X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Fsslapitest.c;h=5ba5f6e202a05a99dc8db5470aa6409be3a9d304;hp=7c0171b1db7f5894eae1349846809a83b21fb270;hb=a8ea8018fa187e22fb4989450b550589e20f62c2;hpb=710756a9b384c9e9eaaf42acaf429aebc2a822a1 diff --git a/test/sslapitest.c b/test/sslapitest.c index 7c0171b1db..5ba5f6e202 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,7 +17,8 @@ #include "ssltestlib.h" #include "testutil.h" -#include "e_os.h" +#include "internal/nelem.h" +#include "../ssl/ssl_locl.h" static char *cert = NULL; static char *privkey = NULL; @@ -39,6 +40,7 @@ static X509 *ocspcert = NULL; #endif #define NUM_EXTRA_CERTS 40 +#define CLIENT_VERSION_LEN 2 /* * This structure is used to validate that the correct number of log messages @@ -53,6 +55,21 @@ struct sslapitest_log_counts { unsigned int server_application_secret_count; }; + +static unsigned char serverinfov1[] = { + 0xff, 0xff, /* Dummy extension type */ + 0x00, 0x01, /* Extension length is 1 byte */ + 0xff /* Dummy extension data */ +}; + +static unsigned char serverinfov2[] = { + 0x00, 0x00, 0x00, + (unsigned char)(SSL_EXT_CLIENT_HELLO & 0xff), /* Dummy context - 4 bytes */ + 0xff, 0xff, /* Dummy extension type */ + 0x00, 0x01, /* Extension length is 1 byte */ + 0xff /* Dummy extension data */ +}; + static void client_keylog_callback(const SSL *ssl, const char *line) { int line_length = strlen(line); @@ -75,7 +92,7 @@ static void server_keylog_callback(const SSL *ssl, const char *line) /* If the log doesn't fit, error out. */ if (server_log_buffer_index + line_length > sizeof(server_log_buffer) - 1) { - TEST_info("Server og too full"); + TEST_info("Server log too full"); error_writing_log = 1; return; } @@ -264,16 +281,16 @@ static int test_keylog(void) if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "RSA"))) goto end; - if (!TEST_ptr_null((void *)SSL_CTX_get_keylog_callback(cctx)) - || !TEST_ptr_null((void *)SSL_CTX_get_keylog_callback(sctx))) + if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL) + || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL)) goto end; SSL_CTX_set_keylog_callback(cctx, client_keylog_callback); - if (!TEST_ptr_eq((void *)SSL_CTX_get_keylog_callback(cctx), - (void *)client_keylog_callback)) + if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) + == client_keylog_callback)) goto end; SSL_CTX_set_keylog_callback(sctx, server_keylog_callback); - if (!TEST_ptr_eq((void *)SSL_CTX_get_keylog_callback(sctx), - (void *)server_keylog_callback)) + if (!TEST_true(SSL_CTX_get_keylog_callback(sctx) + == server_keylog_callback)) goto end; /* Now do a handshake and check that the logs have been written to. */ @@ -334,18 +351,18 @@ static int test_keylog_no_master_key(void) &cctx, cert, privkey))) return 0; - if (!TEST_ptr_null((void *)SSL_CTX_get_keylog_callback(cctx)) - || !TEST_ptr_null((void *)SSL_CTX_get_keylog_callback(sctx))) + if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL) + || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL)) goto end; SSL_CTX_set_keylog_callback(cctx, client_keylog_callback); - if (!TEST_ptr_eq((void *)SSL_CTX_get_keylog_callback(cctx), - (void *)client_keylog_callback)) + if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) + == client_keylog_callback)) goto end; SSL_CTX_set_keylog_callback(sctx, server_keylog_callback); - if (!TEST_ptr_eq((void *)SSL_CTX_get_keylog_callback(sctx), - (void *)server_keylog_callback)) + if (!TEST_true(SSL_CTX_get_keylog_callback(sctx) + == server_keylog_callback)) goto end; /* Now do a handshake and check that the logs have been written to. */ @@ -385,10 +402,11 @@ end: #endif #ifndef OPENSSL_NO_TLS1_2 -static int full_early_callback(SSL *s, int *al, void *arg) +static int full_client_hello_callback(SSL *s, int *al, void *arg) { int *ctr = arg; const unsigned char *p; + int *exts; /* We only configure two ciphers, but the SCSV is added automatically. */ #ifdef OPENSSL_NO_EC const unsigned char expected_ciphers[] = {0x00, 0x9d, 0x00, 0xff}; @@ -396,21 +414,36 @@ static int full_early_callback(SSL *s, int *al, void *arg) const unsigned char expected_ciphers[] = {0x00, 0x9d, 0xc0, 0x2c, 0x00, 0xff}; #endif + const int expected_extensions[] = { +#ifndef OPENSSL_NO_EC + 11, 10, +#endif + 35, 22, 23, 13}; size_t len; /* Make sure we can defer processing and get called back. */ if ((*ctr)++ == 0) - return -1; + return SSL_CLIENT_HELLO_RETRY; - len = SSL_early_get0_ciphers(s, &p); + len = SSL_client_hello_get0_ciphers(s, &p); if (!TEST_mem_eq(p, len, expected_ciphers, sizeof(expected_ciphers)) - || !TEST_size_t_eq(SSL_early_get0_compression_methods(s, &p), 1) + || !TEST_size_t_eq( + SSL_client_hello_get0_compression_methods(s, &p), 1) || !TEST_int_eq(*p, 0)) - return 0; - return 1; + return SSL_CLIENT_HELLO_ERROR; + if (!SSL_client_hello_get1_extensions_present(s, &exts, &len)) + return SSL_CLIENT_HELLO_ERROR; + if (len != OSSL_NELEM(expected_extensions) || + memcmp(exts, expected_extensions, len * sizeof(*exts)) != 0) { + printf("ClientHello callback expected extensions mismatch\n"); + OPENSSL_free(exts); + return SSL_CLIENT_HELLO_ERROR; + } + OPENSSL_free(exts); + return SSL_CLIENT_HELLO_SUCCESS; } -static int test_early_cb(void) +static int test_client_hello_cb(void) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; @@ -420,7 +453,7 @@ static int test_early_cb(void) TLS_client_method(), &sctx, &cctx, cert, privkey))) goto end; - SSL_CTX_set_early_cb(sctx, full_early_callback, &testctr); + SSL_CTX_set_client_hello_cb(sctx, full_client_hello_callback, &testctr); /* The gimpy cipher list we configure can't do TLS 1.3. */ SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION); @@ -430,12 +463,13 @@ static int test_early_cb(void) || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) || !TEST_false(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_WANT_EARLY)) + SSL_ERROR_WANT_CLIENT_HELLO_CB)) /* * Passing a -1 literal is a hack since * the real value was lost. * */ - || !TEST_int_eq(SSL_get_error(serverssl, -1), SSL_ERROR_WANT_EARLY) + || !TEST_int_eq(SSL_get_error(serverssl, -1), + SSL_ERROR_WANT_CLIENT_HELLO_CB) || !TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) goto end; @@ -726,35 +760,17 @@ static int test_tlsext_status_type(void) } #endif -typedef struct ssl_session_test_fixture { - const char *test_case_name; - int use_ext_cache; - int use_int_cache; -} SSL_SESSION_TEST_FIXTURE; - -static int new_called = 0, remove_called = 0; - -static SSL_SESSION_TEST_FIXTURE -ssl_session_set_up(const char *const test_case_name) -{ - SSL_SESSION_TEST_FIXTURE fixture; - - fixture.test_case_name = test_case_name; - fixture.use_ext_cache = 1; - fixture.use_int_cache = 1; - - new_called = remove_called = 0; - - return fixture; -} - -static void ssl_session_tear_down(SSL_SESSION_TEST_FIXTURE fixture) -{ -} +#if !defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) +static int new_called, remove_called, get_called; static int new_session_cb(SSL *ssl, SSL_SESSION *sess) { new_called++; + /* + * sess has been up-refed for us, but we don't actually need it so free it + * immediately. + */ + SSL_SESSION_free(sess); return 1; } @@ -763,33 +779,48 @@ static void remove_session_cb(SSL_CTX *ctx, SSL_SESSION *sess) remove_called++; } -static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix) +static SSL_SESSION *get_sess_val = NULL; + +static SSL_SESSION *get_session_cb(SSL *ssl, const unsigned char *id, int len, + int *copy) +{ + get_called++; + *copy = 1; + return get_sess_val; +} + +static int execute_test_session(int maxprot, int use_int_cache, + int use_ext_cache) { SSL_CTX *sctx = NULL, *cctx = NULL; SSL *serverssl1 = NULL, *clientssl1 = NULL; SSL *serverssl2 = NULL, *clientssl2 = NULL; -#ifndef OPENSSL_NO_TLS1_1 +# ifndef OPENSSL_NO_TLS1_1 SSL *serverssl3 = NULL, *clientssl3 = NULL; -#endif +# endif SSL_SESSION *sess1 = NULL, *sess2 = NULL; int testresult = 0; + new_called = remove_called = 0; + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx, &cctx, cert, privkey))) return 0; -#ifndef OPENSSL_NO_TLS1_2 - /* Only allow TLS1.2 so we can force a connection failure later */ - SSL_CTX_set_min_proto_version(cctx, TLS1_2_VERSION); -#endif + /* + * Only allow the max protocol version so we can force a connection failure + * later + */ + SSL_CTX_set_min_proto_version(cctx, maxprot); + SSL_CTX_set_max_proto_version(cctx, maxprot); /* Set up session cache */ - if (fix.use_ext_cache) { + if (use_ext_cache) { SSL_CTX_sess_set_new_cb(cctx, new_session_cb); SSL_CTX_sess_set_remove_cb(cctx, remove_session_cb); } - if (fix.use_int_cache) { + if (use_int_cache) { /* Also covers instance where both are set */ SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT); } else { @@ -806,11 +837,48 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix) goto end; /* Should fail because it should already be in the cache */ - if (fix.use_int_cache && !TEST_false(SSL_CTX_add_session(cctx, sess1))) + if (use_int_cache && !TEST_false(SSL_CTX_add_session(cctx, sess1))) + goto end; + if (use_ext_cache + && (!TEST_int_eq(new_called, 1) || !TEST_int_eq(remove_called, 0))) + goto end; + + new_called = remove_called = 0; + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2, + &clientssl2, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl2, sess1)) + || !TEST_true(create_ssl_connection(serverssl2, clientssl2, + SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl2))) goto end; - if (fix.use_ext_cache && (new_called != 1 || remove_called != 0)) + + if (maxprot == TLS1_3_VERSION) { + /* + * In TLSv1.3 we should have created a new session even though we have + * resumed. The original session should also have been removed. + */ + if (use_ext_cache + && (!TEST_int_eq(new_called, 1) + || !TEST_int_eq(remove_called, 1))) + goto end; + } else { + /* + * In TLSv1.2 we expect to have resumed so no sessions added or + * removed. + */ + if (use_ext_cache + && (!TEST_int_eq(new_called, 0) + || !TEST_int_eq(remove_called, 0))) + goto end; + } + + SSL_SESSION_free(sess1); + if (!TEST_ptr(sess1 = SSL_get1_session(clientssl2))) goto end; + shutdown_ssl_connection(serverssl2, clientssl2); + serverssl2 = clientssl2 = NULL; + new_called = remove_called = 0; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2, &clientssl2, NULL, NULL)) || !TEST_true(create_ssl_connection(serverssl2, clientssl2, @@ -820,60 +888,148 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix) if (!TEST_ptr(sess2 = SSL_get1_session(clientssl2))) goto end; - if (fix.use_ext_cache && (new_called != 2 || remove_called != 0)) + if (use_ext_cache + && (!TEST_int_eq(new_called, 1) || !TEST_int_eq(remove_called, 0))) goto end; + new_called = remove_called = 0; /* * This should clear sess2 from the cache because it is a "bad" session. * See SSL_set_session() documentation. */ if (!TEST_true(SSL_set_session(clientssl2, sess1))) goto end; - if (fix.use_ext_cache && (new_called != 2 || remove_called != 1)) + if (use_ext_cache + && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1))) goto end; if (!TEST_ptr_eq(SSL_get_session(clientssl2), sess1)) goto end; - if (fix.use_int_cache) { + if (use_int_cache) { /* Should succeeded because it should not already be in the cache */ if (!TEST_true(SSL_CTX_add_session(cctx, sess2)) || !TEST_true(SSL_CTX_remove_session(cctx, sess2))) goto end; - - /* - * This is for the purposes of internal cache testing...ignore the - * counter for external cache - */ - if (fix.use_ext_cache) - remove_called--; } + new_called = remove_called = 0; /* This shouldn't be in the cache so should fail */ if (!TEST_false(SSL_CTX_remove_session(cctx, sess2))) goto end; - if (fix.use_ext_cache && (new_called != 2 || remove_called != 2)) + if (use_ext_cache + && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1))) goto end; -#if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_2) +# if !defined(OPENSSL_NO_TLS1_1) + new_called = remove_called = 0; /* Force a connection failure */ SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION); if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl3, &clientssl3, NULL, NULL)) || !TEST_true(SSL_set_session(clientssl3, sess1)) - /* This should fail because of the mismatched protocol versions */ + /* This should fail because of the mismatched protocol versions */ || !TEST_false(create_ssl_connection(serverssl3, clientssl3, SSL_ERROR_NONE))) goto end; /* We should have automatically removed the session from the cache */ - if (fix.use_ext_cache && (new_called != 2 || remove_called != 3)) + if (use_ext_cache + && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1))) goto end; /* Should succeed because it should not already be in the cache */ - if (fix.use_int_cache && !SSL_CTX_add_session(cctx, sess2)) + if (use_int_cache && !TEST_true(SSL_CTX_add_session(cctx, sess2))) goto end; -#endif +# endif + + /* Now do some tests for server side caching */ + if (use_ext_cache) { + SSL_CTX_sess_set_new_cb(cctx, NULL); + SSL_CTX_sess_set_remove_cb(cctx, NULL); + SSL_CTX_sess_set_new_cb(sctx, new_session_cb); + SSL_CTX_sess_set_remove_cb(sctx, remove_session_cb); + SSL_CTX_sess_set_get_cb(sctx, get_session_cb); + get_sess_val = NULL; + } + + SSL_CTX_set_session_cache_mode(cctx, 0); + /* Internal caching is the default on the server side */ + if (!use_int_cache) + SSL_CTX_set_session_cache_mode(sctx, + SSL_SESS_CACHE_SERVER + | SSL_SESS_CACHE_NO_INTERNAL_STORE); + + SSL_free(serverssl1); + SSL_free(clientssl1); + serverssl1 = clientssl1 = NULL; + SSL_free(serverssl2); + SSL_free(clientssl2); + serverssl2 = clientssl2 = NULL; + SSL_SESSION_free(sess1); + sess1 = NULL; + SSL_SESSION_free(sess2); + sess2 = NULL; + + SSL_CTX_set_max_proto_version(sctx, maxprot); + SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET); + new_called = remove_called = get_called = 0; + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl1, clientssl1, + SSL_ERROR_NONE)) + || !TEST_ptr(sess1 = SSL_get1_session(clientssl1)) + || !TEST_ptr(sess2 = SSL_get1_session(serverssl1))) + goto end; + + /* Should fail because it should already be in the cache */ + if (use_int_cache && !TEST_false(SSL_CTX_add_session(sctx, sess2))) + goto end; + + if (use_ext_cache) { + SSL_SESSION *tmp = sess2; + + if (!TEST_int_eq(new_called, 1) + || !TEST_int_eq(remove_called, 0) + || !TEST_int_eq(get_called, 0)) + goto end; + /* + * Delete the session from the internal cache to force a lookup from + * the external cache. We take a copy first because + * SSL_CTX_remove_session() also marks the session as non-resumable. + */ + if (use_int_cache) { + if (!TEST_ptr(tmp = SSL_SESSION_dup(sess2)) + || !TEST_true(SSL_CTX_remove_session(sctx, sess2))) + goto end; + SSL_SESSION_free(sess2); + } + sess2 = tmp; + } + + new_called = remove_called = get_called = 0; + get_sess_val = sess2; + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2, + &clientssl2, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl2, sess1)) + || !TEST_true(create_ssl_connection(serverssl2, clientssl2, + SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl2))) + goto end; + + if (use_ext_cache) { + if (!TEST_int_eq(new_called, 0) + || !TEST_int_eq(remove_called, 0)) + goto end; + + if (maxprot == TLS1_3_VERSION) { + if (!TEST_int_eq(get_called, 0)) + goto end; + } else { + if (!TEST_int_eq(get_called, 1)) + goto end; + } + } testresult = 1; @@ -882,44 +1038,59 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix) SSL_free(clientssl1); SSL_free(serverssl2); SSL_free(clientssl2); -#ifndef OPENSSL_NO_TLS1_1 +# ifndef OPENSSL_NO_TLS1_1 SSL_free(serverssl3); SSL_free(clientssl3); -#endif +# endif SSL_SESSION_free(sess1); SSL_SESSION_free(sess2); - - /* - * Check if we need to remove any sessions up-refed for the external cache - */ - if (new_called >= 1) - SSL_SESSION_free(sess1); - if (new_called >= 2) - SSL_SESSION_free(sess2); SSL_CTX_free(sctx); SSL_CTX_free(cctx); return testresult; } +#endif /* !defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) */ static int test_session_with_only_int_cache(void) { - SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up); - fixture.use_ext_cache = 0; - EXECUTE_TEST(execute_test_session, ssl_session_tear_down); +#ifndef OPENSSL_NO_TLS1_3 + if (!execute_test_session(TLS1_3_VERSION, 1, 0)) + return 0; +#endif + +#ifndef OPENSSL_NO_TLS1_2 + return execute_test_session(TLS1_2_VERSION, 1, 0); +#else + return 1; +#endif } static int test_session_with_only_ext_cache(void) { - SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up); - fixture.use_int_cache = 0; - EXECUTE_TEST(execute_test_session, ssl_session_tear_down); +#ifndef OPENSSL_NO_TLS1_3 + if (!execute_test_session(TLS1_3_VERSION, 0, 1)) + return 0; +#endif + +#ifndef OPENSSL_NO_TLS1_2 + return execute_test_session(TLS1_2_VERSION, 0, 1); +#else + return 1; +#endif } static int test_session_with_both_cache(void) { - SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up); - EXECUTE_TEST(execute_test_session, ssl_session_tear_down); +#ifndef OPENSSL_NO_TLS1_3 + if (!execute_test_session(TLS1_3_VERSION, 1, 1)) + return 0; +#endif + +#ifndef OPENSSL_NO_TLS1_2 + return execute_test_session(TLS1_2_VERSION, 1, 1); +#else + return 1; +#endif } #define USE_NULL 0 @@ -1033,27 +1204,9 @@ static int test_ssl_set_bio(int idx) return testresult; } -typedef struct ssl_bio_test_fixture { - const char *test_case_name; - int pop_ssl; - enum { NO_BIO_CHANGE, CHANGE_RBIO, CHANGE_WBIO } change_bio; -} SSL_BIO_TEST_FIXTURE; - -static SSL_BIO_TEST_FIXTURE ssl_bio_set_up(const char *const test_case_name) -{ - SSL_BIO_TEST_FIXTURE fixture; - - fixture.test_case_name = test_case_name; - fixture.pop_ssl = 0; - fixture.change_bio = NO_BIO_CHANGE; - return fixture; -} - -static void ssl_bio_tear_down(SSL_BIO_TEST_FIXTURE fixture) -{ -} +typedef enum { NO_BIO_CHANGE, CHANGE_RBIO, CHANGE_WBIO } bio_change_t; -static int execute_test_ssl_bio(SSL_BIO_TEST_FIXTURE fix) +static int execute_test_ssl_bio(int pop_ssl, bio_change_t change_bio) { BIO *sslbio = NULL, *membio1 = NULL, *membio2 = NULL; SSL_CTX *ctx; @@ -1075,17 +1228,17 @@ static int execute_test_ssl_bio(SSL_BIO_TEST_FIXTURE fix) BIO_push(sslbio, membio1); /* Verify changing the rbio/wbio directly does not cause leaks */ - if (fix.change_bio != NO_BIO_CHANGE) { + if (change_bio != NO_BIO_CHANGE) { if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem()))) goto end; - if (fix.change_bio == CHANGE_RBIO) + if (change_bio == CHANGE_RBIO) SSL_set0_rbio(ssl, membio2); else SSL_set0_wbio(ssl, membio2); } ssl = NULL; - if (fix.pop_ssl) + if (pop_ssl) BIO_pop(sslbio); else BIO_pop(membio1); @@ -1102,29 +1255,22 @@ static int execute_test_ssl_bio(SSL_BIO_TEST_FIXTURE fix) static int test_ssl_bio_pop_next_bio(void) { - SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up); - EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down); + return execute_test_ssl_bio(0, NO_BIO_CHANGE); } static int test_ssl_bio_pop_ssl_bio(void) { - SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up); - fixture.pop_ssl = 1; - EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down); + return execute_test_ssl_bio(1, NO_BIO_CHANGE); } static int test_ssl_bio_change_rbio(void) { - SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up); - fixture.change_bio = CHANGE_RBIO; - EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down); + return execute_test_ssl_bio(0, CHANGE_RBIO); } static int test_ssl_bio_change_wbio(void) { - SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up); - fixture.change_bio = CHANGE_WBIO; - EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down); + return execute_test_ssl_bio(0, CHANGE_WBIO); } typedef struct { @@ -1258,6 +1404,71 @@ static int test_set_sigalgs(int idx) #ifndef OPENSSL_NO_TLS1_3 +static SSL_SESSION *clientpsk = NULL; +static SSL_SESSION *serverpsk = NULL; +static const char *pskid = "Identity"; +static const char *srvid; + +static int use_session_cb_cnt = 0; +static int find_session_cb_cnt = 0; + +static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id, + size_t *idlen, SSL_SESSION **sess) +{ + switch (++use_session_cb_cnt) { + case 1: + /* The first call should always have a NULL md */ + if (md != NULL) + return 0; + break; + + case 2: + /* The second call should always have an md */ + if (md == NULL) + return 0; + break; + + default: + /* We should only be called a maximum of twice */ + return 0; + } + + if (clientpsk != NULL) + SSL_SESSION_up_ref(clientpsk); + + *sess = clientpsk; + *id = (const unsigned char *)pskid; + *idlen = strlen(pskid); + + return 1; +} + +static int find_session_cb(SSL *ssl, const unsigned char *identity, + size_t identity_len, SSL_SESSION **sess) +{ + find_session_cb_cnt++; + + /* We should only ever be called a maximum of twice per connection */ + if (find_session_cb_cnt > 2) + return 0; + + if (serverpsk == NULL) + return 0; + + /* Identity should match that set by the client */ + if (strlen(srvid) != identity_len + || strncmp(srvid, (const char *)identity, identity_len) != 0) { + /* No PSK found, continue but without a PSK */ + *sess = NULL; + return 1; + } + + SSL_SESSION_up_ref(serverpsk); + *sess = serverpsk; + + return 1; +} + #define MSG1 "Hello" #define MSG2 "World." #define MSG3 "This" @@ -1266,6 +1477,8 @@ static int test_set_sigalgs(int idx) #define MSG6 "test" #define MSG7 "message." +#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02") + /* * Helper method to setup objects for early data test. Caller frees objects on * error. @@ -1278,16 +1491,77 @@ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl, cctx, cert, privkey))) return 0; - /* When idx == 1 we repeat the tests with read_ahead set */ - if (idx > 0) { + if (idx == 1) { + /* When idx == 1 we repeat the tests with read_ahead set */ SSL_CTX_set_read_ahead(*cctx, 1); SSL_CTX_set_read_ahead(*sctx, 1); + } else if (idx == 2) { + /* When idx == 2 we are doing early_data with a PSK. Set up callbacks */ + SSL_CTX_set_psk_use_session_callback(*cctx, use_session_cb); + SSL_CTX_set_psk_find_session_callback(*sctx, find_session_cb); + use_session_cb_cnt = 0; + find_session_cb_cnt = 0; + srvid = pskid; } if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl, clientssl, - NULL, NULL)) - || !TEST_true(create_ssl_connection(*serverssl, *clientssl, - SSL_ERROR_NONE))) + NULL, NULL))) + return 0; + + /* + * For one of the run throughs (doesn't matter which one), we'll try sending + * some SNI data in the initial ClientHello. This will be ignored (because + * there is no SNI cb set up by the server), so it should not impact + * early_data. + */ + if (idx == 1 + && !TEST_true(SSL_set_tlsext_host_name(*clientssl, "localhost"))) + return 0; + + if (idx == 2) { + /* Create the PSK */ + const SSL_CIPHER *cipher = NULL; + const unsigned char key[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, + 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, + 0x2c, 0x2d, 0x2e, 0x2f + }; + + cipher = SSL_CIPHER_find(*clientssl, TLS13_AES_256_GCM_SHA384_BYTES); + clientpsk = SSL_SESSION_new(); + if (!TEST_ptr(clientpsk) + || !TEST_ptr(cipher) + || !TEST_true(SSL_SESSION_set1_master_key(clientpsk, key, + sizeof(key))) + || !TEST_true(SSL_SESSION_set_cipher(clientpsk, cipher)) + || !TEST_true( + SSL_SESSION_set_protocol_version(clientpsk, + TLS1_3_VERSION)) + /* + * We just choose an arbitrary value for max_early_data which + * should be big enough for testing purposes. + */ + || !TEST_true(SSL_SESSION_set_max_early_data(clientpsk, + 0x100)) + || !TEST_true(SSL_SESSION_up_ref(clientpsk))) { + SSL_SESSION_free(clientpsk); + clientpsk = NULL; + return 0; + } + serverpsk = clientpsk; + + if (sess != NULL) + *sess = clientpsk; + return 1; + } + + if (sess == NULL) + return 1; + + if (!TEST_true(create_ssl_connection(*serverssl, *clientssl, + SSL_ERROR_NONE))) return 0; *sess = SSL_get1_session(*clientssl); @@ -1448,8 +1722,12 @@ static int test_early_data_read_write(int idx) || !TEST_mem_eq(buf, readbytes, MSG7, strlen(MSG7))) goto end; - SSL_SESSION_free(sess); + /* We keep the PSK session around if using PSK */ + if (idx != 2) + SSL_SESSION_free(sess); sess = SSL_get1_session(clientssl); + use_session_cb_cnt = 0; + find_session_cb_cnt = 0; SSL_shutdown(clientssl); SSL_shutdown(serverssl); @@ -1496,7 +1774,11 @@ static int test_early_data_read_write(int idx) testresult = 1; end: - SSL_SESSION_free(sess); + if (sess != clientpsk) + SSL_SESSION_free(sess); + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -1505,15 +1787,15 @@ static int test_early_data_read_write(int idx) } /* - * Test that a server attempting to read early data can handle a connection - * from a client where the early data is not acceptable. + * Helper function to test that a server attempting to read early data can + * handle a connection from a client where the early data should be skipped. */ -static int test_early_data_skip(int idx) +static int early_data_skip_helper(int hrr, int idx) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0; - SSL_SESSION *sess; + SSL_SESSION *sess = NULL; unsigned char buf[20]; size_t readbytes, written; @@ -1521,13 +1803,25 @@ static int test_early_data_skip(int idx) &serverssl, &sess, idx))) goto end; - /* - * Deliberately corrupt the creation time. We take 20 seconds off the time. - * It could be any value as long as it is not within tolerance. This should - * mean the ticket is rejected. - */ - if (!TEST_true(SSL_SESSION_set_time(sess, time(NULL) - 20))) - goto end; + if (hrr) { + /* Force an HRR to occur */ + if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256"))) + goto end; + } else if (idx == 2) { + /* + * We force early_data rejection by ensuring the PSK identity is + * unrecognised + */ + srvid = "Dummy Identity"; + } else { + /* + * Deliberately corrupt the creation time. We take 20 seconds off the + * time. It could be any value as long as it is not within tolerance. + * This should mean the ticket is rejected. + */ + if (!TEST_true(SSL_SESSION_set_time(sess, (long)(time(NULL) - 20)))) + goto end; + } /* Write some early data */ if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), @@ -1544,6 +1838,18 @@ static int test_early_data_skip(int idx) SSL_EARLY_DATA_REJECTED)) goto end; + if (hrr) { + /* + * Finish off the handshake. We perform the same writes and reads as + * further down but we expect them to fail due to the incomplete + * handshake. + */ + if (!TEST_false(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written)) + || !TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), + &readbytes))) + goto end; + } + /* Should be able to send normal data despite rejection of early data */ if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written)) || !TEST_size_t_eq(written, strlen(MSG2)) @@ -1556,6 +1862,10 @@ static int test_early_data_skip(int idx) testresult = 1; end: + if (sess != clientpsk) + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; SSL_SESSION_free(sess); SSL_free(serverssl); SSL_free(clientssl); @@ -1564,6 +1874,24 @@ static int test_early_data_skip(int idx) return testresult; } +/* + * Test that a server attempting to read early data can handle a connection + * from a client where the early data is not acceptable. + */ +static int test_early_data_skip(int idx) +{ + return early_data_skip_helper(0, idx); +} + +/* + * Test that a server attempting to read early data can handle a connection + * from a client where an HRR occurs. + */ +static int test_early_data_skip_hrr(int idx) +{ + return early_data_skip_helper(1, idx); +} + /* * Test that a server attempting to read early data can handle a connection * from a client that doesn't send any. @@ -1573,7 +1901,7 @@ static int test_early_data_not_sent(int idx) SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0; - SSL_SESSION *sess; + SSL_SESSION *sess = NULL; unsigned char buf[20]; size_t readbytes, written; @@ -1610,7 +1938,7 @@ static int test_early_data_not_sent(int idx) * Should block due to the NewSessionTicket arrival unless we're using * read_ahead */ - if (idx == 0) { + if (idx != 1) { if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))) goto end; } @@ -1622,7 +1950,10 @@ static int test_early_data_not_sent(int idx) testresult = 1; end: + /* If using PSK then clientpsk and sess are the same */ SSL_SESSION_free(sess); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -1630,39 +1961,246 @@ static int test_early_data_not_sent(int idx) return testresult; } -/* - * Test that a server that doesn't try to read early data can handle a - * client sending some. - */ -static int test_early_data_not_expected(int idx) +static int hostname_cb(SSL *s, int *al, void *arg) +{ + const char *hostname = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); + + if (hostname != NULL && strcmp(hostname, "goodhost") == 0) + return SSL_TLSEXT_ERR_OK; + + return SSL_TLSEXT_ERR_NOACK; +} + +static const char *servalpn; + +static int alpn_select_cb(SSL *ssl, const unsigned char **out, + unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg) +{ + unsigned int protlen = 0; + const unsigned char *prot; + + for (prot = in; prot < in + inlen; prot += protlen) { + protlen = *prot++; + if (in + inlen < prot + protlen) + return SSL_TLSEXT_ERR_NOACK; + + if (protlen == strlen(servalpn) + && memcmp(prot, servalpn, protlen) == 0) { + *out = prot; + *outlen = protlen; + return SSL_TLSEXT_ERR_OK; + } + } + + return SSL_TLSEXT_ERR_NOACK; +} + +/* Test that a PSK can be used to send early_data */ +static int test_early_data_psk(int idx) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0; - SSL_SESSION *sess; + SSL_SESSION *sess = NULL; + unsigned char alpnlist[] = { + 0x08, 'g', 'o', 'o', 'd', 'a', 'l', 'p', 'n', 0x07, 'b', 'a', 'd', 'a', + 'l', 'p', 'n' + }; +#define GOODALPNLEN 9 +#define BADALPNLEN 8 +#define GOODALPN (alpnlist) +#define BADALPN (alpnlist + GOODALPNLEN) + int err = 0; unsigned char buf[20]; size_t readbytes, written; + int readearlyres = SSL_READ_EARLY_DATA_SUCCESS, connectres = 1; + int edstatus = SSL_EARLY_DATA_ACCEPTED; - + /* We always set this up with a final parameter of "2" for PSK */ if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, - &serverssl, &sess, idx))) + &serverssl, &sess, 2))) goto end; - /* Write some early data */ - if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), - &written))) - goto end; + servalpn = "goodalpn"; /* - * Server should skip over early data and then block waiting for client to - * continue handshake + * Note: There is no test for inconsistent SNI with late client detection. + * This is because servers do not acknowledge SNI even if they are using + * it in a resumption handshake - so it is not actually possible for a + * client to detect a problem. */ - if (!TEST_int_le(SSL_accept(serverssl), 0) - || !TEST_int_gt(SSL_connect(clientssl), 0) - || !TEST_int_eq(SSL_get_early_data_status(serverssl), - SSL_EARLY_DATA_REJECTED) - || !TEST_int_gt(SSL_accept(serverssl), 0) - || !TEST_int_eq(SSL_get_early_data_status(clientssl), + switch (idx) { + case 0: + /* Set inconsistent SNI (early client detection) */ + err = SSL_R_INCONSISTENT_EARLY_DATA_SNI; + if (!TEST_true(SSL_SESSION_set1_hostname(sess, "goodhost")) + || !TEST_true(SSL_set_tlsext_host_name(clientssl, "badhost"))) + goto end; + break; + + case 1: + /* Set inconsistent ALPN (early client detection) */ + err = SSL_R_INCONSISTENT_EARLY_DATA_ALPN; + /* SSL_set_alpn_protos returns 0 for success and 1 for failure */ + if (!TEST_true(SSL_SESSION_set1_alpn_selected(sess, GOODALPN, + GOODALPNLEN)) + || !TEST_false(SSL_set_alpn_protos(clientssl, BADALPN, + BADALPNLEN))) + goto end; + break; + + case 2: + /* + * Set invalid protocol version. Technically this affects PSKs without + * early_data too, but we test it here because it is similar to the + * SNI/ALPN consistency tests. + */ + err = SSL_R_BAD_PSK; + if (!TEST_true(SSL_SESSION_set_protocol_version(sess, TLS1_2_VERSION))) + goto end; + break; + + case 3: + /* + * Set inconsistent SNI (server detected). In this case the connection + * will succeed but reject early_data. + */ + SSL_SESSION_free(serverpsk); + serverpsk = SSL_SESSION_dup(clientpsk); + if (!TEST_ptr(serverpsk) + || !TEST_true(SSL_SESSION_set1_hostname(serverpsk, "badhost"))) + goto end; + edstatus = SSL_EARLY_DATA_REJECTED; + readearlyres = SSL_READ_EARLY_DATA_FINISH; + /* Fall through */ + case 4: + /* Set consistent SNI */ + if (!TEST_true(SSL_SESSION_set1_hostname(sess, "goodhost")) + || !TEST_true(SSL_set_tlsext_host_name(clientssl, "goodhost")) + || !TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, + hostname_cb))) + goto end; + break; + + case 5: + /* + * Set inconsistent ALPN (server detected). In this case the connection + * will succeed but reject early_data. + */ + servalpn = "badalpn"; + edstatus = SSL_EARLY_DATA_REJECTED; + readearlyres = SSL_READ_EARLY_DATA_FINISH; + /* Fall through */ + case 6: + /* + * Set consistent ALPN. + * SSL_set_alpn_protos returns 0 for success and 1 for failure. It + * accepts a list of protos (each one length prefixed). + * SSL_set1_alpn_selected accepts a single protocol (not length + * prefixed) + */ + if (!TEST_true(SSL_SESSION_set1_alpn_selected(sess, GOODALPN + 1, + GOODALPNLEN - 1)) + || !TEST_false(SSL_set_alpn_protos(clientssl, GOODALPN, + GOODALPNLEN))) + goto end; + + SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb, NULL); + break; + + case 7: + /* Set inconsistent ALPN (late client detection) */ + SSL_SESSION_free(serverpsk); + serverpsk = SSL_SESSION_dup(clientpsk); + if (!TEST_ptr(serverpsk) + || !TEST_true(SSL_SESSION_set1_alpn_selected(clientpsk, + BADALPN + 1, + BADALPNLEN - 1)) + || !TEST_true(SSL_SESSION_set1_alpn_selected(serverpsk, + GOODALPN + 1, + GOODALPNLEN - 1)) + || !TEST_false(SSL_set_alpn_protos(clientssl, alpnlist, + sizeof(alpnlist)))) + goto end; + SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb, NULL); + edstatus = SSL_EARLY_DATA_ACCEPTED; + readearlyres = SSL_READ_EARLY_DATA_SUCCESS; + /* SSL_connect() call should fail */ + connectres = -1; + break; + + default: + TEST_error("Bad test index"); + goto end; + } + + SSL_set_connect_state(clientssl); + if (err != 0) { + if (!TEST_false(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), + &written)) + || !TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_SSL) + || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), err)) + goto end; + } else { + if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), + &written))) + goto end; + + if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), readearlyres) + || (readearlyres == SSL_READ_EARLY_DATA_SUCCESS + && !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), edstatus) + || !TEST_int_eq(SSL_connect(clientssl), connectres)) + goto end; + } + + testresult = 1; + + end: + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} + +/* + * Test that a server that doesn't try to read early data can handle a + * client sending some. + */ +static int test_early_data_not_expected(int idx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + SSL_SESSION *sess = NULL; + unsigned char buf[20]; + size_t readbytes, written; + + if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, + &serverssl, &sess, idx))) + goto end; + + /* Write some early data */ + if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), + &written))) + goto end; + + /* + * Server should skip over early data and then block waiting for client to + * continue handshake + */ + if (!TEST_int_le(SSL_accept(serverssl), 0) + || !TEST_int_gt(SSL_connect(clientssl), 0) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_REJECTED) + || !TEST_int_gt(SSL_accept(serverssl), 0) + || !TEST_int_eq(SSL_get_early_data_status(clientssl), SSL_EARLY_DATA_REJECTED)) goto end; @@ -1678,7 +2216,10 @@ static int test_early_data_not_expected(int idx) testresult = 1; end: + /* If using PSK then clientpsk and sess are the same */ SSL_SESSION_free(sess); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -1700,19 +2241,8 @@ static int test_early_data_tls1_2(int idx) unsigned char buf[20]; size_t readbytes, written; - if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), - TLS_client_method(), &sctx, - &cctx, cert, privkey))) - goto end; - - /* When idx == 1 we repeat the tests with read_ahead set */ - if (idx > 0) { - SSL_CTX_set_read_ahead(cctx, 1); - SSL_CTX_set_read_ahead(sctx, 1); - } - - if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL))) + if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, + &serverssl, NULL, idx))) goto end; /* Write some data - should block due to handshake with server */ @@ -1760,6 +2290,10 @@ static int test_early_data_tls1_2(int idx) testresult = 1; end: + /* If using PSK then clientpsk and sess are the same */ + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -1767,8 +2301,258 @@ static int test_early_data_tls1_2(int idx) return testresult; } -# endif -#endif +# endif /* OPENSSL_NO_TLS1_2 */ + +static int test_ciphersuite_change(void) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + SSL_SESSION *clntsess = NULL; + int testresult = 0; + const SSL_CIPHER *aes_128_gcm_sha256 = NULL; + + /* Create a session based on SHA-256 */ + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), &sctx, + &cctx, cert, privkey)) + || !TEST_true(SSL_CTX_set_cipher_list(cctx, + "TLS13-AES-128-GCM-SHA256")) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + clntsess = SSL_get1_session(clientssl); + /* Save for later */ + aes_128_gcm_sha256 = SSL_SESSION_get0_cipher(clntsess); + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + + /* Check we can resume a session with a different SHA-256 ciphersuite */ + if (!TEST_true(SSL_CTX_set_cipher_list(cctx, + "TLS13-CHACHA20-POLY1305-SHA256")) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, clntsess)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl))) + goto end; + + SSL_SESSION_free(clntsess); + clntsess = SSL_get1_session(clientssl); + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + + /* + * Check attempting to resume a SHA-256 session with no SHA-256 ciphersuites + * succeeds but does not resume. + */ + if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "TLS13-AES-256-GCM-SHA384")) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, clntsess)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_SSL)) + || !TEST_false(SSL_session_reused(clientssl))) + goto end; + + SSL_SESSION_free(clntsess); + clntsess = NULL; + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + + /* Create a session based on SHA384 */ + if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "TLS13-AES-256-GCM-SHA384")) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + clntsess = SSL_get1_session(clientssl); + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + + if (!TEST_true(SSL_CTX_set_cipher_list(cctx, + "TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384")) + || !TEST_true(SSL_CTX_set_cipher_list(sctx, + "TLS13-AES-256-GCM-SHA384")) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, clntsess)) + /* + * We use SSL_ERROR_WANT_READ below so that we can pause the + * connection after the initial ClientHello has been sent to + * enable us to make some session changes. + */ + || !TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_WANT_READ))) + goto end; + + /* Trick the client into thinking this session is for a different digest */ + clntsess->cipher = aes_128_gcm_sha256; + clntsess->cipher_id = clntsess->cipher->id; + + /* + * Continue the previously started connection. Server has selected a SHA-384 + * ciphersuite, but client thinks the session is for SHA-256, so it should + * bail out. + */ + if (!TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_SSL)) + || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), + SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED)) + goto end; + + testresult = 1; + + end: + SSL_SESSION_free(clntsess); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +static int test_tls13_psk(void) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + const SSL_CIPHER *cipher = NULL; + const unsigned char key[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, + 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f + }; + int testresult = 0; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), &sctx, + &cctx, cert, privkey))) + goto end; + + SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb); + SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb); + srvid = pskid; + use_session_cb_cnt = 0; + find_session_cb_cnt = 0; + + /* Check we can create a connection if callback decides not to send a PSK */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_false(SSL_session_reused(clientssl)) + || !TEST_false(SSL_session_reused(serverssl)) + || !TEST_true(use_session_cb_cnt == 1) + || !TEST_true(find_session_cb_cnt == 0)) + goto end; + + shutdown_ssl_connection(serverssl, clientssl); + serverssl = clientssl = NULL; + use_session_cb_cnt = 0; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + /* Create the PSK */ + cipher = SSL_CIPHER_find(clientssl, TLS13_AES_256_GCM_SHA384_BYTES); + clientpsk = SSL_SESSION_new(); + if (!TEST_ptr(clientpsk) + || !TEST_ptr(cipher) + || !TEST_true(SSL_SESSION_set1_master_key(clientpsk, key, + sizeof(key))) + || !TEST_true(SSL_SESSION_set_cipher(clientpsk, cipher)) + || !TEST_true(SSL_SESSION_set_protocol_version(clientpsk, + TLS1_3_VERSION)) + || !TEST_true(SSL_SESSION_up_ref(clientpsk))) + goto end; + serverpsk = clientpsk; + + /* Check we can create a connection and the PSK is used */ + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl)) + || !TEST_true(SSL_session_reused(serverssl)) + || !TEST_true(use_session_cb_cnt == 1) + || !TEST_true(find_session_cb_cnt == 1)) + goto end; + + shutdown_ssl_connection(serverssl, clientssl); + serverssl = clientssl = NULL; + use_session_cb_cnt = find_session_cb_cnt = 0; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + /* Force an HRR */ + if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256"))) + goto end; + + /* + * Check we can create a connection, the PSK is used and the callbacks are + * called twice. + */ + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl)) + || !TEST_true(SSL_session_reused(serverssl)) + || !TEST_true(use_session_cb_cnt == 2) + || !TEST_true(find_session_cb_cnt == 2)) + goto end; + + shutdown_ssl_connection(serverssl, clientssl); + serverssl = clientssl = NULL; + use_session_cb_cnt = find_session_cb_cnt = 0; + + /* + * Check that if the server rejects the PSK we can still connect, but with + * a full handshake + */ + srvid = "Dummy Identity"; + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_false(SSL_session_reused(clientssl)) + || !TEST_false(SSL_session_reused(serverssl)) + || !TEST_true(use_session_cb_cnt == 1) + || !TEST_true(find_session_cb_cnt == 1)) + goto end; + + shutdown_ssl_connection(serverssl, clientssl); + serverssl = clientssl = NULL; + testresult = 1; + + end: + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} + +#endif /* OPENSSL_NO_TLS1_3 */ static int clntaddoldcb = 0; static int clntparseoldcb = 0; @@ -1778,6 +2562,7 @@ static int clntaddnewcb = 0; static int clntparsenewcb = 0; static int srvaddnewcb = 0; static int srvparsenewcb = 0; +static int snicb = 0; #define TEST_EXT_TYPE1 0xff00 @@ -1871,16 +2656,30 @@ static int new_parse_cb(SSL *s, unsigned int ext_type, unsigned int context, return 1; } + +static int sni_cb(SSL *s, int *al, void *arg) +{ + SSL_CTX *ctx = (SSL_CTX *)arg; + + if (SSL_set_SSL_CTX(s, ctx) == NULL) { + *al = SSL_AD_INTERNAL_ERROR; + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + snicb++; + return SSL_TLSEXT_ERR_OK; +} + /* * Custom call back tests. * Test 0: Old style callbacks in TLSv1.2 * Test 1: New style callbacks in TLSv1.2 - * Test 2: New style callbacks in TLSv1.3. Extensions in CH and EE - * Test 3: New style callbacks in TLSv1.3. Extensions in CH, SH, EE, Cert + NST + * Test 2: New style callbacks in TLSv1.2 with SNI + * Test 3: New style callbacks in TLSv1.3. Extensions in CH and EE + * Test 4: New style callbacks in TLSv1.3. Extensions in CH, SH, EE, Cert + NST */ static int test_custom_exts(int tst) { - SSL_CTX *cctx = NULL, *sctx = NULL; + SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL; SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0; static int server = 1; @@ -1891,18 +2690,27 @@ static int test_custom_exts(int tst) /* Reset callback counters */ clntaddoldcb = clntparseoldcb = srvaddoldcb = srvparseoldcb = 0; clntaddnewcb = clntparsenewcb = srvaddnewcb = srvparsenewcb = 0; + snicb = 0; if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx, &cctx, cert, privkey))) goto end; - if (tst < 2) { + if (tst == 2 + && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL, &sctx2, + NULL, cert, privkey))) + goto end; + + + if (tst < 3) { SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3); SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3); + if (sctx2 != NULL) + SSL_CTX_set_options(sctx2, SSL_OP_NO_TLSv1_3); } - if (tst == 3) { + if (tst == 4) { context = SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO @@ -1952,6 +2760,12 @@ static int test_custom_exts(int tst) new_add_cb, new_free_cb, &server, new_parse_cb, &server))) goto end; + if (sctx2 != NULL + && !TEST_true(SSL_CTX_add_custom_ext(sctx2, TEST_EXT_TYPE1, + context, new_add_cb, + new_free_cb, &server, + new_parse_cb, &server))) + goto end; } /* Should not be able to add duplicates */ @@ -1965,6 +2779,13 @@ static int test_custom_exts(int tst) new_parse_cb, &server))) goto end; + if (tst == 2) { + /* Set up SNI */ + if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb)) + || !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2))) + goto end; + } + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) || !TEST_true(create_ssl_connection(serverssl, clientssl, @@ -1977,11 +2798,13 @@ static int test_custom_exts(int tst) || srvaddoldcb != 1 || srvparseoldcb != 1) goto end; - } else if (tst == 1 || tst == 2) { + } else if (tst == 1 || tst == 2 || tst == 3) { if (clntaddnewcb != 1 || clntparsenewcb != 1 || srvaddnewcb != 1 - || srvparsenewcb != 1) + || srvparsenewcb != 1 + || (tst != 2 && snicb != 0) + || (tst == 2 && snicb != 1)) goto end; } else { if (clntaddnewcb != 1 @@ -1998,6 +2821,12 @@ static int test_custom_exts(int tst) SSL_free(clientssl); serverssl = clientssl = NULL; + if (tst == 3) { + /* We don't bother with the resumption aspects for this test */ + testresult = 1; + goto end; + } + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) || !TEST_true(SSL_set_session(clientssl, sess)) @@ -2017,7 +2846,7 @@ static int test_custom_exts(int tst) || srvaddoldcb != 1 || srvparseoldcb != 1) goto end; - } else if (tst == 1 || tst == 2) { + } else if (tst == 1 || tst == 2 || tst == 3) { if (clntaddnewcb != 2 || clntparsenewcb != 2 || srvaddnewcb != 2 @@ -2038,22 +2867,361 @@ end: SSL_SESSION_free(sess); SSL_free(serverssl); SSL_free(clientssl); + SSL_CTX_free(sctx2); SSL_CTX_free(sctx); SSL_CTX_free(cctx); return testresult; } -int test_main(int argc, char *argv[]) +/* + * Test loading of serverinfo data in various formats. test_sslmessages actually + * tests to make sure the extensions appear in the handshake + */ +static int test_serverinfo(int tst) { - int testresult = 1; + unsigned int version; + unsigned char *sibuf; + size_t sibuflen; + int ret, expected, testresult = 0; + SSL_CTX *ctx; - if (argc != 3) { - TEST_error("Wrong argument count"); - return 0; + ctx = SSL_CTX_new(TLS_method()); + if (!TEST_ptr(ctx)) + goto end; + + if ((tst & 0x01) == 0x01) + version = SSL_SERVERINFOV2; + else + version = SSL_SERVERINFOV1; + + if ((tst & 0x02) == 0x02) { + sibuf = serverinfov2; + sibuflen = sizeof(serverinfov2); + expected = (version == SSL_SERVERINFOV2); + } else { + sibuf = serverinfov1; + sibuflen = sizeof(serverinfov1); + expected = (version == SSL_SERVERINFOV1); + } + + if ((tst & 0x04) == 0x04) { + ret = SSL_CTX_use_serverinfo_ex(ctx, version, sibuf, sibuflen); + } else { + ret = SSL_CTX_use_serverinfo(ctx, sibuf, sibuflen); + + /* + * The version variable is irrelevant in this case - it's what is in the + * buffer that matters + */ + if ((tst & 0x02) == 0x02) + expected = 0; + else + expected = 1; + } + + if (!TEST_true(ret == expected)) + goto end; + + testresult = 1; + + end: + SSL_CTX_free(ctx); + + return testresult; +} + +/* + * Test that SSL_export_keying_material() produces expected results. There are + * no test vectors so all we do is test that both sides of the communication + * produce the same results for different protocol versions. + */ +static int test_export_key_mat(int tst) +{ + int testresult = 0; + SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + const char label[] = "test label"; + const unsigned char context[] = "context"; + const unsigned char *emptycontext = NULL; + unsigned char ckeymat1[80], ckeymat2[80], ckeymat3[80]; + unsigned char skeymat1[80], skeymat2[80], skeymat3[80]; + const int protocols[] = { + TLS1_VERSION, + TLS1_1_VERSION, + TLS1_2_VERSION, + TLS1_3_VERSION + }; + +#ifdef OPENSSL_NO_TLS1 + if (tst == 0) + return 1; +#endif +#ifdef OPENSSL_NO_TLS1_1 + if (tst == 1) + return 1; +#endif +#ifdef OPENSSL_NO_TLS1_2 + if (tst == 2) + return 1; +#endif +#ifdef OPENSSL_NO_TLS1_3 + if (tst == 3) + return 1; +#endif + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), &sctx, + &cctx, cert, privkey))) + goto end; + + OPENSSL_assert(tst >= 0 && (size_t)tst < OSSL_NELEM(protocols)); + SSL_CTX_set_max_proto_version(cctx, protocols[tst]); + SSL_CTX_set_min_proto_version(cctx, protocols[tst]); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, + NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + if (!TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat1, + sizeof(ckeymat1), label, + sizeof(label) - 1, context, + sizeof(context) - 1, 1), 1) + || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat2, + sizeof(ckeymat2), label, + sizeof(label) - 1, + emptycontext, + 0, 1), 1) + || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat3, + sizeof(ckeymat3), label, + sizeof(label) - 1, + NULL, 0, 0), 1) + || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat1, + sizeof(skeymat1), label, + sizeof(label) - 1, + context, + sizeof(context) -1, 1), + 1) + || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat2, + sizeof(skeymat2), label, + sizeof(label) - 1, + emptycontext, + 0, 1), 1) + || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat3, + sizeof(skeymat3), label, + sizeof(label) - 1, + NULL, 0, 0), 1) + /* + * Check that both sides created the same key material with the + * same context. + */ + || !TEST_mem_eq(ckeymat1, sizeof(ckeymat1), skeymat1, + sizeof(skeymat1)) + /* + * Check that both sides created the same key material with an + * empty context. + */ + || !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), skeymat2, + sizeof(skeymat2)) + /* + * Check that both sides created the same key material without a + * context. + */ + || !TEST_mem_eq(ckeymat3, sizeof(ckeymat3), skeymat3, + sizeof(skeymat3)) + /* Different contexts should produce different results */ + || !TEST_mem_ne(ckeymat1, sizeof(ckeymat1), ckeymat2, + sizeof(ckeymat2))) + goto end; + + /* + * Check that an empty context and no context produce different results in + * protocols less than TLSv1.3. In TLSv1.3 they should be the same. + */ + if ((tst != 3 && !TEST_mem_ne(ckeymat2, sizeof(ckeymat2), ckeymat3, + sizeof(ckeymat3))) + || (tst ==3 && !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), ckeymat3, + sizeof(ckeymat3)))) + goto end; + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx2); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +static int test_ssl_clear(int idx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + +#ifdef OPENSSL_NO_TLS1_2 + if (idx == 1) + return 1; +#endif + + /* Create an initial connection */ + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), &sctx, + &cctx, cert, privkey)) + || (idx == 1 + && !TEST_true(SSL_CTX_set_max_proto_version(cctx, + TLS1_2_VERSION))) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + serverssl = NULL; + + /* Clear clientssl - we're going to reuse the object */ + if (!TEST_true(SSL_clear(clientssl))) + goto end; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl))) + goto end; + + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +/* Parse CH and retrieve any MFL extension value if present */ +static int get_MFL_from_client_hello(BIO *bio, int *mfl_codemfl_code) +{ + long len; + unsigned char *data; + PACKET pkt = {0}, pkt2 = {0}, pkt3 = {0}; + unsigned int MFL_code = 0, type = 0; + + if (!TEST_uint_gt( len = BIO_get_mem_data( bio, (char **) &data ), 0 ) ) + goto end; + + if (!TEST_true( PACKET_buf_init( &pkt, data, len ) ) + /* Skip the record header */ + || !PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH) + /* Skip the handshake message header */ + || !TEST_true(PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH)) + /* Skip client version and random */ + || !TEST_true(PACKET_forward(&pkt, CLIENT_VERSION_LEN + + SSL3_RANDOM_SIZE)) + /* Skip session id */ + || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2)) + /* Skip ciphers */ + || !TEST_true(PACKET_get_length_prefixed_2(&pkt, &pkt2)) + /* Skip compression */ + || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2)) + /* Extensions len */ + || !TEST_true(PACKET_as_length_prefixed_2(&pkt, &pkt2))) + goto end; + + /* Loop through all extensions */ + while (PACKET_remaining(&pkt2)) { + if (!TEST_true(PACKET_get_net_2(&pkt2, &type)) + || !TEST_true(PACKET_get_length_prefixed_2(&pkt2, &pkt3))) + goto end; + + if (type == TLSEXT_TYPE_max_fragment_length) { + if (!TEST_uint_ne(PACKET_remaining(&pkt3), 0) + || !TEST_true(PACKET_get_1(&pkt3, &MFL_code))) + goto end; + + *mfl_codemfl_code = MFL_code; + return 1; + } + } + + end: + return 0; +} + +/* Maximum-Fragment-Length TLS extension mode to test */ +static const unsigned char max_fragment_len_test[] = { + TLSEXT_max_fragment_length_512, + TLSEXT_max_fragment_length_1024, + TLSEXT_max_fragment_length_2048, + TLSEXT_max_fragment_length_4096 +}; + +static int test_max_fragment_len_ext(int idx_tst) +{ + SSL_CTX *ctx; + SSL *con = NULL; + int testresult = 0, MFL_mode = 0; + BIO *rbio, *wbio; + + ctx = SSL_CTX_new(TLS_method()); + if (!TEST_ptr(ctx)) + goto end; + + if (!TEST_true(SSL_CTX_set_tlsext_max_fragment_length( + ctx, max_fragment_len_test[idx_tst]))) + goto end; + + con = SSL_new(ctx); + if (!TEST_ptr(con)) + goto end; + + rbio = BIO_new(BIO_s_mem()); + wbio = BIO_new(BIO_s_mem()); + if (!TEST_ptr(rbio)|| !TEST_ptr(wbio)) { + BIO_free(rbio); + BIO_free(wbio); + goto end; } - cert = argv[1]; - privkey = argv[2]; + SSL_set_bio(con, rbio, wbio); + SSL_set_connect_state(con); + + if (!TEST_int_le(SSL_connect(con), 0)) { + /* This shouldn't succeed because we don't have a server! */ + goto end; + } + + if (!TEST_true(get_MFL_from_client_hello(wbio, &MFL_mode))) + /* no MFL in client hello */ + goto end; + if (!TEST_true(max_fragment_len_test[idx_tst] == MFL_mode)) + goto end; + + testresult = 1; + +end: + SSL_free(con); + SSL_CTX_free(ctx); + + return testresult; +} + +int setup_tests(void) +{ + if (!TEST_ptr(cert = test_get_argument(0)) + || !TEST_ptr(privkey = test_get_argument(1))) + return 0; ADD_TEST(test_large_message_tls); ADD_TEST(test_large_message_tls_read_ahead); @@ -2077,26 +3245,34 @@ int test_main(int argc, char *argv[]) ADD_TEST(test_keylog_no_master_key); #endif #ifndef OPENSSL_NO_TLS1_2 - ADD_TEST(test_early_cb); + ADD_TEST(test_client_hello_cb); #endif #ifndef OPENSSL_NO_TLS1_3 - ADD_ALL_TESTS(test_early_data_read_write, 2); - ADD_ALL_TESTS(test_early_data_skip, 2); - ADD_ALL_TESTS(test_early_data_not_sent, 2); - ADD_ALL_TESTS(test_early_data_not_expected, 2); + ADD_ALL_TESTS(test_early_data_read_write, 3); + ADD_ALL_TESTS(test_early_data_skip, 3); + ADD_ALL_TESTS(test_early_data_skip_hrr, 3); + ADD_ALL_TESTS(test_early_data_not_sent, 3); + ADD_ALL_TESTS(test_early_data_psk, 8); + ADD_ALL_TESTS(test_early_data_not_expected, 3); # ifndef OPENSSL_NO_TLS1_2 - ADD_ALL_TESTS(test_early_data_tls1_2, 2); + ADD_ALL_TESTS(test_early_data_tls1_2, 3); # endif #endif #ifndef OPENSSL_NO_TLS1_3 - ADD_ALL_TESTS(test_custom_exts, 4); + ADD_TEST(test_ciphersuite_change); + ADD_TEST(test_tls13_psk); + ADD_ALL_TESTS(test_custom_exts, 5); #else - ADD_ALL_TESTS(test_custom_exts, 2); + ADD_ALL_TESTS(test_custom_exts, 3); #endif + ADD_ALL_TESTS(test_serverinfo, 8); + ADD_ALL_TESTS(test_export_key_mat, 4); + ADD_ALL_TESTS(test_ssl_clear, 2); + ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test)); + return 1; +} - testresult = run_tests(argv[0]); - +void cleanup_tests(void) +{ bio_s_mempacket_test_free(); - - return testresult; }