X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Fhandshake_helper.c;h=be96abe3c9c2cc621a80dc35a5773c8e05e10b7b;hp=67facdc88c7346842f63054cdf959d29863b9bb2;hb=a84e5c9aa8e50af2bcb445ab30a0e9c19e72f60b;hpb=9ee27200c9a396369e47ba1cd60a5a7486777e55 diff --git a/test/handshake_helper.c b/test/handshake_helper.c index 67facdc88c..be96abe3c9 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -16,11 +16,8 @@ #include #endif -#ifndef OPENSSL_NO_SOCK -# define USE_SOCKETS -# include "e_os.h" -#endif - +#include "internal/sockets.h" +#include "internal/nelem.h" #include "handshake_helper.h" #include "testutil.h" @@ -140,7 +137,7 @@ static int select_server_ctx(SSL *s, void *arg, int ignore) } } -static int early_select_server_ctx(SSL *s, void *arg, int ignore) +static int client_hello_select_server_ctx(SSL *s, void *arg, int ignore) { const char *servername; const unsigned char *p; @@ -152,11 +149,12 @@ static int early_select_server_ctx(SSL *s, void *arg, int ignore) * The server_name extension was given too much extensibility when it * was written, so parsing the normal case is a bit complex. */ - if (!SSL_early_get0_ext(s, TLSEXT_TYPE_server_name, &p, &remaining) || + if (!SSL_client_hello_get0_ext(s, TLSEXT_TYPE_server_name, &p, + &remaining) || remaining <= 2) return 0; /* Extract the length of the supplied list of names. */ - len = (*(p++) << 1); + len = (*(p++) << 8); len += *(p++); if (len + 2 != remaining) return 0; @@ -171,7 +169,7 @@ static int early_select_server_ctx(SSL *s, void *arg, int ignore) /* Now we can finally pull out the byte array with the actual hostname. */ if (remaining <= 2) return 0; - len = (*(p++) << 1); + len = (*(p++) << 8); len += *(p++); if (len + 2 > remaining) return 0; @@ -222,48 +220,50 @@ static int servername_reject_cb(SSL *s, int *ad, void *arg) return select_server_ctx(s, arg, 0); } -static int early_ignore_cb(SSL *s, int *al, void *arg) +static int client_hello_ignore_cb(SSL *s, int *al, void *arg) { - if (!early_select_server_ctx(s, arg, 1)) { + if (!client_hello_select_server_ctx(s, arg, 1)) { *al = SSL_AD_UNRECOGNIZED_NAME; - return 0; + return SSL_CLIENT_HELLO_ERROR; } - return 1; + return SSL_CLIENT_HELLO_SUCCESS; } -static int early_reject_cb(SSL *s, int *al, void *arg) +static int client_hello_reject_cb(SSL *s, int *al, void *arg) { - if (!early_select_server_ctx(s, arg, 0)) { + if (!client_hello_select_server_ctx(s, arg, 0)) { *al = SSL_AD_UNRECOGNIZED_NAME; - return 0; + return SSL_CLIENT_HELLO_ERROR; } - return 1; + return SSL_CLIENT_HELLO_SUCCESS; } -static int early_nov12_cb(SSL *s, int *al, void *arg) +static int client_hello_nov12_cb(SSL *s, int *al, void *arg) { int ret; unsigned int v; const unsigned char *p; - v = SSL_early_get0_legacy_version(s); + v = SSL_client_hello_get0_legacy_version(s); if (v > TLS1_2_VERSION || v < SSL3_VERSION) { *al = SSL_AD_PROTOCOL_VERSION; - return 0; + return SSL_CLIENT_HELLO_ERROR; } - (void)SSL_early_get0_session_id(s, &p); + (void)SSL_client_hello_get0_session_id(s, &p); if (p == NULL || - SSL_early_get0_random(s, &p) == 0 || - SSL_early_get0_ciphers(s, &p) == 0 || - SSL_early_get0_compression_methods(s, &p) == 0) { + SSL_client_hello_get0_random(s, &p) == 0 || + SSL_client_hello_get0_ciphers(s, &p) == 0 || + SSL_client_hello_get0_compression_methods(s, &p) == 0) { *al = SSL_AD_INTERNAL_ERROR; - return 0; + return SSL_CLIENT_HELLO_ERROR; } - ret = early_select_server_ctx(s, arg, 0); + ret = client_hello_select_server_ctx(s, arg, 0); SSL_set_max_proto_version(s, TLS1_1_VERSION); - if (!ret) + if (!ret) { *al = SSL_AD_UNRECOGNIZED_NAME; - return ret; + return SSL_CLIENT_HELLO_ERROR; + } + return SSL_CLIENT_HELLO_SUCCESS; } static unsigned char dummy_ocsp_resp_good_val = 0xff; @@ -492,7 +492,8 @@ static int configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, /* * Link the two contexts for SNI purposes. - * Also do early callbacks here, as setting both early and SNI is bad. + * Also do ClientHello callbacks here, as setting both ClientHello and SNI + * is bad. */ switch (extra->server.servername_callback) { case SSL_TEST_SERVERNAME_IGNORE_MISMATCH: @@ -505,14 +506,14 @@ static int configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, break; case SSL_TEST_SERVERNAME_CB_NONE: break; - case SSL_TEST_SERVERNAME_EARLY_IGNORE_MISMATCH: - SSL_CTX_set_early_cb(server_ctx, early_ignore_cb, server2_ctx); + case SSL_TEST_SERVERNAME_CLIENT_HELLO_IGNORE_MISMATCH: + SSL_CTX_set_client_hello_cb(server_ctx, client_hello_ignore_cb, server2_ctx); break; - case SSL_TEST_SERVERNAME_EARLY_REJECT_MISMATCH: - SSL_CTX_set_early_cb(server_ctx, early_reject_cb, server2_ctx); + case SSL_TEST_SERVERNAME_CLIENT_HELLO_REJECT_MISMATCH: + SSL_CTX_set_client_hello_cb(server_ctx, client_hello_reject_cb, server2_ctx); break; - case SSL_TEST_SERVERNAME_EARLY_NO_V12: - SSL_CTX_set_early_cb(server_ctx, early_nov12_cb, server2_ctx); + case SSL_TEST_SERVERNAME_CLIENT_HELLO_NO_V12: + SSL_CTX_set_client_hello_cb(server_ctx, client_hello_nov12_cb, server2_ctx); } if (extra->server.cert_status != SSL_TEST_CERT_STATUS_NONE) { @@ -855,7 +856,7 @@ static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer) if (!SSL_renegotiate_pending(peer->ssl)) { /* * If we are the client we will always attempt to resume the - * session. The server may or may not resume dependant on the + * session. The server may or may not resume dependent on the * setting of SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION */ if (SSL_is_server(peer->ssl)) { @@ -1303,6 +1304,8 @@ static HANDSHAKE_RESULT *do_handshake_internal( handshake_status_t status = HANDSHAKE_RETRY; const unsigned char* tick = NULL; size_t tick_len = 0; + const unsigned char* sess_id = NULL; + unsigned int sess_id_len = 0; SSL_SESSION* sess = NULL; const unsigned char *proto = NULL; /* API dictates unsigned int rather than size_t. */ @@ -1319,6 +1322,8 @@ static HANDSHAKE_RESULT *do_handshake_internal( memset(&client_ctx_data, 0, sizeof(client_ctx_data)); memset(&server, 0, sizeof(server)); memset(&client, 0, sizeof(client)); + memset(&server_ex_data, 0, sizeof(server_ex_data)); + memset(&client_ex_data, 0, sizeof(client_ex_data)); if (!configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, test_ctx, extra, &server_ctx_data, @@ -1348,9 +1353,6 @@ static HANDSHAKE_RESULT *do_handshake_internal( goto err; } - memset(&server_ex_data, 0, sizeof(server_ex_data)); - memset(&client_ex_data, 0, sizeof(client_ex_data)); - ret->result = SSL_TEST_INTERNAL_ERROR; if (test_ctx->use_sctp) { @@ -1496,8 +1498,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( ret->server_protocol = SSL_version(server.ssl); ret->client_protocol = SSL_version(client.ssl); ret->servername = server_ex_data.servername; - if ((sess = SSL_get0_session(client.ssl)) != NULL) + if ((sess = SSL_get0_session(client.ssl)) != NULL) { SSL_SESSION_get0_ticket(sess, &tick, &tick_len); + sess_id = SSL_SESSION_get_id(sess, &sess_id_len); + } if (tick == NULL || tick_len == 0) ret->session_ticket = SSL_TEST_SESSION_TICKET_NO; else @@ -1505,6 +1509,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( ret->compression = (SSL_get_current_compression(client.ssl) == NULL) ? SSL_TEST_COMPRESSION_NO : SSL_TEST_COMPRESSION_YES; + if (sess_id == NULL || sess_id_len == 0) + ret->session_id = SSL_TEST_SESSION_ID_NO; + else + ret->session_id = SSL_TEST_SESSION_ID_YES; ret->session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call; #ifndef OPENSSL_NO_NEXTPROTONEG