+};
+
+static int test_ssl_get_shared_ciphers(int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ char buf[1024];
+
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ shared_ciphers_data[tst].maxprot,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
+ shared_ciphers_data[tst].clntciphers))
+ || (shared_ciphers_data[tst].clnttls13ciphers != NULL
+ && !TEST_true(SSL_CTX_set_ciphersuites(cctx,
+ shared_ciphers_data[tst].clnttls13ciphers)))
+ || !TEST_true(SSL_CTX_set_cipher_list(sctx,
+ shared_ciphers_data[tst].srvrciphers))
+ || (shared_ciphers_data[tst].srvrtls13ciphers != NULL
+ && !TEST_true(SSL_CTX_set_ciphersuites(sctx,
+ shared_ciphers_data[tst].srvrtls13ciphers))))
+ goto end;
+
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ if (!TEST_ptr(SSL_get_shared_ciphers(serverssl, buf, sizeof(buf)))
+ || !TEST_int_eq(strcmp(buf, shared_ciphers_data[tst].shared), 0)) {
+ TEST_info("Shared ciphers are: %s\n", buf);
+ goto end;
+ }
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
+static const char *appdata = "Hello World";
+static int gen_tick_called, dec_tick_called, tick_key_cb_called;
+static int tick_key_renew = 0;
+static SSL_TICKET_RETURN tick_dec_ret = SSL_TICKET_RETURN_ABORT;
+
+static int gen_tick_cb(SSL *s, void *arg)
+{
+ gen_tick_called = 1;
+
+ return SSL_SESSION_set1_ticket_appdata(SSL_get_session(s), appdata,
+ strlen(appdata));
+}
+
+static SSL_TICKET_RETURN dec_tick_cb(SSL *s, SSL_SESSION *ss,
+ const unsigned char *keyname,
+ size_t keyname_length,
+ SSL_TICKET_STATUS status,
+ void *arg)
+{
+ void *tickdata;
+ size_t tickdlen;
+
+ dec_tick_called = 1;
+
+ if (status == SSL_TICKET_EMPTY)
+ return SSL_TICKET_RETURN_IGNORE_RENEW;
+
+ if (!TEST_true(status == SSL_TICKET_SUCCESS
+ || status == SSL_TICKET_SUCCESS_RENEW))
+ return SSL_TICKET_RETURN_ABORT;
+
+ if (!TEST_true(SSL_SESSION_get0_ticket_appdata(ss, &tickdata,
+ &tickdlen))
+ || !TEST_size_t_eq(tickdlen, strlen(appdata))
+ || !TEST_int_eq(memcmp(tickdata, appdata, tickdlen), 0))
+ return SSL_TICKET_RETURN_ABORT;
+
+ if (tick_key_cb_called) {
+ /* Don't change what the ticket key callback wanted to do */
+ switch (status) {
+ case SSL_TICKET_NO_DECRYPT:
+ return SSL_TICKET_RETURN_IGNORE_RENEW;
+
+ case SSL_TICKET_SUCCESS:
+ return SSL_TICKET_RETURN_USE;
+
+ case SSL_TICKET_SUCCESS_RENEW:
+ return SSL_TICKET_RETURN_USE_RENEW;
+
+ default:
+ return SSL_TICKET_RETURN_ABORT;
+ }
+ }
+ return tick_dec_ret;
+
+}
+
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+static int tick_key_cb(SSL *s, unsigned char key_name[16],
+ unsigned char iv[EVP_MAX_IV_LENGTH], EVP_CIPHER_CTX *ctx,
+ HMAC_CTX *hctx, int enc)
+{
+ const unsigned char tick_aes_key[16] = "0123456789abcdef";
+ const unsigned char tick_hmac_key[16] = "0123456789abcdef";
+
+ tick_key_cb_called = 1;
+ memset(iv, 0, AES_BLOCK_SIZE);
+ memset(key_name, 0, 16);
+ if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, tick_aes_key, iv, enc)
+ || !HMAC_Init_ex(hctx, tick_hmac_key, sizeof(tick_hmac_key),
+ EVP_sha256(), NULL))
+ return -1;
+
+ return tick_key_renew ? 2 : 1;
+}
+#endif
+
+static int tick_key_evp_cb(SSL *s, unsigned char key_name[16],
+ unsigned char iv[EVP_MAX_IV_LENGTH],
+ EVP_CIPHER_CTX *ctx, EVP_MAC_CTX *hctx, int enc)
+{
+ const unsigned char tick_aes_key[16] = "0123456789abcdef";
+ unsigned char tick_hmac_key[16] = "0123456789abcdef";
+ OSSL_PARAM params[3];
+
+ tick_key_cb_called = 1;
+ memset(iv, 0, AES_BLOCK_SIZE);
+ memset(key_name, 0, 16);
+ params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
+ "SHA256", 0);
+ params[1] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+ tick_hmac_key,
+ sizeof(tick_hmac_key));
+ params[2] = OSSL_PARAM_construct_end();
+ if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, tick_aes_key, iv, enc)
+ || !EVP_MAC_CTX_set_params(hctx, params)
+ || !EVP_MAC_init(hctx))
+ return -1;
+
+ return tick_key_renew ? 2 : 1;
+}
+
+/*
+ * Test the various ticket callbacks
+ * Test 0: TLSv1.2, no ticket key callback, no ticket, no renewal
+ * Test 1: TLSv1.3, no ticket key callback, no ticket, no renewal
+ * Test 2: TLSv1.2, no ticket key callback, no ticket, renewal
+ * Test 3: TLSv1.3, no ticket key callback, no ticket, renewal
+ * Test 4: TLSv1.2, no ticket key callback, ticket, no renewal
+ * Test 5: TLSv1.3, no ticket key callback, ticket, no renewal
+ * Test 6: TLSv1.2, no ticket key callback, ticket, renewal
+ * Test 7: TLSv1.3, no ticket key callback, ticket, renewal
+ * Test 8: TLSv1.2, old ticket key callback, ticket, no renewal
+ * Test 9: TLSv1.3, old ticket key callback, ticket, no renewal
+ * Test 10: TLSv1.2, old ticket key callback, ticket, renewal
+ * Test 11: TLSv1.3, old ticket key callback, ticket, renewal
+ * Test 12: TLSv1.2, ticket key callback, ticket, no renewal
+ * Test 13: TLSv1.3, ticket key callback, ticket, no renewal
+ * Test 14: TLSv1.2, ticket key callback, ticket, renewal
+ * Test 15: TLSv1.3, ticket key callback, ticket, renewal
+ */
+static int test_ticket_callbacks(int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ SSL_SESSION *clntsess = NULL;
+ int testresult = 0;
+
+#ifdef OPENSSL_NO_TLS1_2
+ if (tst % 2 == 0)
+ return 1;
+#endif
+#ifdef OPENSSL_NO_TLS1_3
+ if (tst % 2 == 1)
+ return 1;
+#endif
+#ifdef OPENSSL_NO_DEPRECATED_3_0
+ if (tst >= 8 && tst <= 11)
+ return 1;
+#endif
+
+ gen_tick_called = dec_tick_called = tick_key_cb_called = 0;
+
+ /* Which tests the ticket key callback should request renewal for */
+ if (tst == 10 || tst == 11 || tst == 14 || tst == 15)
+ tick_key_renew = 1;
+ else
+ tick_key_renew = 0;
+
+ /* Which tests the decrypt ticket callback should request renewal for */
+ switch (tst) {
+ case 0:
+ case 1:
+ tick_dec_ret = SSL_TICKET_RETURN_IGNORE;
+ break;
+
+ case 2:
+ case 3:
+ tick_dec_ret = SSL_TICKET_RETURN_IGNORE_RENEW;
+ break;
+
+ case 4:
+ case 5:
+ tick_dec_ret = SSL_TICKET_RETURN_USE;
+ break;
+
+ case 6:
+ case 7:
+ tick_dec_ret = SSL_TICKET_RETURN_USE_RENEW;
+ break;
+
+ default:
+ tick_dec_ret = SSL_TICKET_RETURN_ABORT;
+ }
+
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ ((tst % 2) == 0) ? TLS1_2_VERSION
+ : TLS1_3_VERSION,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ /*
+ * We only want sessions to resume from tickets - not the session cache. So
+ * switch the cache off.
+ */
+ if (!TEST_true(SSL_CTX_set_session_cache_mode(sctx, SSL_SESS_CACHE_OFF)))
+ goto end;
+
+ if (!TEST_true(SSL_CTX_set_session_ticket_cb(sctx, gen_tick_cb, dec_tick_cb,
+ NULL)))
+ goto end;
+
+ if (tst >= 12) {
+ if (!TEST_true(SSL_CTX_set_tlsext_ticket_key_evp_cb(sctx, tick_key_evp_cb)))
+ goto end;
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+ } else if (tst >= 8) {
+ if (!TEST_true(SSL_CTX_set_tlsext_ticket_key_cb(sctx, tick_key_cb)))
+ goto end;
+#endif
+ }
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ /*
+ * The decrypt ticket key callback in TLSv1.2 should be called even though
+ * we have no ticket yet, because it gets called with a status of
+ * SSL_TICKET_EMPTY (the client indicates support for tickets but does not
+ * actually send any ticket data). This does not happen in TLSv1.3 because
+ * it is not valid to send empty ticket data in TLSv1.3.
+ */
+ if (!TEST_int_eq(gen_tick_called, 1)
+ || !TEST_int_eq(dec_tick_called, ((tst % 2) == 0) ? 1 : 0))
+ goto end;
+
+ gen_tick_called = dec_tick_called = 0;
+
+ clntsess = SSL_get1_session(clientssl);
+ SSL_shutdown(clientssl);
+ SSL_shutdown(serverssl);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ serverssl = clientssl = NULL;
+
+ /* Now do a resumption */
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
+ NULL))
+ || !TEST_true(SSL_set_session(clientssl, clntsess))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ if (tick_dec_ret == SSL_TICKET_RETURN_IGNORE
+ || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW) {
+ if (!TEST_false(SSL_session_reused(clientssl)))
+ goto end;
+ } else {
+ if (!TEST_true(SSL_session_reused(clientssl)))
+ goto end;
+ }
+
+ if (!TEST_int_eq(gen_tick_called,
+ (tick_key_renew
+ || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW
+ || tick_dec_ret == SSL_TICKET_RETURN_USE_RENEW)
+ ? 1 : 0)
+ || !TEST_int_eq(dec_tick_called, 1))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_SESSION_free(clntsess);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
+/*
+ * Test bi-directional shutdown.
+ * Test 0: TLSv1.2
+ * Test 1: TLSv1.2, server continues to read/write after client shutdown
+ * Test 2: TLSv1.3, no pending NewSessionTicket messages
+ * Test 3: TLSv1.3, pending NewSessionTicket messages
+ * Test 4: TLSv1.3, server continues to read/write after client shutdown, server
+ * sends key update, client reads it
+ * Test 5: TLSv1.3, server continues to read/write after client shutdown, server
+ * sends CertificateRequest, client reads and ignores it
+ * Test 6: TLSv1.3, server continues to read/write after client shutdown, client
+ * doesn't read it
+ */
+static int test_shutdown(int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ char msg[] = "A test message";
+ char buf[80];
+ size_t written, readbytes;
+ SSL_SESSION *sess;
+
+#ifdef OPENSSL_NO_TLS1_2
+ if (tst <= 1)
+ return 1;
+#endif
+#ifdef OPENSSL_NO_TLS1_3
+ if (tst >= 2)
+ return 1;
+#endif
+
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ (tst <= 1) ? TLS1_2_VERSION
+ : TLS1_3_VERSION,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (tst == 5)
+ SSL_CTX_set_post_handshake_auth(cctx, 1);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ if (tst == 3) {
+ if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE, 1))
+ || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
+ || !TEST_false(SSL_SESSION_is_resumable(sess)))
+ goto end;
+ } else if (!TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE))
+ || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
+ || !TEST_true(SSL_SESSION_is_resumable(sess))) {
+ goto end;
+ }
+
+ if (!TEST_int_eq(SSL_shutdown(clientssl), 0))
+ goto end;
+
+ if (tst >= 4) {
+ /*
+ * Reading on the server after the client has sent close_notify should
+ * fail and provide SSL_ERROR_ZERO_RETURN
+ */
+ if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
+ || !TEST_int_eq(SSL_get_error(serverssl, 0),
+ SSL_ERROR_ZERO_RETURN)
+ || !TEST_int_eq(SSL_get_shutdown(serverssl),
+ SSL_RECEIVED_SHUTDOWN)
+ /*
+ * Even though we're shutdown on receive we should still be
+ * able to write.
+ */
+ || !TEST_true(SSL_write(serverssl, msg, sizeof(msg))))
+ goto end;
+ if (tst == 4
+ && !TEST_true(SSL_key_update(serverssl,
+ SSL_KEY_UPDATE_REQUESTED)))
+ goto end;
+ if (tst == 5) {
+ SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL);
+ if (!TEST_true(SSL_verify_client_post_handshake(serverssl)))
+ goto end;
+ }
+ if ((tst == 4 || tst == 5)
+ && !TEST_true(SSL_write(serverssl, msg, sizeof(msg))))
+ goto end;
+ if (!TEST_int_eq(SSL_shutdown(serverssl), 1))
+ goto end;
+ if (tst == 4 || tst == 5) {
+ /* Should still be able to read data from server */
+ if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf),
+ &readbytes))
+ || !TEST_size_t_eq(readbytes, sizeof(msg))
+ || !TEST_int_eq(memcmp(msg, buf, readbytes), 0)
+ || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf),
+ &readbytes))
+ || !TEST_size_t_eq(readbytes, sizeof(msg))
+ || !TEST_int_eq(memcmp(msg, buf, readbytes), 0))
+ goto end;
+ }
+ }
+
+ /* Writing on the client after sending close_notify shouldn't be possible */
+ if (!TEST_false(SSL_write_ex(clientssl, msg, sizeof(msg), &written)))
+ goto end;
+
+ if (tst < 4) {
+ /*
+ * For these tests the client has sent close_notify but it has not yet
+ * been received by the server. The server has not sent close_notify
+ * yet.
+ */
+ if (!TEST_int_eq(SSL_shutdown(serverssl), 0)
+ /*
+ * Writing on the server after sending close_notify shouldn't
+ * be possible.
+ */
+ || !TEST_false(SSL_write_ex(serverssl, msg, sizeof(msg), &written))
+ || !TEST_int_eq(SSL_shutdown(clientssl), 1)
+ || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
+ || !TEST_true(SSL_SESSION_is_resumable(sess))
+ || !TEST_int_eq(SSL_shutdown(serverssl), 1))
+ goto end;
+ } else if (tst == 4 || tst == 5) {
+ /*
+ * In this test the client has sent close_notify and it has been
+ * received by the server which has responded with a close_notify. The
+ * client needs to read the close_notify sent by the server.
+ */
+ if (!TEST_int_eq(SSL_shutdown(clientssl), 1)
+ || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
+ || !TEST_true(SSL_SESSION_is_resumable(sess)))
+ goto end;
+ } else {
+ /*
+ * tst == 6
+ *
+ * The client has sent close_notify and is expecting a close_notify
+ * back, but instead there is application data first. The shutdown
+ * should fail with a fatal error.
+ */
+ if (!TEST_int_eq(SSL_shutdown(clientssl), -1)
+ || !TEST_int_eq(SSL_get_error(clientssl, -1), SSL_ERROR_SSL))
+ goto end;
+ }
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
+#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3)
+static int cert_cb_cnt;
+
+static int cert_cb(SSL *s, void *arg)
+{
+ SSL_CTX *ctx = (SSL_CTX *)arg;
+ BIO *in = NULL;
+ EVP_PKEY *pkey = NULL;
+ X509 *x509 = NULL, *rootx = NULL;
+ STACK_OF(X509) *chain = NULL;
+ char *rootfile = NULL, *ecdsacert = NULL, *ecdsakey = NULL;
+ int ret = 0;
+
+ if (cert_cb_cnt == 0) {
+ /* Suspend the handshake */
+ cert_cb_cnt++;
+ return -1;
+ } else if (cert_cb_cnt == 1) {
+ /*
+ * Update the SSL_CTX, set the certificate and private key and then
+ * continue the handshake normally.
+ */
+ if (ctx != NULL && !TEST_ptr(SSL_set_SSL_CTX(s, ctx)))
+ return 0;
+
+ if (!TEST_true(SSL_use_certificate_file(s, cert, SSL_FILETYPE_PEM))
+ || !TEST_true(SSL_use_PrivateKey_file(s, privkey,
+ SSL_FILETYPE_PEM))
+ || !TEST_true(SSL_check_private_key(s)))
+ return 0;
+ cert_cb_cnt++;
+ return 1;
+ } else if (cert_cb_cnt == 3) {
+ int rv;
+
+ rootfile = test_mk_file_path(certsdir, "rootcert.pem");
+ ecdsacert = test_mk_file_path(certsdir, "server-ecdsa-cert.pem");
+ ecdsakey = test_mk_file_path(certsdir, "server-ecdsa-key.pem");
+ if (!TEST_ptr(rootfile) || !TEST_ptr(ecdsacert) || !TEST_ptr(ecdsakey))
+ goto out;
+ chain = sk_X509_new_null();
+ if (!TEST_ptr(chain))
+ goto out;
+ if (!TEST_ptr(in = BIO_new(BIO_s_file()))
+ || !TEST_int_ge(BIO_read_filename(in, rootfile), 0)
+ || !TEST_ptr(rootx = PEM_read_bio_X509(in, NULL, NULL, NULL))
+ || !TEST_true(sk_X509_push(chain, rootx)))
+ goto out;
+ rootx = NULL;
+ BIO_free(in);
+ if (!TEST_ptr(in = BIO_new(BIO_s_file()))
+ || !TEST_int_ge(BIO_read_filename(in, ecdsacert), 0)
+ || !TEST_ptr(x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
+ goto out;
+ BIO_free(in);
+ if (!TEST_ptr(in = BIO_new(BIO_s_file()))
+ || !TEST_int_ge(BIO_read_filename(in, ecdsakey), 0)
+ || !TEST_ptr(pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL)))
+ goto out;
+ rv = SSL_check_chain(s, x509, pkey, chain);
+ /*
+ * If the cert doesn't show as valid here (e.g., because we don't
+ * have any shared sigalgs), then we will not set it, and there will
+ * be no certificate at all on the SSL or SSL_CTX. This, in turn,
+ * will cause tls_choose_sigalgs() to fail the connection.
+ */
+ if ((rv & (CERT_PKEY_VALID | CERT_PKEY_CA_SIGNATURE))
+ == (CERT_PKEY_VALID | CERT_PKEY_CA_SIGNATURE)) {
+ if (!SSL_use_cert_and_key(s, x509, pkey, NULL, 1))
+ goto out;
+ }
+
+ ret = 1;
+ }
+
+ /* Abort the handshake */
+ out:
+ OPENSSL_free(ecdsacert);
+ OPENSSL_free(ecdsakey);
+ OPENSSL_free(rootfile);
+ BIO_free(in);
+ EVP_PKEY_free(pkey);
+ X509_free(x509);
+ X509_free(rootx);
+ sk_X509_pop_free(chain, X509_free);
+ return ret;
+}
+
+/*
+ * Test the certificate callback.
+ * Test 0: Callback fails
+ * Test 1: Success - no SSL_set_SSL_CTX() in the callback
+ * Test 2: Success - SSL_set_SSL_CTX() in the callback
+ * Test 3: Success - Call SSL_check_chain from the callback
+ * Test 4: Failure - SSL_check_chain fails from callback due to bad cert in the
+ * chain
+ * Test 5: Failure - SSL_check_chain fails from callback due to bad ee cert
+ */
+static int test_cert_cb_int(int prot, int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL, *snictx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0, ret;
+
+#ifdef OPENSSL_NO_EC
+ /* We use an EC cert in these tests, so we skip in a no-ec build */
+ if (tst >= 3)
+ return 1;
+#endif
+
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ prot,
+ &sctx, &cctx, NULL, NULL)))
+ goto end;
+
+ if (tst == 0)
+ cert_cb_cnt = -1;
+ else if (tst >= 3)
+ cert_cb_cnt = 3;
+ else
+ cert_cb_cnt = 0;
+
+ if (tst == 2)
+ snictx = SSL_CTX_new(TLS_server_method());
+ SSL_CTX_set_cert_cb(sctx, cert_cb, snictx);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ if (tst == 4) {
+ /*
+ * We cause SSL_check_chain() to fail by specifying sig_algs that
+ * the chain doesn't meet (the root uses an RSA cert)
+ */
+ if (!TEST_true(SSL_set1_sigalgs_list(clientssl,
+ "ecdsa_secp256r1_sha256")))
+ goto end;
+ } else if (tst == 5) {
+ /*
+ * We cause SSL_check_chain() to fail by specifying sig_algs that
+ * the ee cert doesn't meet (the ee uses an ECDSA cert)
+ */
+ if (!TEST_true(SSL_set1_sigalgs_list(clientssl,
+ "rsa_pss_rsae_sha256:rsa_pkcs1_sha256")))
+ goto end;
+ }
+
+ ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE);
+ if (!TEST_true(tst == 0 || tst == 4 || tst == 5 ? !ret : ret)
+ || (tst > 0
+ && !TEST_int_eq((cert_cb_cnt - 2) * (cert_cb_cnt - 3), 0))) {
+ goto end;
+ }
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ SSL_CTX_free(snictx);
+
+ return testresult;
+}
+#endif
+
+static int test_cert_cb(int tst)
+{
+ int testresult = 1;
+
+#ifndef OPENSSL_NO_TLS1_2
+ testresult &= test_cert_cb_int(TLS1_2_VERSION, tst);
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+ testresult &= test_cert_cb_int(TLS1_3_VERSION, tst);
+#endif
+
+ return testresult;
+}
+
+static int client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
+{
+ X509 *xcert, *peer;
+ EVP_PKEY *privpkey;
+ BIO *in = NULL;
+
+ /* Check that SSL_get_peer_certificate() returns something sensible */
+ peer = SSL_get_peer_certificate(ssl);
+ if (!TEST_ptr(peer))
+ return 0;
+ X509_free(peer);
+
+ in = BIO_new_file(cert, "r");
+ if (!TEST_ptr(in))
+ return 0;
+
+ xcert = PEM_read_bio_X509(in, NULL, NULL, NULL);
+ BIO_free(in);
+ if (!TEST_ptr(xcert))
+ return 0;
+
+ in = BIO_new_file(privkey, "r");
+ if (!TEST_ptr(in)) {
+ X509_free(xcert);
+ return 0;
+ }
+
+ privpkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
+ BIO_free(in);
+ if (!TEST_ptr(privpkey)) {
+ X509_free(xcert);
+ return 0;
+ }
+
+ *x509 = xcert;
+ *pkey = privpkey;
+
+ return 1;
+}
+
+static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
+{
+ return 1;
+}
+
+static int test_client_cert_cb(int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+
+#ifdef OPENSSL_NO_TLS1_2
+ if (tst == 0)
+ return 1;
+#endif
+#ifdef OPENSSL_NO_TLS1_3
+ if (tst == 1)
+ return 1;
+#endif
+
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ tst == 0 ? TLS1_2_VERSION
+ : TLS1_3_VERSION,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ /*
+ * Test that setting a client_cert_cb results in a client certificate being
+ * sent.
+ */
+ SSL_CTX_set_client_cert_cb(cctx, client_cert_cb);
+ SSL_CTX_set_verify(sctx,
+ SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+ verify_cb);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
+#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3)
+/*
+ * Test setting certificate authorities on both client and server.
+ *
+ * Test 0: SSL_CTX_set0_CA_list() only
+ * Test 1: Both SSL_CTX_set0_CA_list() and SSL_CTX_set_client_CA_list()
+ * Test 2: Only SSL_CTX_set_client_CA_list()
+ */
+static int test_ca_names_int(int prot, int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ size_t i;
+ X509_NAME *name[] = { NULL, NULL, NULL, NULL };
+ char *strnames[] = { "Jack", "Jill", "John", "Joanne" };
+ STACK_OF(X509_NAME) *sk1 = NULL, *sk2 = NULL;
+ const STACK_OF(X509_NAME) *sktmp = NULL;
+
+ for (i = 0; i < OSSL_NELEM(name); i++) {
+ name[i] = X509_NAME_new();
+ if (!TEST_ptr(name[i])
+ || !TEST_true(X509_NAME_add_entry_by_txt(name[i], "CN",
+ MBSTRING_ASC,
+ (unsigned char *)
+ strnames[i],
+ -1, -1, 0)))
+ goto end;
+ }
+
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ prot,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ SSL_CTX_set_verify(sctx, SSL_VERIFY_PEER, NULL);
+
+ if (tst == 0 || tst == 1) {
+ if (!TEST_ptr(sk1 = sk_X509_NAME_new_null())
+ || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[0])))
+ || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[1])))
+ || !TEST_ptr(sk2 = sk_X509_NAME_new_null())
+ || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[0])))
+ || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[1]))))
+ goto end;
+
+ SSL_CTX_set0_CA_list(sctx, sk1);
+ SSL_CTX_set0_CA_list(cctx, sk2);
+ sk1 = sk2 = NULL;
+ }
+ if (tst == 1 || tst == 2) {
+ if (!TEST_ptr(sk1 = sk_X509_NAME_new_null())
+ || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[2])))
+ || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[3])))
+ || !TEST_ptr(sk2 = sk_X509_NAME_new_null())
+ || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[2])))
+ || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[3]))))
+ goto end;
+
+ SSL_CTX_set_client_CA_list(sctx, sk1);
+ SSL_CTX_set_client_CA_list(cctx, sk2);
+ sk1 = sk2 = NULL;
+ }
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ /*
+ * We only expect certificate authorities to have been sent to the server
+ * if we are using TLSv1.3 and SSL_set0_CA_list() was used
+ */
+ sktmp = SSL_get0_peer_CA_list(serverssl);
+ if (prot == TLS1_3_VERSION
+ && (tst == 0 || tst == 1)) {
+ if (!TEST_ptr(sktmp)
+ || !TEST_int_eq(sk_X509_NAME_num(sktmp), 2)
+ || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 0),
+ name[0]), 0)
+ || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 1),
+ name[1]), 0))
+ goto end;
+ } else if (!TEST_ptr_null(sktmp)) {
+ goto end;
+ }
+
+ /*
+ * In all tests we expect certificate authorities to have been sent to the
+ * client. However, SSL_set_client_CA_list() should override
+ * SSL_set0_CA_list()
+ */
+ sktmp = SSL_get0_peer_CA_list(clientssl);
+ if (!TEST_ptr(sktmp)
+ || !TEST_int_eq(sk_X509_NAME_num(sktmp), 2)
+ || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 0),
+ name[tst == 0 ? 0 : 2]), 0)
+ || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 1),
+ name[tst == 0 ? 1 : 3]), 0))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ for (i = 0; i < OSSL_NELEM(name); i++)
+ X509_NAME_free(name[i]);
+ sk_X509_NAME_pop_free(sk1, X509_NAME_free);
+ sk_X509_NAME_pop_free(sk2, X509_NAME_free);
+
+ return testresult;
+}
+#endif
+
+static int test_ca_names(int tst)
+{
+ int testresult = 1;
+
+#ifndef OPENSSL_NO_TLS1_2
+ testresult &= test_ca_names_int(TLS1_2_VERSION, tst);
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+ testresult &= test_ca_names_int(TLS1_3_VERSION, tst);
+#endif
+
+ return testresult;
+}
+
+#ifndef OPENSSL_NO_TLS1_2
+static const char *multiblock_cipherlist_data[]=
+{
+ "AES128-SHA",
+ "AES128-SHA256",
+ "AES256-SHA",
+ "AES256-SHA256",
+};
+
+/* Reduce the fragment size - so the multiblock test buffer can be small */
+# define MULTIBLOCK_FRAGSIZE 512
+
+static int test_multiblock_write(int test_index)
+{
+ static const char *fetchable_ciphers[]=
+ {
+ "AES-128-CBC-HMAC-SHA1",
+ "AES-128-CBC-HMAC-SHA256",
+ "AES-256-CBC-HMAC-SHA1",
+ "AES-256-CBC-HMAC-SHA256"
+ };
+ const char *cipherlist = multiblock_cipherlist_data[test_index];
+ const SSL_METHOD *smeth = TLS_server_method();
+ const SSL_METHOD *cmeth = TLS_client_method();
+ int min_version = TLS1_VERSION;
+ int max_version = TLS1_2_VERSION; /* Don't select TLS1_3 */
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+
+ /*
+ * Choose a buffer large enough to perform a multi-block operation
+ * i.e: write_len >= 4 * frag_size
+ * 9 * is chosen so that multiple multiblocks are used + some leftover.
+ */
+ unsigned char msg[MULTIBLOCK_FRAGSIZE * 9];
+ unsigned char buf[sizeof(msg)], *p = buf;
+ size_t readbytes, written, len;
+ EVP_CIPHER *ciph = NULL;
+
+ /*
+ * Check if the cipher exists before attempting to use it since it only has
+ * a hardware specific implementation.
+ */
+ ciph = EVP_CIPHER_fetch(NULL, fetchable_ciphers[test_index], "");
+ if (ciph == NULL) {
+ TEST_skip("Multiblock cipher is not available for %s", cipherlist);
+ return 1;
+ }
+ EVP_CIPHER_free(ciph);
+
+ /* Set up a buffer with some data that will be sent to the client */
+ RAND_bytes(msg, sizeof(msg));
+
+ if (!TEST_true(create_ssl_ctx_pair(smeth, cmeth, min_version, max_version,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (!TEST_true(SSL_CTX_set_max_send_fragment(sctx, MULTIBLOCK_FRAGSIZE)))
+ goto end;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ /* settings to force it to use AES-CBC-HMAC_SHA */
+ SSL_set_options(serverssl, SSL_OP_NO_ENCRYPT_THEN_MAC);
+ if (!TEST_true(SSL_CTX_set_cipher_list(cctx, cipherlist)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ if (!TEST_true(SSL_write_ex(serverssl, msg, sizeof(msg), &written))
+ || !TEST_size_t_eq(written, sizeof(msg)))
+ goto end;
+
+ len = written;
+ while (len > 0) {
+ if (!TEST_true(SSL_read_ex(clientssl, p, MULTIBLOCK_FRAGSIZE, &readbytes)))
+ goto end;
+ p += readbytes;
+ len -= readbytes;
+ }
+ if (!TEST_mem_eq(msg, sizeof(msg), buf, sizeof(buf)))
+ goto end;
+
+ testresult = 1;
+end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+#endif /* OPENSSL_NO_TLS1_2 */
+
+/*
+ * Test 0: Client sets servername and server acknowledges it (TLSv1.2)
+ * Test 1: Client sets servername and server does not acknowledge it (TLSv1.2)
+ * Test 2: Client sets inconsistent servername on resumption (TLSv1.2)
+ * Test 3: Client does not set servername on initial handshake (TLSv1.2)
+ * Test 4: Client does not set servername on resumption handshake (TLSv1.2)
+ * Test 5: Client sets servername and server acknowledges it (TLSv1.3)
+ * Test 6: Client sets servername and server does not acknowledge it (TLSv1.3)
+ * Test 7: Client sets inconsistent servername on resumption (TLSv1.3)
+ * Test 8: Client does not set servername on initial handshake(TLSv1.3)
+ * Test 9: Client does not set servername on resumption handshake (TLSv1.3)
+ */
+static int test_servername(int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ SSL_SESSION *sess = NULL;
+ const char *sexpectedhost = NULL, *cexpectedhost = NULL;
+
+#ifdef OPENSSL_NO_TLS1_2
+ if (tst <= 4)
+ return 1;
+#endif
+#ifdef OPENSSL_NO_TLS1_3
+ if (tst >= 5)
+ return 1;
+#endif
+
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ (tst <= 4) ? TLS1_2_VERSION
+ : TLS1_3_VERSION,
+ &sctx, &cctx, cert, privkey))
+ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ if (tst != 1 && tst != 6) {
+ if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx,
+ hostname_cb)))
+ goto end;
+ }
+
+ if (tst != 3 && tst != 8) {
+ if (!TEST_true(SSL_set_tlsext_host_name(clientssl, "goodhost")))
+ goto end;
+ sexpectedhost = cexpectedhost = "goodhost";
+ }
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ if (!TEST_str_eq(SSL_get_servername(clientssl, TLSEXT_NAMETYPE_host_name),
+ cexpectedhost)
+ || !TEST_str_eq(SSL_get_servername(serverssl,
+ TLSEXT_NAMETYPE_host_name),
+ sexpectedhost))
+ goto end;
+
+ /* Now repeat with a resumption handshake */
+
+ if (!TEST_int_eq(SSL_shutdown(clientssl), 0)
+ || !TEST_ptr_ne(sess = SSL_get1_session(clientssl), NULL)
+ || !TEST_true(SSL_SESSION_is_resumable(sess))
+ || !TEST_int_eq(SSL_shutdown(serverssl), 0))
+ goto end;
+
+ SSL_free(clientssl);
+ SSL_free(serverssl);
+ clientssl = serverssl = NULL;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
+ NULL)))
+ goto end;
+
+ if (!TEST_true(SSL_set_session(clientssl, sess)))
+ goto end;
+
+ sexpectedhost = cexpectedhost = "goodhost";
+ if (tst == 2 || tst == 7) {
+ /* Set an inconsistent hostname */
+ if (!TEST_true(SSL_set_tlsext_host_name(clientssl, "altgoodhost")))
+ goto end;
+ /*
+ * In TLSv1.2 we expect the hostname from the original handshake, in
+ * TLSv1.3 we expect the hostname from this handshake
+ */
+ if (tst == 7)
+ sexpectedhost = cexpectedhost = "altgoodhost";
+
+ if (!TEST_str_eq(SSL_get_servername(clientssl,
+ TLSEXT_NAMETYPE_host_name),
+ "altgoodhost"))
+ goto end;
+ } else if (tst == 4 || tst == 9) {
+ /*
+ * A TLSv1.3 session does not associate a session with a servername,
+ * but a TLSv1.2 session does.
+ */
+ if (tst == 9)
+ sexpectedhost = cexpectedhost = NULL;
+
+ if (!TEST_str_eq(SSL_get_servername(clientssl,
+ TLSEXT_NAMETYPE_host_name),
+ cexpectedhost))
+ goto end;
+ } else {
+ if (!TEST_true(SSL_set_tlsext_host_name(clientssl, "goodhost")))
+ goto end;
+ /*
+ * In a TLSv1.2 resumption where the hostname was not acknowledged
+ * we expect the hostname on the server to be empty. On the client we
+ * return what was requested in this case.
+ *
+ * Similarly if the client didn't set a hostname on an original TLSv1.2
+ * session but is now, the server hostname will be empty, but the client
+ * is as we set it.
+ */
+ if (tst == 1 || tst == 3)
+ sexpectedhost = NULL;
+
+ if (!TEST_str_eq(SSL_get_servername(clientssl,
+ TLSEXT_NAMETYPE_host_name),
+ "goodhost"))
+ goto end;
+ }
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ if (!TEST_true(SSL_session_reused(clientssl))
+ || !TEST_true(SSL_session_reused(serverssl))
+ || !TEST_str_eq(SSL_get_servername(clientssl,
+ TLSEXT_NAMETYPE_host_name),
+ cexpectedhost)
+ || !TEST_str_eq(SSL_get_servername(serverssl,
+ TLSEXT_NAMETYPE_host_name),
+ sexpectedhost))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_SESSION_free(sess);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
+OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile\n")
+
+int setup_tests(void)
+{
+ if (!test_skip_common_options()) {
+ TEST_error("Error parsing test options\n");
+ return 0;
+ }
+
+ if (!TEST_ptr(certsdir = test_get_argument(0))
+ || !TEST_ptr(srpvfile = test_get_argument(1))
+ || !TEST_ptr(tmpfilename = test_get_argument(2)))
+ return 0;
+
+ if (getenv("OPENSSL_TEST_GETCOUNTS") != NULL) {
+#ifdef OPENSSL_NO_CRYPTO_MDEBUG
+ TEST_error("not supported in this build");
+ return 0;
+#else
+ int i, mcount, rcount, fcount;
+
+ for (i = 0; i < 4; i++)
+ test_export_key_mat(i);
+ CRYPTO_get_alloc_counts(&mcount, &rcount, &fcount);
+ test_printf_stdout("malloc %d realloc %d free %d\n",
+ mcount, rcount, fcount);
+ return 1;
+#endif
+ }
+
+ cert = test_mk_file_path(certsdir, "servercert.pem");
+ if (cert == NULL)
+ return 0;
+
+ privkey = test_mk_file_path(certsdir, "serverkey.pem");
+ if (privkey == NULL) {
+ OPENSSL_free(cert);
+ return 0;
+ }
+
+#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS) \
+ && !defined(OPENSSL_NO_SOCK)
+ ADD_TEST(test_ktls_no_txrx_client_no_txrx_server);
+ ADD_TEST(test_ktls_no_rx_client_no_txrx_server);
+ ADD_TEST(test_ktls_no_tx_client_no_txrx_server);
+ ADD_TEST(test_ktls_client_no_txrx_server);
+ ADD_TEST(test_ktls_no_txrx_client_no_rx_server);
+ ADD_TEST(test_ktls_no_rx_client_no_rx_server);
+ ADD_TEST(test_ktls_no_tx_client_no_rx_server);
+ ADD_TEST(test_ktls_client_no_rx_server);
+ ADD_TEST(test_ktls_no_txrx_client_no_tx_server);
+ ADD_TEST(test_ktls_no_rx_client_no_tx_server);
+ ADD_TEST(test_ktls_no_tx_client_no_tx_server);
+ ADD_TEST(test_ktls_client_no_tx_server);
+ ADD_TEST(test_ktls_no_txrx_client_server);
+ ADD_TEST(test_ktls_no_rx_client_server);
+ ADD_TEST(test_ktls_no_tx_client_server);
+ ADD_TEST(test_ktls_client_server);
+ ADD_TEST(test_ktls_sendfile);
+#endif
+ ADD_TEST(test_large_message_tls);
+ ADD_TEST(test_large_message_tls_read_ahead);
+#ifndef OPENSSL_NO_DTLS
+ ADD_TEST(test_large_message_dtls);
+#endif
+#ifndef OPENSSL_NO_OCSP
+ ADD_TEST(test_tlsext_status_type);
+#endif
+ ADD_TEST(test_session_with_only_int_cache);
+ ADD_TEST(test_session_with_only_ext_cache);
+ ADD_TEST(test_session_with_both_cache);
+#ifndef OPENSSL_NO_TLS1_3
+ ADD_ALL_TESTS(test_stateful_tickets, 3);
+ ADD_ALL_TESTS(test_stateless_tickets, 3);
+ ADD_TEST(test_psk_tickets);
+#endif
+ ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS);
+ ADD_TEST(test_ssl_bio_pop_next_bio);
+ ADD_TEST(test_ssl_bio_pop_ssl_bio);
+ ADD_TEST(test_ssl_bio_change_rbio);
+ ADD_TEST(test_ssl_bio_change_wbio);
+#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
+ ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2);
+ ADD_TEST(test_keylog);
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+ ADD_TEST(test_keylog_no_master_key);
+#endif
+#ifndef OPENSSL_NO_TLS1_2
+ ADD_TEST(test_client_hello_cb);
+ ADD_TEST(test_no_ems);
+ ADD_TEST(test_ccs_change_cipher);
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+ ADD_ALL_TESTS(test_early_data_read_write, 3);
+ /*
+ * We don't do replay tests for external PSK. Replay protection isn't used
+ * in that scenario.
+ */
+ ADD_ALL_TESTS(test_early_data_replay, 2);
+ ADD_ALL_TESTS(test_early_data_skip, 3);
+ ADD_ALL_TESTS(test_early_data_skip_hrr, 3);
+ ADD_ALL_TESTS(test_early_data_skip_hrr_fail, 3);
+ ADD_ALL_TESTS(test_early_data_skip_abort, 3);
+ ADD_ALL_TESTS(test_early_data_not_sent, 3);
+ ADD_ALL_TESTS(test_early_data_psk, 8);
+ ADD_ALL_TESTS(test_early_data_not_expected, 3);
+# ifndef OPENSSL_NO_TLS1_2
+ ADD_ALL_TESTS(test_early_data_tls1_2, 3);
+# endif
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+ ADD_ALL_TESTS(test_set_ciphersuite, 10);
+ ADD_TEST(test_ciphersuite_change);
+ ADD_ALL_TESTS(test_tls13_ciphersuite, 4);
+# ifdef OPENSSL_NO_PSK
+ ADD_ALL_TESTS(test_tls13_psk, 1);
+# else
+ ADD_ALL_TESTS(test_tls13_psk, 4);
+# endif /* OPENSSL_NO_PSK */
+# ifndef OPENSSL_NO_TLS1_2
+ /* Test with both TLSv1.3 and 1.2 versions */
+ ADD_ALL_TESTS(test_key_exchange, 14);
+# else
+ /* Test with only TLSv1.3 versions */
+ ADD_ALL_TESTS(test_key_exchange, 12);
+# endif
+ ADD_ALL_TESTS(test_custom_exts, 5);
+ ADD_TEST(test_stateless);
+ ADD_TEST(test_pha_key_update);
+#else
+ ADD_ALL_TESTS(test_custom_exts, 3);
+#endif
+ ADD_ALL_TESTS(test_serverinfo, 8);
+ ADD_ALL_TESTS(test_export_key_mat, 6);
+#ifndef OPENSSL_NO_TLS1_3
+ ADD_ALL_TESTS(test_export_key_mat_early, 3);
+ ADD_TEST(test_key_update);
+ ADD_ALL_TESTS(test_key_update_in_write, 2);
+#endif
+ ADD_ALL_TESTS(test_ssl_clear, 2);
+ ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test));
+#if !defined(OPENSSL_NO_SRP) && !defined(OPENSSL_NO_TLS1_2)
+ ADD_ALL_TESTS(test_srp, 6);
+#endif
+ ADD_ALL_TESTS(test_info_callback, 6);
+ ADD_ALL_TESTS(test_ssl_pending, 2);
+ ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data));
+ ADD_ALL_TESTS(test_ticket_callbacks, 16);
+ ADD_ALL_TESTS(test_shutdown, 7);
+ ADD_ALL_TESTS(test_cert_cb, 6);
+ ADD_ALL_TESTS(test_client_cert_cb, 2);
+ ADD_ALL_TESTS(test_ca_names, 3);
+#ifndef OPENSSL_NO_TLS1_2
+ ADD_ALL_TESTS(test_multiblock_write, OSSL_NELEM(multiblock_cipherlist_data));
+#endif
+ ADD_ALL_TESTS(test_servername, 10);