-/* Copyright (c) 2014, Google Inc.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
#if !defined(__STDC_FORMAT_MACROS)
#define __STDC_FORMAT_MACROS
#endif
+#include "packeted_bio.h"
#include <openssl/e_os2.h>
#if !defined(OPENSSL_SYS_WINDOWS)
#include <openssl/bio.h>
#include <openssl/buffer.h>
+#include <openssl/bn.h>
#include <openssl/crypto.h>
#include <openssl/dh.h>
#include <openssl/err.h>
#include <vector>
#include "async_bio.h"
-#include "packeted_bio.h"
#include "test_config.h"
namespace bssl {
// packeted_bio is the packeted BIO which simulates read timeouts.
BIO *packeted_bio = nullptr;
bool cert_ready = false;
- bssl::UniquePtr<SSL_SESSION> session;
bool handshake_done = false;
// private_key is the underlying private key used when testing custom keys.
bssl::UniquePtr<EVP_PKEY> private_key;
return false;
}
- if (pkey) {
- if (!SSL_use_PrivateKey(ssl, pkey.get())) {
- return false;
- }
+ if (pkey && !SSL_use_PrivateKey(ssl, pkey.get())) {
+ return false;
}
if (x509 && !SSL_use_certificate(ssl, x509.get())) {
}
// The certificate will be installed via other means.
- if (!config->async || config->use_early_callback ||
+ if (!config->async ||
config->use_old_client_cert_callback) {
return 1;
}
// Half-close and drain the socket before releasing it. This seems to be
// necessary for graceful shutdown on Windows. It will also avoid write
// failures in the test runner.
-#if defined(OPENSSL_WINDOWS)
+#if defined(OPENSSL_SYS_WINDOWS)
shutdown(sock_, SD_SEND);
#else
shutdown(sock_, SHUT_WR);
};
static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) {
+ const char sess_id_ctx[] = "ossl_shim";
bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(
config->is_dtls ? DTLS_method() : TLS_method()));
if (!ssl_ctx) {
!SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_3_VERSION)) {
return nullptr;
}
+#else
+ /* Ensure we don't negotiate TLSv1.3 until we can handle it */
+ if (!config->is_dtls &&
+ !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_2_VERSION)) {
+ return nullptr;
+ }
#endif
std::string cipher_list = "ALL";
SSL_CTX_set_client_cert_cb(ssl_ctx.get(), ClientCertCallback);
}
- SSL_CTX_set_next_protos_advertised_cb(
+ SSL_CTX_set_npn_advertised_cb(
ssl_ctx.get(), NextProtosAdvertisedCallback, NULL);
if (!config->select_next_proto.empty()) {
SSL_CTX_set_next_proto_select_cb(ssl_ctx.get(), NextProtoSelectCallback,
SSL_CTX_set_client_CA_list(ssl_ctx.get(), nullptr);
}
+ if (!SSL_CTX_set_session_id_context(ssl_ctx.get(),
+ (const unsigned char *)sess_id_ctx,
+ sizeof(sess_id_ctx) - 1))
+ return nullptr;
+
return ssl_ctx;
}
return false;
}
} else if (!config->is_server || config->require_any_client_certificate) {
- if (SSL_get_peer_cert_chain(ssl) == nullptr) {
+ if (SSL_get_peer_certificate(ssl) == nullptr) {
fprintf(stderr, "Received no peer certificate but expected one.\n");
return false;
}
return false;
}
// Install the certificate synchronously if nothing else will handle it.
- if (!config->use_early_callback &&
- !config->use_old_client_cert_callback &&
+ if (!config->use_old_client_cert_callback &&
!config->async &&
!InstallCertificate(ssl.get())) {
return false;
}
if (config->enable_all_curves) {
static const int kAllCurves[] = {
- NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, NID_X25519,
+ NID_X25519, NID_X9_62_prime256v1, NID_X448, NID_secp521r1, NID_secp384r1
};
if (!SSL_set1_curves(ssl.get(), kAllCurves,
OPENSSL_ARRAY_SIZE(kAllCurves))) {
}
// Reset the state to assert later that the callback isn't called in
- // renegotations.
+ // renegotiations.
GetTestState(ssl.get())->got_new_session = false;
}
// Anything following this line will be considered an error.
StderrDelimiter delimiter;
-#if defined(OPENSSL_WINDOWS)
+#if defined(OPENSSL_SYS_WINDOWS)
/* Initialize Winsock. */
WORD wsa_version = MAKEWORD(2, 2);
WSADATA wsa_data;
projects / openssl.git / blobdiff