#include "ssltestlib.h"
#include "testutil.h"
+#include "test_main_custom.h"
+#include "e_os.h"
static char *cert = NULL;
static char *privkey = NULL;
#define NUM_EXTRA_CERTS 40
static int execute_test_large_message(const SSL_METHOD *smeth,
- const SSL_METHOD *cmeth)
+ const SSL_METHOD *cmeth, int read_ahead)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
goto end;
}
+ if(read_ahead) {
+ /*
+ * Test that read_ahead works correctly when dealing with large
+ * records
+ */
+ SSL_CTX_set_read_ahead(cctx, 1);
+ }
+
/*
* We assume the supplied certificate is big enough so that if we add
* NUM_EXTRA_CERTS it will make the overall message large enough. The
goto end;
}
- testresult = 1;
+ /*
+ * Calling SSL_clear() first is not required but this tests that SSL_clear()
+ * doesn't leak (when using enable-crypto-mdebug).
+ */
+ if (!SSL_clear(serverssl)) {
+ printf("Unexpected failure from SSL_clear()\n");
+ goto end;
+ }
+ testresult = 1;
end:
X509_free(chaincert);
SSL_free(serverssl);
static int test_large_message_tls(void)
{
- return execute_test_large_message(TLS_server_method(), TLS_client_method());
+ return execute_test_large_message(TLS_server_method(), TLS_client_method(),
+ 0);
}
+static int test_large_message_tls_read_ahead(void)
+{
+ return execute_test_large_message(TLS_server_method(), TLS_client_method(),
+ 1);
+}
+
+#ifndef OPENSSL_NO_DTLS
static int test_large_message_dtls(void)
{
+ /*
+ * read_ahead is not relevant to DTLS because DTLS always acts as if
+ * read_ahead is set.
+ */
return execute_test_large_message(DTLS_server_method(),
- DTLS_client_method());
+ DTLS_client_method(), 0);
}
+#endif
static int ocsp_server_cb(SSL *s, void *arg)
{
SSL_CTX_set_min_proto_version(cctx, TLS1_2_VERSION);
#endif
+ /*
+ * TODO(TLS1.3): Test temporarily disabled for TLS1.3 until we've
+ * implemented session resumption.
+ */
+ SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
+
/* Set up session cache */
if (fix.use_ext_cache) {
SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
}
-int main(int argc, char *argv[])
+typedef struct {
+ /* The list of sig algs */
+ const int *list;
+ /* The length of the list */
+ size_t listlen;
+ /* A sigalgs list in string format */
+ const char *liststr;
+ /* Whether setting the list should succeed */
+ int valid;
+ /* Whether creating a connection with the list should succeed */
+ int connsuccess;
+} sigalgs_list;
+
+static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA};
+static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC};
+static const int validlist3[] = {NID_sha512, EVP_PKEY_EC};
+static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA};
+static const int invalidlist2[] = {NID_sha256, NID_undef};
+static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256};
+static const int invalidlist4[] = {NID_sha256};
+static const sigalgs_list testsigalgs[] = {
+ {validlist1, OSSL_NELEM(validlist1), NULL, 1, 1},
+ {validlist2, OSSL_NELEM(validlist2), NULL, 1, 1},
+ {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0},
+ {NULL, 0, "RSA+SHA256", 1, 1},
+ {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
+ {NULL, 0, "ECDSA+SHA512", 1, 0},
+ {invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0},
+ {invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0},
+ {invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0},
+ {invalidlist4, OSSL_NELEM(invalidlist4), NULL, 0, 0},
+ {NULL, 0, "RSA", 0, 0},
+ {NULL, 0, "SHA256", 0, 0},
+ {NULL, 0, "RSA+SHA256:SHA256", 0, 0},
+ {NULL, 0, "Invalid", 0, 0}};
+
+static int test_set_sigalgs(int idx)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ const sigalgs_list *curr;
+ int testctx;
+
+ /* Should never happen */
+ if ((size_t)idx >= OSSL_NELEM(testsigalgs) * 2)
+ return 0;
+
+ testctx = ((size_t)idx < OSSL_NELEM(testsigalgs));
+ curr = testctx ? &testsigalgs[idx]
+ : &testsigalgs[idx - OSSL_NELEM(testsigalgs)];
+
+ if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx,
+ &cctx, cert, privkey)) {
+ printf("Unable to create SSL_CTX pair\n");
+ return 0;
+ }
+
+ /*
+ * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test it
+ * for TLSv1.2 for now until we add a new API.
+ */
+ SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
+
+ if (testctx) {
+ int ret;
+ if (curr->list != NULL)
+ ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen);
+ else
+ ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr);
+
+ if (!ret) {
+ if (curr->valid)
+ printf("Unexpected failure setting sigalgs in SSL_CTX (%d)\n",
+ idx);
+ else
+ testresult = 1;
+ goto end;
+ }
+ if (!curr->valid) {
+ printf("Unexpected success setting sigalgs in SSL_CTX (%d)\n", idx);
+ goto end;
+ }
+ }
+
+ if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) {
+ printf("Unable to create SSL objects\n");
+ goto end;
+ }
+
+ if (!testctx) {
+ int ret;
+
+ if (curr->list != NULL)
+ ret = SSL_set1_sigalgs(clientssl, curr->list, curr->listlen);
+ else
+ ret = SSL_set1_sigalgs_list(clientssl, curr->liststr);
+ if (!ret) {
+ if (curr->valid)
+ printf("Unexpected failure setting sigalgs in SSL (%d)\n", idx);
+ else
+ testresult = 1;
+ goto end;
+ }
+ if (!curr->valid) {
+ printf("Unexpected success setting sigalgs in SSL (%d)\n", idx);
+ goto end;
+ }
+ }
+
+ if (curr->connsuccess != create_ssl_connection(serverssl, clientssl)) {
+ printf("Unexpected return value creating SSL connection (%d)\n", idx);
+ goto end;
+ }
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
+int test_main(int argc, char *argv[])
{
- BIO *err = NULL;
int testresult = 1;
if (argc != 3) {
cert = argv[1];
privkey = argv[2];
- err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
- CRYPTO_set_mem_debug(1);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
ADD_TEST(test_large_message_tls);
+ ADD_TEST(test_large_message_tls_read_ahead);
+#ifndef OPENSSL_NO_DTLS
ADD_TEST(test_large_message_dtls);
+#endif
ADD_TEST(test_tlsext_status_type);
ADD_TEST(test_session_with_only_int_cache);
ADD_TEST(test_session_with_only_ext_cache);
ADD_TEST(test_ssl_bio_pop_ssl_bio);
ADD_TEST(test_ssl_bio_change_rbio);
ADD_TEST(test_ssl_bio_change_wbio);
+ ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2);
testresult = run_tests(argv[0]);
bio_s_mempacket_test_free();
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
- if (CRYPTO_mem_leaks(err) <= 0)
- testresult = 1;
-#endif
- BIO_free(err);
-
- if (!testresult)
- printf("PASS\n");
-
return testresult;
}