEL_LEN;
}
+ memset(longcontext, 1, sizeof(longcontext));
+
if (!TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat1,
sizeof(ckeymat1), label,
labellen, context,
sizeof(ckeymat3), label,
labellen,
NULL, 0, 0), 1)
+ || (test_longcontext
+ && !TEST_int_eq(SSL_export_keying_material(clientssl,
+ ckeymat4,
+ sizeof(ckeymat4), label,
+ labellen,
+ longcontext,
+ sizeof(longcontext), 1),
+ 1))
|| !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat1,
sizeof(skeymat1), label,
labellen,
sizeof(skeymat3), label,
labellen,
NULL, 0, 0), 1)
+ || (test_longcontext
+ && !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat4,
+ sizeof(skeymat4), label,
+ labellen,
+ longcontext,
+ sizeof(longcontext), 1),
+ 1))
/*
* Check that both sides created the same key material with the
* same context.
*/
|| !TEST_mem_eq(ckeymat3, sizeof(ckeymat3), skeymat3,
sizeof(skeymat3))
+ /*
+ * Check that both sides created the same key material with a
+ * long context.
+ */
+ || (test_longcontext
+ && !TEST_mem_eq(ckeymat4, sizeof(ckeymat4), skeymat4,
+ sizeof(skeymat4)))
/* Different contexts should produce different results */
|| !TEST_mem_ne(ckeymat1, sizeof(ckeymat1), ckeymat2,
sizeof(ckeymat2)))
size_t readbytes, written;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, &serverssl,
- &sess, idx)))
+ &sess, idx, SHA384_DIGEST_LENGTH)))
goto end;
/* Here writing 0 length early data is enough. */
/* Write data that we know will fail with SSL_ERROR_WANT_WRITE */
if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), -1)
- || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_WRITE))
+ || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_WRITE)
+ || !TEST_true(SSL_want_write(peerwrite))
+ || !TEST_true(SSL_net_write_desired(peerwrite)))
goto end;
/* Reinstate the original writing endpoint's write BIO */
/* Now read some data - we will read the key update */
if (!TEST_int_eq(SSL_read(peerwrite, buf, sizeof(buf)), -1)
- || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_READ))
+ || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_READ)
+ || !TEST_true(SSL_want_read(peerwrite))
+ || !TEST_true(SSL_net_read_desired(peerwrite)))
goto end;
/*
|| !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess)))
goto end;
+ if (!TEST_false(SSL_net_read_desired(peerwrite))
+ || !TEST_false(SSL_net_write_desired(peerwrite))
+ || !TEST_int_eq(SSL_want(peerwrite), SSL_NOTHING))
+ goto end;
+
testresult = 1;
end:
}
#endif /* OSSL_NO_USABLE_TLS1_3 */
+/*
+ * Test clearing a connection via SSL_clear(), or resetting it via
+ * SSL_set_connect_state()/SSL_set_accept_state()
+ * Test 0: SSL_set_connect_state, TLSv1.3
+ * Test 1: SSL_set_connect_state, TLSv1.2
+ * Test 2: SSL_set_accept_state, TLSv1.3
+ * Test 3: SSL_set_accept_state, TLSv1.2
+ * Test 4: SSL_clear (client), TLSv1.3
+ * Test 5: SSL_clear (client), TLSv1.2
+ * Test 6: SSL_clear (server), TLSv1.3
+ * Test 7: SSL_clear (server), TLSv1.2
+ */
static int test_ssl_clear(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
+ SSL *writer, *reader;
int testresult = 0;
+ int tls12test, servertest, cleartest;
+ size_t written, readbytes;
+ const char *msg = "Hello World";
+ unsigned char buf[5];
+
+ tls12test = idx & 1;
+ idx >>= 1;
+ servertest = idx & 1;
+ idx >>= 1;
+ cleartest = idx & 1;
#ifdef OPENSSL_NO_TLS1_2
- if (idx == 1)
- return 1;
+ if (tls12test == 1)
+ return TEST_skip("No TLSv1.2 in this build");
#endif
/* Create an initial connection */
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(), TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
- || (idx == 1
+ || (tls12test
&& !TEST_true(SSL_CTX_set_max_proto_version(cctx,
TLS1_2_VERSION)))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
SSL_ERROR_NONE)))
goto end;
+ if (servertest) {
+ writer = clientssl;
+ reader = serverssl;
+ } else {
+ writer = serverssl;
+ reader = clientssl;
+ }
+
+ /* Write some data */
+ if (!TEST_true(SSL_write_ex(writer, msg, strlen(msg), &written))
+ || written != strlen(msg))
+ goto end;
+
+ /*
+ * Read a partial record. The remaining buffered data should be cleared by
+ * the subsequent clear/reset
+ */
+ if (!TEST_true(SSL_read_ex(reader, buf, sizeof(buf), &readbytes))
+ || readbytes != sizeof(buf))
+ goto end;
+
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
- SSL_free(serverssl);
- serverssl = NULL;
- /* Clear clientssl - we're going to reuse the object */
- if (!TEST_true(SSL_clear(clientssl)))
- goto end;
+ /* Reset/clear one SSL object in order to reuse it. We free the other one */
+ if (servertest) {
+ if (cleartest) {
+ if (!TEST_true(SSL_clear(serverssl)))
+ goto end;
+ } else {
+ SSL_set_accept_state(serverssl);
+ }
+ /*
+ * A peculiarity of SSL_clear() is that it does not clear the session.
+ * This is intended behaviour so that a client can create a new
+ * connection and reuse the session. But this doesn't make much sense
+ * on the server side - and causes incorrect behaviour due to the
+ * handshake failing (even though the documentation does say SSL_clear()
+ * is supposed to work on the server side). We clear the session
+ * explicitly - although note that the documentation for
+ * SSL_set_session() says that its only useful for clients!
+ */
+ if (!TEST_true(SSL_set_session(serverssl, NULL)))
+ goto end;
+ SSL_free(clientssl);
+ clientssl = NULL;
+ } else {
+ if (cleartest) {
+ if (!TEST_true(SSL_clear(clientssl)))
+ goto end;
+ } else {
+ SSL_set_connect_state(clientssl);
+ }
+ SSL_free(serverssl);
+ serverssl = NULL;
+ }
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
- || !TEST_true(SSL_session_reused(clientssl)))
+ || !TEST_true(servertest || SSL_session_reused(clientssl)))
goto end;
SSL_shutdown(clientssl);
{SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
{SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"},
{SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {0, NULL},
+ }, {
+ /* TLSv1.3 server, certificate compression, followed by resumption */
+ {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
+ {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
+ {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWSCC"},
+ {SSL_CB_LOOP, "TWSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"},
+ {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"},
+ {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_LOOP, "TWST"},
+ {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL},
+ {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
+ {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
+ {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"},
+ {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"},
+ {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
+ {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {0, NULL},
+ }, {
+ /* TLSv1.3 client, certificate compression, followed by resumption */
+ {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
+ {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"},
+ {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRSCC"},
+ {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"},
+ {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
+ {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"},
+ {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"},
+ {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL},
+ {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
+ {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL},
+ {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"},
+ {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
+ {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
+ {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "TRST"},
+ {SSL_CB_EXIT, NULL}, {0, NULL},
}, {
{0, NULL},
}
* Test 3: TLSv1.3, client
* Test 4: TLSv1.3, server, early_data
* Test 5: TLSv1.3, client, early_data
+ * Test 6: TLSv1.3, server, compressed certificate
+ * Test 7: TLSv1.3, client, compressed certificate
*/
static int test_info_callback(int tst)
{
info_cb_offset = tst;
#ifndef OSSL_NO_USABLE_TLS1_3
- if (tst >= 4) {
+ if (tst >= 4 && tst < 6) {
SSL_SESSION *sess = NULL;
size_t written, readbytes;
unsigned char buf[80];
+ OSSL_TIME timer;
/* early_data tests */
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
- &serverssl, &sess, 0)))
+ &serverssl, &sess, 0,
+ SHA384_DIGEST_LENGTH)))
goto end;
/* We don't actually need this reference */
sslapi_info_callback);
/* Write and read some early data and then complete the connection */
+ timer = ossl_time_now();
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written))
- || !TEST_size_t_eq(written, strlen(MSG1))
- || !TEST_int_eq(SSL_read_early_data(serverssl, buf,
- sizeof(buf), &readbytes),
- SSL_READ_EARLY_DATA_SUCCESS)
- || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
+ || !TEST_size_t_eq(written, strlen(MSG1)))
+ goto end;
+
+ if (!TEST_int_eq(SSL_read_early_data(serverssl, buf,
+ sizeof(buf), &readbytes),
+ SSL_READ_EARLY_DATA_SUCCESS)) {
+ testresult = check_early_data_timeout(timer);
+ goto end;
+ }
+
+ if (!TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_ACCEPTED)
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
*/
SSL_CTX_set_info_callback((tst % 2) == 0 ? sctx : cctx,
sslapi_info_callback);
+ if (tst >= 6) {
+ if (!SSL_CTX_compress_certs(sctx, 0))
+ goto end;
+ }
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL))
{
const unsigned char tick_aes_key[16] = "0123456789abcdef";
const unsigned char tick_hmac_key[16] = "0123456789abcdef";
- EVP_CIPHER *aes128cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", NULL);
- EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA-256", NULL);
+ EVP_CIPHER *aes128cbc;
+ EVP_MD *sha256;
int ret;
tick_key_cb_called = 1;
+
+ if (tick_key_renew == -1)
+ return 0;
+
+ aes128cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", NULL);
+ if (!TEST_ptr(aes128cbc))
+ return 0;
+ sha256 = EVP_MD_fetch(libctx, "SHA-256", NULL);
+ if (!TEST_ptr(sha256)) {
+ EVP_CIPHER_free(aes128cbc);
+ return 0;
+ }
+
memset(iv, 0, AES_BLOCK_SIZE);
memset(key_name, 0, 16);
if (aes128cbc == NULL
const unsigned char tick_aes_key[16] = "0123456789abcdef";
unsigned char tick_hmac_key[16] = "0123456789abcdef";
OSSL_PARAM params[2];
- EVP_CIPHER *aes128cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", NULL);
+ EVP_CIPHER *aes128cbc;
int ret;
tick_key_cb_called = 1;
+
+ if (tick_key_renew == -1)
+ return 0;
+
+ aes128cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", NULL);
+ if (!TEST_ptr(aes128cbc))
+ return 0;
+
memset(iv, 0, AES_BLOCK_SIZE);
memset(key_name, 0, 16);
params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
* Test 9: TLSv1.3, old ticket key callback, ticket, no renewal
* Test 10: TLSv1.2, old ticket key callback, ticket, renewal
* Test 11: TLSv1.3, old ticket key callback, ticket, renewal
- * Test 12: TLSv1.2, ticket key callback, ticket, no renewal
- * Test 13: TLSv1.3, ticket key callback, ticket, no renewal
- * Test 14: TLSv1.2, ticket key callback, ticket, renewal
- * Test 15: TLSv1.3, ticket key callback, ticket, renewal
+ * Test 12: TLSv1.2, old ticket key callback, no ticket
+ * Test 13: TLSv1.3, old ticket key callback, no ticket
+ * Test 14: TLSv1.2, ticket key callback, ticket, no renewal
+ * Test 15: TLSv1.3, ticket key callback, ticket, no renewal
+ * Test 16: TLSv1.2, ticket key callback, ticket, renewal
+ * Test 17: TLSv1.3, ticket key callback, ticket, renewal
+ * Test 18: TLSv1.2, ticket key callback, no ticket
+ * Test 19: TLSv1.3, ticket key callback, no ticket
*/
static int test_ticket_callbacks(int tst)
{
return 1;
#endif
#ifdef OPENSSL_NO_DEPRECATED_3_0
- if (tst >= 8 && tst <= 11)
+ if (tst >= 8 && tst <= 13)
return 1;
#endif
gen_tick_called = dec_tick_called = tick_key_cb_called = 0;
/* Which tests the ticket key callback should request renewal for */
- if (tst == 10 || tst == 11 || tst == 14 || tst == 15)
+
+ if (tst == 10 || tst == 11 || tst == 16 || tst == 17)
tick_key_renew = 1;
+ else if (tst == 12 || tst == 13 || tst == 18 || tst == 19)
+ tick_key_renew = -1; /* abort sending the ticket/0-length ticket */
else
tick_key_renew = 0;
NULL)))
goto end;
- if (tst >= 12) {
+ if (tst >= 14) {
if (!TEST_true(SSL_CTX_set_tlsext_ticket_key_evp_cb(sctx, tick_key_evp_cb)))
goto end;
#ifndef OPENSSL_NO_DEPRECATED_3_0
goto end;
if (tick_dec_ret == SSL_TICKET_RETURN_IGNORE
- || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW) {
+ || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW
+ || tick_key_renew == -1) {
if (!TEST_false(SSL_session_reused(clientssl)))
goto end;
} else {
|| tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW
|| tick_dec_ret == SSL_TICKET_RETURN_USE_RENEW)
? 1 : 0)
- || !TEST_int_eq(dec_tick_called, 1))
+ /* There is no ticket to decrypt in tests 13 and 19 */
+ || !TEST_int_eq(dec_tick_called, (tst == 13 || tst == 19) ? 0 : 1))
goto end;
testresult = 1;
return testresult;
}
+/*
+ * Test that sending close_notify alerts works correctly in the case of a
+ * retryable write failure.
+ */
+static int test_async_shutdown(void)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ BIO *bretry = BIO_new(bio_s_always_retry()), *tmp = NULL;
+
+ if (!TEST_ptr(bretry))
+ goto end;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+ 0, 0,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
+ NULL)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ /* Close write side of clientssl */
+ if (!TEST_int_eq(SSL_shutdown(clientssl), 0))
+ goto end;
+
+ tmp = SSL_get_wbio(serverssl);
+ if (!TEST_true(BIO_up_ref(tmp))) {
+ tmp = NULL;
+ goto end;
+ }
+ SSL_set0_wbio(serverssl, bretry);
+ bretry = NULL;
+
+ /* First server shutdown should fail because of a retrable write failure */
+ if (!TEST_int_eq(SSL_shutdown(serverssl), -1)
+ || !TEST_int_eq(SSL_get_error(serverssl, -1), SSL_ERROR_WANT_WRITE))
+ goto end;
+
+ /* Second server shutdown should fail for the same reason */
+ if (!TEST_int_eq(SSL_shutdown(serverssl), -1)
+ || !TEST_int_eq(SSL_get_error(serverssl, -1), SSL_ERROR_WANT_WRITE))
+ goto end;
+
+ SSL_set0_wbio(serverssl, tmp);
+ tmp = NULL;
+
+ /* Third server shutdown should send close_notify */
+ if (!TEST_int_eq(SSL_shutdown(serverssl), 0))
+ goto end;
+
+ /* Fourth server shutdown should read close_notify from client and finish */
+ if (!TEST_int_eq(SSL_shutdown(serverssl), 1))
+ goto end;
+
+ /* Client should also successfully fully shutdown */
+ if (!TEST_int_eq(SSL_shutdown(clientssl), 1))
+ goto end;
+
+ testresult = 1;
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ BIO_free(bretry);
+ BIO_free(tmp);
+
+ return testresult;
+}
+
#if !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3)
static int cert_cb_cnt;
* Test session ordering and timeout
* Can't explicitly test performance of the new code,
* but can test to see if the ordering of the sessions
- * are correct, and they they are removed as expected
+ * are correct, and they are removed as expected
*/
SSL_SESSION *early = NULL;
SSL_SESSION *middle = NULL;
}
/*
- * Test 0: Client sets servername and server acknowledges it (TLSv1.2)
- * Test 1: Client sets servername and server does not acknowledge it (TLSv1.2)
- * Test 2: Client sets inconsistent servername on resumption (TLSv1.2)
- * Test 3: Client does not set servername on initial handshake (TLSv1.2)
- * Test 4: Client does not set servername on resumption handshake (TLSv1.2)
- * Test 5: Client sets servername and server acknowledges it (TLSv1.3)
- * Test 6: Client sets servername and server does not acknowledge it (TLSv1.3)
- * Test 7: Client sets inconsistent servername on resumption (TLSv1.3)
- * Test 8: Client does not set servername on initial handshake(TLSv1.3)
- * Test 9: Client does not set servername on resumption handshake (TLSv1.3)
+ * Test that a session cache overflow works as expected
+ * Test 0: TLSv1.3, timeout on new session later than old session
+ * Test 1: TLSv1.2, timeout on new session later than old session
+ * Test 2: TLSv1.3, timeout on new session earlier than old session
+ * Test 3: TLSv1.2, timeout on new session earlier than old session
*/
-static int test_servername(int tst)
+#if !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)
+static int test_session_cache_overflow(int idx)
{
- SSL_CTX *cctx = NULL, *sctx = NULL;
- SSL *clientssl = NULL, *serverssl = NULL;
+ SSL_CTX *sctx = NULL, *cctx = NULL;
+ SSL *serverssl = NULL, *clientssl = NULL;
int testresult = 0;
SSL_SESSION *sess = NULL;
- const char *sexpectedhost = NULL, *cexpectedhost = NULL;
-#ifdef OPENSSL_NO_TLS1_2
- if (tst <= 4)
- return 1;
-#endif
#ifdef OSSL_NO_USABLE_TLS1_3
- if (tst >= 5)
- return 1;
+ /* If no TLSv1.3 available then do nothing in this case */
+ if (idx % 2 == 0)
+ return TEST_skip("No TLSv1.3 available");
+#endif
+#ifdef OPENSSL_NO_TLS1_2
+ /* If no TLSv1.2 available then do nothing in this case */
+ if (idx % 2 == 1)
+ return TEST_skip("No TLSv1.2 available");
#endif
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
- TLS_client_method(),
- TLS1_VERSION,
- (tst <= 4) ? TLS1_2_VERSION
- : TLS1_3_VERSION,
+ TLS_client_method(), TLS1_VERSION,
+ (idx % 2 == 0) ? TLS1_3_VERSION
+ : TLS1_2_VERSION,
&sctx, &cctx, cert, privkey))
- || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ || !TEST_true(SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET)))
+ goto end;
+
+ SSL_CTX_sess_set_get_cb(sctx, get_session_cb);
+ get_sess_val = NULL;
+
+ SSL_CTX_sess_set_cache_size(sctx, 1);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ if (idx > 1) {
+ sess = SSL_get_session(serverssl);
+ if (!TEST_ptr(sess))
+ goto end;
+
+ /*
+ * Cause this session to have a longer timeout than the next session to
+ * be added.
+ */
+ if (!TEST_true(SSL_SESSION_set_timeout(sess, LONG_MAX))) {
+ sess = NULL;
+ goto end;
+ }
+ sess = NULL;
+ }
+
+ SSL_shutdown(serverssl);
+ SSL_shutdown(clientssl);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ serverssl = clientssl = NULL;
+
+ /*
+ * Session cache size is 1 and we already populated the cache with a session
+ * so the next connection should cause an overflow.
+ */
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ /*
+ * The session we just negotiated may have been already removed from the
+ * internal cache - but we will return it anyway from our external cache.
+ */
+ get_sess_val = SSL_get_session(serverssl);
+ if (!TEST_ptr(get_sess_val))
+ goto end;
+ sess = SSL_get1_session(clientssl);
+ if (!TEST_ptr(sess))
+ goto end;
+
+ SSL_shutdown(serverssl);
+ SSL_shutdown(clientssl);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ serverssl = clientssl = NULL;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ if (!TEST_true(SSL_set_session(clientssl, sess)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ SSL_SESSION_free(sess);
+
+ return testresult;
+}
+#endif /* !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) */
+
+/*
+ * Test 0: Client sets servername and server acknowledges it (TLSv1.2)
+ * Test 1: Client sets servername and server does not acknowledge it (TLSv1.2)
+ * Test 2: Client sets inconsistent servername on resumption (TLSv1.2)
+ * Test 3: Client does not set servername on initial handshake (TLSv1.2)
+ * Test 4: Client does not set servername on resumption handshake (TLSv1.2)
+ * Test 5: Client sets servername and server acknowledges it (TLSv1.3)
+ * Test 6: Client sets servername and server does not acknowledge it (TLSv1.3)
+ * Test 7: Client sets inconsistent servername on resumption (TLSv1.3)
+ * Test 8: Client does not set servername on initial handshake(TLSv1.3)
+ * Test 9: Client does not set servername on resumption handshake (TLSv1.3)
+ */
+static int test_servername(int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ SSL_SESSION *sess = NULL;
+ const char *sexpectedhost = NULL, *cexpectedhost = NULL;
+
+#ifdef OPENSSL_NO_TLS1_2
+ if (tst <= 4)
+ return 1;
+#endif
+#ifdef OSSL_NO_USABLE_TLS1_3
+ if (tst >= 5)
+ return 1;
+#endif
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ (tst <= 4) ? TLS1_2_VERSION
+ : TLS1_3_VERSION,
+ &sctx, &cctx, cert, privkey))
+ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
goto end;
return testresult;
}
+static int test_unknown_sigalgs_groups(void)
+{
+ int ret = 0;
+ SSL_CTX *ctx = NULL;
+
+ if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method())))
+ goto end;
+
+ if (!TEST_int_gt(SSL_CTX_set1_sigalgs_list(ctx,
+ "RSA+SHA256:?nonexistent:?RSA+SHA512"),
+ 0))
+ goto end;
+ if (!TEST_size_t_eq(ctx->cert->conf_sigalgslen, 2)
+ || !TEST_int_eq(ctx->cert->conf_sigalgs[0], TLSEXT_SIGALG_rsa_pkcs1_sha256)
+ || !TEST_int_eq(ctx->cert->conf_sigalgs[1], TLSEXT_SIGALG_rsa_pkcs1_sha512))
+ goto end;
+
+ if (!TEST_int_gt(SSL_CTX_set1_client_sigalgs_list(ctx,
+ "RSA+SHA256:?nonexistent:?RSA+SHA512"),
+ 0))
+ goto end;
+ if (!TEST_size_t_eq(ctx->cert->client_sigalgslen, 2)
+ || !TEST_int_eq(ctx->cert->client_sigalgs[0], TLSEXT_SIGALG_rsa_pkcs1_sha256)
+ || !TEST_int_eq(ctx->cert->client_sigalgs[1], TLSEXT_SIGALG_rsa_pkcs1_sha512))
+ goto end;
+
+ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx,
+ "nonexistent"),
+ 0))
+ goto end;
+
+ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx,
+ "?nonexistent1:?nonexistent2:?nonexistent3"),
+ 0))
+ goto end;
+
+#ifndef OPENSSL_NO_EC
+ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx,
+ "P-256:nonexistent"),
+ 0))
+ goto end;
+
+ if (!TEST_int_gt(SSL_CTX_set1_groups_list(ctx,
+ "P-384:?nonexistent:?P-521"),
+ 0))
+ goto end;
+ if (!TEST_size_t_eq(ctx->ext.supportedgroups_len, 2)
+ || !TEST_int_eq(ctx->ext.supportedgroups[0], OSSL_TLS_GROUP_ID_secp384r1)
+ || !TEST_int_eq(ctx->ext.supportedgroups[1], OSSL_TLS_GROUP_ID_secp521r1))
+ goto end;
+#endif
+
+ ret = 1;
+ end:
+ SSL_CTX_free(ctx);
+ return ret;
+}
+
#if !defined(OPENSSL_NO_EC) \
&& (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2))
/*
} else {
if (!TEST_true(filter_provider_set_filter(OSSL_OP_SIGNATURE,
"ECDSA"))
+# ifdef OPENSSL_NO_ECX
+ || !TEST_true(filter_provider_set_filter(OSSL_OP_KEYMGMT, "EC"))
+# else
|| !TEST_true(filter_provider_set_filter(OSSL_OP_KEYMGMT,
- "EC:X25519:X448")))
+ "EC:X25519:X448"))
+# endif
+ )
goto end;
}
OSSL_PROVIDER *tlsprov = OSSL_PROVIDER_load(libctx, "tls-provider");
/* Check that we are not impacted by a provider without any groups */
OSSL_PROVIDER *legacyprov = OSSL_PROVIDER_load(libctx, "legacy");
- const char *group_name = idx == 0 ? "xorgroup" : "xorkemgroup";
+ const char *group_name = idx == 0 ? "xorkemgroup" : "xorgroup";
if (!TEST_ptr(tlsprov))
goto end;
- if (legacyprov == NULL) {
- /*
- * In this case we assume we've been built with "no-legacy" and skip
- * this test (there is no OPENSSL_NO_LEGACY)
- */
- testresult = 1;
- goto end;
- }
-
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
TLS1_3_VERSION,
NULL, NULL)))
goto end;
- if (!TEST_true(SSL_set1_groups_list(serverssl, group_name))
+ /* ensure GROUPLIST_INCREMENT (=40) logic triggers: */
+ if (!TEST_true(SSL_set1_groups_list(serverssl, "xorgroup:xorkemgroup:dummy1:dummy2:dummy3:dummy4:dummy5:dummy6:dummy7:dummy8:dummy9:dummy10:dummy11:dummy12:dummy13:dummy14:dummy15:dummy16:dummy17:dummy18:dummy19:dummy20:dummy21:dummy22:dummy23:dummy24:dummy25:dummy26:dummy27:dummy28:dummy29:dummy30:dummy31:dummy32:dummy33:dummy34:dummy35:dummy36:dummy37:dummy38:dummy39:dummy40:dummy41:dummy42:dummy43"))
+ /* removing a single algorithm from the list makes the test pass */
|| !TEST_true(SSL_set1_groups_list(clientssl, group_name)))
goto end;
SSL_group_to_name(serverssl, SSL_get_shared_group(serverssl, 0))))
goto end;
+ if (!TEST_str_eq(group_name, SSL_get0_group_name(serverssl))
+ || !TEST_str_eq(group_name, SSL_get0_group_name(clientssl)))
+ goto end;
+
testresult = 1;
end:
return testresult;
}
+
+/*
+ * This function triggers encode, decode and sign functions
+ * of the artificial "xorhmacsig" algorithm implemented in tls-provider
+ * creating private key and certificate files for use in TLS testing.
+ */
+static int create_cert_key(int idx, char *certfilename, char *privkeyfilename)
+{
+ EVP_PKEY_CTX *evpctx = EVP_PKEY_CTX_new_from_name(libctx,
+ (idx == 0) ? "xorhmacsig" : "xorhmacsha2sig", NULL);
+ EVP_PKEY *pkey = NULL;
+ X509 *x509 = X509_new();
+ X509_NAME *name = NULL;
+ BIO *keybio = NULL, *certbio = NULL;
+ int ret = 1;
+
+ if (!TEST_ptr(evpctx)
+ || !TEST_true(EVP_PKEY_keygen_init(evpctx))
+ || !TEST_true(EVP_PKEY_generate(evpctx, &pkey))
+ || !TEST_ptr(pkey)
+ || !TEST_ptr(x509)
+ || !TEST_true(ASN1_INTEGER_set(X509_get_serialNumber(x509), 1))
+ || !TEST_true(X509_gmtime_adj(X509_getm_notBefore(x509), 0))
+ || !TEST_true(X509_gmtime_adj(X509_getm_notAfter(x509), 31536000L))
+ || !TEST_true(X509_set_pubkey(x509, pkey))
+ || !TEST_ptr(name = X509_get_subject_name(x509))
+ || !TEST_true(X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
+ (unsigned char *)"CH", -1, -1, 0))
+ || !TEST_true(X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC,
+ (unsigned char *)"test.org", -1, -1, 0))
+ || !TEST_true(X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
+ (unsigned char *)"localhost", -1, -1, 0))
+ || !TEST_true(X509_set_issuer_name(x509, name))
+ || !TEST_true(X509_sign(x509, pkey, EVP_sha1()))
+ || !TEST_ptr(keybio = BIO_new_file(privkeyfilename, "wb"))
+ || !TEST_true(PEM_write_bio_PrivateKey(keybio, pkey, NULL, NULL, 0, NULL, NULL))
+ || !TEST_ptr(certbio = BIO_new_file(certfilename, "wb"))
+ || !TEST_true(PEM_write_bio_X509(certbio, x509)))
+ ret = 0;
+
+ EVP_PKEY_free(pkey);
+ X509_free(x509);
+ EVP_PKEY_CTX_free(evpctx);
+ BIO_free(keybio);
+ BIO_free(certbio);
+ return ret;
+}
+
+/*
+ * Test that signature algorithms loaded via the provider interface can
+ * correctly establish a TLS (1.3) connection.
+ * Test 0: Signature algorithm with built-in hashing functionality: "xorhmacsig"
+ * Test 1: Signature algorithm using external SHA2 hashing: "xorhmacsha2sig"
+ * Test 2: Test 0 using RPK
+ * Test 3: Test 1 using RPK
+ */
+static int test_pluggable_signature(int idx)
+{
+ static const unsigned char cert_type_rpk[] = { TLSEXT_cert_type_rpk, TLSEXT_cert_type_x509 };
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ OSSL_PROVIDER *tlsprov = OSSL_PROVIDER_load(libctx, "tls-provider");
+ OSSL_PROVIDER *defaultprov = OSSL_PROVIDER_load(libctx, "default");
+ char *certfilename = "tls-prov-cert.pem";
+ char *privkeyfilename = "tls-prov-key.pem";
+ int sigidx = idx % 2;
+ int rpkidx = idx / 2;
+
+ /* create key and certificate for the different algorithm types */
+ if (!TEST_ptr(tlsprov)
+ || !TEST_true(create_cert_key(sigidx, certfilename, privkeyfilename)))
+ goto end;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+ TLS1_3_VERSION,
+ TLS1_3_VERSION,
+ &sctx, &cctx, certfilename, privkeyfilename))
+ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ /* Enable RPK for server cert */
+ if (rpkidx) {
+ if (!TEST_true(SSL_set1_server_cert_type(serverssl, cert_type_rpk, sizeof(cert_type_rpk)))
+ || !TEST_true(SSL_set1_server_cert_type(clientssl, cert_type_rpk, sizeof(cert_type_rpk))))
+ goto end;
+ }
+
+ /* This is necessary to pass minimal setup w/o other groups configured */
+ if (!TEST_true(SSL_set1_groups_list(serverssl, "xorgroup"))
+ || !TEST_true(SSL_set1_groups_list(clientssl, "xorgroup")))
+ goto end;
+
+ /*
+ * If this connection gets established, it must have been completed
+ * via the tls-provider-implemented "hmacsig" algorithm, testing
+ * both sign and verify functions during handshake.
+ */
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ /* If using RPK, make sure we got one */
+ if (rpkidx && !TEST_long_eq(SSL_get_verify_result(clientssl), X509_V_ERR_RPK_UNTRUSTED))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ OSSL_PROVIDER_unload(tlsprov);
+ OSSL_PROVIDER_unload(defaultprov);
+
+ return testresult;
+}
#endif
#ifndef OPENSSL_NO_TLS1_2
return testresult;
}
-# ifndef OPENSSL_NO_DH
+static int secret_cb(SSL *s, void *secretin, int *secret_len,
+ STACK_OF(SSL_CIPHER) *peer_ciphers,
+ const SSL_CIPHER **cipher, void *arg)
+{
+ int i;
+ unsigned char *secret = secretin;
-static EVP_PKEY *tmp_dh_params = NULL;
+ /* Just use a fixed master secret */
+ for (i = 0; i < *secret_len; i++)
+ secret[i] = 0xff;
-/* Helper function for the test_set_tmp_dh() tests */
-static EVP_PKEY *get_tmp_dh_params(void)
+ /* We don't set a preferred cipher */
+
+ return 1;
+}
+
+/*
+ * Test the session_secret_cb which is designed for use with EAP-FAST
+ */
+static int test_session_secret_cb(void)
{
- if (tmp_dh_params == NULL) {
- BIGNUM *p = NULL;
- OSSL_PARAM_BLD *tmpl = NULL;
- EVP_PKEY_CTX *pctx = NULL;
- OSSL_PARAM *params = NULL;
- EVP_PKEY *dhpkey = NULL;
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ SSL_SESSION *secret_sess = NULL;
+ int testresult = 0;
- p = BN_get_rfc3526_prime_2048(NULL);
- if (!TEST_ptr(p))
- goto end;
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+ 0,
+ 0,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
- pctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL);
- if (!TEST_ptr(pctx)
- || !TEST_int_eq(EVP_PKEY_fromdata_init(pctx), 1))
- goto end;
+ /* Create an initial connection and save the session */
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
- tmpl = OSSL_PARAM_BLD_new();
- if (!TEST_ptr(tmpl)
- || !TEST_true(OSSL_PARAM_BLD_push_BN(tmpl,
- OSSL_PKEY_PARAM_FFC_P,
- p))
- || !TEST_true(OSSL_PARAM_BLD_push_uint(tmpl,
- OSSL_PKEY_PARAM_FFC_G,
- 2)))
- goto end;
+ /* session_secret_cb does not support TLSv1.3 */
+ if (!TEST_true(SSL_set_min_proto_version(clientssl, TLS1_2_VERSION))
+ || !TEST_true(SSL_set_max_proto_version(serverssl, TLS1_2_VERSION)))
+ goto end;
- params = OSSL_PARAM_BLD_to_param(tmpl);
- if (!TEST_ptr(params)
- || !TEST_int_eq(EVP_PKEY_fromdata(pctx, &dhpkey,
- EVP_PKEY_KEY_PARAMETERS,
- params), 1))
- goto end;
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
- tmp_dh_params = dhpkey;
+ if (!TEST_ptr(secret_sess = SSL_get1_session(clientssl)))
+ goto end;
+
+ shutdown_ssl_connection(serverssl, clientssl);
+ serverssl = clientssl = NULL;
+
+ /* Resume the earlier session */
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ /*
+ * No session ids for EAP-FAST - otherwise the state machine gets very
+ * confused.
+ */
+ if (!TEST_true(SSL_SESSION_set1_id(secret_sess, NULL, 0)))
+ goto end;
+
+ if (!TEST_true(SSL_set_min_proto_version(clientssl, TLS1_2_VERSION))
+ || !TEST_true(SSL_set_max_proto_version(serverssl, TLS1_2_VERSION))
+ || !TEST_true(SSL_set_session_secret_cb(serverssl, secret_cb,
+ NULL))
+ || !TEST_true(SSL_set_session_secret_cb(clientssl, secret_cb,
+ NULL))
+ || !TEST_true(SSL_set_session(clientssl, secret_sess)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_SESSION_free(secret_sess);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
+# ifndef OPENSSL_NO_DH
+
+static EVP_PKEY *tmp_dh_params = NULL;
+
+/* Helper function for the test_set_tmp_dh() tests */
+static EVP_PKEY *get_tmp_dh_params(void)
+{
+ if (tmp_dh_params == NULL) {
+ BIGNUM *p = NULL;
+ OSSL_PARAM_BLD *tmpl = NULL;
+ EVP_PKEY_CTX *pctx = NULL;
+ OSSL_PARAM *params = NULL;
+ EVP_PKEY *dhpkey = NULL;
+
+ p = BN_get_rfc3526_prime_2048(NULL);
+ if (!TEST_ptr(p))
+ goto end;
+
+ pctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL);
+ if (!TEST_ptr(pctx)
+ || !TEST_int_eq(EVP_PKEY_fromdata_init(pctx), 1))
+ goto end;
+
+ tmpl = OSSL_PARAM_BLD_new();
+ if (!TEST_ptr(tmpl)
+ || !TEST_true(OSSL_PARAM_BLD_push_BN(tmpl,
+ OSSL_PKEY_PARAM_FFC_P,
+ p))
+ || !TEST_true(OSSL_PARAM_BLD_push_uint(tmpl,
+ OSSL_PKEY_PARAM_FFC_G,
+ 2)))
+ goto end;
+
+ params = OSSL_PARAM_BLD_to_param(tmpl);
+ if (!TEST_ptr(params)
+ || !TEST_int_eq(EVP_PKEY_fromdata(pctx, &dhpkey,
+ EVP_PKEY_KEY_PARAMETERS,
+ params), 1))
+ goto end;
+
+ tmp_dh_params = dhpkey;
end:
BN_free(p);
EVP_PKEY_CTX_free(pctx);
SSL_CTX_free(cctx);
return testresult;
}
-#endif /* OSSL_NO_USABLE_TLS1_3 */
-
-OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n")
-int setup_tests(void)
+static size_t record_pad_cb(SSL *s, int type, size_t len, void *arg)
{
- char *modulename;
- char *configfile;
+ int *called = arg;
- libctx = OSSL_LIB_CTX_new();
- if (!TEST_ptr(libctx))
+ switch ((*called)++) {
+ case 0:
+ /* Add some padding to first record */
+ return 512;
+ case 1:
+ /* Maximally pad the second record */
+ return SSL3_RT_MAX_PLAIN_LENGTH - len;
+ case 2:
+ /*
+ * Exceeding the maximum padding should be fine. It should just pad to
+ * the maximum anyway
+ */
+ return SSL3_RT_MAX_PLAIN_LENGTH + 1 - len;
+ case 3:
+ /*
+ * Very large padding should also be ok. Should just pad to the maximum
+ * allowed
+ */
+ return SIZE_MAX;
+ default:
return 0;
+ }
+}
- defctxnull = OSSL_PROVIDER_load(NULL, "null");
+/*
+ * Test that setting record padding in TLSv1.3 works as expected
+ * Test 0: Record padding callback on the SSL_CTX
+ * Test 1: Record padding callback on the SSL
+ * Test 2: Record block padding on the SSL_CTX
+ * Test 3: Record block padding on the SSL
+ */
+static int test_tls13_record_padding(int idx)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ char *msg = "Hello World";
+ size_t written, readbytes;
+ char buf[80];
+ int i;
+ int called = 0;
- /*
- * Verify that the default and fips providers in the default libctx are not
- * available
- */
- if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))
- || !TEST_false(OSSL_PROVIDER_available(NULL, "fips")))
- return 0;
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_3_VERSION, 0,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
- if (!test_skip_common_options()) {
- TEST_error("Error parsing test options\n");
- return 0;
+ if (idx == 0) {
+ SSL_CTX_set_record_padding_callback(cctx, record_pad_cb);
+ SSL_CTX_set_record_padding_callback_arg(cctx, &called);
+ if (!TEST_ptr_eq(SSL_CTX_get_record_padding_callback_arg(cctx), &called))
+ goto end;
+ } else if (idx == 2) {
+ /* Exceeding the max plain length should fail */
+ if (!TEST_false(SSL_CTX_set_block_padding(cctx,
+ SSL3_RT_MAX_PLAIN_LENGTH + 1)))
+ goto end;
+ if (!TEST_true(SSL_CTX_set_block_padding(cctx, 512)))
+ goto end;
}
- if (!TEST_ptr(certsdir = test_get_argument(0))
- || !TEST_ptr(srpvfile = test_get_argument(1))
- || !TEST_ptr(tmpfilename = test_get_argument(2))
- || !TEST_ptr(modulename = test_get_argument(3))
- || !TEST_ptr(configfile = test_get_argument(4))
- || !TEST_ptr(dhfile = test_get_argument(5)))
- return 0;
-
- if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile)))
- return 0;
-
- /* Check we have the expected provider available */
- if (!TEST_true(OSSL_PROVIDER_available(libctx, modulename)))
- return 0;
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL)))
+ goto end;
- /* Check the default provider is not available */
- if (strcmp(modulename, "default") != 0
- && !TEST_false(OSSL_PROVIDER_available(libctx, "default")))
- return 0;
+ if (idx == 1) {
+ SSL_set_record_padding_callback(clientssl, record_pad_cb);
+ SSL_set_record_padding_callback_arg(clientssl, &called);
+ if (!TEST_ptr_eq(SSL_get_record_padding_callback_arg(clientssl), &called))
+ goto end;
+ } else if (idx == 3) {
+ /* Exceeding the max plain length should fail */
+ if (!TEST_false(SSL_set_block_padding(clientssl,
+ SSL3_RT_MAX_PLAIN_LENGTH + 1)))
+ goto end;
+ if (!TEST_true(SSL_set_block_padding(clientssl, 512)))
+ goto end;
+ }
- if (strcmp(modulename, "fips") == 0)
- is_fips = 1;
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+ called = 0;
/*
- * We add, but don't load the test "tls-provider". We'll load it when we
- * need it.
+ * Write some data, then check we can read it. Do this four times to check
+ * we can continue to write and read padded data after the initial record
+ * padding has been added. We don't actually check that the padding has
+ * been applied to the record - just that we can continue to communicate
+ * normally and that the callback has been called (if appropriate).
*/
- if (!TEST_true(OSSL_PROVIDER_add_builtin(libctx, "tls-provider",
- tls_provider_init)))
- return 0;
-
+ for (i = 0; i < 4; i++) {
+ if (!TEST_true(SSL_write_ex(clientssl, msg, strlen(msg), &written))
+ || !TEST_size_t_eq(written, strlen(msg)))
+ goto end;
- if (getenv("OPENSSL_TEST_GETCOUNTS") != NULL) {
-#ifdef OPENSSL_NO_CRYPTO_MDEBUG
- TEST_error("not supported in this build");
- return 0;
-#else
- int i, mcount, rcount, fcount;
+ if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf) - 1,
+ &readbytes))
+ || !TEST_size_t_eq(written, readbytes))
+ goto end;
- for (i = 0; i < 4; i++)
- test_export_key_mat(i);
- CRYPTO_get_alloc_counts(&mcount, &rcount, &fcount);
- test_printf_stdout("malloc %d realloc %d free %d\n",
- mcount, rcount, fcount);
- return 1;
-#endif
+ buf[readbytes] = '\0';
+ if (!TEST_str_eq(buf, msg))
+ goto end;
}
- cert = test_mk_file_path(certsdir, "servercert.pem");
- if (cert == NULL)
- goto err;
+ if ((idx == 0 || idx == 1) && !TEST_int_eq(called, 4))
+ goto end;
- privkey = test_mk_file_path(certsdir, "serverkey.pem");
- if (privkey == NULL)
- goto err;
+ testresult = 1;
+end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ return testresult;
+}
+#endif /* OSSL_NO_USABLE_TLS1_3 */
- cert2 = test_mk_file_path(certsdir, "server-ecdsa-cert.pem");
- if (cert2 == NULL)
- goto err;
+#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
- privkey2 = test_mk_file_path(certsdir, "server-ecdsa-key.pem");
- if (privkey2 == NULL)
- goto err;
+static ENGINE *load_dasync(void)
+{
+ ENGINE *e;
- cert1024 = test_mk_file_path(certsdir, "ee-cert-1024.pem");
- if (cert1024 == NULL)
- goto err;
+ if (!TEST_ptr(e = ENGINE_by_id("dasync")))
+ return NULL;
- privkey1024 = test_mk_file_path(certsdir, "ee-key-1024.pem");
- if (privkey1024 == NULL)
- goto err;
+ if (!TEST_true(ENGINE_init(e))) {
+ ENGINE_free(e);
+ return NULL;
+ }
- cert3072 = test_mk_file_path(certsdir, "ee-cert-3072.pem");
- if (cert3072 == NULL)
- goto err;
+ if (!TEST_true(ENGINE_register_ciphers(e))) {
+ ENGINE_free(e);
+ return NULL;
+ }
- privkey3072 = test_mk_file_path(certsdir, "ee-key-3072.pem");
- if (privkey3072 == NULL)
- goto err;
+ return e;
+}
- cert4096 = test_mk_file_path(certsdir, "ee-cert-4096.pem");
- if (cert4096 == NULL)
- goto err;
+/*
+ * Test TLSv1.2 with a pipeline capable cipher. TLSv1.3 and DTLS do not
+ * support this yet. The only pipeline capable cipher that we have is in the
+ * dasync engine (providers don't support this yet), so we have to use
+ * deprecated APIs for this test.
+ *
+ * Test 0: Client has pipelining enabled, server does not
+ * Test 1: Server has pipelining enabled, client does not
+ * Test 2: Client has pipelining enabled, server does not: not enough data to
+ * fill all the pipelines
+ * Test 3: Client has pipelining enabled, server does not: not enough data to
+ * fill all the pipelines by more than a full pipeline's worth
+ * Test 4: Client has pipelining enabled, server does not: more data than all
+ * the available pipelines can take
+ * Test 5: Client has pipelining enabled, server does not: Maximum size pipeline
+ * Test 6: Repeat of test 0, but the engine is loaded late (after the SSL_CTX
+ * is created)
+ */
+static int test_pipelining(int idx)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL, *peera, *peerb;
+ int testresult = 0, numreads;
+ /* A 55 byte message */
+ unsigned char *msg = (unsigned char *)
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123";
+ size_t written, readbytes, offset, msglen, fragsize = 10, numpipes = 5;
+ size_t expectedreads;
+ unsigned char *buf = NULL;
+ ENGINE *e = NULL;
+
+ if (idx != 6) {
+ e = load_dasync();
+ if (e == NULL)
+ return 0;
+ }
- privkey4096 = test_mk_file_path(certsdir, "ee-key-4096.pem");
- if (privkey4096 == NULL)
- goto err;
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), 0,
+ TLS1_2_VERSION, &sctx, &cctx, cert,
+ privkey)))
+ goto end;
- cert8192 = test_mk_file_path(certsdir, "ee-cert-8192.pem");
- if (cert8192 == NULL)
- goto err;
+ if (idx == 6) {
+ e = load_dasync();
+ if (e == NULL)
+ goto end;
+ /* Now act like test 0 */
+ idx = 0;
+ }
- privkey8192 = test_mk_file_path(certsdir, "ee-key-8192.pem");
- if (privkey8192 == NULL)
- goto err;
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL)))
+ goto end;
-#if !defined(OPENSSL_NO_KTLS) && !defined(OPENSSL_NO_SOCK)
-# if !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3)
- ADD_ALL_TESTS(test_ktls, NUM_KTLS_TEST_CIPHERS * 4);
- ADD_ALL_TESTS(test_ktls_sendfile, NUM_KTLS_TEST_CIPHERS);
-# endif
-#endif
- ADD_TEST(test_large_message_tls);
- ADD_TEST(test_large_message_tls_read_ahead);
-#ifndef OPENSSL_NO_DTLS
- ADD_TEST(test_large_message_dtls);
-#endif
- ADD_TEST(test_cleanse_plaintext);
-#ifndef OPENSSL_NO_OCSP
+ if (!TEST_true(SSL_set_cipher_list(clientssl, "AES128-SHA")))
+ goto end;
+
+ /* peera is always configured for pipelining, while peerb is not. */
+ if (idx == 1) {
+ peera = serverssl;
+ peerb = clientssl;
+
+ } else {
+ peera = clientssl;
+ peerb = serverssl;
+ }
+
+ if (idx == 5) {
+ numpipes = 2;
+ /* Maximum allowed fragment size */
+ fragsize = SSL3_RT_MAX_PLAIN_LENGTH;
+ msglen = fragsize * numpipes;
+ msg = OPENSSL_malloc(msglen);
+ if (!TEST_ptr(msg))
+ goto end;
+ if (!TEST_int_gt(RAND_bytes_ex(libctx, msg, msglen, 0), 0))
+ goto end;
+ } else if (idx == 4) {
+ msglen = 55;
+ } else {
+ msglen = 50;
+ }
+ if (idx == 2)
+ msglen -= 2; /* Send 2 less bytes */
+ else if (idx == 3)
+ msglen -= 12; /* Send 12 less bytes */
+
+ buf = OPENSSL_malloc(msglen);
+ if (!TEST_ptr(buf))
+ goto end;
+
+ if (idx == 5) {
+ /*
+ * Test that setting a split send fragment longer than the maximum
+ * allowed fails
+ */
+ if (!TEST_false(SSL_set_split_send_fragment(peera, fragsize + 1)))
+ goto end;
+ }
+
+ /*
+ * In the normal case. We have 5 pipelines with 10 bytes per pipeline
+ * (50 bytes in total). This is a ridiculously small number of bytes -
+ * but sufficient for our purposes
+ */
+ if (!TEST_true(SSL_set_max_pipelines(peera, numpipes))
+ || !TEST_true(SSL_set_split_send_fragment(peera, fragsize)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ /* Write some data from peera to peerb */
+ if (!TEST_true(SSL_write_ex(peera, msg, msglen, &written))
+ || !TEST_size_t_eq(written, msglen))
+ goto end;
+
+ /*
+ * If the pipelining code worked, then we expect all |numpipes| pipelines to
+ * have been used - except in test 3 where only |numpipes - 1| pipelines
+ * will be used. This will result in |numpipes| records (|numpipes - 1| for
+ * test 3) having been sent to peerb. Since peerb is not using read_ahead we
+ * expect this to be read in |numpipes| or |numpipes - 1| separate
+ * SSL_read_ex calls. In the case of test 4, there is then one additional
+ * read for left over data that couldn't fit in the previous pipelines
+ */
+ for (offset = 0, numreads = 0;
+ offset < msglen;
+ offset += readbytes, numreads++) {
+ if (!TEST_true(SSL_read_ex(peerb, buf + offset,
+ msglen - offset, &readbytes)))
+ goto end;
+ }
+
+ expectedreads = idx == 4 ? numpipes + 1
+ : (idx == 3 ? numpipes - 1 : numpipes);
+ if (!TEST_mem_eq(msg, msglen, buf, offset)
+ || !TEST_int_eq(numreads, expectedreads))
+ goto end;
+
+ /*
+ * Write some data from peerb to peera. We do this in up to |numpipes + 1|
+ * chunks to exercise the read pipelining code on peera.
+ */
+ for (offset = 0; offset < msglen; offset += fragsize) {
+ size_t sendlen = msglen - offset;
+
+ if (sendlen > fragsize)
+ sendlen = fragsize;
+ if (!TEST_true(SSL_write_ex(peerb, msg + offset, sendlen, &written))
+ || !TEST_size_t_eq(written, sendlen))
+ goto end;
+ }
+
+ /*
+ * The data was written in |numpipes|, |numpipes - 1| or |numpipes + 1|
+ * separate chunks (depending on which test we are running). If the
+ * pipelining is working then we expect peera to read up to numpipes chunks
+ * and process them in parallel, giving back the complete result in a single
+ * call to SSL_read_ex
+ */
+ if (!TEST_true(SSL_read_ex(peera, buf, msglen, &readbytes))
+ || !TEST_size_t_le(readbytes, msglen))
+ goto end;
+
+ if (idx == 4) {
+ size_t readbytes2;
+
+ if (!TEST_true(SSL_read_ex(peera, buf + readbytes,
+ msglen - readbytes, &readbytes2)))
+ goto end;
+ readbytes += readbytes2;
+ if (!TEST_size_t_le(readbytes, msglen))
+ goto end;
+ }
+
+ if (!TEST_mem_eq(msg, msglen, buf, readbytes))
+ goto end;
+
+ testresult = 1;
+end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ if (e != NULL) {
+ ENGINE_unregister_ciphers(e);
+ ENGINE_finish(e);
+ ENGINE_free(e);
+ }
+ OPENSSL_free(buf);
+ if (fragsize == SSL3_RT_MAX_PLAIN_LENGTH)
+ OPENSSL_free(msg);
+ return testresult;
+}
+#endif /* !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) */
+
+static int check_version_string(SSL *s, int version)
+{
+ const char *verstr = NULL;
+
+ switch (version) {
+ case SSL3_VERSION:
+ verstr = "SSLv3";
+ break;
+ case TLS1_VERSION:
+ verstr = "TLSv1";
+ break;
+ case TLS1_1_VERSION:
+ verstr = "TLSv1.1";
+ break;
+ case TLS1_2_VERSION:
+ verstr = "TLSv1.2";
+ break;
+ case TLS1_3_VERSION:
+ verstr = "TLSv1.3";
+ break;
+ case DTLS1_VERSION:
+ verstr = "DTLSv1";
+ break;
+ case DTLS1_2_VERSION:
+ verstr = "DTLSv1.2";
+ }
+
+ return TEST_str_eq(verstr, SSL_get_version(s));
+}
+
+/*
+ * Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and
+ * SSL_is_dtls return the expected results for a (D)TLS connection. Compare with
+ * test_version() in quicapitest.c which does the same thing for QUIC
+ * connections.
+ */
+static int test_version(int idx)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0, version;
+ const SSL_METHOD *servmeth = TLS_server_method();
+ const SSL_METHOD *clientmeth = TLS_client_method();
+
+ switch (idx) {
+#if !defined(OPENSSL_NO_SSL3)
+ case 0:
+ version = SSL3_VERSION;
+ break;
+#endif
+#if !defined(OPENSSL_NO_TLS1)
+ case 1:
+ version = TLS1_VERSION;
+ break;
+#endif
+#if !defined(OPENSSL_NO_TLS1_2)
+ case 2:
+ version = TLS1_2_VERSION;
+ break;
+#endif
+#if !defined(OSSL_NO_USABLE_TLS1_3)
+ case 3:
+ version = TLS1_3_VERSION;
+ break;
+#endif
+#if !defined(OPENSSL_NO_DTLS1)
+ case 4:
+ version = DTLS1_VERSION;
+ break;
+#endif
+#if !defined(OPENSSL_NO_DTLS1_2)
+ case 5:
+ version = DTLS1_2_VERSION;
+ break;
+#endif
+ /*
+ * NB we do not support QUIC in this test. That is covered by quicapitest.c
+ * We also don't support DTLS1_BAD_VER since we have no server support for
+ * that.
+ */
+ default:
+ TEST_skip("Unsupported protocol version");
+ return 1;
+ }
+
+ if (is_fips
+ && (version == SSL3_VERSION
+ || version == TLS1_VERSION
+ || version == DTLS1_VERSION)) {
+ TEST_skip("Protocol version not supported with FIPS");
+ return 1;
+ }
+
+#if !defined(OPENSSL_NO_DTLS)
+ if (version == DTLS1_VERSION || version == DTLS1_2_VERSION) {
+ servmeth = DTLS_server_method();
+ clientmeth = DTLS_client_method();
+ }
+#endif
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, servmeth, clientmeth, version,
+ version, &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
+ || !TEST_true(SSL_CTX_set_cipher_list(cctx,
+ "DEFAULT:@SECLEVEL=0")))
+ goto end;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ if (!TEST_int_eq(SSL_version(serverssl), version)
+ || !TEST_int_eq(SSL_version(clientssl), version)
+ || !TEST_true(check_version_string(serverssl, version))
+ || !TEST_true(check_version_string(clientssl, version)))
+ goto end;
+
+ if (version == DTLS1_VERSION || version == DTLS1_2_VERSION) {
+ if (!TEST_true(SSL_is_dtls(serverssl))
+ || !TEST_true(SSL_is_dtls(clientssl))
+ || !TEST_false(SSL_is_tls(serverssl))
+ || !TEST_false(SSL_is_tls(clientssl))
+ || !TEST_false(SSL_is_quic(serverssl))
+ || !TEST_false(SSL_is_quic(clientssl)))
+ goto end;
+ } else {
+ if (!TEST_true(SSL_is_tls(serverssl))
+ || !TEST_true(SSL_is_tls(clientssl))
+ || !TEST_false(SSL_is_dtls(serverssl))
+ || !TEST_false(SSL_is_dtls(clientssl))
+ || !TEST_false(SSL_is_quic(serverssl))
+ || !TEST_false(SSL_is_quic(clientssl)))
+ goto end;
+ }
+
+ testresult = 1;
+end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ return testresult;
+}
+
+/*
+ * Test that the SSL_rstate_string*() APIs return sane results
+ */
+static int test_rstate_string(void)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0, version;
+ const SSL_METHOD *servmeth = TLS_server_method();
+ const SSL_METHOD *clientmeth = TLS_client_method();
+ size_t written, readbytes;
+ unsigned char buf[2];
+ unsigned char dummyheader[SSL3_RT_HEADER_LENGTH] = {
+ SSL3_RT_APPLICATION_DATA,
+ TLS1_2_VERSION_MAJOR,
+ 0, /* To be filled in later */
+ 0,
+ 1
+ };
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, servmeth, clientmeth, 0,
+ 0, &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL)))
+ goto end;
+
+ if (!TEST_str_eq(SSL_rstate_string(serverssl), "RH")
+ || !TEST_str_eq(SSL_rstate_string_long(serverssl), "read header"))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ if (!TEST_str_eq(SSL_rstate_string(serverssl), "RH")
+ || !TEST_str_eq(SSL_rstate_string_long(serverssl), "read header"))
+ goto end;
+
+ /* Fill in the correct version for the record header */
+ version = SSL_version(serverssl);
+ if (version == TLS1_3_VERSION)
+ version = TLS1_2_VERSION;
+ dummyheader[2] = version & 0xff;
+
+ /*
+ * Send a dummy header. If we continued to read the body as well this
+ * would fail with a bad record mac, but we're not going to go that far.
+ */
+ if (!TEST_true(BIO_write_ex(SSL_get_rbio(serverssl), dummyheader,
+ sizeof(dummyheader), &written))
+ || !TEST_size_t_eq(written, SSL3_RT_HEADER_LENGTH))
+ goto end;
+
+ if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)))
+ goto end;
+
+ if (!TEST_str_eq(SSL_rstate_string(serverssl), "RB")
+ || !TEST_str_eq(SSL_rstate_string_long(serverssl), "read body"))
+ goto end;
+
+ testresult = 1;
+end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ return testresult;
+}
+
+/*
+ * Force a write retry during handshaking. We test various combinations of
+ * scenarios. We test a large certificate message which will fill the buffering
+ * BIO used in the handshake. We try with client auth on and off. Finally we
+ * also try a BIO that indicates retry via a 0 return. BIO_write() is documented
+ * to indicate retry via -1 - but sometimes BIOs don't do that.
+ *
+ * Test 0: Standard certificate message
+ * Test 1: Large certificate message
+ * Test 2: Standard cert, verify peer
+ * Test 3: Large cert, verify peer
+ * Test 4: Standard cert, BIO returns 0 on retry
+ * Test 5: Large cert, BIO returns 0 on retry
+ * Test 6: Standard cert, verify peer, BIO returns 0 on retry
+ * Test 7: Large cert, verify peer, BIO returns 0 on retry
+ * Test 8-15: Repeat of above with TLSv1.2
+ */
+static int test_handshake_retry(int idx)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ BIO *tmp = NULL, *bretry = BIO_new(bio_s_always_retry());
+ int maxversion = 0;
+
+ if (!TEST_ptr(bretry))
+ goto end;
+
+#ifndef OPENSSL_NO_TLS1_2
+ if ((idx & 8) == 8)
+ maxversion = TLS1_2_VERSION;
+#else
+ if ((idx & 8) == 8)
+ return TEST_skip("No TLSv1.2");
+#endif
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), 0, maxversion,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ /*
+ * Add a large amount of data to fill the buffering BIO used by the SSL
+ * object
+ */
+ if ((idx & 1) == 1 && !ssl_ctx_add_large_cert_chain(libctx, sctx, cert))
+ goto end;
+
+ /*
+ * We don't actually configure a client cert, but neither do we fail if one
+ * isn't present.
+ */
+ if ((idx & 2) == 2)
+ SSL_CTX_set_verify(sctx, SSL_VERIFY_PEER, NULL);
+
+ if ((idx & 4) == 4)
+ set_always_retry_err_val(0);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL)))
+ goto end;
+
+ tmp = SSL_get_wbio(serverssl);
+ if (!TEST_ptr(tmp) || !TEST_true(BIO_up_ref(tmp))) {
+ tmp = NULL;
+ goto end;
+ }
+ SSL_set0_wbio(serverssl, bretry);
+ bretry = NULL;
+
+ if (!TEST_int_eq(SSL_connect(clientssl), -1))
+ goto end;
+
+ if (!TEST_int_eq(SSL_accept(serverssl), -1)
+ || !TEST_int_eq(SSL_get_error(serverssl, -1), SSL_ERROR_WANT_WRITE))
+ goto end;
+
+ /* Restore a BIO that will let the write succeed */
+ SSL_set0_wbio(serverssl, tmp);
+ tmp = NULL;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ testresult = 1;
+end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ BIO_free(bretry);
+ BIO_free(tmp);
+ set_always_retry_err_val(-1);
+ return testresult;
+}
+
+/*
+ * Test that receiving retries when writing application data works as expected
+ */
+static int test_data_retry(void)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ unsigned char inbuf[1200], outbuf[1200];
+ size_t i;
+ BIO *tmp = NULL;
+ BIO *bretry = BIO_new(bio_s_maybe_retry());
+ size_t written, readbytes, totread = 0;
+
+ if (!TEST_ptr(bretry))
+ goto end;
+
+ for (i = 0; i < sizeof(inbuf); i++)
+ inbuf[i] = (unsigned char)(0xff & i);
+ memset(outbuf, 0, sizeof(outbuf));
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), 0, 0, &sctx, &cctx,
+ cert, privkey)))
+ goto end;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
+ NULL)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ /* Smallest possible max send fragment is 512 */
+ if (!TEST_true(SSL_set_max_send_fragment(clientssl, 512)))
+ goto end;
+
+ tmp = SSL_get_wbio(clientssl);
+ if (!TEST_ptr(tmp))
+ goto end;
+ if (!TEST_true(BIO_up_ref(tmp)))
+ goto end;
+ BIO_push(bretry, tmp);
+ tmp = NULL;
+ SSL_set0_wbio(clientssl, bretry);
+ if (!BIO_up_ref(bretry)) {
+ bretry = NULL;
+ goto end;
+ }
+
+ for (i = 0; i < 3; i++) {
+ /* We expect this call to make no progress and indicate retry */
+ if (!TEST_false(SSL_write_ex(clientssl, inbuf, sizeof(inbuf), &written)))
+ goto end;
+ if (!TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_WANT_WRITE))
+ goto end;
+
+ /* Allow one write to progress, but the next one to signal retry */
+ if (!TEST_true(BIO_ctrl(bretry, MAYBE_RETRY_CTRL_SET_RETRY_AFTER_CNT, 1,
+ NULL)))
+ goto end;
+
+ if (i == 2)
+ break;
+
+ /*
+ * This call will hopefully make progress but will still indicate retry
+ * because there is more data than will fit into a single record.
+ */
+ if (!TEST_false(SSL_write_ex(clientssl, inbuf, sizeof(inbuf), &written)))
+ goto end;
+ if (!TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_WANT_WRITE))
+ goto end;
+ }
+
+ /* The final call should write the last chunk of data and succeed */
+ if (!TEST_true(SSL_write_ex(clientssl, inbuf, sizeof(inbuf), &written)))
+ goto end;
+ /* Read all the data available */
+ while (SSL_read_ex(serverssl, outbuf + totread, sizeof(outbuf) - totread,
+ &readbytes))
+ totread += readbytes;
+ if (!TEST_mem_eq(inbuf, sizeof(inbuf), outbuf, totread))
+ goto end;
+
+ testresult = 1;
+end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ BIO_free_all(bretry);
+ BIO_free(tmp);
+ return testresult;
+}
+
+struct resume_servername_cb_data {
+ int i;
+ SSL_CTX *cctx;
+ SSL_CTX *sctx;
+ SSL_SESSION *sess;
+ int recurse;
+};
+
+/*
+ * Servername callback. We use it here to run another complete handshake using
+ * the same session - and mark the session as not_resuamble at the end
+ */
+static int resume_servername_cb(SSL *s, int *ad, void *arg)
+{
+ struct resume_servername_cb_data *cbdata = arg;
+ SSL *serverssl = NULL, *clientssl = NULL;
+ int ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+
+ if (cbdata->recurse)
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
+
+ if ((cbdata->i % 3) != 1)
+ return SSL_TLSEXT_ERR_OK;
+
+ cbdata->recurse = 1;
+
+ if (!TEST_true(create_ssl_objects(cbdata->sctx, cbdata->cctx, &serverssl,
+ &clientssl, NULL, NULL))
+ || !TEST_true(SSL_set_session(clientssl, cbdata->sess)))
+ goto end;
+
+ ERR_set_mark();
+ /*
+ * We expect this to fail - because the servername cb will fail. This will
+ * mark the session as not_resumable.
+ */
+ if (!TEST_false(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) {
+ ERR_clear_last_mark();
+ goto end;
+ }
+ ERR_pop_to_mark();
+
+ ret = SSL_TLSEXT_ERR_OK;
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ cbdata->recurse = 0;
+ return ret;
+}
+/*
+ * Test multiple resumptions and cache size handling
+ * Test 0: TLSv1.3 (max_early_data set)
+ * Test 1: TLSv1.3 (SSL_OP_NO_TICKET set)
+ * Test 2: TLSv1.3 (max_early_data and SSL_OP_NO_TICKET set)
+ * Test 3: TLSv1.3 (SSL_OP_NO_TICKET, simultaneous resumes)
+ * Test 4: TLSv1.2
+ */
+static int test_multi_resume(int idx)
+{
+ SSL_CTX *sctx = NULL, *cctx = NULL;
+ SSL *serverssl = NULL, *clientssl = NULL;
+ SSL_SESSION *sess = NULL;
+ int max_version = TLS1_3_VERSION;
+ int i, testresult = 0;
+ struct resume_servername_cb_data cbdata;
+
+#if defined(OPENSSL_NO_TLS1_2)
+ if (idx == 4)
+ return TEST_skip("TLSv1.2 is disabled in this build");
+#else
+ if (idx == 4)
+ max_version = TLS1_2_VERSION;
+#endif
+#if defined(OSSL_NO_USABLE_TLS1_3)
+ if (idx != 4)
+ return TEST_skip("No usable TLSv1.3 in this build");
+#endif
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION,
+ max_version, &sctx, &cctx, cert,
+ privkey)))
+ goto end;
+
+ /*
+ * TLSv1.3 only uses a session cache if either max_early_data > 0 (used for
+ * replay protection), or if SSL_OP_NO_TICKET is in use
+ */
+ if (idx == 0 || idx == 2) {
+ if (!TEST_true(SSL_CTX_set_max_early_data(sctx, 1024)))
+ goto end;
+ }
+ if (idx == 1 || idx == 2 || idx == 3)
+ SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET);
+
+ SSL_CTX_sess_set_cache_size(sctx, 5);
+
+ if (idx == 3) {
+ SSL_CTX_set_tlsext_servername_callback(sctx, resume_servername_cb);
+ SSL_CTX_set_tlsext_servername_arg(sctx, &cbdata);
+ cbdata.cctx = cctx;
+ cbdata.sctx = sctx;
+ cbdata.recurse = 0;
+ }
+
+ for (i = 0; i < 30; i++) {
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(SSL_set_session(clientssl, sess)))
+ goto end;
+
+ /*
+ * Check simultaneous resumes. We pause the connection part way through
+ * the handshake by (mis)using the servername_cb. The pause occurs after
+ * session resumption has already occurred, but before any session
+ * tickets have been issued. While paused we run another complete
+ * handshake resuming the same session.
+ */
+ if (idx == 3) {
+ cbdata.i = i;
+ cbdata.sess = sess;
+ }
+
+ /*
+ * Recreate a bug where dynamically changing the max_early_data value
+ * can cause sessions in the session cache which cannot be deleted.
+ */
+ if ((idx == 0 || idx == 2) && (i % 3) == 2)
+ SSL_set_max_early_data(serverssl, 0);
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ if (sess == NULL || (idx == 0 && (i % 3) == 2)) {
+ if (!TEST_false(SSL_session_reused(clientssl)))
+ goto end;
+ } else {
+ if (!TEST_true(SSL_session_reused(clientssl)))
+ goto end;
+ }
+ SSL_SESSION_free(sess);
+
+ /* Do a full handshake, followed by two resumptions */
+ if ((i % 3) == 2) {
+ sess = NULL;
+ } else {
+ if (!TEST_ptr((sess = SSL_get1_session(clientssl))))
+ goto end;
+ }
+
+ SSL_shutdown(clientssl);
+ SSL_shutdown(serverssl);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ serverssl = clientssl = NULL;
+ }
+
+ /* We should never exceed the session cache size limit */
+ if (!TEST_long_le(SSL_CTX_sess_number(sctx), 5))
+ goto end;
+
+ testresult = 1;
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ SSL_SESSION_free(sess);
+ return testresult;
+}
+
+OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n")
+
+int setup_tests(void)
+{
+ char *modulename;
+ char *configfile;
+
+ libctx = OSSL_LIB_CTX_new();
+ if (!TEST_ptr(libctx))
+ return 0;
+
+ defctxnull = OSSL_PROVIDER_load(NULL, "null");
+
+ /*
+ * Verify that the default and fips providers in the default libctx are not
+ * available
+ */
+ if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))
+ || !TEST_false(OSSL_PROVIDER_available(NULL, "fips")))
+ return 0;
+
+ if (!test_skip_common_options()) {
+ TEST_error("Error parsing test options\n");
+ return 0;
+ }
+
+ if (!TEST_ptr(certsdir = test_get_argument(0))
+ || !TEST_ptr(srpvfile = test_get_argument(1))
+ || !TEST_ptr(tmpfilename = test_get_argument(2))
+ || !TEST_ptr(modulename = test_get_argument(3))
+ || !TEST_ptr(configfile = test_get_argument(4))
+ || !TEST_ptr(dhfile = test_get_argument(5)))
+ return 0;
+
+ if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile)))
+ return 0;
+
+ /* Check we have the expected provider available */
+ if (!TEST_true(OSSL_PROVIDER_available(libctx, modulename)))
+ return 0;
+
+ /* Check the default provider is not available */
+ if (strcmp(modulename, "default") != 0
+ && !TEST_false(OSSL_PROVIDER_available(libctx, "default")))
+ return 0;
+
+ if (strcmp(modulename, "fips") == 0) {
+ OSSL_PROVIDER *prov = NULL;
+ OSSL_PARAM params[2];
+
+ is_fips = 1;
+
+ prov = OSSL_PROVIDER_load(libctx, "fips");
+ if (prov != NULL) {
+ /* Query the fips provider to check if the check ems option is enabled */
+ params[0] =
+ OSSL_PARAM_construct_int(OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK,
+ &fips_ems_check);
+ params[1] = OSSL_PARAM_construct_end();
+ OSSL_PROVIDER_get_params(prov, params);
+ OSSL_PROVIDER_unload(prov);
+ }
+ }
+
+ /*
+ * We add, but don't load the test "tls-provider". We'll load it when we
+ * need it.
+ */
+ if (!TEST_true(OSSL_PROVIDER_add_builtin(libctx, "tls-provider",
+ tls_provider_init)))
+ return 0;
+
+
+ if (getenv("OPENSSL_TEST_GETCOUNTS") != NULL) {
+#ifdef OPENSSL_NO_CRYPTO_MDEBUG
+ TEST_error("not supported in this build");
+ return 0;
+#else
+ int i, mcount, rcount, fcount;
+
+ for (i = 0; i < 4; i++)
+ test_export_key_mat(i);
+ CRYPTO_get_alloc_counts(&mcount, &rcount, &fcount);
+ test_printf_stdout("malloc %d realloc %d free %d\n",
+ mcount, rcount, fcount);
+ return 1;
+#endif
+ }
+
+ cert = test_mk_file_path(certsdir, "servercert.pem");
+ if (cert == NULL)
+ goto err;
+
+ privkey = test_mk_file_path(certsdir, "serverkey.pem");
+ if (privkey == NULL)
+ goto err;
+
+ cert2 = test_mk_file_path(certsdir, "server-ecdsa-cert.pem");
+ if (cert2 == NULL)
+ goto err;
+
+ privkey2 = test_mk_file_path(certsdir, "server-ecdsa-key.pem");
+ if (privkey2 == NULL)
+ goto err;
+
+ cert1024 = test_mk_file_path(certsdir, "ee-cert-1024.pem");
+ if (cert1024 == NULL)
+ goto err;
+
+ privkey1024 = test_mk_file_path(certsdir, "ee-key-1024.pem");
+ if (privkey1024 == NULL)
+ goto err;
+
+ cert3072 = test_mk_file_path(certsdir, "ee-cert-3072.pem");
+ if (cert3072 == NULL)
+ goto err;
+
+ privkey3072 = test_mk_file_path(certsdir, "ee-key-3072.pem");
+ if (privkey3072 == NULL)
+ goto err;
+
+ cert4096 = test_mk_file_path(certsdir, "ee-cert-4096.pem");
+ if (cert4096 == NULL)
+ goto err;
+
+ privkey4096 = test_mk_file_path(certsdir, "ee-key-4096.pem");
+ if (privkey4096 == NULL)
+ goto err;
+
+ cert8192 = test_mk_file_path(certsdir, "ee-cert-8192.pem");
+ if (cert8192 == NULL)
+ goto err;
+
+ privkey8192 = test_mk_file_path(certsdir, "ee-key-8192.pem");
+ if (privkey8192 == NULL)
+ goto err;
+
+ if (fips_ems_check) {
+#ifndef OPENSSL_NO_TLS1_2
+ ADD_TEST(test_no_ems);
+#endif
+ return 1;
+ }
+#if !defined(OPENSSL_NO_KTLS) && !defined(OPENSSL_NO_SOCK)
+# if !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3)
+ ADD_ALL_TESTS(test_ktls, NUM_KTLS_TEST_CIPHERS * 4);
+ ADD_ALL_TESTS(test_ktls_sendfile, NUM_KTLS_TEST_CIPHERS * 2);
+# endif
+#endif
+ ADD_TEST(test_large_message_tls);
+ ADD_TEST(test_large_message_tls_read_ahead);
+#ifndef OPENSSL_NO_DTLS
+ ADD_TEST(test_large_message_dtls);
+#endif
+ ADD_ALL_TESTS(test_large_app_data, 28);
+ ADD_TEST(test_cleanse_plaintext);
+#ifndef OPENSSL_NO_OCSP
ADD_TEST(test_tlsext_status_type);
#endif
ADD_TEST(test_session_with_only_int_cache);
ADD_TEST(test_ccs_change_cipher);
#endif
#ifndef OSSL_NO_USABLE_TLS1_3
- ADD_ALL_TESTS(test_early_data_read_write, 3);
+ ADD_ALL_TESTS(test_early_data_read_write, 6);
/*
* We don't do replay tests for external PSK. Replay protection isn't used
* in that scenario.
*/
ADD_ALL_TESTS(test_early_data_replay, 2);
- ADD_ALL_TESTS(test_early_data_skip, 3);
- ADD_ALL_TESTS(test_early_data_skip_hrr, 3);
- ADD_ALL_TESTS(test_early_data_skip_hrr_fail, 3);
- ADD_ALL_TESTS(test_early_data_skip_abort, 3);
+ ADD_ALL_TESTS(test_early_data_skip, OSSL_NELEM(ciphersuites) * 3);
+ ADD_ALL_TESTS(test_early_data_skip_hrr, OSSL_NELEM(ciphersuites) * 3);
+ ADD_ALL_TESTS(test_early_data_skip_hrr_fail, OSSL_NELEM(ciphersuites) * 3);
+ ADD_ALL_TESTS(test_early_data_skip_abort, OSSL_NELEM(ciphersuites) * 3);
ADD_ALL_TESTS(test_early_data_not_sent, 3);
ADD_ALL_TESTS(test_early_data_psk, 8);
- ADD_ALL_TESTS(test_early_data_psk_with_all_ciphers, 5);
+ ADD_ALL_TESTS(test_early_data_psk_with_all_ciphers, 7);
ADD_ALL_TESTS(test_early_data_not_expected, 3);
# ifndef OPENSSL_NO_TLS1_2
ADD_ALL_TESTS(test_early_data_tls1_2, 3);
# else
ADD_ALL_TESTS(test_tls13_psk, 4);
# endif /* OPENSSL_NO_PSK */
+#ifndef OSSL_NO_USABLE_TLS1_3
+ ADD_ALL_TESTS(test_tls13_no_dhe_kex, 8);
+#endif /* OSSL_NO_USABLE_TLS1_3 */
# ifndef OPENSSL_NO_TLS1_2
/* Test with both TLSv1.3 and 1.2 versions */
ADD_ALL_TESTS(test_key_exchange, 14);
ADD_ALL_TESTS(test_key_update_local_in_write, 2);
ADD_ALL_TESTS(test_key_update_local_in_read, 2);
#endif
- ADD_ALL_TESTS(test_ssl_clear, 2);
+ ADD_ALL_TESTS(test_ssl_clear, 8);
ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test));
#if !defined(OPENSSL_NO_SRP) && !defined(OPENSSL_NO_TLS1_2)
ADD_ALL_TESTS(test_srp, 6);
#endif
+#if !defined(OPENSSL_NO_COMP_ALG)
+ /* Add compression case */
+ ADD_ALL_TESTS(test_info_callback, 8);
+#else
ADD_ALL_TESTS(test_info_callback, 6);
+#endif
ADD_ALL_TESTS(test_ssl_pending, 2);
ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data));
- ADD_ALL_TESTS(test_ticket_callbacks, 16);
+ ADD_ALL_TESTS(test_ticket_callbacks, 20);
ADD_ALL_TESTS(test_shutdown, 7);
+ ADD_TEST(test_async_shutdown);
ADD_ALL_TESTS(test_incorrect_shutdown, 2);
ADD_ALL_TESTS(test_cert_cb, 6);
ADD_ALL_TESTS(test_client_cert_cb, 2);
ADD_ALL_TESTS(test_multiblock_write, OSSL_NELEM(multiblock_cipherlist_data));
#endif
ADD_ALL_TESTS(test_servername, 10);
+ ADD_TEST(test_unknown_sigalgs_groups);
#if !defined(OPENSSL_NO_EC) \
&& (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2))
ADD_ALL_TESTS(test_sigalgs_available, 6);
#endif
#ifndef OPENSSL_NO_TLS1_3
ADD_ALL_TESTS(test_pluggable_group, 2);
+ ADD_ALL_TESTS(test_pluggable_signature, 4);
#endif
#ifndef OPENSSL_NO_TLS1_2
ADD_TEST(test_ssl_dup);
+ ADD_TEST(test_session_secret_cb);
# ifndef OPENSSL_NO_DH
ADD_ALL_TESTS(test_set_tmp_dh, 11);
ADD_ALL_TESTS(test_dh_auto, 7);
ADD_TEST(test_set_verify_cert_store_ssl_ctx);
ADD_TEST(test_set_verify_cert_store_ssl);
ADD_ALL_TESTS(test_session_timeout, 1);
+#if !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)
+ ADD_ALL_TESTS(test_session_cache_overflow, 4);
+#endif
ADD_TEST(test_load_dhfile);
#ifndef OSSL_NO_USABLE_TLS1_3
ADD_TEST(test_read_ahead_key_change);
+ ADD_ALL_TESTS(test_tls13_record_padding, 4);
#endif
#if !defined(OPENSSL_NO_TLS1_2) && !defined(OSSL_NO_USABLE_TLS1_3)
ADD_ALL_TESTS(test_serverinfo_custom, 4);
#endif
+#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
+ ADD_ALL_TESTS(test_pipelining, 7);
+#endif
+ ADD_ALL_TESTS(test_version, 6);
+ ADD_TEST(test_rstate_string);
+ ADD_ALL_TESTS(test_handshake_retry, 16);
+ ADD_TEST(test_data_retry);
+ ADD_ALL_TESTS(test_multi_resume, 5);
return 1;
err:
OPENSSL_free(privkey8192);
bio_s_mempacket_test_free();
bio_s_always_retry_free();
+ bio_s_maybe_retry_free();
OSSL_PROVIDER_unload(defctxnull);
OSSL_LIB_CTX_free(libctx);
}
projects / thirdparty / openssl.git / blobdiff