X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Fclienthellotest.c;h=10e3b1b1b172408e7fffcbb893d5c4453cc3d44d;hp=dc58694c7d4de391e79b4a6b33e73fcef97dc3a8;hb=1518c55a796b058eff01f3cbf177f4b726c01d7c;hpb=8f3f9623a46fb4e294a7e4c3db3168002e3f781b diff --git a/test/clienthellotest.c b/test/clienthellotest.c index dc58694c7d..10e3b1b1b1 100644 --- a/test/clienthellotest.c +++ b/test/clienthellotest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,14 +40,15 @@ */ #define TEST_ADD_PADDING_AND_PSK 3 -#define F5_WORKAROUND_MIN_MSG_LEN 0xff +#define F5_WORKAROUND_MIN_MSG_LEN 0x7f #define F5_WORKAROUND_MAX_MSG_LEN 0x200 static const char *sessionfile = NULL; /* Dummy ALPN protocols used to pad out the size of the ClientHello */ static const char alpn_prots[] = "0123456789012345678901234567890123456789012345678901234567890123456789" - "0123456789012345678901234567890123456789012345678901234567890123456789"; + "0123456789012345678901234567890123456789012345678901234567890123456789" + "01234567890123456789"; static int test_client_hello(int currtest) { @@ -77,31 +78,55 @@ static int test_client_hello(int currtest) ctx = SSL_CTX_new(TLS_method()); if (!TEST_ptr(ctx)) goto end; + if (!TEST_true(SSL_CTX_set_max_proto_version(ctx, TLS_MAX_VERSION))) + goto end; switch(currtest) { case TEST_SET_SESSION_TICK_DATA_VER_NEG: +#if !defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_TLS1_2) + /* TLSv1.3 is enabled and TLSv1.2 is disabled so can't do this test */ + return 1; +#else /* Testing for session tickets <= TLS1.2; not relevant for 1.3 */ if (!TEST_true(SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION))) goto end; +#endif break; case TEST_ADD_PADDING_AND_PSK: + /* + * In this case we're doing TLSv1.3 and we're sending a PSK so the + * ClientHello is already going to be quite long. To avoid getting one + * that is too long for this test we use a restricted ciphersuite list + */ + if (!TEST_true(SSL_CTX_set_cipher_list(ctx, ""))) + goto end; + /* Fall through */ case TEST_ADD_PADDING: case TEST_PADDING_NOT_NEEDED: SSL_CTX_set_options(ctx, SSL_OP_TLSEXT_PADDING); + /* Make sure we get a consistent size across TLS versions */ + SSL_CTX_clear_options(ctx, SSL_OP_ENABLE_MIDDLEBOX_COMPAT); /* - * Add lots of ciphersuites so that the ClientHello is at least + * Add some dummy ALPN protocols so that the ClientHello is at least * F5_WORKAROUND_MIN_MSG_LEN bytes long - meaning padding will be - * needed. Also add some dummy ALPN protocols in case we still don't - * have enough. + * needed. */ - if (currtest == TEST_ADD_PADDING - && (!TEST_true(SSL_CTX_set_cipher_list(ctx, "ALL")) - || !TEST_false(SSL_CTX_set_alpn_protos(ctx, - (unsigned char *)alpn_prots, - sizeof(alpn_prots) - 1)))) + if (currtest == TEST_ADD_PADDING) { + if (!TEST_false(SSL_CTX_set_alpn_protos(ctx, + (unsigned char *)alpn_prots, + sizeof(alpn_prots) - 1))) + goto end; + /* + * Otherwise we need to make sure we have a small enough message to + * not need padding. + */ + } else if (!TEST_true(SSL_CTX_set_cipher_list(ctx, + "AES128-SHA")) + || !TEST_true(SSL_CTX_set_ciphersuites(ctx, + "TLS_AES_128_GCM_SHA256"))) { goto end; - + } break; default: @@ -127,7 +152,7 @@ static int test_client_hello(int currtest) * We reset the creation time so that we don't discard the session as * too old. */ - if (!TEST_true(SSL_SESSION_set_time(sess, time(NULL))) + if (!TEST_true(SSL_SESSION_set_time(sess, (long)time(NULL))) || !TEST_true(SSL_set_session(con, sess))) goto end; } @@ -215,14 +240,11 @@ end: return testresult; } -int test_main(int argc, char *argv[]) +int setup_tests(void) { - if (argc != 2) - return EXIT_FAILURE; - - sessionfile = argv[1]; + if (!TEST_ptr(sessionfile = test_get_argument(0))) + return 0; ADD_ALL_TESTS(test_client_hello, TOTAL_NUM_TESTS); - - return run_tests(argv[0]); + return 1; }