/*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
#include <openssl/srp.h>
#endif
-#include "../ssl/ssl_locl.h"
+#include "../ssl/ssl_local.h"
#include "internal/sockets.h"
#include "internal/nelem.h"
#include "handshake_helper.h"
#include "testutil.h"
+#if !defined(OPENSSL_NO_SCTP) && !defined(OPENSSL_NO_SOCK)
+#include <netinet/sctp.h>
+#endif
+
+DEFINE_STACK_OF(X509_NAME)
+
HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void)
{
HANDSHAKE_RESULT *ret;
return 1;
}
-static int broken_session_ticket_cb(SSL *s, unsigned char *key_name, unsigned char *iv,
- EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
+static int broken_session_ticket_cb(SSL *s, unsigned char *key_name,
+ unsigned char *iv, EVP_CIPHER_CTX *ctx,
+ EVP_MAC_CTX *hctx, int enc)
{
return 0;
}
static int do_not_call_session_ticket_cb(SSL *s, unsigned char *key_name,
unsigned char *iv,
EVP_CIPHER_CTX *ctx,
- HMAC_CTX *hctx, int enc)
+ EVP_MAC_CTX *hctx, int enc)
{
HANDSHAKE_EX_DATA *ex_data =
(HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx));
* session (assigned via SNI), and should never be invoked
*/
if (server2_ctx != NULL)
- SSL_CTX_set_tlsext_ticket_key_cb(server2_ctx,
- do_not_call_session_ticket_cb);
+ SSL_CTX_set_tlsext_ticket_key_evp_cb(server2_ctx,
+ do_not_call_session_ticket_cb);
if (extra->server.broken_session_ticket) {
- SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, broken_session_ticket_cb);
+ SSL_CTX_set_tlsext_ticket_key_evp_cb(server_ctx,
+ broken_session_ticket_cb);
}
#ifndef OPENSSL_NO_NEXTPROTONEG
if (extra->server.npn_protocols != NULL) {
}
if (extra->client.alpn_protocols != NULL) {
unsigned char *alpn_protos = NULL;
- size_t alpn_protos_len;
+ size_t alpn_protos_len = 0;
+
if (!TEST_true(parse_protos(extra->client.alpn_protocols,
&alpn_protos, &alpn_protos_len))
/* Reversed return value convention... */
* to read gives us somewhat better guarantees that all data sent is in fact
* received.
*/
- if (!peer->bytes_to_write && !peer->bytes_to_read) {
+ if (peer->bytes_to_write == 0 && peer->bytes_to_read == 0) {
peer->status = PEER_SUCCESS;
}
}
if (SSL_is_server(peer->ssl)) {
ret = SSL_renegotiate(peer->ssl);
} else {
+ int full_reneg = 0;
+
+ if (test_ctx->extra.client.no_extms_on_reneg) {
+ SSL_set_options(peer->ssl, SSL_OP_NO_EXTENDED_MASTER_SECRET);
+ full_reneg = 1;
+ }
if (test_ctx->extra.client.reneg_ciphers != NULL) {
if (!SSL_set_cipher_list(peer->ssl,
test_ctx->extra.client.reneg_ciphers)) {
peer->status = PEER_ERROR;
return;
}
+ full_reneg = 1;
+ }
+ if (full_reneg)
ret = SSL_renegotiate(peer->ssl);
- } else {
+ else
ret = SSL_renegotiate_abbreviated(peer->ssl);
- }
}
if (!ret) {
peer->status = PEER_ERROR;
#if !defined(OPENSSL_NO_SCTP) && !defined(OPENSSL_NO_SOCK)
static int set_sock_as_sctp(int sock)
{
+ struct sctp_assocparams assocparams;
+ struct sctp_rtoinfo rto_info;
+ BIO *tmpbio;
+
+ /*
+ * To allow tests to fail fast (within a second or so), reduce the
+ * retransmission timeouts and the number of retransmissions.
+ */
+ memset(&rto_info, 0, sizeof(struct sctp_rtoinfo));
+ rto_info.srto_initial = 100;
+ rto_info.srto_max = 200;
+ rto_info.srto_min = 50;
+ (void)setsockopt(sock, IPPROTO_SCTP, SCTP_RTOINFO,
+ (const void *)&rto_info, sizeof(struct sctp_rtoinfo));
+ memset(&assocparams, 0, sizeof(struct sctp_assocparams));
+ assocparams.sasoc_asocmaxrxt = 2;
+ (void)setsockopt(sock, IPPROTO_SCTP, SCTP_ASSOCINFO,
+ (const void *)&assocparams,
+ sizeof(struct sctp_assocparams));
+
/*
* For SCTP we have to set various options on the socket prior to
* connecting. This is done automatically by BIO_new_dgram_sctp().
* We don't actually need the created BIO though so we free it again
* immediately.
*/
- BIO *tmpbio = BIO_new_dgram_sctp(sock, BIO_NOCLOSE);
+ tmpbio = BIO_new_dgram_sctp(sock, BIO_NOCLOSE);
if (tmpbio == NULL)
return 0;
return NULL;
}
+#if !defined(OPENSSL_NO_SCTP) && !defined(OPENSSL_NO_SOCK)
+ if (test_ctx->enable_client_sctp_label_bug)
+ SSL_CTX_set_mode(client_ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG);
+ if (test_ctx->enable_server_sctp_label_bug)
+ SSL_CTX_set_mode(server_ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG);
+#endif
+
/* Setup SSL and buffers; additional configuration happens below. */
if (!create_peer(&server, server_ctx)) {
TEST_note("creating server context");