static int use_session_cb_cnt = 0;
static int find_session_cb_cnt = 0;
+static int end_of_early_data = 0;
#endif
static char *certsdir = NULL;
if (!TEST_true(sdata.renc_level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION)
|| !TEST_true(sdata.wenc_level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION)
|| !TEST_true(cdata.renc_level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION)
- || !TEST_true(sdata.wenc_level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION))
+ || !TEST_true(cdata.wenc_level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION))
goto end;
testresult = 1;
return testresult;
}
+
+static void assert_no_end_of_early_data(int write_p, int version, int content_type,
+ const void *buf, size_t msglen, SSL *ssl, void *arg)
+{
+ const unsigned char *msg = buf;
+
+ if (content_type == SSL3_RT_HANDSHAKE && msg[0] == SSL3_MT_END_OF_EARLY_DATA)
+ end_of_early_data = 1;
+}
+
+static int test_no_end_of_early_data(void)
+{
+ SSL_CTX *sctx = NULL, *cctx = NULL;
+ SSL *serverssl = NULL, *clientssl = NULL;
+ int testresult = 0;
+ SSL_SESSION *sess = NULL;
+ const OSSL_DISPATCH qtdis[] = {
+ {OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_SEND, (void (*)(void))crypto_send_cb},
+ {OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_RECV_RCD,
+ (void (*)(void))crypto_recv_rcd_cb},
+ {OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_RELEASE_RCD,
+ (void (*)(void))crypto_release_rcd_cb},
+ {OSSL_FUNC_SSL_QUIC_TLS_YIELD_SECRET,
+ (void (*)(void))yield_secret_cb},
+ {OSSL_FUNC_SSL_QUIC_TLS_GOT_TRANSPORT_PARAMS,
+ (void (*)(void))got_transport_params_cb},
+ {OSSL_FUNC_SSL_QUIC_TLS_ALERT, (void (*)(void))alert_cb},
+ {0, NULL}
+ };
+ struct quic_tls_test_data sdata, cdata;
+ const unsigned char cparams[] = {
+ 0xff, 0x01, 0x00
+ };
+ const unsigned char sparams[] = {
+ 0xfe, 0x01, 0x00
+ };
+ int i;
+
+ memset(&sdata, 0, sizeof(sdata));
+ memset(&cdata, 0, sizeof(cdata));
+ sdata.peer = &cdata;
+ cdata.peer = &sdata;
+ end_of_early_data = 0;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_3_VERSION, 0,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ SSL_CTX_set_max_early_data(sctx, 0xffffffff);
+ SSL_CTX_set_max_early_data(cctx, 0xffffffff);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
+ NULL)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ sess = SSL_get1_session(clientssl);
+ SSL_shutdown(clientssl);
+ SSL_shutdown(serverssl);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ serverssl = clientssl = NULL;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL))
+ || !TEST_true(SSL_set_session(clientssl, sess)))
+ return 0;
+
+ if (!TEST_true(SSL_set_quic_tls_cbs(clientssl, qtdis, &cdata))
+ || !TEST_true(SSL_set_quic_tls_cbs(serverssl, qtdis, &sdata))
+ || !TEST_true(SSL_set_quic_tls_transport_params(clientssl, cparams,
+ sizeof(cparams)))
+ || !TEST_true(SSL_set_quic_tls_transport_params(serverssl, sparams,
+ sizeof(sparams))))
+ goto end;
+
+ SSL_CONNECTION_FROM_SSL(clientssl)->early_data_state = SSL_EARLY_DATA_CONNECTING;
+ SSL_CONNECTION_FROM_SSL(serverssl)->early_data_state = SSL_EARLY_DATA_ACCEPTING;
+
+ SSL_set_msg_callback(serverssl, assert_no_end_of_early_data);
+ SSL_set_msg_callback(clientssl, assert_no_end_of_early_data);
+
+ if (!TEST_int_eq(SSL_connect(clientssl), 1)
+ || !TEST_int_eq(SSL_accept(serverssl), 1)
+ || !TEST_int_eq(SSL_get_early_data_status(serverssl), SSL_EARLY_DATA_ACCEPTED))
+ goto end;
+
+ /* Check the encryption levels are what we expect them to be */
+ if (!TEST_true(sdata.renc_level == OSSL_RECORD_PROTECTION_LEVEL_EARLY)
+ || !TEST_true(sdata.wenc_level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION)
+ || !TEST_true(cdata.renc_level == OSSL_RECORD_PROTECTION_LEVEL_NONE)
+ || !TEST_true(cdata.wenc_level == OSSL_RECORD_PROTECTION_LEVEL_EARLY))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ /* Check no problems during the handshake */
+ if (!TEST_false(sdata.alert)
+ || !TEST_false(cdata.alert)
+ || !TEST_false(sdata.err)
+ || !TEST_false(cdata.err))
+ goto end;
+
+ /* Check the secrets all match */
+ for (i = OSSL_RECORD_PROTECTION_LEVEL_EARLY - 1;
+ i < OSSL_RECORD_PROTECTION_LEVEL_APPLICATION;
+ i++) {
+ if (!TEST_mem_eq(sdata.wsecret[i], sdata.wsecret_len[i],
+ cdata.rsecret[i], cdata.rsecret_len[i]))
+ goto end;
+ }
+
+ /* Check the transport params */
+ if (!TEST_mem_eq(sdata.params, sdata.params_len, cparams, sizeof(cparams))
+ || !TEST_mem_eq(cdata.params, cdata.params_len, sparams,
+ sizeof(sparams)))
+ goto end;
+
+ /* Check the encryption levels are what we expect them to be */
+ if (!TEST_true(sdata.renc_level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION)
+ || !TEST_true(sdata.wenc_level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION)
+ || !TEST_true(cdata.renc_level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION)
+ || !TEST_true(cdata.wenc_level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION))
+ goto end;
+
+ /* Check there is no EndOfEearlyData in handshake */
+ if (!TEST_int_eq(end_of_early_data, 0))
+ goto end;
+
+ testresult = 1;
+ end:
+ SSL_SESSION_free(sess);
+ SSL_SESSION_free(clientpsk);
+ SSL_SESSION_free(serverpsk);
+ clientpsk = serverpsk = NULL;
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
#endif /* !defined(OSSL_NO_USABLE_TLS1_3) */
OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n")
ADD_ALL_TESTS(test_alpn, 4);
#if !defined(OSSL_NO_USABLE_TLS1_3)
ADD_TEST(test_quic_tls);
+ ADD_TEST(test_no_end_of_early_data);
#endif
return 1;
projects / thirdparty / openssl.git / commitdiff
