if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
error_writing_log = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_max_early_data(sctx,
SSL3_RT_MAX_PLAIN_LENGTH)))
int testctr = 0, testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
SSL_CTX_set_client_hello_cb(sctx, full_client_hello_callback, &testctr);
testresult = 1;
+end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
+static int test_no_ems(void)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+
+ if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+ TLS1_VERSION, TLS1_2_VERSION,
+ &sctx, &cctx, cert, privkey)) {
+ printf("Unable to create SSL_CTX pair\n");
+ goto end;
+ }
+
+ SSL_CTX_set_options(sctx, SSL_OP_NO_EXTENDED_MASTER_SECRET);
+
+ if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) {
+ printf("Unable to create SSL objects\n");
+ goto end;
+ }
+
+ if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) {
+ printf("Creating SSL connection failed\n");
+ goto end;
+ }
+
+ if (SSL_get_extms_support(serverssl)) {
+ printf("Server reports Extended Master Secret support\n");
+ goto end;
+ }
+
+ if (SSL_get_extms_support(clientssl)) {
+ printf("Client reports Extended Master Secret support\n");
+ goto end;
+ }
+ testresult = 1;
+
end:
SSL_free(serverssl);
SSL_free(clientssl);
return testresult;
}
-#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS)
+#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS) \
+ && !defined(OPENSSL_NO_SOCK)
/* sock must be connected */
static int ktls_chk_platform(int sock)
static int test_large_message_tls(void)
{
return execute_test_large_message(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
- 0);
+ TLS1_VERSION, 0, 0);
}
static int test_large_message_tls_read_ahead(void)
{
return execute_test_large_message(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
- 1);
+ TLS1_VERSION, 0, 1);
}
#ifndef OPENSSL_NO_DTLS
*/
return execute_test_large_message(DTLS_server_method(),
DTLS_client_method(),
- DTLS1_VERSION, DTLS_MAX_VERSION,
- 0);
+ DTLS1_VERSION, 0, 0);
}
#endif
BIO *certbio = NULL;
if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
return 0;
numnewsesstick = 2;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
int sess_id_ctx = 1;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION, sctx,
+ TLS1_VERSION, 0, sctx,
cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_num_tickets(*sctx, idx))
|| !TEST_true(SSL_CTX_set_session_id_context(*sctx,
int sess_id_ctx = 1;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION, &sctx,
+ TLS1_VERSION, 0, &sctx,
&cctx, NULL, NULL))
|| !TEST_true(SSL_CTX_set_session_id_context(sctx,
(void *)&sess_id_ctx,
}
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
: &testsigalgs[idx - OSSL_NELEM(testsigalgs)];
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
if (*sctx == NULL
&& !TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
sctx, cctx, cert, privkey)))
return 0;
allow_ed_cb_called = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION, &sctx,
+ TLS1_VERSION, 0, &sctx,
&cctx, cert, privkey)))
return 0;
int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_ciphersuites(sctx,
"TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256")))
/* Create a session based on SHA-256 */
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_ciphersuites(cctx,
"TLS_AES_128_GCM_SHA256"))
int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, idx == 3 ? NULL : cert,
idx == 3 ? NULL : privkey)))
goto end;
int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
snicb = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
if (tst == 2
&& !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL,
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx2, NULL, cert, privkey)))
goto end;
return 1;
#endif
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
return testresult;
}
+
+#define NUM_KEY_UPDATE_MESSAGES 40
+/*
+ * Test KeyUpdate.
+ */
+static int test_key_update(void)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0, i, j;
+ char buf[20];
+ static char *mess = "A test message";
+
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ TLS_client_method(),
+ TLS1_3_VERSION,
+ 0,
+ &sctx, &cctx, cert, privkey))
+ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ for (j = 0; j < 2; j++) {
+ /* Send lots of KeyUpdate messages */
+ for (i = 0; i < NUM_KEY_UPDATE_MESSAGES; i++) {
+ if (!TEST_true(SSL_key_update(clientssl,
+ (j == 0)
+ ? SSL_KEY_UPDATE_NOT_REQUESTED
+ : SSL_KEY_UPDATE_REQUESTED))
+ || !TEST_true(SSL_do_handshake(clientssl)))
+ goto end;
+ }
+
+ /* Check that sending and receiving app data is ok */
+ if (!TEST_int_eq(SSL_write(clientssl, mess, strlen(mess)), strlen(mess))
+ || !TEST_int_eq(SSL_read(serverssl, buf, sizeof(buf)),
+ strlen(mess)))
+ goto end;
+ }
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
#endif /* OPENSSL_NO_TLS1_3 */
static int test_ssl_clear(int idx)
/* Create an initial connection */
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
|| (idx == 1
&& !TEST_true(SSL_CTX_set_max_proto_version(cctx,
int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
}
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
{SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWSC"},
{SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"},
{SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"},
- {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
- {SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL},
- {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TWST"},
- {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
- {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
- {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"},
- {SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"},
- {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL},
- {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"},
- {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
- {SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL},
- {SSL_CB_EXIT, NULL}, {0, NULL},
+ {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_LOOP, "TWST"},
+ {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL},
+ {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
+ {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
+ {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"},
+ {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"},
+ {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
+ {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {0, NULL},
}, {
/* TLSv1.3 client followed by resumption */
{SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
{SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRSC"},
{SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"},
{SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
- {SSL_CB_EXIT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
- {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
- {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
- {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "SSLOK "},
- {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
- {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
+ {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "},
+ {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "},
+ {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL},
{SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
{SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL},
{SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"},
{SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
- {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "SSLOK "},
- {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
- {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL},
+ {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
+ {SSL_CB_EXIT, NULL}, {0, NULL},
}, {
/* TLSv1.3 server, early_data */
{SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
{SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"},
{SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TWEOED"}, {SSL_CB_LOOP, "TRFIN"},
- {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
- {SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL},
+ {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_LOOP, "TWST"},
{SSL_CB_EXIT, NULL}, {0, NULL},
}, {
/* TLSv1.3 client, early_data */
{SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"},
{SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TPEDE"}, {SSL_CB_LOOP, "TWEOED"},
{SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
- {SSL_CB_EXIT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
- {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
- {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL},
+ {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "},
+ {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {0, NULL},
}, {
{0, NULL},
}
return;
}
- /* Check that, if we've got SSL_CB_HANDSHAKE_DONE we are not in init */
- if ((where & SSL_CB_HANDSHAKE_DONE) && SSL_in_init((SSL *)s) != 0) {
+ /*
+ * Check that, if we've got SSL_CB_HANDSHAKE_DONE we are not in init
+ */
+ if ((where & SSL_CB_HANDSHAKE_DONE)
+ && SSL_in_init((SSL *)s) != 0) {
info_cb_failed = 1;
return;
}
if (tst == 0) {
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
- TLS1_VERSION, TLS_MAX_VERSION,
+ TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
} else {
#ifndef OPENSSL_NO_DTLS
if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
DTLS_client_method(),
- DTLS1_VERSION, DTLS_MAX_VERSION,
+ DTLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
goto end;
#else
if (tst == 3) {
if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
- SSL_ERROR_NONE))
+ SSL_ERROR_NONE, 1))
|| !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
|| !TEST_false(SSL_SESSION_is_resumable(sess)))
goto end;
return testresult;
}
+
+OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile\n")
+
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))
#endif
}
-#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS)
+#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS) \
+ && !defined(OPENSSL_NO_SOCK)
ADD_TEST(test_ktls_client_server);
ADD_TEST(test_ktls_no_client_server);
ADD_TEST(test_ktls_client_no_server);
#endif
#ifndef OPENSSL_NO_TLS1_2
ADD_TEST(test_client_hello_cb);
+ ADD_TEST(test_no_ems);
#endif
#ifndef OPENSSL_NO_TLS1_3
ADD_ALL_TESTS(test_early_data_read_write, 3);
ADD_ALL_TESTS(test_export_key_mat, 6);
#ifndef OPENSSL_NO_TLS1_3
ADD_ALL_TESTS(test_export_key_mat_early, 3);
+ ADD_TEST(test_key_update);
#endif
ADD_ALL_TESTS(test_ssl_clear, 2);
ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test));
projects / openssl.git / blobdiff