X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=test%2Fsslapitest.c;h=2a4596dce9331c585cd0b0823a76e51057c54a1e;hp=2aea5277733b7ea503b488f6492ae36f7f3d7b33;hb=3409a5ff8a44ddaf043d83ed22e657ae871be289;hpb=909f1a2e510bb2909dc78efead432460c6ab50d2 diff --git a/test/sslapitest.c b/test/sslapitest.c index 2aea527773..2a4596dce9 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -22,6 +22,7 @@ #include "testutil.h" #include "testutil/output.h" #include "internal/nelem.h" +#include "internal/ktls.h" #include "../ssl/ssl_locl.h" #ifndef OPENSSL_NO_TLS1_3 @@ -316,7 +317,7 @@ static int test_keylog(void) if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) return 0; @@ -398,7 +399,7 @@ static int test_keylog_no_master_key(void) error_writing_log = 0; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey)) || !TEST_true(SSL_CTX_set_max_early_data(sctx, SSL3_RT_MAX_PLAIN_LENGTH))) @@ -544,7 +545,7 @@ static int test_client_hello_cb(void) int testctr = 0, testresult = 0; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto end; SSL_CTX_set_client_hello_cb(sctx, full_client_hello_callback, &testctr); @@ -570,6 +571,51 @@ static int test_client_hello_cb(void) testresult = 1; +end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +static int test_no_ems(void) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + + if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS1_2_VERSION, + &sctx, &cctx, cert, privkey)) { + printf("Unable to create SSL_CTX pair\n"); + goto end; + } + + SSL_CTX_set_options(sctx, SSL_OP_NO_EXTENDED_MASTER_SECRET); + + if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) { + printf("Unable to create SSL objects\n"); + goto end; + } + + if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) { + printf("Creating SSL connection failed\n"); + goto end; + } + + if (SSL_get_extms_support(serverssl)) { + printf("Server reports Extended Master Secret support\n"); + goto end; + } + + if (SSL_get_extms_support(clientssl)) { + printf("Client reports Extended Master Secret support\n"); + goto end; + } + testresult = 1; + end: SSL_free(serverssl); SSL_free(clientssl); @@ -656,18 +702,203 @@ static int execute_test_large_message(const SSL_METHOD *smeth, return testresult; } +#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS) \ + && !defined(OPENSSL_NO_SOCK) + +/* sock must be connected */ +static int ktls_chk_platform(int sock) +{ + if (!ktls_enable(sock)) + return 0; + return 1; +} + +static int ping_pong_query(SSL *clientssl, SSL *serverssl, int cfd, int sfd) +{ + static char count = 1; + unsigned char cbuf[16000] = {0}; + unsigned char sbuf[16000]; + size_t err = 0; + char crec_wseq_before[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; + char crec_wseq_after[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; + char srec_wseq_before[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; + char srec_wseq_after[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; + char srec_rseq_before[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; + char srec_rseq_after[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; + + cbuf[0] = count++; + memcpy(crec_wseq_before, &clientssl->rlayer.write_sequence, + TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + memcpy(srec_wseq_before, &serverssl->rlayer.write_sequence, + TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + memcpy(srec_rseq_before, &serverssl->rlayer.read_sequence, + TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + + if (!TEST_true(SSL_write(clientssl, cbuf, sizeof(cbuf)) == sizeof(cbuf))) + goto end; + + while ((err = SSL_read(serverssl, &sbuf, sizeof(sbuf))) != sizeof(sbuf)) { + if (SSL_get_error(serverssl, err) != SSL_ERROR_WANT_READ) { + goto end; + } + } + + if (!TEST_true(SSL_write(serverssl, sbuf, sizeof(sbuf)) == sizeof(sbuf))) + goto end; + + while ((err = SSL_read(clientssl, &cbuf, sizeof(cbuf))) != sizeof(cbuf)) { + if (SSL_get_error(clientssl, err) != SSL_ERROR_WANT_READ) { + goto end; + } + } + + memcpy(crec_wseq_after, &clientssl->rlayer.write_sequence, + TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + memcpy(srec_wseq_after, &serverssl->rlayer.write_sequence, + TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + memcpy(srec_rseq_after, &serverssl->rlayer.read_sequence, + TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + + /* verify the payload */ + if (!TEST_mem_eq(cbuf, sizeof(cbuf), sbuf, sizeof(sbuf))) + goto end; + + /* ktls is used then kernel sequences are used instead of OpenSSL sequences */ + if (clientssl->mode & SSL_MODE_NO_KTLS_TX) { + if (!TEST_mem_ne(crec_wseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE, + crec_wseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE)) + goto end; + } else { + if (!TEST_mem_eq(crec_wseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE, + crec_wseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE)) + goto end; + } + + if (serverssl->mode & SSL_MODE_NO_KTLS_TX) { + if (!TEST_mem_ne(srec_wseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE, + srec_wseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE)) + goto end; + } else { + if (!TEST_mem_eq(srec_wseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE, + srec_wseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE)) + goto end; + } + + if (!TEST_mem_ne(srec_rseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE, + srec_rseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE)) + goto end; + + return 1; +end: + return 0; +} + +static int execute_test_ktls(int cis_ktls_tx, int sis_ktls_tx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + int cfd, sfd; + + if (!TEST_true(create_test_sockets(&cfd, &sfd))) + goto end; + + /* Skip this test if the platform does not support ktls */ + if (!ktls_chk_platform(cfd)) + return 1; + + /* Create a session based on SHA-256 */ + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_2_VERSION, TLS1_2_VERSION, + &sctx, &cctx, cert, privkey)) + || !TEST_true(SSL_CTX_set_cipher_list(cctx, + "AES128-GCM-SHA256")) + || !TEST_true(create_ssl_objects2(sctx, cctx, &serverssl, + &clientssl, sfd, cfd))) + goto end; + + if (!cis_ktls_tx) { + if (!TEST_true(SSL_set_mode(clientssl, SSL_MODE_NO_KTLS_TX))) + goto end; + } + + if (!sis_ktls_tx) { + if (!TEST_true(SSL_set_mode(serverssl, SSL_MODE_NO_KTLS_TX))) + goto end; + } + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + if (!cis_ktls_tx) { + if (!TEST_false(BIO_get_ktls_send(clientssl->wbio))) + goto end; + } else { + if (!TEST_true(BIO_get_ktls_send(clientssl->wbio))) + goto end; + } + + if (!sis_ktls_tx) { + if (!TEST_false(BIO_get_ktls_send(serverssl->wbio))) + goto end; + } else { + if (!TEST_true(BIO_get_ktls_send(serverssl->wbio))) + goto end; + } + + if (!TEST_true(ping_pong_query(clientssl, serverssl, cfd, sfd))) + goto end; + + testresult = 1; +end: + if (clientssl) { + SSL_shutdown(clientssl); + SSL_free(clientssl); + } + if (serverssl) { + SSL_shutdown(serverssl); + SSL_free(serverssl); + } + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + serverssl = clientssl = NULL; + return testresult; +} + +static int test_ktls_client_server(void) +{ + return execute_test_ktls(1, 1); +} + +static int test_ktls_no_client_server(void) +{ + return execute_test_ktls(0, 1); +} + +static int test_ktls_client_no_server(void) +{ + return execute_test_ktls(1, 0); +} + +static int test_ktls_no_client_no_server(void) +{ + return execute_test_ktls(0, 0); +} + +#endif + static int test_large_message_tls(void) { return execute_test_large_message(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, - 0); + TLS1_VERSION, 0, 0); } static int test_large_message_tls_read_ahead(void) { return execute_test_large_message(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, - 1); + TLS1_VERSION, 0, 1); } #ifndef OPENSSL_NO_DTLS @@ -679,8 +910,7 @@ static int test_large_message_dtls(void) */ return execute_test_large_message(DTLS_server_method(), DTLS_client_method(), - DTLS1_VERSION, DTLS_MAX_VERSION, - 0); + DTLS1_VERSION, 0, 0); } #endif @@ -740,7 +970,7 @@ static int test_tlsext_status_type(void) BIO *certbio = NULL; if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey)) return 0; @@ -909,7 +1139,7 @@ static int execute_test_session(int maxprot, int use_int_cache, numnewsesstick = 2; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) return 0; @@ -1257,7 +1487,7 @@ static int setup_ticket_test(int stateful, int idx, SSL_CTX **sctx, int sess_id_ctx = 1; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, sctx, + TLS1_VERSION, 0, sctx, cctx, cert, privkey)) || !TEST_true(SSL_CTX_set_num_tickets(*sctx, idx)) || !TEST_true(SSL_CTX_set_session_id_context(*sctx, @@ -1457,7 +1687,7 @@ static int test_psk_tickets(void) int sess_id_ctx = 1; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, &sctx, + TLS1_VERSION, 0, &sctx, &cctx, NULL, NULL)) || !TEST_true(SSL_CTX_set_session_id_context(sctx, (void *)&sess_id_ctx, @@ -1583,7 +1813,7 @@ static int test_ssl_set_bio(int idx) } if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto end; @@ -1808,7 +2038,7 @@ static int test_set_sigalgs(int idx) : &testsigalgs[idx - OSSL_NELEM(testsigalgs)]; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) return 0; @@ -2048,7 +2278,7 @@ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl, if (*sctx == NULL && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, sctx, cctx, cert, privkey))) return 0; @@ -2374,7 +2604,7 @@ static int test_early_data_replay_int(int idx, int usecb, int confopt) allow_ed_cb_called = 0; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, &sctx, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) return 0; @@ -3099,7 +3329,7 @@ static int test_set_ciphersuite(int idx) int testresult = 0; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey)) || !TEST_true(SSL_CTX_set_ciphersuites(sctx, "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256"))) @@ -3169,7 +3399,7 @@ static int test_ciphersuite_change(void) /* Create a session based on SHA-256 */ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey)) || !TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")) @@ -3309,7 +3539,7 @@ static int test_tls13_psk(int idx) int testresult = 0; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, idx == 3 ? NULL : cert, idx == 3 ? NULL : privkey))) goto end; @@ -3557,7 +3787,7 @@ static int test_stateless(void) int testresult = 0; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto end; @@ -3781,13 +4011,13 @@ static int test_custom_exts(int tst) snicb = 0; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto end; if (tst == 2 && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL, - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx2, NULL, cert, privkey))) goto end; @@ -4067,7 +4297,7 @@ static int test_export_key_mat(int tst) return 1; #endif if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto end; @@ -4250,6 +4480,58 @@ static int test_export_key_mat_early(int idx) return testresult; } + +#define NUM_KEY_UPDATE_MESSAGES 40 +/* + * Test KeyUpdate. + */ +static int test_key_update(void) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0, i, j; + char buf[20]; + static char *mess = "A test message"; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_3_VERSION, + 0, + &sctx, &cctx, cert, privkey)) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + for (j = 0; j < 2; j++) { + /* Send lots of KeyUpdate messages */ + for (i = 0; i < NUM_KEY_UPDATE_MESSAGES; i++) { + if (!TEST_true(SSL_key_update(clientssl, + (j == 0) + ? SSL_KEY_UPDATE_NOT_REQUESTED + : SSL_KEY_UPDATE_REQUESTED)) + || !TEST_true(SSL_do_handshake(clientssl))) + goto end; + } + + /* Check that sending and receiving app data is ok */ + if (!TEST_int_eq(SSL_write(clientssl, mess, strlen(mess)), strlen(mess)) + || !TEST_int_eq(SSL_read(serverssl, buf, sizeof(buf)), + strlen(mess))) + goto end; + } + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} #endif /* OPENSSL_NO_TLS1_3 */ static int test_ssl_clear(int idx) @@ -4265,7 +4547,7 @@ static int test_ssl_clear(int idx) /* Create an initial connection */ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey)) || (idx == 1 && !TEST_true(SSL_CTX_set_max_proto_version(cctx, @@ -4421,7 +4703,7 @@ static int test_pha_key_update(void) int testresult = 0; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) return 0; @@ -4644,7 +4926,7 @@ static int test_srp(int tst) } if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto end; @@ -4734,18 +5016,14 @@ static struct info_cb_states_st { {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWSC"}, {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"}, - {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, - {SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL}, - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TWST"}, - {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, - {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, - {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, - {SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, - {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, - {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"}, - {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, - {SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL}, - {SSL_CB_EXIT, NULL}, {0, NULL}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_LOOP, "TWST"}, + {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL}, + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, + {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, + {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"}, + {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, + {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, + {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {0, NULL}, }, { /* TLSv1.3 client followed by resumption */ {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, @@ -4753,20 +5031,16 @@ static struct info_cb_states_st { {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRSC"}, {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, - {SSL_CB_EXIT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, - {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, - {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "SSLOK "}, - {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, - {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, + {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, + {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, + {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "SSLOK "}, - {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, - {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL}, + {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, + {SSL_CB_EXIT, NULL}, {0, NULL}, }, { /* TLSv1.3 server, early_data */ {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, @@ -4775,8 +5049,7 @@ static struct info_cb_states_st { {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TWEOED"}, {SSL_CB_LOOP, "TRFIN"}, - {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, - {SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {0, NULL}, }, { /* TLSv1.3 client, early_data */ @@ -4787,9 +5060,8 @@ static struct info_cb_states_st { {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TPEDE"}, {SSL_CB_LOOP, "TWEOED"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, - {SSL_CB_EXIT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, - {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, - {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL}, + {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, + {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {0, NULL}, }, { {0, NULL}, } @@ -4828,8 +5100,11 @@ static void sslapi_info_callback(const SSL *s, int where, int ret) return; } - /* Check that, if we've got SSL_CB_HANDSHAKE_DONE we are not in init */ - if ((where & SSL_CB_HANDSHAKE_DONE) && SSL_in_init((SSL *)s) != 0) { + /* + * Check that, if we've got SSL_CB_HANDSHAKE_DONE we are not in init + */ + if ((where & SSL_CB_HANDSHAKE_DONE) + && SSL_in_init((SSL *)s) != 0) { info_cb_failed = 1; return; } @@ -4973,14 +5248,14 @@ static int test_ssl_pending(int tst) if (tst == 0) { if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, + TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto end; } else { #ifndef OPENSSL_NO_DTLS if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(), DTLS_client_method(), - DTLS1_VERSION, DTLS_MAX_VERSION, + DTLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto end; #else @@ -5408,7 +5683,7 @@ static int test_shutdown(int tst) if (tst == 3) { if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) + SSL_ERROR_NONE, 1)) || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL) || !TEST_false(SSL_SESSION_is_resumable(sess))) goto end; @@ -5845,6 +6120,9 @@ static int test_ca_names(int tst) return testresult; } + +OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile\n") + int setup_tests(void) { if (!TEST_ptr(cert = test_get_argument(0)) @@ -5869,6 +6147,13 @@ int setup_tests(void) #endif } +#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS) \ + && !defined(OPENSSL_NO_SOCK) + ADD_TEST(test_ktls_client_server); + ADD_TEST(test_ktls_no_client_server); + ADD_TEST(test_ktls_client_no_server); + ADD_TEST(test_ktls_no_client_no_server); +#endif ADD_TEST(test_large_message_tls); ADD_TEST(test_large_message_tls_read_ahead); #ifndef OPENSSL_NO_DTLS @@ -5899,6 +6184,7 @@ int setup_tests(void) #endif #ifndef OPENSSL_NO_TLS1_2 ADD_TEST(test_client_hello_cb); + ADD_TEST(test_no_ems); #endif #ifndef OPENSSL_NO_TLS1_3 ADD_ALL_TESTS(test_early_data_read_write, 3); @@ -5936,6 +6222,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_export_key_mat, 6); #ifndef OPENSSL_NO_TLS1_3 ADD_ALL_TESTS(test_export_key_mat_early, 3); + ADD_TEST(test_key_update); #endif ADD_ALL_TESTS(test_ssl_clear, 2); ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test));