/*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include <openssl/aes.h>
#include <openssl/rand.h>
#include <openssl/core_names.h>
+#include <openssl/core_numbers.h>
+#include <openssl/provider.h>
#include "ssltestlib.h"
#include "testutil.h"
#include "internal/ktls.h"
#include "../ssl/ssl_local.h"
+/* Defined in filterprov.c */
+OSSL_provider_init_fn filter_provider_init;
+int filter_provider_set_filter(int operation, const char *name);
+
+DEFINE_STACK_OF(OCSP_RESPID)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_NAME)
+
+static OPENSSL_CTX *libctx = NULL;
+static OSSL_PROVIDER *defctxnull = NULL;
+
#ifndef OPENSSL_NO_TLS1_3
static SSL_SESSION *clientpsk = NULL;
static char *certsdir = NULL;
static char *cert = NULL;
static char *privkey = NULL;
+static char *cert2 = NULL;
+static char *privkey2 = NULL;
static char *srpvfile = NULL;
static char *tmpfilename = NULL;
+static int is_fips = 0;
+
#define LOG_BUFFER_SIZE 2048
static char server_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
static size_t server_log_buffer_index = 0;
server_log_buffer_index = 0;
error_writing_log = 0;
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
server_log_buffer_index = 0;
error_writing_log = 0;
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, 0,
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_max_early_data(sctx,
SSL3_RT_MAX_PLAIN_LENGTH)))
SSL *clientssl = NULL, *serverssl = NULL;
int testctr = 0, testresult = 0;
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, 0,
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
SSL_CTX_set_client_hello_cb(sctx, full_client_hello_callback, &testctr);
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
- if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+ if (!create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS1_2_VERSION,
&sctx, &cctx, cert, privkey)) {
printf("Unable to create SSL_CTX pair\n");
return testresult;
}
+
+/*
+ * Very focused test to exercise a single case in the server-side state
+ * machine, when the ChangeCipherState message needs to actually change
+ * from one cipher to a different cipher (i.e., not changing from null
+ * encryption to real encryption).
+ */
+static int test_ccs_change_cipher(void)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ SSL_SESSION *sess = NULL, *sesspre, *sesspost;
+ int testresult = 0;
+ int i;
+ unsigned char buf;
+ size_t readbytes;
+
+ /*
+ * Create a conection so we can resume and potentially (but not) use
+ * a different cipher in the second connection.
+ */
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION, TLS1_2_VERSION,
+ &sctx, &cctx, cert, privkey))
+ || !TEST_true(SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET))
+ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(SSL_set_cipher_list(clientssl, "AES128-GCM-SHA256"))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE))
+ || !TEST_ptr(sesspre = SSL_get0_session(serverssl))
+ || !TEST_ptr(sess = SSL_get1_session(clientssl)))
+ goto end;
+
+ shutdown_ssl_connection(serverssl, clientssl);
+ serverssl = clientssl = NULL;
+
+ /* Resume, preferring a different cipher. Our server will force the
+ * same cipher to be used as the initial handshake. */
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(SSL_set_session(clientssl, sess))
+ || !TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384:AES128-GCM-SHA256"))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE))
+ || !TEST_true(SSL_session_reused(clientssl))
+ || !TEST_true(SSL_session_reused(serverssl))
+ || !TEST_ptr(sesspost = SSL_get0_session(serverssl))
+ || !TEST_ptr_eq(sesspre, sesspost)
+ || !TEST_int_eq(TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
+ SSL_CIPHER_get_id(SSL_get_current_cipher(clientssl))))
+ goto end;
+ shutdown_ssl_connection(serverssl, clientssl);
+ serverssl = clientssl = NULL;
+
+ /*
+ * Now create a fresh connection and try to renegotiate a different
+ * cipher on it.
+ */
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(SSL_set_cipher_list(clientssl, "AES128-GCM-SHA256"))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE))
+ || !TEST_ptr(sesspre = SSL_get0_session(serverssl))
+ || !TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384"))
+ || !TEST_true(SSL_renegotiate(clientssl))
+ || !TEST_true(SSL_renegotiate_pending(clientssl)))
+ goto end;
+ /* Actually drive the renegotiation. */
+ for (i = 0; i < 3; i++) {
+ if (SSL_read_ex(clientssl, &buf, sizeof(buf), &readbytes) > 0) {
+ if (!TEST_ulong_eq(readbytes, 0))
+ goto end;
+ } else if (!TEST_int_eq(SSL_get_error(clientssl, 0),
+ SSL_ERROR_WANT_READ)) {
+ goto end;
+ }
+ if (SSL_read_ex(serverssl, &buf, sizeof(buf), &readbytes) > 0) {
+ if (!TEST_ulong_eq(readbytes, 0))
+ goto end;
+ } else if (!TEST_int_eq(SSL_get_error(serverssl, 0),
+ SSL_ERROR_WANT_READ)) {
+ goto end;
+ }
+ }
+ /* sesspre and sesspost should be different since the cipher changed. */
+ if (!TEST_false(SSL_renegotiate_pending(clientssl))
+ || !TEST_false(SSL_session_reused(clientssl))
+ || !TEST_false(SSL_session_reused(serverssl))
+ || !TEST_ptr(sesspost = SSL_get0_session(serverssl))
+ || !TEST_ptr_ne(sesspre, sesspost)
+ || !TEST_int_eq(TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
+ SSL_CIPHER_get_id(SSL_get_current_cipher(clientssl))))
+ goto end;
+
+ shutdown_ssl_connection(serverssl, clientssl);
+ serverssl = clientssl = NULL;
+
+ testresult = 1;
+
+end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ SSL_SESSION_free(sess);
+
+ return testresult;
+}
#endif
static int execute_test_large_message(const SSL_METHOD *smeth,
if (!TEST_ptr(chaincert))
goto end;
- if (!TEST_true(create_ssl_ctx_pair(smeth, cmeth, min_version, max_version,
- &sctx, &cctx, cert, privkey)))
+ if (!TEST_true(create_ssl_ctx_pair(libctx, smeth, cmeth, min_version,
+ max_version, &sctx, &cctx, cert,
+ privkey)))
goto end;
if (read_ahead) {
return 1;
/* Create a session based on SHA-256 */
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
TLS1_2_VERSION, TLS1_2_VERSION,
&sctx, &cctx, cert, privkey))
}
/* Create a session based on SHA-256 */
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
TLS1_2_VERSION, TLS1_2_VERSION,
&sctx, &cctx, cert, privkey))
return SSL_TLSEXT_ERR_ALERT_FATAL;
id = sk_OCSP_RESPID_value(ids, 0);
- if (id == NULL || !OCSP_RESPID_match(id, ocspcert))
+ if (id == NULL || !OCSP_RESPID_match_ex(id, ocspcert, libctx, NULL))
return SSL_TLSEXT_ERR_ALERT_FATAL;
} else if (*argi != 1) {
return SSL_TLSEXT_ERR_ALERT_FATAL;
OCSP_RESPID *id = NULL;
BIO *certbio = NULL;
- if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+ if (!create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(),
TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
return 0;
|| !TEST_ptr(ids = sk_OCSP_RESPID_new_null())
|| !TEST_ptr(ocspcert = PEM_read_bio_X509(certbio,
NULL, NULL, NULL))
- || !TEST_true(OCSP_RESPID_set_by_key(id, ocspcert))
+ || !TEST_true(OCSP_RESPID_set_by_key_ex(id, ocspcert, libctx, NULL))
|| !TEST_true(sk_OCSP_RESPID_push(ids, id)))
goto end;
id = NULL;
}
static int execute_test_session(int maxprot, int use_int_cache,
- int use_ext_cache)
+ int use_ext_cache, long s_options)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl1 = NULL, *clientssl1 = NULL;
if (maxprot == TLS1_3_VERSION)
numnewsesstick = 2;
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, 0,
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
| SSL_SESS_CACHE_NO_INTERNAL_STORE);
}
+ if (s_options) {
+ SSL_CTX_set_options(sctx, s_options);
+ }
+
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl1, clientssl1,
static int test_session_with_only_int_cache(void)
{
#ifndef OPENSSL_NO_TLS1_3
- if (!execute_test_session(TLS1_3_VERSION, 1, 0))
+ if (!execute_test_session(TLS1_3_VERSION, 1, 0, 0))
return 0;
#endif
#ifndef OPENSSL_NO_TLS1_2
- return execute_test_session(TLS1_2_VERSION, 1, 0);
+ return execute_test_session(TLS1_2_VERSION, 1, 0, 0);
#else
return 1;
#endif
static int test_session_with_only_ext_cache(void)
{
#ifndef OPENSSL_NO_TLS1_3
- if (!execute_test_session(TLS1_3_VERSION, 0, 1))
+ if (!execute_test_session(TLS1_3_VERSION, 0, 1, 0))
return 0;
#endif
#ifndef OPENSSL_NO_TLS1_2
- return execute_test_session(TLS1_2_VERSION, 0, 1);
+ return execute_test_session(TLS1_2_VERSION, 0, 1, 0);
#else
return 1;
#endif
static int test_session_with_both_cache(void)
{
#ifndef OPENSSL_NO_TLS1_3
- if (!execute_test_session(TLS1_3_VERSION, 1, 1))
+ if (!execute_test_session(TLS1_3_VERSION, 1, 1, 0))
+ return 0;
+#endif
+
+#ifndef OPENSSL_NO_TLS1_2
+ return execute_test_session(TLS1_2_VERSION, 1, 1, 0);
+#else
+ return 1;
+#endif
+}
+
+static int test_session_wo_ca_names(void)
+{
+#ifndef OPENSSL_NO_TLS1_3
+ if (!execute_test_session(TLS1_3_VERSION, 1, 0, SSL_OP_DISABLE_TLSEXT_CA_NAMES))
return 0;
#endif
#ifndef OPENSSL_NO_TLS1_2
- return execute_test_session(TLS1_2_VERSION, 1, 1);
+ return execute_test_session(TLS1_2_VERSION, 1, 0, SSL_OP_DISABLE_TLSEXT_CA_NAMES);
#else
return 1;
#endif
}
+
#ifndef OPENSSL_NO_TLS1_3
static SSL_SESSION *sesscache[6];
static int do_cache;
{
int sess_id_ctx = 1;
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, 0, sctx,
- cctx, cert, privkey))
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
+ sctx, cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_num_tickets(*sctx, idx))
|| !TEST_true(SSL_CTX_set_session_id_context(*sctx,
(void *)&sess_id_ctx,
int testresult = 0;
int sess_id_ctx = 1;
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, 0, &sctx,
- &cctx, NULL, NULL))
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
+ &sctx, &cctx, NULL, NULL))
|| !TEST_true(SSL_CTX_set_session_id_context(sctx,
(void *)&sess_id_ctx,
sizeof(sess_id_ctx))))
return testresult;
}
+
+static int test_extra_tickets(int idx)
+{
+ SSL_CTX *sctx = NULL, *cctx = NULL;
+ SSL *serverssl = NULL, *clientssl = NULL;
+ BIO *bretry = BIO_new(bio_s_always_retry());
+ BIO *tmp = NULL;
+ int testresult = 0;
+ int stateful = 0;
+ size_t nbytes;
+ unsigned char c, buf[1];
+
+ new_called = 0;
+ do_cache = 1;
+
+ if (idx >= 3) {
+ idx -= 3;
+ stateful = 1;
+ }
+
+ if (!TEST_ptr(bretry) || !setup_ticket_test(stateful, idx, &sctx, &cctx))
+ goto end;
+ SSL_CTX_sess_set_new_cb(sctx, new_session_cb);
+ /* setup_ticket_test() uses new_cachesession_cb which we don't need. */
+ SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL)))
+ goto end;
+
+ /*
+ * Note that we have new_session_cb on both sctx and cctx, so new_called is
+ * incremented by both client and server.
+ */
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE))
+ /* Check we got the number of tickets we were expecting */
+ || !TEST_int_eq(idx * 2, new_called)
+ || !TEST_true(SSL_new_session_ticket(serverssl))
+ || !TEST_true(SSL_new_session_ticket(serverssl))
+ || !TEST_int_eq(idx * 2, new_called))
+ goto end;
+
+ /* Now try a (real) write to actually send the tickets */
+ c = '1';
+ if (!TEST_true(SSL_write_ex(serverssl, &c, 1, &nbytes))
+ || !TEST_size_t_eq(1, nbytes)
+ || !TEST_int_eq(idx * 2 + 2, new_called)
+ || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes))
+ || !TEST_int_eq(idx * 2 + 4, new_called)
+ || !TEST_int_eq(sizeof(buf), nbytes)
+ || !TEST_int_eq(c, buf[0])
+ || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)))
+ goto end;
+
+ /* Try with only requesting one new ticket, too */
+ c = '2';
+ new_called = 0;
+ if (!TEST_true(SSL_new_session_ticket(serverssl))
+ || !TEST_true(SSL_write_ex(serverssl, &c, sizeof(c), &nbytes))
+ || !TEST_size_t_eq(sizeof(c), nbytes)
+ || !TEST_int_eq(1, new_called)
+ || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes))
+ || !TEST_int_eq(2, new_called)
+ || !TEST_size_t_eq(sizeof(buf), nbytes)
+ || !TEST_int_eq(c, buf[0]))
+ goto end;
+
+ /* Do it again but use dummy writes to drive the ticket generation */
+ c = '3';
+ new_called = 0;
+ if (!TEST_true(SSL_new_session_ticket(serverssl))
+ || !TEST_true(SSL_new_session_ticket(serverssl))
+ || !TEST_true(SSL_write_ex(serverssl, &c, 0, &nbytes))
+ || !TEST_size_t_eq(0, nbytes)
+ || !TEST_int_eq(2, new_called)
+ || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes))
+ || !TEST_int_eq(4, new_called))
+ goto end;
+
+ /*
+ * Use the always-retry BIO to exercise the logic that forces ticket
+ * generation to wait until a record boundary.
+ */
+ c = '4';
+ new_called = 0;
+ tmp = SSL_get_wbio(serverssl);
+ if (!TEST_ptr(tmp) || !TEST_true(BIO_up_ref(tmp))) {
+ tmp = NULL;
+ goto end;
+ }
+ SSL_set0_wbio(serverssl, bretry);
+ bretry = NULL;
+ if (!TEST_false(SSL_write_ex(serverssl, &c, 1, &nbytes))
+ || !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_WANT_WRITE)
+ || !TEST_size_t_eq(nbytes, 0))
+ goto end;
+ /* Restore a BIO that will let the write succeed */
+ SSL_set0_wbio(serverssl, tmp);
+ tmp = NULL;
+ /* These calls should just queue the request and not send anything. */
+ if (!TEST_true(SSL_new_session_ticket(serverssl))
+ || !TEST_true(SSL_new_session_ticket(serverssl))
+ || !TEST_int_eq(0, new_called))
+ goto end;
+ /* Re-do the write; still no tickets sent */
+ if (!TEST_true(SSL_write_ex(serverssl, &c, 1, &nbytes))
+ || !TEST_size_t_eq(1, nbytes)
+ || !TEST_int_eq(0, new_called)
+ || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes))
+ || !TEST_int_eq(0, new_called)
+ || !TEST_int_eq(sizeof(buf), nbytes)
+ || !TEST_int_eq(c, buf[0])
+ || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)))
+ goto end;
+ /* Now the *next* write should send the tickets */
+ c = '5';
+ if (!TEST_true(SSL_write_ex(serverssl, &c, 1, &nbytes))
+ || !TEST_size_t_eq(1, nbytes)
+ || !TEST_int_eq(2, new_called)
+ || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes))
+ || !TEST_int_eq(4, new_called)
+ || !TEST_int_eq(sizeof(buf), nbytes)
+ || !TEST_int_eq(c, buf[0])
+ || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)))
+ goto end;
+
+ SSL_shutdown(clientssl);
+ SSL_shutdown(serverssl);
+ testresult = 1;
+
+ end:
+ BIO_free(bretry);
+ BIO_free(tmp);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ clientssl = serverssl = NULL;
+ sctx = cctx = NULL;
+ return testresult;
+}
#endif
#define USE_NULL 0
conntype = idx % 2;
}
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, 0,
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
SSL *ssl = NULL;
int testresult = 0;
- if (!TEST_ptr(ctx = SSL_CTX_new(TLS_method()))
+ if (!TEST_ptr(ctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_method()))
|| !TEST_ptr(ssl = SSL_new(ctx))
|| !TEST_ptr(sslbio = BIO_new(BIO_f_ssl()))
|| !TEST_ptr(membio1 = BIO_new(BIO_s_mem())))
curr = testctx ? &testsigalgs[idx]
: &testsigalgs[idx - OSSL_NELEM(testsigalgs)];
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, 0,
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
#define MSG6 "test"
#define MSG7 "message."
-#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02")
#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01")
+#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02")
+#define TLS13_CHACHA20_POLY1305_SHA256_BYTES ((const unsigned char *)"\x13\x03")
+#define TLS13_AES_128_CCM_SHA256_BYTES ((const unsigned char *)"\x13\x04")
+#define TLS13_AES_128_CCM_8_SHA256_BYTES ((const unsigned char *)"\x13\05")
static SSL_SESSION *create_a_psk(SSL *ssl)
SSL **serverssl, SSL_SESSION **sess, int idx)
{
if (*sctx == NULL
- && !TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ && !TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
TLS1_VERSION, 0,
sctx, cctx, cert, privkey)))
allow_ed_cb_called = 0;
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, 0, &sctx,
- &cctx, cert, privkey)))
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
+ &sctx, &cctx, cert, privkey)))
return 0;
if (usecb > 0) {
return testresult;
}
+/*
+ * Test TLSv1.3 PSK can be used to send early_data with all 5 ciphersuites
+ * idx == 0: Test with TLS1_3_RFC_AES_128_GCM_SHA256
+ * idx == 1: Test with TLS1_3_RFC_AES_256_GCM_SHA384
+ * idx == 2: Test with TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
+ * idx == 3: Test with TLS1_3_RFC_AES_128_CCM_SHA256
+ * idx == 4: Test with TLS1_3_RFC_AES_128_CCM_8_SHA256
+ */
+static int test_early_data_psk_with_all_ciphers(int idx)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ SSL_SESSION *sess = NULL;
+ unsigned char buf[20];
+ size_t readbytes, written;
+ const SSL_CIPHER *cipher;
+ const char *cipher_str[] = {
+ TLS1_3_RFC_AES_128_GCM_SHA256,
+ TLS1_3_RFC_AES_256_GCM_SHA384,
+# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+ TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
+# else
+ NULL,
+# endif
+ TLS1_3_RFC_AES_128_CCM_SHA256,
+ TLS1_3_RFC_AES_128_CCM_8_SHA256
+ };
+ const unsigned char *cipher_bytes[] = {
+ TLS13_AES_128_GCM_SHA256_BYTES,
+ TLS13_AES_256_GCM_SHA384_BYTES,
+# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+ TLS13_CHACHA20_POLY1305_SHA256_BYTES,
+# else
+ NULL,
+# endif
+ TLS13_AES_128_CCM_SHA256_BYTES,
+ TLS13_AES_128_CCM_8_SHA256_BYTES
+ };
+
+ if (cipher_str[idx] == NULL)
+ return 1;
+ /* Skip ChaCha20Poly1305 as currently FIPS module does not support it */
+ if (idx == 2 && is_fips == 1)
+ return 1;
+
+ /* We always set this up with a final parameter of "2" for PSK */
+ if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
+ &serverssl, &sess, 2)))
+ goto end;
+
+ if (!TEST_true(SSL_set_ciphersuites(clientssl, cipher_str[idx]))
+ || !TEST_true(SSL_set_ciphersuites(serverssl, cipher_str[idx])))
+ goto end;
+
+ /*
+ * 'setupearly_data_test' creates only one instance of SSL_SESSION
+ * and assigns to both client and server with incremented reference
+ * and the same instance is updated in 'sess'.
+ * So updating ciphersuite in 'sess' which will get reflected in
+ * PSK handshake using psk use sess and find sess cb.
+ */
+ cipher = SSL_CIPHER_find(clientssl, cipher_bytes[idx]);
+ if (!TEST_ptr(cipher) || !TEST_true(SSL_SESSION_set_cipher(sess, cipher)))
+ goto end;
+
+ SSL_set_connect_state(clientssl);
+ if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
+ &written)))
+ goto end;
+
+ if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
+ &readbytes),
+ SSL_READ_EARLY_DATA_SUCCESS)
+ || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
+ || !TEST_int_eq(SSL_get_early_data_status(serverssl),
+ SSL_EARLY_DATA_ACCEPTED)
+ || !TEST_int_eq(SSL_connect(clientssl), 1)
+ || !TEST_int_eq(SSL_accept(serverssl), 1))
+ goto end;
+
+ /* Send some normal data from client to server */
+ if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
+ || !TEST_size_t_eq(written, strlen(MSG2)))
+ goto end;
+
+ if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
+ || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
+ goto end;
+
+ testresult = 1;
+ end:
+ SSL_SESSION_free(sess);
+ SSL_SESSION_free(clientpsk);
+ SSL_SESSION_free(serverpsk);
+ clientpsk = serverpsk = NULL;
+ if (clientssl != NULL)
+ SSL_shutdown(clientssl);
+ if (serverssl != NULL)
+ SSL_shutdown(serverssl);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ return testresult;
+}
+
/*
* Test that a server that doesn't try to read early data can handle a
* client sending some.
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, 0,
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_ciphersuites(sctx,
"TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256")))
const SSL_CIPHER *aes_128_gcm_sha256 = NULL;
/* Create a session based on SHA-256 */
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, 0,
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
+ || !TEST_true(SSL_CTX_set_ciphersuites(sctx,
+ "TLS_AES_128_GCM_SHA256:"
+ "TLS_AES_256_GCM_SHA384:"
+ "TLS_AES_128_CCM_SHA256"))
|| !TEST_true(SSL_CTX_set_ciphersuites(cctx,
"TLS_AES_128_GCM_SHA256"))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
SSL_free(clientssl);
serverssl = clientssl = NULL;
-# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
/* Check we can resume a session with a different SHA-256 ciphersuite */
if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
- "TLS_CHACHA20_POLY1305_SHA256"))
- || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
- NULL, NULL))
+ "TLS_AES_128_CCM_SHA256"))
+ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL))
|| !TEST_true(SSL_set_session(clientssl, clntsess))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
SSL_free(serverssl);
SSL_free(clientssl);
serverssl = clientssl = NULL;
-# endif
/*
* Check attempting to resume a SHA-256 session with no SHA-256 ciphersuites
return 1;
}
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, max_version,
- &sctx, &cctx, cert, privkey)))
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION,
+ max_version, &sctx, &cctx, cert,
+ privkey)))
goto end;
if (!TEST_true(SSL_CTX_set_ciphersuites(sctx,
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl = NULL, *clientssl = NULL;
- static const char *t13_ciphers[] = {
- TLS1_3_RFC_AES_128_GCM_SHA256,
- TLS1_3_RFC_AES_256_GCM_SHA384,
- TLS1_3_RFC_AES_128_CCM_SHA256,
+ static const struct {
+ const char *ciphername;
+ int fipscapable;
+ } t13_ciphers[] = {
+ { TLS1_3_RFC_AES_128_GCM_SHA256, 1 },
+ { TLS1_3_RFC_AES_256_GCM_SHA384, 1 },
+ { TLS1_3_RFC_AES_128_CCM_SHA256, 1 },
# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
- TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
- TLS1_3_RFC_AES_256_GCM_SHA384 ":" TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
+ { TLS1_3_RFC_CHACHA20_POLY1305_SHA256, 0 },
+ { TLS1_3_RFC_AES_256_GCM_SHA384
+ ":" TLS1_3_RFC_CHACHA20_POLY1305_SHA256, 0 },
# endif
- TLS1_3_RFC_AES_128_CCM_8_SHA256 ":" TLS1_3_RFC_AES_128_CCM_SHA256
+ { TLS1_3_RFC_AES_128_CCM_8_SHA256 ":" TLS1_3_RFC_AES_128_CCM_SHA256, 1 }
};
const char *t13_cipher = NULL;
const char *t12_cipher = NULL;
continue;
# endif
for (i = 0; i < OSSL_NELEM(t13_ciphers); i++) {
- t13_cipher = t13_ciphers[i];
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ if (is_fips && !t13_ciphers[i].fipscapable)
+ continue;
+ t13_cipher = t13_ciphers[i].ciphername;
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
TLS1_VERSION, max_ver,
&sctx, &cctx, cert, privkey)))
};
int testresult = 0;
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, 0,
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
&sctx, &cctx, idx == 3 ? NULL : cert,
idx == 3 ? NULL : privkey)))
goto end;
if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
"TLS_AES_128_GCM_SHA256")))
goto end;
+ } else {
+ /*
+ * As noted above the server should prefer SHA256 automatically. However
+ * we are careful not to offer TLS_CHACHA20_POLY1305_SHA256 so this same
+ * code works even if we are testing with only the FIPS provider loaded.
+ */
+ if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
+ "TLS_AES_256_GCM_SHA384:"
+ "TLS_AES_128_GCM_SHA256")))
+ goto end;
}
/*
SSL *serverssl = NULL, *clientssl = NULL;
int testresult = 0;
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, 0,
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
clntaddnewcb = clntparsenewcb = srvaddnewcb = srvparsenewcb = 0;
snicb = 0;
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, 0,
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
if (tst == 2
- && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL,
+ && !TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), NULL,
TLS1_VERSION, 0,
&sctx2, NULL, cert, privkey)))
goto end;
int ret, expected, testresult = 0;
SSL_CTX *ctx;
- ctx = SSL_CTX_new(TLS_method());
+ ctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_method());
if (!TEST_ptr(ctx))
goto end;
if (tst == 1)
return 1;
#endif
+ if (is_fips && (tst == 0 || tst == 1))
+ return 1;
#ifdef OPENSSL_NO_TLS1_2
if (tst == 2)
return 1;
if (tst >= 3)
return 1;
#endif
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, 0,
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
char buf[20];
static char *mess = "A test message";
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
TLS1_3_VERSION,
0,
SSL *peerupdate = NULL, *peerwrite = NULL;
if (!TEST_ptr(bretry)
- || !TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ || !TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
TLS1_3_VERSION,
0,
#endif
/* Create an initial connection */
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, 0,
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
|| (idx == 1
&& !TEST_true(SSL_CTX_set_max_proto_version(cctx,
int testresult = 0, MFL_mode = 0;
BIO *rbio, *wbio;
- ctx = SSL_CTX_new(TLS_method());
+ ctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_method());
if (!TEST_ptr(ctx))
goto end;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, 0,
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
static SRP_VBASE *vbase = NULL;
+DEFINE_STACK_OF(SRP_user_pwd)
+
static int ssl_srp_cb(SSL *s, int *ad, void *arg)
{
int ret = SSL3_AL_FATAL;
if (!TEST_ptr(dummy) || !TEST_ptr(row))
goto end;
- gNid = SRP_create_verifier(userid, password, &row[DB_srpsalt],
- &row[DB_srpverifier], NULL, NULL);
+ gNid = SRP_create_verifier_ex(userid, password, &row[DB_srpsalt],
+ &row[DB_srpverifier], NULL, NULL, libctx, NULL);
if (!TEST_ptr(gNid))
goto end;
if (!TEST_ptr(lgN))
goto end;
- if (!TEST_true(SRP_create_verifier_BN(userid, password, &salt, &verifier,
- lgN->N, lgN->g)))
+ if (!TEST_true(SRP_create_verifier_BN_ex(userid, password, &salt, &verifier,
+ lgN->N, lgN->g, libctx, NULL)))
goto end;
user_pwd = OPENSSL_zalloc(sizeof(*user_pwd));
goto end;
}
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, 0,
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
}
#endif
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
tlsvers, tlsvers, &sctx, &cctx, cert,
privkey)))
size_t written, readbytes;
if (tst == 0) {
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
} else {
#ifndef OPENSSL_NO_DTLS
- if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
+ if (!TEST_true(create_ssl_ctx_pair(libctx, DTLS_server_method(),
DTLS_client_method(),
DTLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
const char *srvrciphers;
const char *srvrtls13ciphers;
const char *shared;
+ const char *fipsshared;
} shared_ciphers_data[] = {
/*
* We can't establish a connection (even in TLSv1.1) with these ciphersuites if
NULL,
"AES256-SHA:DHE-RSA-AES128-SHA",
NULL,
+ "AES256-SHA",
"AES256-SHA"
},
+# if !defined(OPENSSL_NO_CHACHA) \
+ && !defined(OPENSSL_NO_POLY1305) \
+ && !defined(OPENSSL_NO_EC)
+ {
+ TLS1_2_VERSION,
+ "AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305",
+ NULL,
+ "AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305",
+ NULL,
+ "AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305",
+ "AES128-SHA"
+ },
+# endif
{
TLS1_2_VERSION,
"AES128-SHA:DHE-RSA-AES128-SHA:AES256-SHA",
NULL,
"AES128-SHA:DHE-RSA-AES256-SHA:AES256-SHA",
NULL,
+ "AES128-SHA:AES256-SHA",
"AES128-SHA:AES256-SHA"
},
{
NULL,
"AES128-SHA:DHE-RSA-AES128-SHA",
NULL,
+ "AES128-SHA",
"AES128-SHA"
},
#endif
"AES256-SHA:AES128-SHA256",
NULL,
"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:"
- "TLS_AES_128_GCM_SHA256:AES256-SHA"
+ "TLS_AES_128_GCM_SHA256:AES256-SHA",
+ "TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:AES256-SHA"
},
#endif
#ifndef OPENSSL_NO_TLS1_3
"TLS_AES_256_GCM_SHA384",
"AES256-SHA",
"TLS_AES_256_GCM_SHA384",
+ "TLS_AES_256_GCM_SHA384",
"TLS_AES_256_GCM_SHA384"
},
#endif
};
-static int test_ssl_get_shared_ciphers(int tst)
+static int int_test_ssl_get_shared_ciphers(int tst, int clnt)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
char buf[1024];
+ OPENSSL_CTX *tmplibctx = OPENSSL_CTX_new();
+
+ if (!TEST_ptr(tmplibctx))
+ goto end;
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ /*
+ * Regardless of whether we're testing with the FIPS provider loaded into
+ * libctx, we want one peer to always use the full set of ciphersuites
+ * available. Therefore we use a separate libctx with the default provider
+ * loaded into it. We run the same tests twice - once with the client side
+ * having the full set of ciphersuites and once with the server side.
+ */
+ if (clnt) {
+ cctx = SSL_CTX_new_with_libctx(tmplibctx, NULL, TLS_client_method());
+ if (!TEST_ptr(cctx))
+ goto end;
+ } else {
+ sctx = SSL_CTX_new_with_libctx(tmplibctx, NULL, TLS_server_method());
+ if (!TEST_ptr(sctx))
+ goto end;
+ }
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
TLS1_VERSION,
shared_ciphers_data[tst].maxprot,
goto end;
if (!TEST_ptr(SSL_get_shared_ciphers(serverssl, buf, sizeof(buf)))
- || !TEST_int_eq(strcmp(buf, shared_ciphers_data[tst].shared), 0)) {
+ || !TEST_int_eq(strcmp(buf,
+ is_fips
+ ? shared_ciphers_data[tst].fipsshared
+ : shared_ciphers_data[tst].shared),
+ 0)) {
TEST_info("Shared ciphers are: %s\n", buf);
goto end;
}
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
+ OPENSSL_CTX_free(tmplibctx);
return testresult;
}
+static int test_ssl_get_shared_ciphers(int tst)
+{
+ return int_test_ssl_get_shared_ciphers(tst, 0)
+ && int_test_ssl_get_shared_ciphers(tst, 1);
+}
+
+
static const char *appdata = "Hello World";
static int gen_tick_called, dec_tick_called, tick_key_cb_called;
static int tick_key_renew = 0;
{
const unsigned char tick_aes_key[16] = "0123456789abcdef";
const unsigned char tick_hmac_key[16] = "0123456789abcdef";
+ EVP_CIPHER *aes128cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", NULL);
+ EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA-256", NULL);
+ int ret;
tick_key_cb_called = 1;
memset(iv, 0, AES_BLOCK_SIZE);
memset(key_name, 0, 16);
- if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, tick_aes_key, iv, enc)
- || !HMAC_Init_ex(hctx, tick_hmac_key, sizeof(tick_hmac_key),
- EVP_sha256(), NULL))
- return -1;
+ if (aes128cbc == NULL
+ || sha256 == NULL
+ || !EVP_CipherInit_ex(ctx, aes128cbc, NULL, tick_aes_key, iv, enc)
+ || !HMAC_Init_ex(hctx, tick_hmac_key, sizeof(tick_hmac_key), sha256,
+ NULL))
+ ret = -1;
+ else
+ ret = tick_key_renew ? 2 : 1;
+
+ EVP_CIPHER_free(aes128cbc);
+ EVP_MD_free(sha256);
- return tick_key_renew ? 2 : 1;
+ return ret;
}
#endif
const unsigned char tick_aes_key[16] = "0123456789abcdef";
unsigned char tick_hmac_key[16] = "0123456789abcdef";
OSSL_PARAM params[3];
+ EVP_CIPHER *aes128cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", NULL);
+ int ret;
tick_key_cb_called = 1;
memset(iv, 0, AES_BLOCK_SIZE);
tick_hmac_key,
sizeof(tick_hmac_key));
params[2] = OSSL_PARAM_construct_end();
- if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, tick_aes_key, iv, enc)
+ if (aes128cbc == NULL
+ || !EVP_CipherInit_ex(ctx, aes128cbc, NULL, tick_aes_key, iv, enc)
|| !EVP_MAC_CTX_set_params(hctx, params)
|| !EVP_MAC_init(hctx))
- return -1;
+ ret = -1;
+ else
+ ret = tick_key_renew ? 2 : 1;
+
+ EVP_CIPHER_free(aes128cbc);
- return tick_key_renew ? 2 : 1;
+ return ret;
}
/*
tick_dec_ret = SSL_TICKET_RETURN_ABORT;
}
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
TLS1_VERSION,
((tst % 2) == 0) ? TLS1_2_VERSION
return testresult;
}
+/*
+ * Test incorrect shutdown.
+ * Test 0: client does not shutdown properly,
+ * server does not set SSL_OP_IGNORE_UNEXPECTED_EOF,
+ * server should get SSL_ERROR_SSL
+ * Test 1: client does not shutdown properly,
+ * server sets SSL_OP_IGNORE_UNEXPECTED_EOF,
+ * server should get SSL_ERROR_ZERO_RETURN
+ */
+static int test_incorrect_shutdown(int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ char buf[80];
+ BIO *c2s;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), 0, 0,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (tst == 1)
+ SSL_CTX_set_options(sctx, SSL_OP_IGNORE_UNEXPECTED_EOF);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ c2s = SSL_get_rbio(serverssl);
+ BIO_set_mem_eof_return(c2s, 0);
+
+ if (!TEST_false(SSL_read(serverssl, buf, sizeof(buf))))
+ goto end;
+
+ if (tst == 0 && !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_SSL) )
+ goto end;
+ if (tst == 1 && !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_ZERO_RETURN) )
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
/*
* Test bi-directional shutdown.
* Test 0: TLSv1.2
return 1;
#endif
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
TLS1_VERSION,
(tst <= 1) ? TLS1_2_VERSION
return 1;
#endif
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
TLS1_VERSION,
prot,
return 1;
#endif
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
TLS1_VERSION,
tst == 0 ? TLS1_2_VERSION
goto end;
}
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
TLS1_VERSION,
prot,
/* Set up a buffer with some data that will be sent to the client */
RAND_bytes(msg, sizeof(msg));
- if (!TEST_true(create_ssl_ctx_pair(smeth, cmeth, min_version, max_version,
- &sctx, &cctx, cert, privkey)))
+ if (!TEST_true(create_ssl_ctx_pair(libctx, smeth, cmeth, min_version,
+ max_version, &sctx, &cctx, cert,
+ privkey)))
goto end;
if (!TEST_true(SSL_CTX_set_max_send_fragment(sctx, MULTIBLOCK_FRAGSIZE)))
return 1;
#endif
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
TLS1_VERSION,
(tst <= 4) ? TLS1_2_VERSION
return testresult;
}
-OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile\n")
+#ifndef OPENSSL_NO_EC
+/*
+ * Test that if signature algorithms are not available, then we do not offer or
+ * accept them.
+ * Test 0: Two RSA sig algs available: both RSA sig algs shared
+ * Test 1: The client only has SHA2-256: only SHA2-256 algorithms shared
+ * Test 2: The server only has SHA2-256: only SHA2-256 algorithms shared
+ * Test 3: An RSA and an ECDSA sig alg available: both sig algs shared
+ * Test 4: The client only has an ECDSA sig alg: only ECDSA algorithms shared
+ * Test 5: The server only has an ECDSA sig alg: only ECDSA algorithms shared
+ */
+static int test_sigalgs_available(int idx)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ OPENSSL_CTX *tmpctx = OPENSSL_CTX_new();
+ OPENSSL_CTX *clientctx = libctx, *serverctx = libctx;
+ OSSL_PROVIDER *filterprov = NULL;
+ int sig, hash;
+
+ if (!TEST_ptr(tmpctx))
+ goto end;
+
+ if (idx != 0 && idx != 3) {
+ if (!TEST_true(OSSL_PROVIDER_add_builtin(tmpctx, "filter",
+ filter_provider_init)))
+ goto end;
+
+ filterprov = OSSL_PROVIDER_load(tmpctx, "filter");
+ if (!TEST_ptr(filterprov))
+ goto end;
+
+ if (idx < 3) {
+ /*
+ * Only enable SHA2-256 so rsa_pss_rsae_sha384 should not be offered
+ * or accepted for the peer that uses this libctx. Note that libssl
+ * *requires* SHA2-256 to be available so we cannot disable that. We
+ * also need SHA1 for our certificate.
+ */
+ if (!TEST_true(filter_provider_set_filter(OSSL_OP_DIGEST,
+ "SHA2-256:SHA1")))
+ goto end;
+ } else {
+ if (!TEST_true(filter_provider_set_filter(OSSL_OP_SIGNATURE,
+ "ECDSA"))
+ || !TEST_true(filter_provider_set_filter(OSSL_OP_KEYMGMT,
+ "EC:X25519:X448")))
+ goto end;
+ }
+
+ if (idx == 1 || idx == 4)
+ clientctx = tmpctx;
+ else
+ serverctx = tmpctx;
+ }
+
+ cctx = SSL_CTX_new_with_libctx(clientctx, NULL, TLS_client_method());
+ sctx = SSL_CTX_new_with_libctx(serverctx, NULL, TLS_server_method());
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ 0,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (idx < 3) {
+ if (!SSL_CTX_set1_sigalgs_list(cctx,
+ "rsa_pss_rsae_sha384"
+ ":rsa_pss_rsae_sha256")
+ || !SSL_CTX_set1_sigalgs_list(sctx,
+ "rsa_pss_rsae_sha384"
+ ":rsa_pss_rsae_sha256"))
+ goto end;
+ } else {
+ if (!SSL_CTX_set1_sigalgs_list(cctx, "rsa_pss_rsae_sha256:ECDSA+SHA256")
+ || !SSL_CTX_set1_sigalgs_list(sctx,
+ "rsa_pss_rsae_sha256:ECDSA+SHA256"))
+ goto end;
+ }
+
+ if (!TEST_int_eq(SSL_CTX_use_certificate_file(sctx, cert2,
+ SSL_FILETYPE_PEM), 1)
+ || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(sctx,
+ privkey2,
+ SSL_FILETYPE_PEM), 1)
+ || !TEST_int_eq(SSL_CTX_check_private_key(sctx), 1))
+ goto end;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ /* For tests 0 and 3 we expect 2 shared sigalgs, otherwise exactly 1 */
+ if (!TEST_int_eq(SSL_get_shared_sigalgs(serverssl, 0, &sig, &hash, NULL,
+ NULL, NULL),
+ (idx == 0 || idx == 3) ? 2 : 1))
+ goto end;
+
+ if (!TEST_int_eq(hash, idx == 0 ? NID_sha384 : NID_sha256))
+ goto end;
+
+ if (!TEST_int_eq(sig, (idx == 4 || idx == 5) ? EVP_PKEY_EC
+ : NID_rsassaPss))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ OSSL_PROVIDER_unload(filterprov);
+ OPENSSL_CTX_free(tmpctx);
+
+ return testresult;
+}
+#endif /* OPENSSL_NO_EC */
+
+
+OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config\n")
int setup_tests(void)
{
+ char *modulename;
+ char *configfile;
+
+ libctx = OPENSSL_CTX_new();
+ if (!TEST_ptr(libctx))
+ return 0;
+
+ defctxnull = OSSL_PROVIDER_load(NULL, "null");
+
+ /*
+ * Verify that the default and fips providers in the default libctx are not
+ * available
+ */
+ if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))
+ || !TEST_false(OSSL_PROVIDER_available(NULL, "fips")))
+ return 0;
+
if (!test_skip_common_options()) {
TEST_error("Error parsing test options\n");
return 0;
if (!TEST_ptr(certsdir = test_get_argument(0))
|| !TEST_ptr(srpvfile = test_get_argument(1))
- || !TEST_ptr(tmpfilename = test_get_argument(2)))
+ || !TEST_ptr(tmpfilename = test_get_argument(2))
+ || !TEST_ptr(modulename = test_get_argument(3))
+ || !TEST_ptr(configfile = test_get_argument(4)))
+ return 0;
+
+ if (!TEST_true(OPENSSL_CTX_load_config(libctx, configfile)))
+ return 0;
+
+ /* Check we have the expected provider available */
+ if (!TEST_true(OSSL_PROVIDER_available(libctx, modulename)))
return 0;
+ /* Check the default provider is not available */
+ if (strcmp(modulename, "default") != 0
+ && !TEST_false(OSSL_PROVIDER_available(libctx, "default")))
+ return 0;
+
+ if (strcmp(modulename, "fips") == 0)
+ is_fips = 1;
+
if (getenv("OPENSSL_TEST_GETCOUNTS") != NULL) {
#ifdef OPENSSL_NO_CRYPTO_MDEBUG
TEST_error("not supported in this build");
cert = test_mk_file_path(certsdir, "servercert.pem");
if (cert == NULL)
- return 0;
+ goto err;
privkey = test_mk_file_path(certsdir, "serverkey.pem");
- if (privkey == NULL) {
- OPENSSL_free(cert);
- return 0;
- }
+ if (privkey == NULL)
+ goto err;
+
+ cert2 = test_mk_file_path(certsdir, "server-ecdsa-cert.pem");
+ if (cert2 == NULL)
+ goto err;
+
+ privkey2 = test_mk_file_path(certsdir, "server-ecdsa-key.pem");
+ if (privkey2 == NULL)
+ goto err;
#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS) \
&& !defined(OPENSSL_NO_SOCK)
ADD_TEST(test_session_with_only_int_cache);
ADD_TEST(test_session_with_only_ext_cache);
ADD_TEST(test_session_with_both_cache);
+ ADD_TEST(test_session_wo_ca_names);
#ifndef OPENSSL_NO_TLS1_3
ADD_ALL_TESTS(test_stateful_tickets, 3);
ADD_ALL_TESTS(test_stateless_tickets, 3);
ADD_TEST(test_psk_tickets);
+ ADD_ALL_TESTS(test_extra_tickets, 6);
#endif
ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS);
ADD_TEST(test_ssl_bio_pop_next_bio);
#ifndef OPENSSL_NO_TLS1_2
ADD_TEST(test_client_hello_cb);
ADD_TEST(test_no_ems);
+ ADD_TEST(test_ccs_change_cipher);
#endif
#ifndef OPENSSL_NO_TLS1_3
ADD_ALL_TESTS(test_early_data_read_write, 3);
ADD_ALL_TESTS(test_early_data_skip_abort, 3);
ADD_ALL_TESTS(test_early_data_not_sent, 3);
ADD_ALL_TESTS(test_early_data_psk, 8);
+ ADD_ALL_TESTS(test_early_data_psk_with_all_ciphers, 5);
ADD_ALL_TESTS(test_early_data_not_expected, 3);
# ifndef OPENSSL_NO_TLS1_2
ADD_ALL_TESTS(test_early_data_tls1_2, 3);
ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data));
ADD_ALL_TESTS(test_ticket_callbacks, 16);
ADD_ALL_TESTS(test_shutdown, 7);
+ ADD_ALL_TESTS(test_incorrect_shutdown, 2);
ADD_ALL_TESTS(test_cert_cb, 6);
ADD_ALL_TESTS(test_client_cert_cb, 2);
ADD_ALL_TESTS(test_ca_names, 3);
ADD_ALL_TESTS(test_multiblock_write, OSSL_NELEM(multiblock_cipherlist_data));
#endif
ADD_ALL_TESTS(test_servername, 10);
+#ifndef OPENSSL_NO_EC
+ ADD_ALL_TESTS(test_sigalgs_available, 6);
+#endif
return 1;
+
+ err:
+ OPENSSL_free(cert);
+ OPENSSL_free(privkey);
+ OPENSSL_free(cert2);
+ OPENSSL_free(privkey2);
+ return 0;
}
void cleanup_tests(void)
{
OPENSSL_free(cert);
OPENSSL_free(privkey);
+ OPENSSL_free(cert2);
+ OPENSSL_free(privkey2);
bio_s_mempacket_test_free();
bio_s_always_retry_free();
+ OSSL_PROVIDER_unload(defctxnull);
+ OPENSSL_CTX_free(libctx);
}